cloud-init through 19.4 relies on Mersenne Twister for a random password which makes it easier for attackers to predict passwords because rand_str in cloudinit/util.py calls the random.choice function.

...

Security Bulletin: Vulnerability in libgcrypt affects SmartCloud Entry (CVE-2016-6313 )

Summary GnuPG could provide weaker than expected security, caused by an error in the mixing functions when obtaining 4640 bits from the random number generator. Vulnerability Details CVEID: CVE-2016-6313 DESCRIPTION: GnuPG could provide weaker than expected security, caused by an error in the...

CVE-2019-11840

An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the...

CVE-2020-8631

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function...

UBUNTU-CVE-2020-8631

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function...

Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-1606)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2019-19794

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

UBUNTU-CVE-2019-19794

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

CVE-2019-16674

CVE-2019-16674 affects Weidmueller IE-SW-VL05M/IE-SW-VL08MT/IE-SW-PL10M series. The root cause is that authentication information used in a cookie is predictable, enabling admin password compromise when captured over the network. The Red Hat and NVD entries describe a high-risk issue with the coo...

CVE-2019-10755

The CVE-2019-10755 entry concerns pac4j-saml and the 3.X release line. The issue is that the SAML identifier generated in SAML2Utils.java uses Apache Commons Lang3 RandomStringUtils, whose PRNG is not cryptographically strong, leading to predictable randomness for SAML identifiers. This weakness ...

EulerOS Virtualization 3.0.1.0 : libgcrypt (EulerOS-SA-2019-1448)

According to the version of the libgcrypt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A design flaw was found in the libgcrypt PRNG Pseudo-Random Number Generator. An attacker able to obtain the first 580 bytes of th...

CVE-2019-11840

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream i...

CVE-2019-11840

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream i...

Information disclosure

An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the...

CVE-2019-11840

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream i...

PT-2019-12525 · Matrix +2 · Matrix Sydent +3

Name of the Vulnerable Software and Affected Versions: Matrix Sydent versions prior to 1.0.3 Synapse versions prior to 0.99.3.1 Description: An issue was discovered that makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID due to mishandled random number...

CVE-2019-11840

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream i...

DEBIAN-CVE-2019-11690

genranduuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIGRANDOMUUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device...

Code injection

The algorithm used to generate device IDs UIDs for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices...

CVE-2019-11219

The algorithm used to generate device IDs UIDs for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices...