Common Weakness Enumeration

CWE-330

Discouraged

Use of Insufficiently Random Values

Abstraction: Class · Status: Stable

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

445 vulnerabilities reference this CWE, most recent first.

GHSA-QRG7-33RJ-93PF

Vulnerability from github – Published: 2022-09-17 00:00 – Updated: 2026-07-05 00:31
VLAI
Details

An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-36536"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-16T03:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue in the component post_applogin.php of Super Flexible Software GmbH \u0026 Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens.",
  "id": "GHSA-qrg7-33rj-93pf",
  "modified": "2026-07-05T00:31:37Z",
  "published": "2022-09-17T00:00:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36536"
    },
    {
      "type": "WEB",
      "url": "https://www.mgm-sp.com/en/multiple-vulnerabilities-in-syncovery-for-linux"
    },
    {
      "type": "WEB",
      "url": "http://super.com"
    },
    {
      "type": "WEB",
      "url": "http://syncovery.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QV2Q-C278-PCH5

Vulnerability from github – Published: 2026-05-21 21:49 – Updated: 2026-05-21 21:49
VLAI
Summary
ImageMagick: Information Disclosure in PasskeyEncipherImage via AES-CTR nonce reuse
Details

The PasskeyEncipherImage method is vulnerable to information disclosure via AES-CTR nonce reuse. ImageMagick has update the documentation on its website to make it more clear that this is happening: https://imagemagick.org/cipher/

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-OpenMP-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-OpenMP-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-323",
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-21T21:49:09Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "The PasskeyEncipherImage method is vulnerable to information disclosure via AES-CTR nonce reuse. ImageMagick has update the documentation on its website to make it more clear that this is happening: https://imagemagick.org/cipher/",
  "id": "GHSA-qv2q-c278-pch5",
  "modified": "2026-05-21T21:49:09Z",
  "published": "2026-05-21T21:49:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qv2q-c278-pch5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ImageMagick/ImageMagick"
    },
    {
      "type": "WEB",
      "url": "https://imagemagick.org/cipher"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ImageMagick: Information Disclosure in PasskeyEncipherImage via AES-CTR nonce reuse"
}

GHSA-QV2V-M59F-V5FW

Vulnerability from github – Published: 2018-11-07 00:29 – Updated: 2021-09-16 21:04
VLAI
Summary
Insecure randomness in socket.io
Details

Affected versions of socket.io depend on Math.random() to create socket IDs, and therefore the IDs are predictable. With enough information on prior IDs, an attacker may be able to guess the socket ID and gain access to socket.io servers without authorization.

Recommendation

Update to v0.9.7 or later.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.9.6"
      },
      "package": {
        "ecosystem": "npm",
        "name": "socket.io"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-16031"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:52:46Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Affected versions of `socket.io` depend on `Math.random()` to create socket IDs, and therefore the IDs are predictable. With enough information on prior IDs, an attacker may be able to guess the socket ID and gain access to socket.io servers without authorization.\n\n\n## Recommendation\n\nUpdate to v0.9.7 or later.",
  "id": "GHSA-qv2v-m59f-v5fw",
  "modified": "2021-09-16T21:04:32Z",
  "published": "2018-11-07T00:29:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16031"
    },
    {
      "type": "WEB",
      "url": "https://github.com/socketio/socket.io/issues/856"
    },
    {
      "type": "WEB",
      "url": "https://github.com/socketio/socket.io/pull/857"
    },
    {
      "type": "WEB",
      "url": "https://github.com/socketio/socket.io/commit/67b4eb9abdf111dfa9be4176d1709374a2b4ded8"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-qv2v-m59f-v5fw"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/socketio/socket.io"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/321"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insecure randomness in socket.io"
}

GHSA-QVR8-F9G3-WV5X

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:46
VLAI
Details

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-13088"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-323",
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-17T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.",
  "id": "GHSA-qvr8-f9g3-wv5x",
  "modified": "2025-04-20T03:46:56Z",
  "published": "2022-05-13T01:43:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13088"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2907"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/vulnerabilities/kracks"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
    },
    {
      "type": "WEB",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201711-03"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-11-01"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
    },
    {
      "type": "WEB",
      "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.krackattacks.com"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3999"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/228519"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101274"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039573"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039576"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039577"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039578"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039581"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3455-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R3R8-W3G2-HQ7H

Vulnerability from github – Published: 2025-11-21 18:30 – Updated: 2025-11-21 18:30
VLAI
Details

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key (PKESK) packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array.

Any data encrypted using public-key encryption in this release can be decrypted trivially by supplying an all-zero session key, fully compromising confidentiality.

The vulnerability affects only public key encryption (PKESK packets).  Passphrase-based encryption (SKESK packets) is not affected.

Root cause: Vulnerable session key buffer used in PKESK packet generation.

The defect was introduced in commit 7bd9a8dc356aae756b40755be76d36205b6b161a where initialization logic inside encrypted_build_skesk() only randomized the key for the SKESK path and omitted it for the PKESK path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13470"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-21T17:15:50Z",
    "severity": "HIGH"
  },
  "details": "In RNP version 0.18.0 a refactoring regression causes the symmetric \nsession key used for Public-Key Encrypted Session Key (PKESK) packets to\n be left uninitialized except for zeroing, resulting in it always being \nan all-zero byte array.\n\nAny data encrypted using public-key encryption \nin this release can be decrypted trivially by supplying an all-zero \nsession key, fully compromising confidentiality.\n\nThe vulnerability affects only public key encryption (PKESK packets).\u00a0 Passphrase-based encryption (SKESK packets) is not affected.\n\nRoot cause: Vulnerable session key buffer used in PKESK packet generation.\n\n\n\nThe defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization \nlogic inside `encrypted_build_skesk()` only randomized the key for the \nSKESK path and omitted it for the PKESK path.",
  "id": "GHSA-r3r8-w3g2-hq7h",
  "modified": "2025-11-21T18:30:30Z",
  "published": "2025-11-21T18:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13470"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rnpgp/rnp/commit/7bd9a8dc356aae756b40755be76d36205b6b161a"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/cve-2025-13402"
    },
    {
      "type": "WEB",
      "url": "https://aur.archlinux.org/packages/rnp"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415863"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rnpgp/rnp/releases/tag/v0.18.1"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.net/ubuntu/+source/rnp"
    },
    {
      "type": "WEB",
      "url": "https://open.ribose.com/advisories/ra-2025-11-20"
    },
    {
      "type": "WEB",
      "url": "https://packages.gentoo.org/packages/dev-util/librnp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:H/U:Red",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-R4XG-4WRV-W72H

Vulnerability from github – Published: 2023-04-19 21:30 – Updated: 2024-09-30 18:51
VLAI
Summary
Duplicate Advisory: Lemur subject to insecure random generation
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-5fqv-mpj8-h7gm. This link is maintained to preserve external references.

Original Description

Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "lemur"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-30T18:51:02Z",
    "nvd_published_at": "2023-04-19T20:15:12Z",
    "severity": "HIGH"
  },
  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-5fqv-mpj8-h7gm. This link is maintained to preserve external references.\n\n## Original Description\nNetflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.\n\n\n",
  "id": "GHSA-r4xg-4wrv-w72h",
  "modified": "2024-09-30T18:51:02Z",
  "published": "2023-04-19T21:30:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30797"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-001.md"
    },
    {
      "type": "WEB",
      "url": "https://vulncheck.com/advisories/netflix-lemur-weak-rng"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: Lemur subject to insecure random generation",
  "withdrawn": "2024-09-30T18:51:02Z"
}

GHSA-R5C5-PR8J-PFP7

Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2023-09-29 15:47
VLAI
Summary
golang.org/x/crypto/salsa20/salsa uses insufficiently random values
Details

An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.

Specific Go Packages Affected

golang.org/x/crypto/salsa20/salsa

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "golang.org/x/crypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20190320223903-b7391e95e576"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-11840"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-08T00:33:46Z",
    "nvd_published_at": "2019-05-09T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.\n\n### Specific Go Packages Affected\ngolang.org/x/crypto/salsa20/salsa",
  "id": "GHSA-r5c5-pr8j-pfp7",
  "modified": "2023-09-29T15:47:38Z",
  "published": "2022-05-24T16:45:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11840"
    },
    {
      "type": "WEB",
      "url": "https://github.com/golang/go/issues/30965"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691529"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/golang/go"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/168406"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/issue/30965"
    },
    {
      "type": "WEB",
      "url": "https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-announce/c/tjyNcJxb2vQ/m/n0NRBziSCAAJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2022-0209"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "golang.org/x/crypto/salsa20/salsa uses insufficiently random values"
}

GHSA-R6H7-5PQ2-J77H

Vulnerability from github – Published: 2021-06-15 16:10 – Updated: 2024-09-10 19:16
VLAI
Summary
Insufficiently random values in Ansible
Details

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ansible"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.9.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-10729"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-01T19:55:24Z",
    "nvd_published_at": "2021-05-27T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.",
  "id": "GHSA-r6h7-5pq2-j77h",
  "modified": "2024-09-10T19:16:40Z",
  "published": "2021-06-15T16:10:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10729"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible/ansible/issues/34144"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible/ansible/pull/67429"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible/ansible/commit/c520d70bf4748c8ee6718a7d0d0254051ba1c2e9"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831089"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-r6h7-5pq2-j77h"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ansible/ansible"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible/ansible/blob/v2.9.6/changelogs/CHANGELOG-v2.9.rst"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-105.yaml"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4950"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Insufficiently random values in Ansible"
}

GHSA-R727-5V4M-6FX7

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36
VLAI
Details

A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected product reuses nonces, which may allow an attacker to capture and replay a valid request until the nonce is changed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-7902"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-323",
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-30T03:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A \"Reusing a Nonce, Key Pair in Encryption\" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected product reuses nonces, which may allow an attacker to capture and replay a valid request until the nonce is changed.",
  "id": "GHSA-r727-5v4m-6fx7",
  "modified": "2022-05-13T01:36:16Z",
  "published": "2022-05-13T01:36:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7902"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038546"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R8CF-4RJC-HXWG

Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2024-04-04 00:25
VLAI
Details

Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid this system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-11641"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-01T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid this system.",
  "id": "GHSA-r8cf-4rjc-hxwg",
  "modified": "2024-04-04T00:25:10Z",
  "published": "2022-05-24T16:45:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11641"
    },
    {
      "type": "WEB",
      "url": "https://github.com/threatstream/agave/issues/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
  • In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
  • Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Implementation

Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.

Mitigation MIT-2
Architecture and Design Requirements

Strategy: Libraries or Frameworks

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

CAPEC-112: Brute Force

In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.

CAPEC-485: Signature Spoofing by Key Recreation

An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

CAPEC-59: Session Credential Falsification through Prediction

This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.