Lucene search
K

119 matches found

CNNVD
CNNVD
added 2022/04/04 12:0 a.m.4 views

多款Qualcomm芯片安全漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and is manufactured from time to time on the surface of semiconductor wafers. A security vulnerability exists in several Qualcomm products that...

9CVSS5.9AI score0.0016EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2021/08/25 12:0 a.m.7 views

The vulnerability of the FortiMail IBE (Identity-Based Encryption) service of the FortiMail email protection system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of FortiMail IBE’s Identity-Based Encryption service in the email protection system is related to errors in the code of the pseudorandom number generator. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected informatio...

7.8CVSS5.5AI score0.00294EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2021/06/21 12:0 a.m.5 views

PT-2021-3854 · Fortinet · Fortimail

Name of the Vulnerable Software and Affected Versions: FortiMail affected versions not specified Description: The issue is related to errors in the code of the pseudorandom number generator in the FortiMail IBE Identity Based Encryption service. This could allow a remote attacker to gain...

7.8CVSS6.5AI score0.00294EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2020/06/30 12:0 a.m.6 views

The vulnerability of the get_random_string function in D-Link DIR-865L router software allows a hacker to disclose protected information.

The vulnerability of the getrandomstring function in D-Link DIR-865L router software is related to errors in the code of the pseudorandom number generator. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by this function...

7.8CVSS7.2AI score0.01296EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2019/05/03 4:20 p.m.75 views

CVE-2019-1715

CVE-2019-1715 affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD)Software. The issue is a low-entropy Deterministic Random Bit Generator (DRBG/PRNG) used for cryptographic key generation, which can allow an unauthenticated remote attacker to cause cryptographic collisions and pote...

7.5CVSS6.3AI score0.01712EPSS
Exploits0References1Affected Software2
BDU FSTEC
BDU FSTEC
added 2019/04/25 12:0 a.m.5 views

The vulnerability of the pseudorandom number generator in the Libgcrypt cryptography library, related to information disclosure, allows a hacker to predict the output data.

The vulnerability of the pseudorandom number generator in the Libgcrypt cryptography library is related to an error that causes the generation of a 160-bit random number from a standard random number generator. Exploiting this vulnerability allows a remote attacker to predict the output data...

5.3CVSS6.2AI score0.03597EPSS
Exploits0References5Affected Software3
NVD
NVD
added 2019/04/03 6:29 p.m.20 views

CVE-2018-4398

An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8...

7.5CVSS7AI score0.0163EPSS
Exploits0References6
OSV
OSV
added 2019/04/03 6:29 p.m.2 views

CVE-2018-4398

An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8...

7.5CVSS5.5AI score0.0163EPSS
Exploits0References6
Prion
Prion
added 2019/04/03 6:29 p.m.17 views

Design/Logic Flaw

An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8...

5CVSS6.9AI score0.0163EPSS
Exploits0References6Affected Software6
Veracode
Veracode
added 2019/01/15 9:9 a.m.24 views

Unsafe Pseudorandom Number Generation Through The Use Of Insecure Entropy Source

uuid and node-uuid have flaws which lead to the use of an insecure entropy source "Math.random" to generate pseudorandom numbers instead of using a secure Cryptographic API...

7.5CVSS7.3AI score0.02257EPSS
Exploits0References31Affected Software2
GithubExploit
GithubExploit
added 2018/08/26 2:34 p.m.8 views

Exploit for CVE-2017-3000

CVE-2017-3000 A full exploit of CVE-2017-3000...

6.5CVSS7.2AI score0.0836EPSS
Exploits1
Veracode
Veracode
added 2018/03/28 6:56 a.m.17 views

Insecure Number Generator

github.com/terraform-providers/terraform-provider-aws is vulnerable to insecure number generation. The library uses a pseudorandom number generator thats based on the time of generation, allowing a malicious user to make educated guesses about the password...

9.8CVSS9.1AI score0.02038EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2017/10/24 6:58 a.m.26 views

DUHK Attack Lets Hackers Recover Encryption Key Used in VPNs & Web Sessions

DUHK — Don't Use Hard-coded Keys — is a new 'non-trivial' cryptographic implementation vulnerability that could allow attackers to recover encryption keys that secure VPN connections and web browsing sessions. DUHK is the third crypto-related vulnerability reported this month after KRACK Wi-Fi...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/07 11:0 a.m.99 views

Hacking Slot Machines by Reverse-Engineering the Random Number Generators

Interesting story: The venture is built on Alex's talent for reverse engineering the algorithms -- known as pseudorandom number generators, or PRNGs -- that govern how slot machine games behave. Armed with this knowledge, he can predict when certain games are likeliest to spit out money­insight...

7AI score
Exploits0
Veracode
Veracode
added 2017/03/03 9:7 a.m.8 views

Insecure Pseudorandom Number Generation

randomkey is vulnerable to insecure pseudorandom number generation. The vulnerability exists because it uses Math.random instead of cryptographically secure pseudorandom number generation...

6.7AI score
Exploits0
Veracode
Veracode
added 2017/02/01 5:12 a.m.6 views

Insecure Salt Generation Via Unsafe Pseudorandom Number Function

Fluentd has an insecure generate of salt values. This is because OpenSSL::Random was used rather than a SecureRandom function to generate the values...

6.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/05/12 12:0 a.m.30 views

openSUSE Security Update : Firefox 46.0 (openSUSE-2016-566) (SWEET32)

This update to Mozilla Firefox 46.0 fixes several security issues and bugs boo977333. The following vulnerabilities were fixed : - CVE-2016-2804: Miscellaneous memory safety hazards - MFSA 2016-39 boo977373 - CVE-2016-2806: Miscellaneous memory safety hazards - MFSA 2016-39 boo977375 -...

10CVSS7.3AI score0.04841EPSS
Exploits0References52
Tenable Nessus
Tenable Nessus
added 2016/05/06 12:0 a.m.32 views

openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-541)

This update to Mozilla Firefox 46.0 fixes several security issues and bugs boo977333. The following vulnerabilities were fixed : - CVE-2016-2804: Miscellaneous memory safety hazards - MFSA 2016-39 boo977373 - CVE-2016-2806: Miscellaneous memory safety hazards - MFSA 2016-39 boo977375 -...

10CVSS7.3AI score0.04841EPSS
Exploits0References20
OPENSUSE Linux
OPENSUSE Linux
added 2016/05/04 3:8 p.m.39 views

Security update update for MozillaFirefox, mozilla-nss (important)

This update to Mozilla Firefox 46.0 fixes several security issues and bugs boo977333. The following vulnerabilities were fixed: - CVE-2016-2804: Miscellaneous memory safety hazards - MFSA 2016-39 boo977373 - CVE-2016-2806: Miscellaneous memory safety hazards - MFSA 2016-39 boo977375 -...

10CVSS0.5AI score0.04841EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2015/08/18 12:0 a.m.6 views

The vulnerability of the OpenSSL library, which allows a hacker to bypass the cryptographic security measures

The vulnerability of the ssl3clienthello function in the OpenSSL library is related to insufficient guarantees for the correct initialization of the pseudorandom number generator before the handshake process. Exploiting this vulnerability allows a malicious actor to bypass cryptographic security...

4.3CVSS6.8AI score0.05745EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder