SUSE CVE-2026-40164

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...

EUVD-2018-4039

Malware in sbrugna...

EUVD-2021-13976

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-27211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data. CVE-2021-27211 Note that Nessus relies on the...

@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys

Problem User sessions in the @nfid/embed SDK with Ed25519 keys are vulnerable due to a compromised private key 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe. This exposes users to potential loss of funds on ledgers and unauthorized access to canisters they control. Solution Usin...

CVE-2024-1631 agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`

Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

CVE-2024-1631 agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`

Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

CVE-2021-27211

steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data...

Code injection

steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data...

Encryption 101: decryption tool code walkthrough

We have reached the final installment of our Encryption 101 series. In the prior post, we walked through, in detail, the thought process while looking at the Princess Locker ransomware. We talked about the specific ways to narrow down the analysis toward the encryption portions, the weaknesses in...

DUHK Attack Lets Hackers Recover Encryption Key Used in VPNs & Web Sessions

DUHK — Don't Use Hard-coded Keys — is a new 'non-trivial' cryptographic implementation vulnerability that could allow attackers to recover encryption keys that secure VPN connections and web browsing sessions. DUHK is the third crypto-related vulnerability reported this month after KRACK Wi-Fi...

Mozilla Firefox Information Disclosure Vulnerability (Windows)

The host is installed with Mozilla Firefox and is prone to Information Disclosure Vulnerability. OpenVAS Vulnerability Test $Id: secpodmozillafirefoxinfodiscvulnwin.nasl 5394 2017-02-22 09:22:42Z teissa $ Mozilla Firefox Information Disclosure Vulnerability Windows Authors: Madhuri D Copyright:...

Mozilla Firefox Information Disclosure Vulnerability - Windows

Mozilla Firefox is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2010-3399

The jsInitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess th...

Design/Logic Flaw

The jsInitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-forc...

Design/Logic Flaw

The jsInitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess th...

CVE-2010-3399

The jsInitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess th...

CVE-2010-3399

Technical details for CVE-2010-3399 are not publicly available in the provided documents; no concrete product/version/impact information is given here. Monitor for updates.

Firefox < 3.5.12 Multiple Vulnerabilities

The installed version of Firefox is earlier than 3.5.12. Such versions are potentially affected by the following security issues : - The pseudo-random number generator is only seeded once per browsing session and 'Math.random' may be used to recover the seed value allowing the browser instance to...

Session fixation

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a...