Lucene search
K

7 matches found

PyPA
PyPA
added 2025/11/12 10:15 p.m.10 views

PYSEC-2025-112

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

6.9CVSS5.8AI score0.00108EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/07/18 10:52 p.m.3 views

Use of Predictable Algorithm in Random Number Generator

Overview Affected versions of this package are vulnerable to Use of Predictable Algorithm in Random Number Generator via the RANDpoll function. An attacker can obtain predictable random values by invoking RANDbytes after a fork operation in affected applications. This is only exploitable if the...

9.8CVSS6.9AI score0.00387EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/12/15 10:11 p.m.7 views

openssl: Crash in ssleay_rand_bytes due to locking regression

A regression was found in the ssleayrandbytes function in the versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7. This regression could cause a multi-threaded application to crash...

4.3CVSS7.1AI score0.04302EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2015/08/18 12:0 a.m.5 views

The vulnerability of the OpenSSL library, which allows a hacker to trigger a service failure

The vulnerability of the ssleayrandbytes function in the OpenSSL library is related to buffer overflows in dynamic memory, caused by integer overflows. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by establishing multiple TLS sessions remotely...

4.3CVSS7.4AI score0.04302EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2015/06/17 12:0 a.m.1 views

OpenSSL 'ssleay_rand_bytes()' function denial of service vulnerability

OpenSSL is an open source implementation of SSL for strong encryption of network communications, and is now widely used in a variety of network applications. A security vulnerability in OpenSSL in Red Hat allows a remote attacker to send special data to a target multithreaded reference that uses...

4.3CVSS6.8AI score0.04302EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/06/15 8:48 p.m.5 views

openssl: Crash in ssleay_rand_bytes due to locking regression

A regression was found in the ssleayrandbytes function in the versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7. This regression could cause a multi-threaded application to crash...

4.3CVSS7.1AI score0.04302EPSS
Exploits0References4
OSV
OSV
added 2014/03/31 7:40 p.m.7 views

MGASA-2014-0144 Updated stunnel package fixes security vulnerability

A flaw was found in the way stunnel, a socket wrapper which can provide SSL support to ordinary applications, performed reinitialization of PRNG after fork. When accepting a new connection, the server forks and the child process handles the request. The RANDbytes function of openssl doesn't reset...

4.3CVSS6.4AI score0.02155EPSS
Exploits1References3
Rows per page
Query Builder