23 matches found
CVE-2017-17845
CVE-2017-17845 affects Enigmail (Thunderbird extension) before 1.9.9. The issue is improper random secret generation because Math.Random() is used by pretty Easy privacy (pEp). Impact: potential confidentiality/integrity/availability concerns as per CVSS metrics (base score 7.3–7.5, HIGH). Affect...
Insecure Random Number Generation
github.com/vmware/harbor uses math/rand to generate salt values. This is not cryptographically secure and makes it easier for attackers to brute force the value...
DEBIAN-CVE-2007-6755
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation DualECDRBG algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection...