PYSEC-2025-112

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

EUVD-2023-38443

Malicious code in bioql PyPI...

CVE-2022-41210

SAP Customer Data Cloud Gigya mobile app for Android - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings...

CVE-2024-57835

Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl's built-in predictable random number generator, the rand function, which is not cryptographically secure...

CVE-2024-57835 Amon2::Auth::Site::LINE versions through 0.04 for Perl uses insecure rand() function for cryptographic functions

Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl's built-in predictable random number generator, the rand function, which is not cryptographically secure...

CVE-2024-57835

CVE-2024-57835 affects Amon2::Auth::Site::LINE, which uses String::Random to generate nonces. The underlying issue is that String::Random relies on Perl’s built-in rand(), a non-cryptographically secure RNG, potentially enabling nonce-related weaknesses. Technical details across connected docs in...

CVE-2025-1860 Data::Entropy for Perl uses insecure rand() function for cryptographic functions

Data::Entropy for Perl 0.007 and earlier use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2023-36993

The CVE concerns TravianZ 8.3.4 and 8.3.3 where the password reset function uses a cryptographically insecure random number generator. This root cause permits an attacker to guess password reset parameters and take over accounts. Public sources in connected documents corroborate the same affected...

CVE-2023-34363

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...

Progress Software DataDirect Connect 安全特征问题漏洞

Progress Software DataDirect Connect is a data connectivity solution from Progress Software, Inc. that can run in the cloud or locally. A security vulnerability previously existed in Progress Software DataDirect Connect version 08.02.2770, which arose when using Oracle Advanced Security OAS...

GHSA-MHHF-VGWH-FW9H Passeo uses insecure random number generator

Impact Everyone below v1.0.5 is impacted by this flaw, of confidentiality being at risk due to the passwords being easily able to be guessed with Passeo's use of the random library. It is recommended to change any passwords made with Passeo before v1.0.5 and upgrade to v1.0.5, and v1.0.5 patches...

Passeo uses insecure random number generator

Impact Everyone below v1.0.5 is impacted by this flaw, of confidentiality being at risk due to the passwords being easily able to be guessed with Passeo's use of the random library. It is recommended to change any passwords made with Passeo before v1.0.5 and upgrade to v1.0.5, and v1.0.5 patches...

Insecure Random Number Generator

phpservermon/phpservermon uses an insecure random number generator. The vulnerability exists in the generatePasswordResetToken function of User.php because of the insecure mtrand random number generator function which allows an attacker to guess the reset password hashes...

CVE-2022-41210

SAP Customer Data Cloud Gigya mobile app for Android - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings...

CVE-2022-41210

SAP Customer Data Cloud Gigya mobile app for Android - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings...

CVE-2022-41210

SAP Customer Data Cloud Gigya mobile app for Android - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings...

CVE-2022-41210

CVE-2022-41210 affects SAP Customer Data Cloud (Gigya mobile app for Android) version 7.4. The issue is caused by an insecure random number generator, making it easy to predict future random numbers and enabling information disclosure and modification of certain user settings. Sources across mult...

CVE-2020-10256

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

CVE-2019-8113

Summary (CVE-2019-8113): Magento 2.2 versions before 2.2.10 and Magento 2.3 versions before 2.3.3 (or 2.3.2-p1) use a cryptographically weak random number generator to brute‑force the confirmation code during customer registration. This is mitigated by applying the security update referenced (Mag...

CVE-2008-5913

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a...