351 matches found
Moderate: openssl security and bug fix update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: crehash script allows command injection CVE-2022-1292 openssl: Signer certificate verification...
CVE-2022-30634
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 32 - 1 bytes...
AZL-78962 CVE-2022-30634 affecting package golang 1.25.7-1
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 32 - 1 bytes...
CVE-2022-30634
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 32 - 1 bytes...
CVE-2022-30634
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 32 - 1 bytes...
UBUNTU-CVE-2022-30634
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 32 - 1 bytes...
CVE-2022-30634
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 32 - 1 bytes...
CVE-2022-30634
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 32 - 1 bytes...
CVE-2022-30634
CVE-2022-30634 describes an infinite loop in Read in crypto/rand prior to Go 1.17.11 and Go 1.18.3 on Windows, triggered by buffers larger than 1<
CVE-2022-30634
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 32 - 1 bytes...
CVE-2022-30634 Indefinite hang with large buffers on Windows in crypto/rand
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 32 - 1 bytes...
Oracle Linux 8 : go-toolset:ol8addon (ELSA-2022-17956)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-17956 advisory. go-toolset 1.18.3-1 - Update to golang 1.18.3 golang 1.18.3-1.0.1 - Rebase to 1.18.3 by adding upstream patches to the 1.18.0 openssl-fips - Modify...
Uncontrolled Recursion
Overview std/crypto/rand is a Go standard library package std/crypto/rand Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: in the rand.Read function on Windows when a buffer larger than 1 32 - 1 bytes is provided. An attacker can cause the proce...
GO-2022-0477 Indefinite hang with large buffers on Windows in crypto/rand
On Windows, rand.Read will hang indefinitely if passed a buffer larger than 1 32 - 1 bytes...
SUSE-SU-2022:2004-1 Security update for go1.17
This update for go1.17 fixes the following issues: Update to go1.17.11 released 2022-06-01 bsc1190649: - CVE-2022-30634: Fixed crypto/rand rand.Read hangs with extremely large buffers bsc1200134. - CVE-2022-30629: Fixed crypto/tls session tickets lack random ticketageadd bsc1200135. -...
FreeBSD : go -- multiple vulnerabilities (15888c7e-e659-11ec-b7fe-10c37b4ac2ea)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 15888c7e-e659-11ec-b7fe-10c37b4ac2ea advisory. - The Go project reports: crypto/rand: rand.Read hangs with extremely large buffers On Windows...
go -- multiple vulnerabilities
The Go project reports: crypto/rand: rand.Read hangs with extremely large buffers On Windows, rand.Read will hang indefinitely if passed a buffer larger than 1 32 - 1 bytes. crypto/tls: session tickets lack random ticketageadd Session tickets generated by crypto/tls did not contain a randomly...
Information Disclosure
randompasswordgenerator is vulnerable to information disclosure. The vulnerability exists due to the insecure random password generation in rand functionality in the generate function of randompasswordgenerator.rb, allowing an attacker to guess the password...
GHSA-GGFX-H9XJ-5V9C Insecure PRNG use in random_password_generator
The randompasswordgenerator aka RandomPasswordGenerator gem through 1.0.0 for Ruby uses Kernelrand to generate passwords, which, due to its cyclic nature, can facilitate password prediction...
CVE-2019-25061
The randompasswordgenerator aka RandomPasswordGenerator gem through 1.0.0 for Ruby uses Kernelrand to generate passwords, which, due to its cyclic nature, can facilitate password prediction...