1235 matches found
DEBIAN-CVE-2024-35875
In the Linux kernel, the following vulnerability has been resolved: x86/coco: Require seeding RNG with RDRAND on CoCo systems There are few uses of CoCo that don't rely on working cryptography and hence a working RNG. Unfortunately, the CoCo threat model means that the VM host cannot be trusted a...
UBUNTU-CVE-2024-35875
In the Linux kernel, the following vulnerability has been resolved: x86/coco: Require seeding RNG with RDRAND on CoCo systems There are few uses of CoCo that don't rely on working cryptography and hence a working RNG. Unfortunately, the CoCo threat model means that the VM host cannot be trusted a...
CVE-2024-3411 Insufficient Randomness When Validating an IPMI Authenticated Session
Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC device...
CVE-2024-3411 Insufficient Randomness When Validating an IPMI Authenticated Session
Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC device...
WordPress Customer Email Verification for WooCommerce plugin <= 2.7.4 - Email Verification and Authentication Bypass due to Insufficient Randomness vulnerability
Email Verification and Authentication Bypass due to Insufficient Randomness vulnerability discovered by István Márton in WordPress Plugin Email Verification for WooCommerce versions = 2.7.4...
CVE-2023-6799 WP Reset <= 2.0 - Sensitive Information Exposure due to Insufficient Randomness
The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data...
CVE-2023-6799 WP Reset <= 2.0 - Sensitive Information Exposure due to Insufficient Randomness
The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data...
Chilkat 安全漏洞
Chilkat is a cross-language, cross-platform API from Chilkat, Inc. A security vulnerability exists in Chilkat versions prior to v9.5.0.98. An attacker exploited the vulnerability to obtain sensitive information via a predictable PRNG in the ChilkatRand::randomBytes function...
PT-2024-22210
Name of the Vulnerable Software and Affected Versions NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP...
WP Reset < 2.0 - Sensitive Information Exposure due to Insufficient Randomness
Description The plugin is vulnerable to Sensitive Information Exposure via the use of insufficiently random snapshot names, allowing unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames...
Enhancing Blockchain Randomness To Eliminate Trust Issues Once For All
By Uzair Amir Blockchains lack true randomness, hindering applications like fair games, DeFi, and NFTs. Pyth Networks "Pyth Entropy" solves this… This is a post from HackRead.com Read the original post: Enhancing Blockchain Randomness To Eliminate Trust Issues Once For All...
CLSA-2024-1710184399 gnutls: Fix of 3 CVEs
Keep the broken pkcs11 tests disabled. - Added CVE-2024-0567 PoC test. - CVE-2023-5981-pre1: improve level of randomness for each operations, always use gnutlsswitchlibstate for pk wrappers. - CVE-2023-5981-pre2: add constant time/cache operations to prevent or minimaze timining or cache side...
BIT-NODE-2022-35255
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...
CVE-2022-48629
In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...
UBUNTU-CVE-2022-48629
In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...
CVE-2022-48629
In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...
CVE-2022-48629 crypto: qcom-rng - ensure buffer for generate is completely filled
In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...
CVE-2022-48629
In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...
PT-2024-20913 · Rt-Thread · Rt-Thread
Name of the Vulnerable Software and Affected Versions: RT-Thread versions through 5.0.2 Description: The issue is related to a weak random number generation algorithm used in RT-Thread. The algorithm, defined as seed = 214013L seed + 2531011L; return seed 16 & 0x7FFF;, is implemented in the calc...
CentOS 9 : c-ares-1.19.1-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the c-ares-1.19.1-1.el9 build changelog. - AutoTools does not set CARESRANDOMFILE during cross compilation rhel-9 CVE-2023-31124 - Buffer Underwrite in aresinetnetpton rhel-9...