968 matches found
EUVD-2022-7360
Malicious code in bioql PyPI...
EUVD-2022-7294
Malicious code in bioql PyPI...
EUVD-2021-2750
Malicious code in bioql PyPI...
EUVD-2022-45236
Malicious code in bioql PyPI...
EUVD-2022-5894
Malicious code in bioql PyPI...
EUVD-2023-34330
Malicious code in bioql PyPI...
x86/coco: Require seeding RNG with RDRAND on CoCo systems
...
AutomationDirect CLICK PLUS 安全漏洞
AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60, which stems from the use of predictable seeds in the pseudo-random number generator, which could lead to compromised securi...
PT-2025-39222
Name of the Vulnerable Software and Affected Versions Click Plus PLC firmware version 3.60 Description A flaw exists in the pseudo-random number generator due to a predictable seed. This compromises the security of generated private keys. Recommendations Update to a newer firmware version that...
CVE-2025-40933
Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...
CVE-2025-40933 Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely
Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...
CVE-2024-21977
Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests...
Linux Distros Unpatched Vulnerability : CVE-2021-27378
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the randcore crate before 0.6.2 for Rust. Because readu32into and readu64into mishandle certain buffer-length checks, a random number...
Linux Distros Unpatched Vulnerability : CVE-2017-15116
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The rngapireset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service NULL pointer dereference. CVE-2017-15116...
CVE-2025-7770
CVE-2025-7770 affects Tigo Energy Cloud Connect Advanced (CCA). The vulnerability is insecure session ID generation in the remote API, where session IDs are produced by a predictable method based on the current timestamp, enabling attackers to recreate valid session IDs. Combined with bypassing s...
PT-2025-33799
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel's ath11k module related to the handling of SRNG Scatter-Gather Random Number Generator lists. Specifically, the initialized flag for these lists is no...
CVE-2025-24783
UNSUPPORTED WHEN ASSIGNED Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these...
CVE-2025-0218
When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-creat...
CVE-2024-29868
Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...
CVE-2023-34363
An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...