968 matches found
CVE-2022-29245
SSH.NET is a Secure Shell SSH library for .NET. In versions 2020.0.0 and 2020.0.1, during an X25519 key exchange, the client’s private key is generated with System.Random. System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic...
CVE-2022-41210
SAP Customer Data Cloud Gigya mobile app for Android - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings...
CVE-2022-40267
Predictable Seed in Pseudo-Random Number Generator PRNG vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS with serial number 17X or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z...
CVE-2022-48506
A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct ICP and ICP2 and ImageCast Evolution ICE scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of...
CVE-2022-42159
D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator...
CVE-2021-3990
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG...
CVE-2025-48372 Schule Has Insecure OTP Length, is Susceptible to Brute-Force Attacks
Schule is open-source school management system software. The generateOTP function generates a 4-digit numeric One-Time Password OTP. Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range 1000–9999 results in only 9000 possible combinations...
CVE-2021-27378
An issue was discovered in the randcore crate before 0.6.2 for Rust. Because readu32into and readu64into mishandle certain buffer-length checks, a random number generator may be seeded with too little data...
CVE-2021-3678
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG...
CVE-2021-37553
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used...
CVE-2021-3692
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator...
CVE-2021-3689
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator...
CVE-2020-11616
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator PRNG algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information...
CVE-2020-35926
An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator even ChaCha to return all zeroes because integer truncation was mishandled...
CVE-2013-5173
The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service temporary generator outage via an application that requires many random numbers...
CVE-2013-4102
Cryptocat before 2.0.22 strophe.js Math.random Random Number Generator Weakness...
CVE-2017-11519
passwdrecovery.lua on the TP-Link Archer C9UNV2160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9UNV2170511...
CVE-2016-15005
CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests...
CVE-2016-15006
A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator prng. The attack may be...
CVE-2002-20002
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand, which is not a strong random number generator, for cryptographic keys...