Azure IoT Java SDK Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key. An attacker could derive the keys from the way they are generated and use them to access a user's IoT hub. This update...

DRUPAL-CONTRIB-2019-013

This module provides a field on user profiles which allows users to get a notification when their account logs in to the site. The notification e-mail includes a link which will terminate all sessions for that user. This is useful in the case of unauthorised access to the account. The module...

Insecure Random Number Generator

gcc is vulnerable to insecure random number generator attacks. The vulnerability exists under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection GCC version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber...

USN-3842-1: CUPS vulnerability

Jann Horn discovered that CUPS incorrectly handled session cookie randomness. A remote attacker could possibly use this issue to perform cross-site request forgery CSRF attacks...

USN-3842-1 cups vulnerability

Jann Horn discovered that CUPS incorrectly handled session cookie randomness. A remote attacker could possibly use this issue to perform cross-site request forgery CSRF attacks...

CVE-2018-15795

Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service...

Insecure randomness in socket.io

Affected versions of socket.io depend on Math.random to create socket IDs, and therefore the IDs are predictable. With enough information on prior IDs, an attacker may be able to guess the socket ID and gain access to socket.io servers without authorization. Recommendation Update to v0.9.7 or lat...

GHSA-QV2V-M59F-V5FW Insecure randomness in socket.io

Affected versions of socket.io depend on Math.random to create socket IDs, and therefore the IDs are predictable. With enough information on prior IDs, an attacker may be able to guess the socket ID and gain access to socket.io servers without authorization. Recommendation Update to v0.9.7 or lat...

EulerOS Virtualization 2.5.0 : gcc (EulerOS-SA-2018-1331)

According to the versions of the gcc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The gcc package contains the GNU Compiler Collection version 4.8.You'll need this package in order to compile C code. - Security...

GHSA-8Q89-PWHH-7WFQ Use of Insufficiently Random Values in penggle:kaptcha

text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random rather than SecureRandom function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictio...

GHSA-V6WR-FCH2-VM5W OrientDB Server Community Edition uses insufficiently random values to generate session IDs

OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values in the server/network/protocol/http/OHttpSessionManager.java, which makes it easier for remote attackers to predict a value by...

Synology DiskStation Manager Man-in-the-Middle Attack Vulnerability

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology. The operating system manages information such as data, files, photos, music, and more. A security vulnerability exists in SYNO.Encryption.GenRandomKey in Synology DSM prior to version...

CVE-2018-13280

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors...

CVE-2018-13280

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors...

PT-2018-11723 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2-23739 Description: The issue is related to the use of insufficiently random values in the SYNO.Encryption.GenRandomKey function, allowing man-in-the-middle attackers to compromise non-HTT...

CVE-2018-1000620

A flaw was found in the nodejs-cryptiles library prior to version 4.1.2. Previous versions do not implement cryptographically secure randomness resulting in the randomDigits function returning a pseudo-random data string biased to certain digits. An attacker could exploit this to guess the...

UBUNTU-CVE-2018-12520

An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard...

Generate Password - Less critical - Insecure Randomness - SA-CONTRIB-2018-042

The Genpass module makes the password field optional or hidden on the add new user page admin & registration. If the password field is not set during registration, the system generates a password. The module doesn't use a strong source of randomness, creating weak and predictable passwords. This...

TFA Basic plugins - Less critical - Insecure Randomness - SA-CONTRIB-2018-044

The TFA Basic module enables you to use Two Factor Authentication via a variety of plugins including TOTP and one-time codes delivered via email or sms. The module doesn't use a strong source of randomness, creating weak and predictable one-time login codes that are then delivered using SMS. This...

Linux /dev/urandom RNG Flaws Exploit

There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and shortly after boot. Linux RNG flaws CVE-2018-1108 There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and...