CVE-2002-20002

CVE-2002-20002 affects Net::EasyTCP (Perl) before 0.15. The issue is that cryptographic keys are generated using Perl’s built-in rand(), which is not a strong RNG. Impact: potential weakness in cryptographic keys. CVSSv3.1 base score 5.4 (Network, High attack complexity, No privileges required, U...

PT-2025-1323 · Unknown · Net::Easytcp

Name of the Vulnerable Software and Affected Versions: Net::EasyTCP versions prior to 0.15 Description: The issue concerns the use of Perl's built-in rand function, which is not a strong random number generator, for generating cryptographic keys. This weakness can potentially lead to predictable...

CVE-2002-20002

The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand, which is not a strong random number generator, for cryptographic keys...

SonicWALL SMA100 Encryption Issue Vulnerability

The SonicWALL SMA100 is a secure access gateway appliance from SonicWALL USA. The SonicWALL SMA100 suffers from a cryptographic issue vulnerability that stems from the use of a weakly encrypted pseudo-random number generator in the backup code generator. An attacker could exploit the vulnerabilit...

The vulnerability of SonicWall SMA 100 network firewall microprogramming software, related to the use of a insecure random number generator program, allows attackers to disclose protected information.

The vulnerability of SonicWall SMA 100 network firewall microprogramming software is related to the use of a potentially insecure program for generating random numbers. Exploiting this vulnerability could allow a malicious actor to disclose protected information...

CVE-2024-55566

ColPack 1.0.10 through 9a7293a has a predictable temporary file located under /tmp with a name derived from an unseeded RNG. The impact can be overwriting files or making ColPack graphing unavailable to other users...

DEBIAN-CVE-2024-53085

In the Linux kernel, the following vulnerability has been resolved: tpm: Lock TPM chip in tpmpmsuspend first Setting TPMCHIPFLAGSUSPENDED in the end of tpmpmsuspend can be racy according, as this leaves window for tpmhwrngread to be called while the operation is in progress. The recent bug report...

Fedora 41 : aws (2024-7908ee39a9)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-7908ee39a9 advisory. CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator. AWS.Utils.Random and AWS.Utils.RandomString used...

Admin account takeover through weak Pseudo-Random number generator used in generating password reset codes

This report is not public...

CVE-2024-47945

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions...

DrayTek Vigor 3910 安全漏洞

The DrayTek Vigor 3910 is a high-performance router for enterprise networks from China-based DrayTek. A security vulnerability exists in the DrayTek Vigor 3910 version 4.3.2.6 and prior versions, which originates from the Vigor Management UI's httpd server using static strings to seed OpenSSL's...

GCC: Flawed Code Generation

Background The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Ada, Go, D and Modula-2 as well as libraries for these languages libstdc++,.... Description A vulnerability has been discovered in GCC. Please review the CVE identifier referenced below for details. Impac...

USN-7024-1 tgt vulnerability

It was discovered that tgt attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical...

kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems

CVE-2024-35875 addresses a security concern in the Linux kernel's handling of confidential computing CoCo environments. In these setups, the virtual machine VM host is untrusted and may attempt to compromise guest VMs. A critical component for maintaining security in such environments is a reliab...

NewStart CGSL MAIN 6.02 : libssh Multiple Vulnerabilities (NS-SA-2024-0052)

The remote NewStart CGSL host, running version MAIN 6.02, has libssh packages installed that are affected by multiple vulnerabilities: - The RANDbytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator PRNG,...

Linux target framework 安全漏洞

tgt Linux target framework is a user-space SCSI target framework by the individual developer FUJITA Tomonori. It supports iSCSI and iSER transport protocols. A security vulnerability exists in versions of Linux target framework tgt prior to 1.0.93, which stems from the use of the rand function...

kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems

CVE-2024-35875 addresses a security concern in the Linux kernel's handling of confidential computing CoCo environments. In these setups, the virtual machine VM host is untrusted and may attempt to compromise guest VMs. A critical component for maintaining security in such environments is a reliab...

ROS-20240816-14

A vulnerability in the phardirread function of the PHP interpreter is caused by a buffer overflow on the stack. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code Vulnerability in PHP programming language interpreter is related to incorrect restriction of XM...

Ubuntu 14.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6866-3)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6866-3 advisory. It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker coul...

Ubuntu: Security Advisory (USN-6866-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...