102 matches found
CVE-2018-17968
A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by...
CVE-2018-17877
A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize function to prevent a malicious contract from being called, but the attacker can bypass it by writing t...
CVE-2018-12384
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3...
CVE-2018-12056
The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards...
CVE-2018-12454
The addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable which can be read with a getStorageAt call. Therefore, it allows...
CVE-2018-12454
The addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable which can be read with a getStorageAt call. Therefore, it allows...
CVE-2016-9594
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable...
CVE-2016-9594
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable...
CVE-2016-9594
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable...
[ASA-201701-7] libcurl-compat: multiple issues
Arch Linux Security Advisory ASA-201701-7 ========================================= Severity: Medium Date : 2017-01-03 CVE-ID : CVE-2016-9586 CVE-2016-9594 Package : libcurl-compat Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-113 Summary ======= The package...
[ASA-201701-11] lib32-libcurl-gnutls: multiple issues
Arch Linux Security Advisory ASA-201701-11 ========================================== Severity: Medium Date : 2017-01-03 CVE-ID : CVE-2016-9586 CVE-2016-9594 Package : lib32-libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-117 Summary ======= The packag...
[ASA-201701-8] libcurl-gnutls: multiple issues
Arch Linux Security Advisory ASA-201701-8 ========================================= Severity: Medium Date : 2017-01-03 CVE-ID : CVE-2016-9586 CVE-2016-9594 Package : libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-114 Summary ======= The package...
CVE-2016-9594
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable...
CURL-CVE-2016-9594 uninitialized random
libcurl's new internal function that returns a good 32-bit random value was implemented poorly and overwrote the pointer instead of writing the value into the buffer the pointer pointed to. This random value is used to generate nonces for Digest and NTLM authentication, for generating boundary...
Apache Cordova Android随机值生成不当漏洞
No description provided by source...
Apache Cordova Android Random Value Generation Improperly Vulnerability
Apache Cordova Android is an open source project after contributing to Apache , the core code from PhoneGap , is the core engine that drives PhoneGap , providing enabling mobile applications to JavaScript access to native device functionality , such as the camera , microphone and so on . Apache...
MIPS Linux XOR Shellcode Encoder (60 Bytes)
No description provided by source. include fcntl.h include stdio.h include unistd.h include sys/types.h include sys/stat.h include stdlib.h include string.h define DEBUG 0 / entropy at phiral.net mips linux shellcode xor encoder \xAB\xCD is overwritten with jmp back offset \x00\x00 is overwritten...
DEBIAN-CVE-2013-4788
The PTRMANGLE implementation in the GNU C Library aka glibc or libc6 2.4, 2.17, and earlier, and Embedded GLIBC EGLIBC does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow...
CVE-2010-4568
CVE-2010-4568 affects Bugzilla 2.14–2.22.7; 3.0.x–3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2, where cookies/tokens were generated with an insufficient number of srand calls, allowing remote attackers to gain access to arbitrary Bugzilla accounts via unsp...
Mozilla Firefox 3.6.x < 3.6.4 Multiple Vulnerabilities
Binary data 5580.prm...