Information Disclosure

samba is vulnerable to information disclosure. A local authenticated attacker is able to gain access to confidential information, because GnuTLS gnutlsrnd may fail and give predictable random values...

CVE-2022-39218 Random number seed fixed during compilation

The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...

CVE-2022-1615

In Samba, GnuTLS gnutlsrnd can fail and give predictable random values...

Input validation

In Samba, GnuTLS gnutlsrnd can fail and give predictable random values...

UBUNTU-CVE-2022-1615

In Samba, GnuTLS gnutlsrnd can fail and give predictable random values...

CVE-2022-1615

In Samba, GnuTLS gnutlsrnd can fail and give predictable random values...

Advisory ROSA-SA-2021-1829

Software: erlang R16B OS: Cobalt 7.9 CVE-ID: CVE-2011-0766 CVE-Crit: MEDIUM CVE-DESC: The random number generator in the Crypto application before 2.0.2.2.2 and SSH before 2.0.5, which was used in the Erlang / OTP ssh library before R14B03, uses predictable starting numbers based on the current...

Design/Logic Flaw

It was found that various OpenID Providers OPs had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator CVE-2008-0166. In combination with the DNS Cache Poisoning issue CVE-2008-1447 and the fact that almost all SSL/TLS implementations do not...

CVE-2008-3280

It was found that various OpenID Providers OPs had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator CVE-2008-0166. In combination with the DNS Cache Poisoning issue CVE-2008-1447 and the fact that almost all SSL/TLS implementations do not...

Design/Logic Flaw

The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output...

Debian DLA-1936-1 : cups security update

An issue has been found in cups, the Common UNIX Printing Systemtm. While generating a session cookie for the CUPS web interface, a predictable random number seed was used. This could lead to unauthorized scripted access to the enabled web interface. For Debian 8 'Jessie', this problem has been...

Code injection

A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by...

Code injection

A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize function to prevent a malicious contract from being called, but the attacker can bypass it by writing t...

CVE-2018-17877

A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize function to prevent a malicious contract from being called, but the attacker can bypass it by writing t...

CVE-2018-17968

A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by...

CVE-2018-12975

The random function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable which can be read with a getStorageAt call. Therefore, attackers can...

CVE-2018-14715

The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game...

CVE-2018-14715

The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game...

CVE-2017-11519

TP-Link Archer C9(UN)_V2_160517 is affected by CVE-2017-11519 due to a predictable RNG seed in passwd_recovery.lua, enabling an attacker to reset the admin password over the network. The issue is fixed in firmware C9(UN)_V2_170511. If exploited, impact is administrator password reset; CVSS metric...

NTP.org 'ntpd' Predictable Random Number Generator Weakness Brute Force Attack Vulnerability

NTP.org SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ntp:ntp"; ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.809780";...