CVE-2008-3280

It was found that various OpenID Providers OPs had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator CVE-2008-0166. In combination with the DNS Cache Poisoning issue CVE-2008-1447 and the fact that almost all SSL/TLS implementations do not...

RLSA-2024:5297 Moderate: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: Predictable TCP Initial Sequence Numbers CVE-2023-45236 edk2: Use of a Weak PseudoRandom Number Generator CVE-2023-452...

p5-Crypt-CBC -- Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Lib-Crypt-CBC project reports: Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case...

[SECURITY] [DLA 4120-1] libnet-easytcp-perl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4120-1 [email protected] https://www.debian.org/lts/security/ Andrej Shadura April 08, 2025 https://wiki.debian.org/LTS -...

Debian dla-4120 : libnet-easytcp-perl - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4120 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4120-1 [email protected] https://www.debian.org/lts/security/...

CVE-2024-57835

Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl's built-in predictable random number generator, the rand function, which is not cryptographically secure...

CVE-2024-57835 Amon2::Auth::Site::LINE versions through 0.04 for Perl uses insecure rand() function for cryptographic functions

Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl's built-in predictable random number generator, the rand function, which is not cryptographically secure...

CVE-2024-57835

CVE-2024-57835 affects Amon2::Auth::Site::LINE, which uses String::Random to generate nonces. The underlying issue is that String::Random relies on Perl’s built-in rand(), a non-cryptographically secure RNG, potentially enabling nonce-related weaknesses. Technical details across connected docs in...

MetaCPAN Net::Xero 安全漏洞

MetaCPAN Net::Xero is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Net::Xero 0.044 and earlier versions that stems from the use of an insecure random number generator...

MetaCPAN Amon2::Auth::Site::LINE 安全漏洞

MetaCPAN Amon2::Auth::Site::LINE is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Amon2::Auth::Site::LINE that stems from the use of an insecure random number generator...

CVE-2025-1860 Data::Entropy for Perl uses insecure rand() function for cryptographic functions

Data::Entropy for Perl 0.007 and earlier use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2021-26091

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset thei...

CVE-2021-26091

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset thei...

CVE-2025-1796

A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator PRNG used for generating password reset codes. The application uses random.randint for this purpose, which is not suitable...

CVE-2025-1796

A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator PRNG used for generating password reset codes. The application uses random.randint for this purpose, which is not suitable...

CVE-2025-1796

A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator PRNG used for generating password reset codes. The application uses random.randint for this purpose, which is not suitable...

CVE-2025-1796 Admin account takeover through weak Pseudo-Random number generator used in generating password reset codes in langgenius/dify

A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator PRNG used for generating password reset codes. The application uses random.randint for this purpose, which is not suitable...

CVE-2025-1796 Admin account takeover through weak Pseudo-Random number generator used in generating password reset codes in langgenius/dify

A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator PRNG used for generating password reset codes. The application uses random.randint for this purpose, which is not suitable...

CVE-2025-1796

CVE-2025-1796 affects langgenius/dify v0.10.1. The root cause is a weak pseudo-random number generator used for password reset codes, implemented via random.randint, which is unsuitable for cryptographic use. An attacker with access to workflow tools can observe PRNG output and predict future res...

kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng

A vulnerability was found in the hwrng component of the Linux kernel, which caused a deadlock when reading from /dev/hwrng into memory and mmap-ed from /dev/hwrng. This issue is triggered by a recursive read during a page fault and allows a local, authenticated attacker to cause a denial of servi...