2 matches found
SUSE CVE-2014-0016
stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator PRNG, which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC ECDSA or DSA...
CVE-2016-0270
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden...