Fedora 17 : plexus-cipher-1.5-11.fc17 (2012-19233)

This update fixes a security bug by improving randomness of generated cipher salt. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora 18 : plexus-cipher-1.5-11.fc18 (2012-19162)

This update fixes a security bug by improving randomness of generated cipher salt. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Design/Logic Flaw

Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."...

CVE-2012-1598

Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."...

CVE-2012-1598

CVE-2012-1598 affects Joomla! 1.5.x before 1.5.26, with an unspecified impact related to insufficient randomness and a password reset vulnerability. Connected sources confirm the existence of these issues but do not provide concrete exploit details or remediation in the available documents. No ex...

cumin: weak session keys

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...

DEBIAN-CVE-2012-1581

MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users...

CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed

Android's DNS resolver is vulnerable to DNS poisoning due to weak randomness in its implementation. Researchers Roee Hay & Roi Saltzman from IBM Application Security Research Group demonstrate that how an attacker can successfully guess the nonce of the DNS request with a probability thatis su...

DEBIAN-CVE-2012-0808

as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack...

[20120305] - Core - Password Change

Insufficient randomness leads to password reset vulnerability...

[20120304] - Core - Password Change

Insufficient randomness leads to password reset vulnerability...

ruby: Properly initialize the random number generator when forking new process

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900...

PYSEC-2010-22

pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command...

Debian Security Advisory DSA 2098-2 (typo3-src)

The remote host is missing an update to typo3-src announced via advisory DSA 2098-2. OpenVAS Vulnerability Test $Id: deb20982.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2098-2 typo3-src Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

Debian: Security Advisory (DSA-2098-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-2098-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 2098-1] New typo3-src packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2098-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 29, 2010 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2098-1] New typo3-src packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2098-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 29, 2010 http://www.debian.org/security/faq -...

DSA-2098-1 typo3-src - several vulnerabilities

Bulletin has no description...

Multiple vulnerabilities in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting XSS, Open Redirection, SQL Injection, Broken Authentication and Session Management, Insecure Randomness, Information Disclosure, Arbitrary Code Execution Component Type: TYPO3 Core Affected Versions: 4.1.13 and below,...