CVE-2026-6420

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module TPM quote attestation instead of a...

CLSA-2023-1699907901 Fix CVE(s): CVE-2023-3247

SECURITY UPDATE: possible weak randomness in nonce value - debian/patches/php-7.0-CVE-2023-3247.patch: Fix missing randomness check for SOAP HTTP Digest...

CLSA-2023-1699907419 Fix CVE(s): CVE-2023-3247

SECURITY UPDATE: possible weak randomness in nonce value - debian/patches/php-7.1-CVE-2023-3247.patch: Fix missing randomness check for SOAP HTTP Digest - CVE-2023-3247...

SUSE CVE-2013-4347

The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...

GHSA-GVFJ-FXX3-J323 mellium.im/sasl authentication failure due to insufficient nonce randomness

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...