Cypress WICED BT 输入验证错误漏洞

Cypress WICED BT is a full-featured platform from cypress. The Cypress WICED BT suffers from an input validation error vulnerability that stems from the Bluetooth Classic implementation in the Cypress WICED BT stack via 2.9.0 for CYW20735B1 not being able to correctly handle the receipt of an...

kernel: information exposure in drivers/char/random.c and kernel/time/timer.c

A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state is predictable. The highest threat from this vulnerability is to data confidentiality...

GNU Compiler Collection libstdc++ Component Random Number Predictability Vulnerability

The GNU Compiler Collection a.k.a. GCC is a compiler system developed by the GNU Project to support multiple programming languages. A security vulnerability exists in the class 'std::randomdevice' in the libstdc++ component of GCC versions prior to 4.9.4. Due to the program failing to properly...

UBUNTU-CVE-2015-5276

The std::randomdevice class in libstdc++ in the GNU Compiler Collection aka GCC before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors...

[Haveged 1.9.1] A simple entropy daemon

The haveged project is an attempt to provide an easy-to-use, unpredictable random number generator based upon an adaptation of the HAVEGE algorithm. Haveged was created to remedy low-entropy conditions in the Linux random device that can occur under some workloads, especially on headless servers...

Scientific Linux Security Update : cyrus-sasl on SL4.x, SL3.x i386/x86_64

A bug was found in cyrus-sasl's DIGEST-MD5 authentication mechanism. As part of the DIGEST-MD5 authentication exchange, the client is expected to send a specific set of information to the server. If one of these items the 'realm' was not sent or was malformed, it was possible for a remote...

DEBIAN-CVE-2011-3599

The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack...

FreeBSD Security Advisory (FreeBSD-SA-07:09.random.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-07:09.random.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2007-6150

The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values...

Design/Logic Flaw

The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values...

FreeBSD-SA-07:09.random

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:09.random Security Advisory The FreeBSD Project Topic: Random value disclosure Category: core Module: sysdevrandom Announced: 2007-11-29 Credits: Robert Woolle...

openssl security and bug fix update

0.9.7a-43.17.1 - CVE-2007-5135 off by one buffer overflow in SSLgetsharedciphers 309851 0.9.7a-43.17 - use poll when reading random device 236164 - make ssl session ID context matching strict 244436 - openssl utility shouldnt crash on invalid PKCS12 files 245083 - CVE-2007-3108 remove conditional...