MemoryMapper - Lightweight Library Which Allows The Ability To Map Both Native And Managed Assemblies Into Memory

Memory Mapper is a lightweight library which allows the ability to map both native and managed assemblies into memory by either using process injection of a process specified by the user or self-injection; the technique of injecting an assembly into the currently running process attempting to do...

Nextcloud: Reduced purmations on encryption

OC\Security\SecureRandom::generate Reduced Permutations OC\Security\SecureRandom::generate will by default use a-Z0-9+/ 64 bytes character set. The numbers are not predictable, due to the use of randomint. Most notably the OC\Security\Crypto::encrypt method uses an IV with a length of 16 bytes. I...

Information Leakage

Ruby is vulnerable to information leakage. The attack is possible due to a flaw in the Ruby SecureRandom module. When using the SecureRandom.randombytes class, the PRNG state was not modified after forking a child process. This could eventually lead to SecureRandom.randombytes returning the same...

GHSA-V2R2-7QM7-JJ6V Spring Security uses insufficiently random values

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...

CVE-2019-3795

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...

CVE-2019-3795

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...

CVE-2019-3795

CVE-2019-3795 affects Spring Security: insecure randomness when SecureRandomFactoryBean#setSeed is used to configure a SecureRandom. Impact requires the application to supply a seed and expose the resulting random material to an attacker. Affected releases include Spring Security 4.2.x before 4.2...

CVE-2019-3795 Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...

Possible Remote Code Execution Exploit in Rails Development Mode

There is a possible a possible remote code executing exploit in Rails when in development mode. This vulnerability has been assigned the CVE identifier CVE-2019-5420. Versions Affected: 6.0.0.X, 5.2.X. Not affected: 5.2.0 Fixed Versions: 6.0.0.beta3, 5.2.2.1 Impact ------ With some knowledge of a...

CVE-2018-6337

folly::secureRandom will re-use a buffer between parent and child processes when fork is called. That will result in multiple forked children producing repeat or similar results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00...

PT-2018-17487 · Facebook · Folly +1

Name of the Vulnerable Software and Affected Versions: HHVM versions prior to 3.26.3 folly library versions between v2017.12.11.00 and v2018.08.09.00 Description: The issue is related to the folly::secureRandom function, which re-uses a buffer between parent and child processes when fork is calle...

Security Bulletin: IBM Worklight Android Pseudo Random Number Generator Weakness (CVE-2013-5391)

Summary Android applications that use Java Cryptography Architecture for key generation, signing or random number generation might not receive cryptographically strong values due to improper initialization of the underlying Pseudo Random Number Generator. Vulnerability Details CVEID: CVE-2013-539...

Trend Micro Control Manager - ImportFile Directory Traversal RCE Exploit

Exploit for windows platform in category remote exploits require 'msf/core' require 'msf/core/exploit/phpexe' class MetasploitModule 'Trend Micro Control Manager importFile Directory Traversal RCE', 'Description' = %q This module exploits a directory traversal vulnerability found in Trend Micro...

Trend Micro Control Manager - ImportFile Directory Traversal Remote Code Execution (Metasploit)

Trend Micro Control Manager - ImportFile Directory Traversal Remote Code Execution Metasploit require 'msf/core' require 'msf/core/exploit/phpexe' class MetasploitModule 'Trend Micro Control Manager importFile Directory Traversal RCE', 'Description' = %q This module exploits a directory traversal...

Insecure Salt Generation Via Unsafe Pseudorandom Number Function

Fluentd has an insecure generate of salt values. This is because OpenSSL::Random was used rather than a SecureRandom function to generate the values...

CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

DEBIAN-CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

Design/Logic Flaw

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

CVE-2016-1902

CVE-2016-1902 affects Symfony’s SecureRandom class prior to: 2.3.37, 2.6.x prior to 2.6.13, and 2.7.x prior to 2.7.9 when used with PHP 5.x without the paragonie/random_compat library. The OpenSSL/openssl_random_pseudo_bytes path may fail, causing weak or non-secure random numbers and undermining...