CVE-2025-1805 Crypt::Salt for Perl uses insecure rand() function when generating salts for cryptographic purposes

Crypt::Salt for Perl version 0.01 uses insecure rand function when generating salts for cryptographic purposes...

SUSE CVE-2025-1860

Data::Entropy for Perl 0.007 and earlier use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2025-1860 Data::Entropy for Perl uses insecure rand() function for cryptographic functions

Data::Entropy for Perl 0.007 and earlier use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2025-27552

DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032...

CVE-2018-25107

The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...

UBUNTU-CVE-2018-25107

The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...

CVE-2018-25107

The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...

CVE-2018-25107

The CVE-2018-25107 affects the Crypt::Random::Source Perl module prior to version 0.13. The underlying issue is a fallback to the built-in rand() for randomness, which is not a secure source of random bits. The vulnerability exposes systems relying on this module to weak entropy at random generat...

CVE-2024-45723

The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast ...

CVE-2024-45723

Summary: CVE-2024-45723 affects the goTenna Pro ATAK Plugin. The root cause is the use of a cryptographically weak pseudo-random number generator (not SecureRandom) when generating passwords for sharing cryptographic keys, enabling easier brute-force if the RF-broadcast key is captured. Affected ...

CVE-2024-47126

CVE-2024-47126 is confirmed via connected sources as a vulnerability in the goTenna Pro ecosystem where the app does not use SecureRandom when generating passwords to share cryptographic keys. The underlying flaw is a weak PRNG in the key-sharing flow, enabling a potential brute-force attack if t...

PT-2024-32421 · Gotenna · Gotenna Pro App +2

Name of the Vulnerable Software and Affected Versions: goTenna Pro App affected versions not specified goTenna Pro X affected versions not specified goTenna Pro X2 affected versions not specified Description: The goTenna Pro App does not use SecureRandom when generating passwords for sharing...

CentOS 9 : nodejs-16.20.1-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the nodejs-16.20.1-1.el9 build changelog. - The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json...

caddy-security Security Vulnerabilities

caddy-security is a security application and plugin for Caddy. A security vulnerability exists in versions prior to caddy-security 1.0.42 that stems from the use of an insecure random number generation library that is susceptible to insecure randomness...

CubeFS Security Feature Issue Vulnerability

CubeFS is a cloud-native file storage for CubeFS individual developers. A security signature issue vulnerability exists in versions prior to CubeFS 3.3.1 that stems from the use of an insecure random string generator to generate user-specific sensitive keys. An attacker can escalate privileges by...

CVE-2023-27791

An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG...

CVE-2023-27791

An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG...

CVE-2023-36993

The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts...

CVE-2023-36993

The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts...

CVE-2023-36993

The CVE concerns TravianZ 8.3.4 and 8.3.3 where the password reset function uses a cryptographically insecure random number generator. This root cause permits an attacker to guess password reset parameters and take over accounts. Public sources in connected documents corroborate the same affected...