MetaCPAN Crypt::CBC 安全特征问题漏洞

MetaCPAN Crypt::CBC is a component of the MetaCPAN Foundation. A security signature issue vulnerability exists in MetaCPAN Crypt::CBC versions 1.21 through 3.04, which stems from the default use of an insecure rand function as an entropy source...

CVE-2024-57868

Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...

CVE-2024-57868

Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...

bind security and bug fix update

32:9.11.26-6 - Use random entropy to generate unique TKEY identifiers 1980916 32:9.11.26-5 - Fix possible assertion failure iscrefcountcurrent == 0 in freerbtdb 1953056...

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example within a single execution of a program the output of every __builtin_darn() call may be the same.

...

DEBIAN-CVE-2019-15847

The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...

PT-2017-18882 · Blackberry · Qnx Sdp

Name of the Vulnerable Software and Affected Versions: BlackBerry QNX Software Development Platform SDP versions 6.6.0 and 6.5.0 SP1 and earlier Description: A loss of integrity issue in the default configuration of the QNX SDP could allow an attacker to reduce the entropy of the PRNG, making oth...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20150512)

A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a...