CryptX 安全漏洞

CryptX is a open-source cryptographic toolkit developed by DCIT, based on various encryption algorithms. Versions of CryptX prior to 0.088 contained security vulnerabilities. These vulnerabilities stemmed from the failure to reseed the Crypt::PK PRNG state after a fork, allowing sub-programs to...

Rand is unsound with a custom logger using rand::rng()

It has been reported by @lopopolo that the rand library is unsound i.e. that safe code using the public API can cause Undefined Behaviour when all the following conditions are met: - The log and threadrng features are enabled - A custom logger is defined - The custom logger accesses rand::rng...

RUSTSEC-2026-0097 Rand is unsound with a custom logger using `rand::rng()`

It has been reported by @lopopolo that the rand library is unsound i.e. that safe code using the public API can cause Undefined Behaviour when all the following conditions are met: - The log and threadrng features are enabled - A custom logger is defined - The custom logger accesses rand::rng...

Rand is unsound with a custom logger using `rand::rng()`

It has been reported by @lopopolo that the rand library is unsound i.e. that safe code using the public API can cause Undefined Behaviour when all the following conditions are met: - The log and threadrng features are enabled - A custom logger is defined - The custom logger accesses rand::rng...

PT-2026-7119

DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack...

EUVD-2007-4294

Malware in sbrugna...

SUSE CVE-2025-7394

In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...

DEBIAN-CVE-2025-7394

In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...

Use of Predictable Algorithm in Random Number Generator

Overview Affected versions of this package are vulnerable to Use of Predictable Algorithm in Random Number Generator via the RANDpoll function. An attacker can obtain predictable random values by invoking RANDbytes after a fork operation in affected applications. This is only exploitable if the...

CVE-2024-9055 DPA Countermeasures need reseeding

The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack...

CVE-2024-9055 DPA Countermeasures need reseeding

The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack...

kernel security, bug fix, and enhancement update

5.14.0-70.30.1.0.10.OL9 - lockdown: also lock down previous kgdb use Daniel Thompson Orabug: 34290418 CVE-2022-21499 5.14.0-70.30.10.OL9 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted...

PyCrypto does not properly reseed PRNG before allowing access

The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator PRNG before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a...

Plone and Zope2 do not reseed pseudo-random number generator

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator PRNG, which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability...

CVE-2012-6661

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator PRNG, which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability...

openSUSE Security Update : libssh (openSUSE-SU-2014:0366-1)

libssh was updated to fix a random generator reseeding issue when forking multiple servers. Forking multiple servers might under some circumstances get them the same random seed state. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

PYSEC-2013-29

The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator PRNG before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a...

PYSEC-2013-29

The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator PRNG before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a...

Debian DSA-2781-1 : python-crypto - PRNG not correctly reseeded in some situations

A cryptographic vulnerability was discovered in the pseudo random number generator in python-crypto. In some situations, a race condition could prevent the reseeding of the generator when multiple processes are forked from the same parent. This would lead it to generate identical output on all...

DSA-2781-1 python-crypto - PRNG not correctly reseeded in some situations

Bulletin has no description...