Medium: python-oauth2

Issue Overview: The Server.verifyrequest function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers t...

Google Chrome <= 6.0.472 'Math.Random()' Random Number Generation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36185/info Google Chrome is prone to security vulnerability that may allow the application to generate weak random numbers. Successfully exploiting this issue may allow attackers to obtain sensitive information or gain...

CVE-2013-4347

The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...

Code injection

The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...

CVE-2013-4347

The CVE-2013-4347 issue affects SimpleGeo python-oauth2: the make_nonce, generate_nonce, and generate_verifier functions use weak random values to generate nonces, enabling potential replay via captured traffic. Evidence and details come from GHSA entry and related advisories; a patch/update addr...

CVE-2013-4347

The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...

Updated tor package fixes security vulnerability

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for relay identity keys and hidden-service identity keys, which might make it easier for remote attackers to...

CVE-2013-7295

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for 1 relay identity keys and 2 hidden-service identity keys, which might make it easier for remote attackers...

CVE-2013-6386

Drupal 6.x before 6.29 and 7.x before 7.24 uses PHP mt_rand with predictable seeds, allowing remote attackers to predict security strings and bypass restrictions via brute force. Impact includes potential unauthorized access or bypass of protections as described in multiple advisories. Mitigation...

Fedora 20 : python-crypto-2.6.1-1.fc20 (2013-19390)

In previous versions of PyCrypto, the Crypto.Random PRNG exhibits a race condition that may cause forked processes to generate identical sequences of 'random' numbers. This release fixes the problem by resetting the rate-limiter when Crypto.Random.atfork is invoked. Note that Tenable Network...

Fedora 19 : python-crypto-2.6.1-1.fc19 (2013-19441)

In previous versions of PyCrypto, the Crypto.Random PRNG exhibits a race condition that may cause forked processes to generate identical sequences of 'random' numbers. This release fixes the problem by resetting the rate-limiter when Crypto.Random.atfork is invoked. Note that Tenable Network...

Design/Logic Flaw

The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service temporary generator outage via an application that requires many random numbers...

CVE-2013-4708

The PPP Access Concentrator PPPAC in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows...

Authentication flaw

The PPP Access Concentrator PPPAC in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows...

CVE-2013-4708

The CVE-2013-4708 issue affects SEIL Series routers from Internet Initiative Japan Inc. The vuln arises from predictable random-number generation in the PPP Access Concentrator (PPPAC) when performing RADIUS authentication, allowing remote attackers who can sniff RADIUS traffic to bypass authenti...

CVE-2013-5709

The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value...

Authentication flaw

The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value...

Amazon Linux AMI : postgresql9 (ALAS-2013-178)

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service file corruption, and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection...

Mandriva Linux Security Advisory : postgresql (MDVSA-2013:142)

Multiple vulnerabilities has been discovered and corrected in postgresql : PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enumrecv function in backend/utils/adt/enum.c, which causes it to be invoke...

[USN-1789-1] PostgreSQL vulnerabilities

========================================================================== Ubuntu Security Notice USN-1789-1 April 04, 2013 postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities ========================================================================== A security issue affects these...