EulerOS 2.0 SP2 : gcc (EulerOS-SA-2018-1116)

According to the versions of the gcc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The gcc package contains the GNU Compiler Collection version 4.8.You'll need this package in order to compile C code. - Security fixes: - Under...

Linux RNG Flaws

Linux RNG flaws CVE-2018-1108 There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and shortly after boot. I'm sending this to [email protected] and Theodore Ts'o for now; it might make sense to also add Jason Donenfeld, since...

ALPINE-CVE-2016-9594

curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable...

CVE-2016-9594

curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable...

Insecure Randomness

django-oscar is contains a insecure randomness vulnerability. The vulnerability exists as the verificationhash method in the AbstractOrder model uses the MD5 hashing algorithm in an insecure way which allows attackers to perform a brute force attack to recover the site-wide secret key...

gcc: GCC generates incorrect code for RDRAND/RDSEED intrinsics

Under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection GCC version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially...

OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)

It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries...

OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)

It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries...

pulp: Unsafe use of bash $RANDOM for NSS DB password and seed

Pulp makes unsafe use of Bash's $RANDOM to generate a NSS DB password and seed resulting in insufficient randomness. An attacker could potentially guess the seed used given enough time and compute resources...

SUSE-SU-2018:0337-1 Security update for libICE

This update for libICE fixes the following issues: - CVE-2017-2626: Creation of the ICE auth session cookies used insufficient randomness, making these cookies predictable. A more random generation method has been implemented. boo1025068...

TYPO3 < 4.1.14, 4.2.x < 4.2.13, 4.3.x < 4.3.4, 4.4.0 Multiple Vulnerabilities (TYPO3-SA-2010-012)

TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...

IBM BigFix Platform Web Report Component Information Disclosure Vulnerability

IBM BigFix Platform is a dynamic set of IBM's integrated messaging content-driven and management system for multi-technology platforms. web report compoment is one of the web reporting component. An information disclosure vulnerability exists in the Web Report component of the IBM BigFix Platform...

CVE-2017-1230

IBM Tivoli Endpoint Manager IBM BigFix Platform 9.2 and 9.5 uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. This weakness may allow attackers to expose sensitive information by guessing tokens or identifiers. IBM X-Force ID: 123909...

Instacart: Bruteforcing password reset tokens, could lead to account takeover

Hey Instacart security team, Description When resetting a new password on https://shoppers.instacart.com/password you will receive an email with a reset link. when clicking on this link. you go to this page: https://shoppers.instacart.com/password/edit?resetpasswordtoken=YourToken when entering a...

LOYTEC LVIS-3ME Remote Code Execution Vulnerability

LVIS-3ME is a graphical user interface from LOYTEC. A remote code execution vulnerability exists in LOYTEC LVIS-3ME versions prior to 6.2.0, which can be exploited by an attacker to remotely execute arbitrary code due to the application's failure to utilize a sufficiently random number to generat...

NTP 'ntp-keygen.c' Predictable Random Number Generation Vulnerability

NTP Network Time Protocol is a protocol for synchronizing computer clocks over a network. A predictable random number generation vulnerability exists in NTP. An attacker can exploit this vulnerability to guess the MD5 key and spoof the client or server...

CVE-2017-11133

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-random secret. This secret and the IV are generated with math.random in previous versions and with...

CVE-2017-11671

Under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection GCC version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially...

Information disclosure

Under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection GCC version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially...

CVE-2017-11671

Under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection GCC version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially...