CVE-2022-39237

syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...

Apache Pulsar Java Client vulnerable to Improper Certificate Validation

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

NodeBB < 1.19.8, 2.x < 2.0.1 Account Takeover Vulnerability

NodeBB is prone to an account takeover vulnerability via a cryptographically weak PRNG in SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-36045

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and...

CVE-2022-36045 Account takeover via cryptographically weak PRNG in NodeBB Forum

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and...

GHSA-P4CC-W597-6CPM Cryptographically weak PRNG in `utils.generateUUID`

In Brief utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and potentially earlier used a cryptographically insecure Pseudo-random number generator Math.random, which meant that a specially crafted script combined with multiple invocations...

Upgraded Q -> M from 113 [1660684075488]

Judge has assessed an item in Issue 113 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years

The exposure of cryptographically scrambled passwords isn’t a worst-case scenario—but it isn’t great, either...

GHSA-768M-5W34-2XF5 LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0

Impact The function used to generate random nonces was not sufficiently cryptographically complex. As a result values may be predictable and tokens may be forgable. Patches Users should upgrade to version 5.0 immediately Workarounds None...

Code injection

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...

CVE-2022-31157 Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...

Apple’s passkeys attempt to solve the password problem

The recent Apple Worldwide Developers Conference WWDC revealed another teasing of what has been referred to as "the end of passwords forever". Passkeys are a "new biometric sign-in standard". Biometrics in security circles are used for things like identity cards, building access, and so on. This...

Weak private key generation in SSH.NET

During an X25519 key exchange, the client’s private is generated with System.Random: cs var rnd = new Random; privateKey = new byteMontgomeryCurve25519.PrivateKeySizeInBytes; rnd.NextBytesprivateKey; Source: KeyExchangeECCurve25519.cs Source commit:...

CVE-2022-30782

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers...

CVE-2022-30782

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers...

[SECURITY] Fedora 36 Update: golang-github-appc-spec-0.8.11-13.fc36

This package contains schema definitions and tools for the App Container app c specification. These include technical details on how an appc image is downloaded over a network, cryptographically verified, and executed on a host. See SPEC.md for details of the specification itself...

Design/Logic Flaw

The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame...

FortiPortal - Insecure password generation

The use of a cryptographically weak pseudo-random number generator CWE-338 in the password reset feature of FortiPortal may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame...

CVE-2021-3990

Technical details (affected versions, root cause specifics, and fixes) for CVE-2021-3990 are not publicly available in the provided connected documents. Monitor for updates from vendors and vulnerability databases.

CVE-2021-3990 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdoc

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG...