EUVD-2020-29479

Malware in sbrugna...

EUVD-2023-43610

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-8631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in...

Fedora 40 : aws (2024-63f98f8c60)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-63f98f8c60 advisory. CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator. AWS.Utils.Random and AWS.Utils.RandomString used...

Fedora 39 : aws (2024-d940f25a53)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-d940f25a53 advisory. CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator. AWS.Utils.Random and AWS.Utils.RandomString used...

RHEL 6 : cloud-init (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cloud-init: default configuration disabled deletion of SSH host keys CVE-2018-10896 - cloud-init through...

Oracle Linux 7 : cloud-init (ELSA-2020-3898)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-3898 advisory. - Resolves: bz1574338 CVE-2018-10896 cloud-init: SSH host keys are not regenerated for the new instances rhel-7 - Resolves: bz1812170 CVE-2020-8632...

CVE-2023-39910

The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet...

CVE-2023-39910

The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet...

CVE-2023-39910

CVE-2023-39910 (Milk Sad) affects Libbitcoin Explorer 3.0.0–3.6.0. The wallet entropy seeding uses an mt19937 PRNG, constraining internal entropy to 32 bits regardless of settings, enabling attackers to recover wallet private keys from residual memory and steal funds. The description notes this w...

VulnCheck KEV: CVE-2023-39910

The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet...

Use of predictable RNG for password generation

Description pkp-lib implements a password-generation function with the following line of code being integral to its functionality: PHP for ... $password .= mtrand1, 4 == 4 ? $numbersmtrand0, strlen$numbers - 1 : $lettersmtrand0, strlen$letters - 1; This relies upon mtrandlow, high; to generate a...

CVE-2023-31290

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input...

VulnCheck KEV: CVE-2023-31290

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input...

CVE-2023-31290

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input...

Trust Wallet Core 安全特征问题漏洞

Trust Wallet Core is an open source, cross-platform, mobile-centric library from Trust Wallet, Inc. A security vulnerability exists in Trust Wallet Core versions prior to 3.1.1, Trust Wallet browser extension prior to 0.0.183, which stems from mt19937 Mersenne Twister uses a single 32-bit value a...

SUSE CVE-2020-8631

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function...

Prime95 30.7 Build 9 Buffer Overflow Exploit

Exploit Title: Prime95 Version 30.7 build 9 Buffer Overflow RCE Discovered by: Yehia Elghaly Vendor Homepage: https://www.mersenne.org/ Software Link : https://www.mersenne.org/ftproot/gimps/p95v307b9.win32.zip Tested Version: 30.7 build 9 Vulnerability Type: Buffer Overflow RCE Local Tested on O...

PT-2022-7862 · Piwigo · Piwigo

Name of the Vulnerable Software and Affected Versions: Piwigo affected versions not specified Description: The issue affects Piwigo, an image gallery software written in PHP. When certain criteria are not met on a host, Piwigo defaults to using mt rand to generate password reset tokens. The outpu...

Mageia: Security Advisory (MGASA-2020-0295)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...