15 matches found
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
CVE-2013-5180
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveragi...
CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
CVE-2025-22150
Undici (HTTP/1.1 client) is affected by CVE-2025-22150 in versions prior to 5.28.5, 6.21.1, and 7.2.3 due to using Math.random() to generate multipart/form-data boundaries. This can enable an attacker-controlled endpoint to tamper with requests if specific conditions are met, potentially affectin...
CVE-2025-22150 Undici Uses Insufficiently Random Values
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
Oracle Linux 9 : samba (ELSA-2023-2519)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2519 advisory. - resolves: rhbz2154373 - Fix CVE-2022-38023 - Fix CVE-2022-1615 GnuTLS gnutlsrnd can fail and give predictable random values - resolves: rhbz2108332 - Fix...
Oracle Linux 8 : samba (ELSA-2023-2987)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2987 advisory. - In Samba, GnuTLS gnutlsrnd can fail and give predictable random values. CVE-2022-1615 Note that Nessus has not tested for this issue but has instead relied on...
Low: Red Hat Security Advisory: samba security, bug fix, and enhancement update
An update for evolution-mapi, openchange, and samba is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Information Disclosure
samba is vulnerable to information disclosure. A local authenticated attacker is able to gain access to confidential information, because GnuTLS gnutlsrnd may fail and give predictable random values...
CVE-2022-39218 Random number seed fixed during compilation
The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...
UBUNTU-CVE-2022-1615
In Samba, GnuTLS gnutlsrnd can fail and give predictable random values...
Input validation
In Samba, GnuTLS gnutlsrnd can fail and give predictable random values...
CVE-2022-1615
In Samba, GnuTLS gnutlsrnd can fail and give predictable random values...
CVE-2022-1615
In Samba, GnuTLS gnutlsrnd can fail and give predictable random values...
Code injection
A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by...