Askey AP5100W Dual SIG Security Feature Issue Vulnerability

The Askey AP5100W Dual SIG is a router from China-based Askey Electronics Technology Askey. The Askey AP5100W Dual SIG suffers from a security signature issue vulnerability that stems from a faulty random number selection in the Diffie-Hellman exchange. By capturing an attempted or even failed WP...

CVE-2020-7548

A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways see security notification for version information that could allow unauthorized users to login...

USN-4655-1: Werkzeug vulnerabilities

It was discovered that Werkzeug has insufficient debugger PIN randomness. An attacker could use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS. CVE-2019-14806 It was discovered that Werkzeug incorrectly handled certain URLs. An attacker could possibly use th...

Multiple Schneider Electric Product Security Feature Issue Vulnerabilities

Schneider Electric Acti9 Smartlink SI D is a smart interface unit that realizes data communication between Acti9 electrical devices and Modbus devices. Schneider Electric Acti9 Smartlink SI D is an intelligent interface unit that enables data communication between Acti9 electrical devices and...

DEBIAN-CVE-2020-28924

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

Rclone Security Feature Issue Vulnerability

Rclone is a software from the Rclone team that synchronizes data asynchronously from cloud storage. The software supports Google Drive, Amazon Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Cloudfiles, Google Cloud Storage, Yandex Files and other cloud storage. A security vulnerabilit...

PT-2021-5807

Name of the Vulnerable Software and Affected Versions Ansible Engine versions prior to 2.9.6 Description A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file...

USN-4525-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2019-18808 It was discovered that the Conexant 23885 TV card device...

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.

...

Ethereum Lottery Security Breach

Ethereum Lottery is an ethereum-based betting game. A security vulnerability in the 'PayWinner' function in Ethereum Lottery's simplelottery smart contract implementation stems from the fact that the 'PayWinner' function employs the publicly readable variable maxTickets to generate random values...

DEBIAN-CVE-2020-16166

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c...

Cryptogs Security Breach

Cryptogs is an ethereum-based digital currency. A security vulnerability exists in the 'endCoinFlip' and 'throwSlammer' functions in Cryptogs' smart contract implementation. An attacker could use the vulnerability to infer random values and win the game...

GHSA-J3RH-8VWQ-WH84 JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0

JHipster Kotlin is using an insecure source of randomness to generate all of its random values. JHipster Kotlin relies upon apache commons lang3 RandomStringUtils. From the documentation: Caveat: Instances of Random, upon which the implementation of this class relies, are not cryptographically...

JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0

JHipster Kotlin is using an insecure source of randomness to generate all of its random values. JHipster Kotlin relies upon apache commons lang3 RandomStringUtils. From the documentation: Caveat: Instances of Random, upon which the implementation of this class relies, are not cryptographically...

Cypress Semiconductor PSoC Creator BLE Security Feature Issue Vulnerability

Cypress Semiconductor PSoC Creator BLE is a programmable embedded system-on-chip with integrated Bluetooth Low Energy BLE from Cypress Semiconductor. A security signature issue vulnerability exists in Cypress Semiconductor PSoC Creator 4.2 BLE prior to version 3.64, which stems from the BLE...

CVE-2020-11957

The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number Pairing Random with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and unauthenticated pairing with...

PT-2020-19335 · Elastic · Cloud On Kubernetes

Name of the Vulnerable Software and Affected Versions: Elastic Cloud on Kubernetes ECK versions prior to 1.1.0 Description: The issue concerns a weak random number generator used to generate passwords in Elastic Cloud on Kubernetes ECK. This weakness can be exploited if an attacker determines whe...

Lucky9io has a logic flaw vulnerability

Lucky9io is an ethereum-based virtual gambling game.A security vulnerability exists in Lucky9io's implementation of a simple lotto smart contract, which stems from the use of a fallback function to generate random values using the publicly readable variable entrynumber. An attacker could exploit...

Ethereum Lottery has a flawed logic vulnerability

Ethereum Lottery is an ethereum-based betting game.Ethereum Lottery's simplelottery smart contract implementation has a security vulnerability in the 'PayWinner' function that stems from the ' PayWinner' function uses the publicly readable variable maxTickets to generate random values. The...

PT-2020-6904 · Unknown +1 · React Native Bluetooth Scan +1

Name of the Vulnerable Software and Affected Versions: Bluezone version 1.0.0 Description: The issue is related to the use of insufficiently random values in the React Native Bluetooth Scan component of the Bluezone application. This could allow a remote attacker to interfere with COVID-19 contac...