11 matches found
Net::NSCA::Client 安全漏洞
Net::NSCA::Client is a Perl library developed by DOUGDUDE’s individual developer. Versions of Net::NSCA::Client 0.009002 and earlier contain security vulnerabilities, which stem from the use of insecure random number generators. This could lead to the prediction of session IDs...
CVE-2025-64429
DuckDB 1.4.0–pre-1.4.2 encryption implementation is vulnerable due to multiple cryptographic weaknesses: insecure RNG (pcg32 fallback), possible memory wipe omission (memset) leaving secrets, and header manipulation could downgrade from GCM to CTR, bypassing integrity. There may also be unhandled...
EUVD-2025-150399
DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...
PT-2025-43415
Name of the Vulnerable Software and Affected Versions Sakai versions prior to 23.5 Sakai versions prior to 25.0 Description Sakai is a Collaboration and Learning Environment. The EncryptionUtilityServiceImpl component initialized an AES256TextEncryptor password serverSecretKey using...
MetaCPAN Net::Dropbox::API 安全漏洞
MetaCPAN Net::Dropbox::API is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Net::Dropbox::API version 1.9 and earlier that stems from the use of an insecure random number generator...
CubeFS Security Feature Issue Vulnerability
CubeFS is a cloud-native file storage for CubeFS individual developers. A security signature issue vulnerability exists in versions prior to CubeFS 3.3.1 that stems from the use of an insecure random string generator to generate user-specific sensitive keys. An attacker can escalate privileges by...
CVE-2023-27791
An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG...
CVE-2023-27791
An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG...
CVE-2023-34363
An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...
CVE-2020-10256
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...
GNU GCC Insecure Random Number Generator Vulnerability
GNU gcc GNU Compiler Collection is an open source compiler for programming languages developed by the GNU Project. An insecure random number generator vulnerability exists in GNU GCC. An attacker could exploit the vulnerability to gain access to perform certain unauthorized operations...