EUVD-2022-44451

Malicious code in bioql PyPI...

MetaCPAN Crypt::RandomEncryption 安全漏洞

MetaCPAN Crypt::RandomEncryption is a Perl library from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Crypt::RandomEncryption version 0.01, which stems from the use of an insecure rand function for encryption, which may result in insufficient encryption strength...

CVE-2024-58040 Crypt::RandomEncryption for Perl uses insecure rand() function during encryption

Crypt::RandomEncryption for Perl version 0.01 uses insecure rand function during encryption...

The vulnerability of the rand() function in the Crypt::CBC module of the Perl programming language allows a hacker to trigger a denial-of-service attack.

The vulnerability of the rand function in the Crypt::CBC module of the Perl programming language is related to the use of a insecure program for generating random numbers. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2025-40916 Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha text

Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand function for generating the captcha text as well as image noise, which is insecure...

CVE-2022-41210

SAP Customer Data Cloud Gigya mobile app for Android - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings...

CVE-2022-30782

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers...

CVE-2020-9449

An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS client, and BlaB! WS Pro client version 19.11 allows an attacker with a guest or user session cookie to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitra...

CVE-2024-58135

Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and used for authenticating and protecting...

CVE-2024-58135

Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and...

CVE-2024-58135

Mojolicious (Perl) vulnerability CVE-2024-58135: default app skeleton generation using mojo generate app writes a weak HMAC session secret via the insecure rand() function, enabling potential brute-forcing of session keys. Affected: Mojolicious versions from 7.28 for Perl (and related 0.999922–9....

UBUNTU-CVE-2025-2814

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to u...

CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...

CVE-2024-56370 Net::Xero 0.044 and earlier for Perl uses insecure rand() function for cryptographic functions

Net::Xero 0.044 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Rand...

CVE-2024-57835

Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl's built-in predictable random number generator, the rand function, which is not cryptographically secure...

CVE-2024-57835 Amon2::Auth::Site::LINE versions through 0.04 for Perl uses insecure rand() function for cryptographic functions

Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl's built-in predictable random number generator, the rand function, which is not cryptographically secure...

CVE-2024-57835

CVE-2024-57835 affects Amon2::Auth::Site::LINE, which uses String::Random to generate nonces. The underlying issue is that String::Random relies on Perl’s built-in rand(), a non-cryptographically secure RNG, potentially enabling nonce-related weaknesses. Technical details across connected docs in...

CVE-2024-58036 Net::Dropbox::API 1.9 and earlier for Perl uses insecure rand() function for cryptographic functions

Net::Dropbox::API 1.9 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is "Useful mostly for test...

MetaCPAN Net::Dropbox::API 安全漏洞

MetaCPAN Net::Dropbox::API is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Net::Dropbox::API version 1.9 and earlier that stems from the use of an insecure random number generator...

CVE-2025-1805

Crypt::Salt for Perl version 0.01 uses insecure rand function when generating salts for cryptographic purposes...