UBUNTU-CVE-2017-11671

Under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection GCC version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially...

CVE-2017-11671

Under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection GCC version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially...

CVE-2017-11671

Under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection GCC version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially...

SUSE-SU-2017:1848-1 Security update for xorg-x11-libICE

This update for xorg-x11-libICE fixes the following issues: - CVE-2017-2626: Creation of the ICE auth session cookies used insufficient randomness, making these cookies predictable. A more random generation method has been implemented. boo1025068...

SUSE SLED12 / SLES12 Security Update : libICE (SUSE-SU-2017:1835-1)

This update for libICE fixes the following issues : - CVE-2017-2626: Creation of the ICE auth session cookies used insufficient randomness, making these cookies predictable. A more random generation method has been implemented. boo1025068 Note that Tenable Network Security has extracted the...

SUSE-SU-2017:1835-1 Security update for libICE

This update for libICE fixes the following issues: - CVE-2017-2626: Creation of the ICE auth session cookies used insufficient randomness, making these cookies predictable. A more random generation method has been implemented. boo1025068...

Insecure Hashing

github.com/google/keytransparency is vulnerable to insecure hashing. The library does not hash the unique identifier. This unique idenitifer is used to verify the randomness of the values produced. This means that its easier for an attacker to forge a valid hash...

openSUSE Security Update : xorg-x11-server (openSUSE-2017-710)

This update for xorg-x11-server fixes the following security issues : - CVE-2017-2624: Prevent timing attack against MIT cookie. boo1025029 - Use arc4random to generate cookies with more randomness. boo1025084 - Remove unused function with use-after-free issue. boo1025035 %NASLMINLEVEL 70300 C...

CVE-2017-1000378

The NetBSD qsort function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in...

PHPCMS v9.6.3 suffers from a file inclusion vulnerability

PHPCMS is a website management software. A file inclusion vulnerability exists in the latest version of phpcms V9.6.3 and below. The vulnerability arises from two main parts, one is the acquisition of authkey, which utilizes the insecurity of random numbers, and the other is based on the logical...

DEBIAN-CVE-2017-5493

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...

Gratipay: Gratipay uses the random module's cryptographically insecure PRNG.

Dear Gratipay bug bounty team, Summary --- Gratipay currently uses the random module's pseudo-random number generator which is not a cryptographically secure PRNG as stated in the docs: The pseudo-random generators of this module should not be used for security purposes. For security or...

Animas OneTouch Ping Data Forgery Vulnerability

The Animas OneTouch Ping is a medical self-service device for diabetics taking insulin from Animas USA. A security vulnerability exists in the Animas OneTouch Ping device that stems from the program failing to properly generate random numbers. A remote attacker could exploit the vulnerability to...

UBUNTU-CVE-2016-6345

RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...

GNU Libgcrypt and GnuPG Predictable Random Number Generation Vulnerability

GNU Libgcrypt and GnuPG GNU Privacy Guard are both general-purpose cryptographic libraries developed by the GNU Project based on the GnuPG code. A predictable random number generation vulnerability exists in the mixing function in GNU Libgcrypt prior to 1.6.3-2+deb8u2 and GnuPG prior to...

USN-3065-1 libgcrypt11, libgcrypt20 vulnerability

Felix Dörre and Vladimir Klebanov discovered that Libgcrypt incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output...

IBM Watson Developer Cloud Weak Password Vulnerability

IBM Watson is a set of technology platforms from the American company IBM, and an outstanding representative of cognitive computing a new computing paradigm that encompasses a large number of technological innovations in the fields of information analytics, natural language processing and machine...

UBUNTU-CVE-2015-8867

The opensslrandompseudobytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RANDpseudobytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified...

Academics Make Theoretical Breakthrough in Random Number Generation

Two University of Texas academics have made what some experts believe is a breakthrough in random number generation that could have longstanding implications for cryptography and computer security. David Zuckerman, a computer science professor, and Eshan Chattopadhyay, a graduate student, publish...

PHP 'openssl_random_pseudo_bytes()' function design vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. There is a security vulnerability in PHP that can be exploited by an attacker to cause the program to generate predictable random numbers...