External Entropy Supply for IoT Devices Employing a RISC-V Trusted Execution Environment

Entropy--a measure of randomness--is compulsory for the generation of secure cryptographic keys; however, Internet of Things IoT devices that are small or constrained often struggle to collect suf ficient entropy. In this article, we solve the entropy provisioning problem for a fleet of IoT devic...

CVE-2024-58041

Smolder versions through 1.51 for Perl uses insecure rand function for cryptographic functions. Smolder 1.51 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Smolder::DB::Developer uses t...

CVE-2024-58041

Smolder versions through 1.51 for Perl uses insecure rand function for cryptographic functions. Smolder 1.51 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Smolder::DB::Developer uses t...

CVE-2025-40905

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2025-40905

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2025-40905

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2025-40905

CVE-2025-40905 affects WWW::OAuth (Perl) versions 1.000 and earlier. The root cause is using rand() as the default entropy source for cryptographic functions, which is not cryptographically secure. Impact is limited to cryptographic functions that rely on this entropy source; exploitation details...

Linux Distros Unpatched Vulnerability : CVE-2024-58036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::Dropbox::API 1.9 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic...

Linux Distros Unpatched Vulnerability : CVE-2025-1860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Data::Entropy for Perl 0.007 and earlier use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic...

Linux Distros Unpatched Vulnerability : CVE-2024-57868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

UBUNTU-CVE-2025-2814

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to u...

DEBIAN-CVE-2024-58036

Net::Dropbox::API 1.9 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is "Useful mostly for test...

UBUNTU-CVE-2024-57868

Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...

OTRS < 2.3.4 RANDFILE Cryptographic Entropy Weakness Vulnerability

Open Ticket Request System OTRS is prone to a cryptographic entropy weakness vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Microsoft Windows SMB Server Multiple Vulnerabilities (971468)

This host is missing a critical security update according to Microsoft Bulletin MS10-012. OpenVAS Vulnerability Test $Id: secpodms10-012.nasl 5934 2017-04-11 12:28:28Z antu123 $ Microsoft Windows SMB Server Multiple Vulnerabilities 971468 Authors: Veerendra GG Updated By: Madhuri D on 2010-11-22 ...

Microsoft SMB NTLM Authentication Lack of Entropy (MS10-012; CVE-2010-0231)

The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. An elevation of privilege vulnerability has been reported in the way that Microsoft Server Message Block SMB Protocol software handles authentication attempts. The vulnerability is due to a lack of...