119 matches found
多款Qualcomm芯片安全漏洞
A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and is manufactured from time to time on the surface of semiconductor wafers. A security vulnerability exists in several Qualcomm products that...
The vulnerability of the FortiMail IBE (Identity-Based Encryption) service of the FortiMail email protection system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of FortiMail IBE’s Identity-Based Encryption service in the email protection system is related to errors in the code of the pseudorandom number generator. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected informatio...
PT-2021-3854 · Fortinet · Fortimail
Name of the Vulnerable Software and Affected Versions: FortiMail affected versions not specified Description: The issue is related to errors in the code of the pseudorandom number generator in the FortiMail IBE Identity Based Encryption service. This could allow a remote attacker to gain...
The vulnerability of the get_random_string function in D-Link DIR-865L router software allows a hacker to disclose protected information.
The vulnerability of the getrandomstring function in D-Link DIR-865L router software is related to errors in the code of the pseudorandom number generator. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by this function...
CVE-2019-1715
CVE-2019-1715 affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD)Software. The issue is a low-entropy Deterministic Random Bit Generator (DRBG/PRNG) used for cryptographic key generation, which can allow an unauthenticated remote attacker to cause cryptographic collisions and pote...
The vulnerability of the pseudorandom number generator in the Libgcrypt cryptography library, related to information disclosure, allows a hacker to predict the output data.
The vulnerability of the pseudorandom number generator in the Libgcrypt cryptography library is related to an error that causes the generation of a 160-bit random number from a standard random number generator. Exploiting this vulnerability allows a remote attacker to predict the output data...
CVE-2018-4398
An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8...
CVE-2018-4398
An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8...
Design/Logic Flaw
An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8...
Unsafe Pseudorandom Number Generation Through The Use Of Insecure Entropy Source
uuid and node-uuid have flaws which lead to the use of an insecure entropy source "Math.random" to generate pseudorandom numbers instead of using a secure Cryptographic API...
Exploit for CVE-2017-3000
CVE-2017-3000 A full exploit of CVE-2017-3000...
Insecure Number Generator
github.com/terraform-providers/terraform-provider-aws is vulnerable to insecure number generation. The library uses a pseudorandom number generator thats based on the time of generation, allowing a malicious user to make educated guesses about the password...
DUHK Attack Lets Hackers Recover Encryption Key Used in VPNs & Web Sessions
DUHK — Don't Use Hard-coded Keys — is a new 'non-trivial' cryptographic implementation vulnerability that could allow attackers to recover encryption keys that secure VPN connections and web browsing sessions. DUHK is the third crypto-related vulnerability reported this month after KRACK Wi-Fi...
Hacking Slot Machines by Reverse-Engineering the Random Number Generators
Interesting story: The venture is built on Alex's talent for reverse engineering the algorithms -- known as pseudorandom number generators, or PRNGs -- that govern how slot machine games behave. Armed with this knowledge, he can predict when certain games are likeliest to spit out moneyinsight...
Insecure Pseudorandom Number Generation
randomkey is vulnerable to insecure pseudorandom number generation. The vulnerability exists because it uses Math.random instead of cryptographically secure pseudorandom number generation...
Insecure Salt Generation Via Unsafe Pseudorandom Number Function
Fluentd has an insecure generate of salt values. This is because OpenSSL::Random was used rather than a SecureRandom function to generate the values...
openSUSE Security Update : Firefox 46.0 (openSUSE-2016-566) (SWEET32)
This update to Mozilla Firefox 46.0 fixes several security issues and bugs boo977333. The following vulnerabilities were fixed : - CVE-2016-2804: Miscellaneous memory safety hazards - MFSA 2016-39 boo977373 - CVE-2016-2806: Miscellaneous memory safety hazards - MFSA 2016-39 boo977375 -...
openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-541)
This update to Mozilla Firefox 46.0 fixes several security issues and bugs boo977333. The following vulnerabilities were fixed : - CVE-2016-2804: Miscellaneous memory safety hazards - MFSA 2016-39 boo977373 - CVE-2016-2806: Miscellaneous memory safety hazards - MFSA 2016-39 boo977375 -...
Security update update for MozillaFirefox, mozilla-nss (important)
This update to Mozilla Firefox 46.0 fixes several security issues and bugs boo977333. The following vulnerabilities were fixed: - CVE-2016-2804: Miscellaneous memory safety hazards - MFSA 2016-39 boo977373 - CVE-2016-2806: Miscellaneous memory safety hazards - MFSA 2016-39 boo977375 -...
The vulnerability of the OpenSSL library, which allows a hacker to bypass the cryptographic security measures
The vulnerability of the ssl3clienthello function in the OpenSSL library is related to insufficient guarantees for the correct initialization of the pseudorandom number generator before the handshake process. Exploiting this vulnerability allows a malicious actor to bypass cryptographic security...