CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

Debian DSA-3588-1 : symfony - security update

Two vulnerabilities were discovered in Symfony, a PHP framework. - CVE-2016-1902 Lander Brandt discovered that the class SecureRandom might generate weak random numbers for cryptographic use under certain settings. If the functions randombytes or opensslrandompseudobytes are not available, the...

Debian Security Advisory DSA 3588-1 (symfony - security update)

Two vulnerabilities were discovered in Symfony, a PHP framework. CVE-2016-1902 Lander Brandt discovered that the class SecureRandom might generate weak random numbers for cryptographic use under certain settings. If the functions randombytes or opensslrandompseudobytes are not available, the outp...

Debian: Security Advisory (DSA-3588-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails

Affected Versions Symfony 2.3.0 to 2.3.36, 2.6.0 to 2.6.12, 2.7.0 to 2.7.8 versions of the Security component are affected by this security issue when used with PHP 5.x without the paragonie/randomcompat library listed in your Composer dependencies. Projects using PHP 7 are not affected. This iss...

CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails

More info at https://symfony.com/cve-2016-1902...

CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails

More info at https://symfony.com/cve-2016-1902...

CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails

More info at https://symfony.com/cve-2016-1902...

SecureRandom漏洞详解

No description provided by source...

SecureRandom vulnerability details（CVE-2 0 1 3-7 3 7 2-the vulnerability warning-the black bar safety net

0×0 0 vulnerability overview Android 4.4 previous versions of the Java cryptographic architectureJCAusing Apache Harmony 6. 0M3 and the previous version of the SecureRandom implementation there is a security vulnerability, specifically located in the...

openSUSE Security Update : ruby (openSUSE-SU-2012:0228-1)

This update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes, which are fully compatible with the previous version. You can review the detailed list here : http://svn.ruby-lang.org/repos/ruby/tags/v187357/ChangeLog The particularly noteworthy fixes are : - Hash...

IBM Patches Predictable Output Problem in SecureRandom PRNG

Details have surfaced on a recently patched vulnerability in IBM’s SecureRandom pseudo-random number generator that could allow an attacker to predict its output. Only the default SecureRandom implementation in the IBM Java Cryptography Extension JCE framework is vulnerable; IBM recommends that...

CVE-2013-7372

The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNGSecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture JCA in Android before 4.4 and...

CVE-2013-7372

CVE-2013-7372 affects the SecureRandom implementation in Apache Harmony (SHA1PRNG_SecureRandomImpl) used by JCA in Android up to version 4.3/4.4 boundaries. The engineNextBytes function uses an incorrect offset when no user seed is provided, making the PRNG output more predictable and enabling at...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-136) (ROBOT)

Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2012-5086 , CVE-2012-5084 , CVE-2012-5089 Multiple improper permission check issues...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2012-137) (ROBOT)

Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2012-5086 , CVE-2012-5084 , CVE-2012-5089 Multiple improper permission check issues...

Important: java-1.7.0-openjdk

Issue Overview: Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2012-5086, CVE-2012-5084, CVE-2012-5089 Multiple improper permission...

Important: java-1.6.0-openjdk

Issue Overview: Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2012-5086, CVE-2012-5084, CVE-2012-5089 Multiple improper permission...

CentOS Update for java CESA-2012:1384 centos6

Check for the Version of java OpenVAS Vulnerability Test CentOS Update for java CESA-2012:1384 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...