Lucene search
K

4 matches found

Prion
Prion
added 2016/06/01 10:59 p.m.21 views

Design/Logic Flaw

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

5CVSS6.9AI score0.01907EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2016/06/01 10:0 p.m.84 views

CVE-2016-1902

CVE-2016-1902 affects Symfony’s SecureRandom class prior to: 2.3.37, 2.6.x prior to 2.6.13, and 2.7.x prior to 2.7.9 when used with PHP 5.x without the paragonie/random_compat library. The OpenSSL/openssl_random_pseudo_bytes path may fail, causing weak or non-secure random numbers and undermining...

7.5CVSS7.2AI score0.01907EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2016/06/01 10:0 p.m.54 views

CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

7.5CVSS7.4AI score0.01907EPSS
Exploits0
Symfony
Symfony
added 2016/01/18 12:0 a.m.32 views

CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails

Affected Versions Symfony 2.3.0 to 2.3.36, 2.6.0 to 2.6.12, 2.7.0 to 2.7.8 versions of the Security component are affected by this security issue when used with PHP 5.x without the paragonie/randomcompat library listed in your Composer dependencies. Projects using PHP 7 are not affected. This iss...

7.5CVSS7.4AI score0.01907EPSS
Exploits0
Rows per page
Query Builder