PT-2026-41338

Name of the Vulnerable Software and Affected Versions Trog::TOTP versions prior to 1.006 Description Secrets are generated using the built-in Perl rand function, which is predictable and unsuitable for security purposes. Recommendations Update to version 1.006 or later...

PT-2026-41376

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.20 Description Seeds are generated using the built-in rand function in Perl, which is predictable and unsuitable for security purposes. Recommendations Update to version 1.20 or later...

CVE-2026-5084 WebDyne::Session versions through 2.075 for Perl generates the session id insecurely

WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand function. The rand function is passed a maximum value based on the process id, the epoch time and the referen...

PT-2026-39577

Name of the Vulnerable Software and Affected Versions WebDyne::Session versions prior to 2.076 Description The session handler generates session identifiers insecurely using an MD5 hash seeded with the built-in rand function. The rand function is seeded by 32-bits, making it predictable and...

Amazon::Credentials 安全特征问题漏洞

Amazon::Credentials is a credential management library developed by BIGFOOT developers, used for managing access keys and authentication information for cloud services. Versions of Amazon::Credentials prior to 1.2.0 had security vulnerabilities. These vulnerabilities stemmed from the use of the...

EUVD-2026-28809

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography...

CVE-2026-6659 Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography...

PT-2026-39185

Name of the Vulnerable Software and Affected Versions Crypt::PasswdMD5 versions prior to 1.43 Description The software generates insecure random values for salts because the built-in rand function is predictable and unsuitable for cryptographic purposes. Recommendations Update to a version later...

Use of Predictable Algorithm in Random Number Generator

Overview keylime is a TPM-based key bootstrapping and system integrity measurement system for cloud Affected versions of this package are vulnerable to Use of Predictable Algorithm in Random Number Generator in the generatechallenge method. An attacker can evade detection and bypass security...

CVE-2026-5087

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

GHSA-H75P-J8XM-M278 CoreDNS Loop Detection Denial of Service Vulnerability

Executive Summary A Denial of Service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator PRNG for generating a secret...

CVE-2025-0577

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions...

CVE-2025-0577 Glibc: vdso getrandom acceleration may return predictable randomness

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions...

MiracleLinux 8 : samba-4.17.5-2.el8 (AXSA:2023-5985:08)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5985:08 advisory. samba: GnuTLS gnutlsrnd can fail and give predictable random values CVE-2022-1615 Tenable has extracted the preceding description block directly from the...

CVE-2025-69217

A flaw was found in coturn. A remote attacker can exploit a predictable random number generator used for nonces and port randomization. By sending a series of unauthenticated requests, an attacker can reconstruct the random number generator's state, allowing them to predict future nonces and port...

IBM MQ 9.1 < 9.1.0.32 LTS / 9.2 < 9.2.0.38 LTS / 9.3 < 9.3.0.35 LTS / 9.3 < 9.4.4.0 CD / 9.4 < 9.4.0.16 LTS (7248740)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7248740 advisory. - The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string 0. with an integer, which makes the output more predictable than...

EUVD-2008-5630

Malware in sbrugna...

In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.

...

Linux Distros Unpatched Vulnerability : CVE-2024-45751

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tgt aka Linux target framework before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of...

GHSA-FJXV-7RQG-78G4 form-data uses unsafe random function in form-data for choosing boundary

Summary form-data uses Math.random to select a boundary value for multipart form-encoded data. This can lead to a security issue if an attacker: 1. can observe other values produced by Math.random in the target application, and 2. can control one field of a request made using form-data Because th...