Lucene search
K

137 matches found

Packet Storm
Packet Storm
added 2018/05/01 12:0 a.m.326 views

Linux RNG Flaws

Linux RNG flaws CVE-2018-1108 There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and shortly after boot. I'm sending this to [email protected] and Theodore Ts'o for now; it might make sense to also add Jason Donenfeld, since...

0.1AI score0.01825EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2018/02/16 12:0 a.m.49 views

openSUSE Security Update : openssl-steam (openSUSE-2018-168)

This update for openssl-steam fixes the following issues : - Merged changes from upstream openssl Factory rev 137 into this fork for Steam. Updated to openssl 1.0.2k : - CVE-2016-7055: Montgomery multiplication may produce incorrect results boo1009528 - CVE-2016-7056: ECSDA P-256 timing attack ke...

9.8CVSS7.4AI score0.95707EPSS
Exploits8References44
Oracle linux
Oracle linux
added 2016/11/09 12:0 a.m.37 views

libgcrypt security update

1.5.3-13.1 - fix CVE-2016-6313 - predictable PRNG output 1366105 1.5.3-13 - touch only urandom in the selftest and when /dev/random is unavailable for example by SELinux confinement - fix the RSA selftest key p q swap...

5.3CVSS2.2AI score0.03597EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/10/06 12:0 a.m.48 views

SUSE SLES11 Security Update : openssl (SUSE-SU-2016:2458-1)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behavior CVE-2016-2177 bsc982575 - Constant time flag not...

9.8CVSS7.2AI score0.95707EPSS
Exploits8References36
OpenVAS
OpenVAS
added 2016/09/29 12:0 a.m.40 views

openSUSE: Security Advisory for openssl (openSUSE-SU-2016:2407-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.2AI score0.63029EPSS
Exploits2References1
OPENSUSE Linux
OPENSUSE Linux
added 2016/09/28 12:10 p.m.61 views

Security update for openssl (important)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 Constant time flag not...

7.8CVSS7.3AI score0.95707EPSS
Exploits8References17
Tenable Nessus
Tenable Nessus
added 2016/09/28 12:0 a.m.37 views

openSUSE Security Update : openssl (openSUSE-2016-1130)

This update for openssl fixes the following issues : OpenSSL Security Advisory 22 Sep 2016 boo999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 boo999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 boo982575 - Constant time flag n...

9.8CVSS7.2AI score0.95707EPSS
Exploits8References28
Tenable Nessus
Tenable Nessus
added 2016/09/28 12:0 a.m.46 views

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:2394-1)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant time flag no...

9.8CVSS7.2AI score0.95707EPSS
Exploits8References41
OPENSUSE Linux
OPENSUSE Linux
added 2016/09/27 11:9 a.m.58 views

Security update for openssl (important)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 boo999665 Severity: High OCSP Status Request extension unbounded memory growth CVE-2016-6304 boo999666 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 boo982575 Constant time flag not...

7.5CVSS7.1AI score0.95707EPSS
Exploits8References16
Tenable Nessus
Tenable Nessus
added 2016/09/27 12:0 a.m.59 views

SUSE SLES12 Security Update : openssl (SUSE-SU-2016:2387-1)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant time flag no...

9.8CVSS7.2AI score0.95707EPSS
Exploits8References41
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.25 views

Fedora 23 : prosody-0.9.10-1.fc23 (2016-5a5c85c5a8)

Prosody 0.9.10 ============== A summary of changes in this release: Security -------- moddialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks CVE-2016-0756 Fixes and improvements ---------------------- Startup: Open /dev/urandom read-only, to fix a failure to...

5.3CVSS6.1AI score0.02055EPSS
Exploits0References3
Debian
Debian
added 2016/01/30 10:52 p.m.51 views

[SECURITY] [DLA 407-1] prosody security update

Package : prosody Version : 0.7.0-1squeeze1+deb6u2 CVE ID : CVE-2016-0756 The flaw allows a malicious server to impersonate the vulnerable domain to any XMPP domain whose domain name includes the attackers domain as a suffix. For example, bber.example would be able to connect to jabber.example an...

7.5CVSS6.2AI score0.02183EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/12/26 12:0 a.m.45 views

OracleVM 3.3 : bind (OVMSA-2014-0084)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2014-8500 1171973 - Use /dev/urandom when generating rndc.key file 951255 - Remove bogus file from /usr/share/doc, introduced by fix for bug 1092035 - Add support for TLSA resource records...

7.8CVSS6.9AI score0.65683EPSS
Exploits4References6
OSV
OSV
added 2014/12/19 3:59 p.m.3 views

DEBIAN-CVE-2013-4442

Password Generator aka Pwgen before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers...

5CVSS6.4AI score0.02166EPSS
Exploits0References1
Prion
Prion
added 2014/12/19 3:59 p.m.13 views

Design/Logic Flaw

Password Generator aka Pwgen before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers...

5CVSS6.8AI score0.02166EPSS
Exploits0References9Affected Software1
UbuntuCve
UbuntuCve
added 2014/12/19 3:59 p.m.22 views

CVE-2013-4442

Password Generator aka Pwgen before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers...

5CVSS5.9AI score0.02166EPSS
Exploits0References2
CVE
CVE
added 2014/12/19 3:0 p.m.56 views

CVE-2013-4442

Pwgen (Password Generator) prior to version 2.07 was vulnerable because it used weak pseudo-random numbers when /dev/urandom was unavailable, allowing context-dependent attackers to potentially guess generated passwords. Public advisories and OSV/NVD records describe fixes in pwgen-2.07 and later...

5CVSS6.3AI score0.02166EPSS
Exploits0References9Affected Software1
Oracle linux
Oracle linux
added 2013/11/26 12:0 a.m.49 views

python security, bug fix, and enhancement update

2.6.6-51 - Fixed memory leak in ssl.getpeeraltnames Resolves: rhbz1002983 2.6.6-50 - Added fix for CVE-2013-4238 Resolves: rhbz998784 2.6.6-49 - Fix shebangs in several files in python-tools subpackage Resolves: rhbz521898 2.6.6-48 - Fix sqlite3.Cursor.lastrowid under a Turkish locale. Resolves:...

4.3CVSS8AI score0.05347EPSS
Exploits1
The Hacker News
The Hacker News
added 2012/07/24 11:19 p.m.43 views

CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed

Android's DNS resolver is vulnerable to DNS poisoning due to weak randomness in its implementation. Researchers Roee Hay & Roi Saltzman from IBM Application Security Research Group demonstrate that how an attacker can successfully guess the nonce of the DNS request with a probability thatis su...

5CVSS6.6AI score0.01278EPSS
Exploits0
Debian CVE
Debian CVE
added 2011/08/19 9:0 p.m.49 views

CVE-2011-3263

zabbixagentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service CPU consumption by executing the vfs.file.cksum command for a special device, as demonstrated by the /dev/urandom device...

5CVSS7.1AI score0.01294EPSS
Exploits1
Rows per page
Query Builder