CVE-2021-3538

CVE-2021-3538 affects github.com/satori/go.uuid with insecure randomness in g.rand.Read causing predictable UUIDs. Affected versions include those around commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c6f, fixed in later releases (patches) of the go.uuid module. Remediation: upgrade to a version w...

go.uuid 安全特征问题漏洞

go.uuid is a UUID package for Go. This package provides a pure Go implementation of the Universally Unique Identifier UUID. UUID creation and resolution is supported. A security vulnerability exists in go.uuid, which stems from an insecure randomness in the g.rand.Read function that can be...

PT-2021-20903 · Go.Uuid · Go.Uuid

Name of the Vulnerable Software and Affected Versions: github.com/satori/go.uuid versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45 Description: A flaw in the github.com/satori/go.uuid package causes the generated UUIDs to be predictable for ...

Red Hat Ansible Security Feature Issue Vulnerability

Red Hat Ansible is a computer system configuration manager from Red Hat, an American company. The product can be used to publish, manage, and organize computer systems. A security vulnerability previously existed in Ansible version 2.9.6, which stemmed from a flaw discovered when the program was...

DEBIAN-CVE-2020-10729

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords a...

PYSEC-2021-105

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords a...

Red Hat Ansible 安全特征问题漏洞

Red Hat Ansible is a computer system configuration manager from Red Hat, an American company. The product can be used to publish, manage, and organize computer systems. A security vulnerability previously existed in Ansible version 2.9.6, which stemmed from a flaw discovered when the program was...

PT-2021-11247 · Unknown · Bluetooth Mesh

Name of the Vulnerable Software and Affected Versions: Bluetooth Mesh profile versions 1.0 and 1.0.1 Description: The issue allows a nearby device to potentially determine the AuthValue used in the provisioning protocol via a brute-force attack, unless the AuthValue is sufficiently random and...

Predictable SIF UUID Identifiers in github.com/sylabs/sif

Impact The siftool new command and func siftool.New produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid module used as a dependency. Patches A patch is available in version = v1.2.3 of the module. Users are encouraged to upgrade. The pat...

Insecure randomness in getPseudoRand(uint256 modulus){} function

Handle JMukesh Vulnerability details Impact insecure randomness due to a modulo on block.timestamp, now or blockhash. These can be influenced by miners to some extent so they should be avoided Proof of Concept Tools Used slither Recommended Mitigation Steps use chainlink vrf --- The text was...

CVE-2021-29499

SIF is an open source implementation of the Singularity Container Image Format. The siftool new command and func siftool.New produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid module used as a dependency. A patch is available in version...

CVE-2021-29499

SIF is an open source implementation of the Singularity Container Image Format. The siftool new command and func siftool.New produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid module used as a dependency. A patch is available in version...

Command injection

SIF is an open source implementation of the Singularity Container Image Format. The siftool new command and func siftool.New produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid module used as a dependency. A patch is available in version...

UBUNTU-CVE-2021-29499

SIF is an open source implementation of the Singularity Container Image Format. The siftool new command and func siftool.New produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid module used as a dependency. A patch is available in version...

Weak PRNG

Handle maplesyrup Vulnerability details Impact Using blockhash/blocknumber and randNone are subject to attack, particularly by malicious miners: This could be used to the behavior of getRandomTokenIdFromFund to cause a preferential TokenId to be returned. It allows for gaming of the system by...

Singularity Image Format 安全特征问题漏洞

Singularity is an open source container management platform from the Singularity team Singularity. The software supports building applications on their desktops and running hundreds or thousands of instances on any public cloud or at the compute edge. A security vulnerability exists in versions...

CVE-2021-3538

A flaw was found in github.com/satori/go.uuid. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker...

Randomnesss can be manipulated

Handle adelamo Vulnerability details Here you have more info: --- The text was updated successfully, but these errors were encountered: All reactions...

GHSA-9295-MHF3-V33M Insecure temporary file in Netflix OSS Hollow

ID: NFLX-2021-001 Title: Local information disclosure in Hollow Release Date: 2021-03-23 Credit: Security Researcher @JLLeitschuh Overview Security researcher @JLLeitschuh reported that Netflix Hollow a Netflix OSS project available here: https://github.com/Netflix/hollow writes to a local...

CVE-2021-28099

In Netflix OSS Hollow, since the Files.existsparent is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated...