CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

CVE-2019-14806

CVE-2019-14806 affects Pallets Werkzeug prior to 0.15.3 when used with Docker, due to insufficient debugger PIN randomness caused by containers sharing the same machine-id. This enables remote exploitation with network access; CVSSv3 base score 7.5. Remediation is to upgrade Werkzeug to 0.15.3 or...

CVE-2019-6632

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to...

CVE-2019-6632

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to...

Yubico Security Keys with a Crypto Flaw

Wow, is this an embarrassing bug: Yubico is recalling a line of security keys used by the U.S. government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 and 4.4.4 that reduced the randomness ...

GHSA-6QQF-VVCR-7QRV Cryptographically Weak PRNG in generate-password

Affected versions of generate-password generate random values that are biased towards certain characters depending on the chosen character sets. This may result in guessable passwords. Recommendation Update to version 1.4.1 or later...

UBUNTU-CVE-2019-11842

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

GHSA-V2R2-7QM7-JJ6V Spring Security uses insufficiently random values

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...

Spring Security uses insufficiently random values

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...

Design/Logic Flaw

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...

CVE-2019-3795

CVE-2019-3795 affects Spring Security: insecure randomness when SecureRandomFactoryBean#setSeed is used to configure a SecureRandom. Impact requires the application to supply a seed and expose the resulting random material to an attacker. Affected releases include Spring Security 4.2.x before 4.2...

CVE-2019-3795 Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...

Insecure Randomness

spring-security-core is vulnerable to insecure randomness. The vulnerability exists because it does not use a secure way of generating randomness in SecureRandomFactoryBeansetSeed to configure a SecureRandom instance...

DEBIAN-CVE-2016-10743

hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an osrandom function call...

UBUNTU-CVE-2016-10743

hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an osrandom function call...

CVE-2019-0729

An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'...

CVE-2019-1997

In randomgetbytes of random.c, there is a possible degradation of randomness due to an insecure default value. This could lead to local information disclosure via an insecure wireless connection with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2019-1997

CVE-2019-1997 affects Android’s random.c: In random_get_bytes, an insecure default value degrades randomness, enabling local information disclosure over an insecure wireless connection with no user interaction. Affected Android versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9. Exploitation context: netwo...

CVE-2019-1997

In randomgetbytes of random.c, there is a possible degradation of randomness due to an insecure default value. This could lead to local information disclosure via an insecure wireless connection with no additional execution privileges needed. User interaction is not needed for exploitation...