AZL-55931 CVE-2025-22150 affecting package nodejs18 for versions less than 18.20.3-3

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

UBUNTU-CVE-2025-22150

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

PT-2025-4384 · Undici +7 · Undici +7

Name of the Vulnerable Software and Affected Versions: undici versions 4.5.0 through 5.28.4 undici versions 4.5.0 through 6.21.0 undici versions 4.5.0 through 7.2.2 Description: The issue arises from undici using Math.random to choose the boundary for a multipart/form-data request. It is known th...

undici 安全特征问题漏洞

undici is an HTTP/1.1 client for Node.js open source. A security feature issue vulnerability exists in Undici version 4.5.0, versions prior to 5.28.5, 6.21.1, and 7.2.3, which stems from the use of predictable Math.random to generate bounds for multipart/form-data requests, allowing an attacker t...

DEBIAN-CVE-2024-55566

ColPack 1.0.10 through 9a7293a has a predictable temporary file located under /tmp with a name derived from an unseeded RNG. The impact can be overwriting files or making ColPack graphing unavailable to other users...

FIWARE Keyrock 安全漏洞

FIWARE Keyrock is a FIWARE open source component responsible for identity management. A cryptographic vulnerability exists in FIWARE Keyrock 8.4 and prior versions, which arises from a predictable random value for user-created activation tokens that can be exploited by an attacker to predict...

Chilkat 安全漏洞

Chilkat is a cross-language, cross-platform API from Chilkat, Inc. A security vulnerability exists in Chilkat versions prior to v9.5.0.98. An attacker exploited the vulnerability to obtain sensitive information via a predictable PRNG in the ChilkatRand::randomBytes function...

samba: GnuTLS gnutls_rnd() can fail and give predictable random values

A flaw was found in Samba. When the gnutlsrnd function is called, its return value is not verified, allowing it to give predictable random values when the call to the gnutlsrnd function fails...

PKP Web Application Library Security Vulnerability

The PKP Web Application Library is a library shared by PKP's Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS, and Open Harvester System OHS. A security vulnerability exists in the PKP Web Application Library prior to version 3.3.0-16, which...

Node.js 安全特征问题漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in versions of Node.js prior to version 3.2.1 that stems from the crypto-js package generating random numbers by concatenating strings, but using integers, which makes the output predictable...

DEBIAN-CVE-2023-31147

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

Amazon Fire TV Stick 安全特征问题漏洞

The Amazon Fire TV Stick is a television voice recognition remote control from Amazon.com, Inc. The Amazon Fire TV Stick suffers from a security signature issue vulnerability that stems from initializing random numbers to known values and incorrect JPAKE implementation that allows for brute force...

SUSE CVE-2011-0755

Integer overflow in the mtrand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mtgetrandmax...

SUSE CVE-2011-2705

The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an...

SUSE CVE-2014-0878

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier f...

SUSE CVE-2015-0800

The PRNG implementation in the DNS resolver in Mozilla Firefox aka Fennec before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to...

SUSE CVE-2020-8631

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function...

SUSE CVE-2022-1615

In Samba, GnuTLS gnutlsrnd can fail and give predictable random values...

PT-2022-11592 · Unknown · Phpservermon

Name of the Vulnerable Software and Affected Versions: phpservermon affected versions not specified Description: A problematic issue was found in phpservermon, affecting the generatePasswordResetToken function of the file src/psm/Service/User.php. The manipulation leads to the use of a predictabl...

PT-2022-11593 · Unknown · Phpservermon

Name of the Vulnerable Software and Affected Versions: phpservermon affected versions not specified Description: A vulnerability was found in phpservermon, affecting the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to the use of a predictable algorithm in ...