Secure Authentication Via Quantum Physical Unclonable Functions: a Review

Quantum Physical Unclonable Functions QPUFs offer a physically grounded approach to secure authentication, extending the capabilities of classical PUFs. This review covers their theoretical foundations and key implementation challenges - such as quantum memories and Haar-randomness -, and...

Linux Distros Unpatched Vulnerability : CVE-2019-16910

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might...

Linux Distros Unpatched Vulnerability : CVE-2024-45157

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling...

Linux Distros Unpatched Vulnerability : CVE-2024-4772

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An HTTP digest authentication nonce value was generated using rand which could lead to predictable values. This vulnerability affects Firefox 126. CVE-2024-4772...

Vision UI 安全漏洞

Vision UI is a UI component by David Osipov Personal Developer. A security vulnerability exists in Vision UI 1.4.0 and earlier versions, which stems from a memory exhaustion issue in the generateSecureId and getSecureRandomInt functions that could lead to a denial of service attack...

HTTP Parameter Pollution

form-data is vulnerable to HTTP Parameter Pollution HPP. The vulnerability is due to the use of weak randomness in generating boundary values in lib/formdata.js, which allows an attacker to perform HTTP Parameter Pollution HPP by manipulating form data...

An Improved ChaCha Algorithm Based on Quantum Random Number

Due to the merits of high efficiency and strong security against timing and side-channel attacks, ChaCha has been widely applied in real-time communication and data streaming scenarios. However, with the rapid development of AI-assisted cryptanalysis and quantum computing technologies, there are...

form-data Insufficient Randomness

form-data uses Math.random to select a boundary value for multipart form-encoded data. This can lead to a security issue if an attacker can observe other values produced by Math.random in the target application and can control one field of a request made using form-data...

GHSA-FJXV-7RQG-78G4 form-data uses unsafe random function in form-data for choosing boundary

Summary form-data uses Math.random to select a boundary value for multipart form-encoded data. This can lead to a security issue if an attacker: 1. can observe other values produced by Math.random in the target application, and 2. can control one field of a request made using form-data Because th...

DEBIAN-CVE-2025-7394

In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...

AZL-65610 CVE-2025-7783 affecting package js-jquery 3.5.0-4

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

UBUNTU-CVE-2025-7783

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 -...

CVE-2025-7783

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

DEBIAN-CVE-2025-40924

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

Insecure Randomness

Overview bcryptify is a Bcryptify is a modern and elegant Python library designed to simplify the use of cryptographic algorithms, while adhering to SOLID principles to ensure clean, extensible, and maintainable code. Affected versions of this package are vulnerable to Insecure Randomness via the...

Generalized and Unified Equivalences between Hardness and Pseudoentropy

Pseudoentropy characterizations provide a quantitatively precise demonstration of the close relationship between computational hardness and computational randomness. We prove a unified pseudoentropy characterization that generalizes and strengthens previous results for both uniform and non-unifor...

Adaptive Variation-Resilient Random Number Generator for Embedded Encryption

With a growing interest in securing user data within the internet-of-things IoT, embedded encryption has become of paramount importance, requiring light-weight high-quality Random Number Generators RNGs. Emerging stochastic device technologies produce random numbers from stochastic physical...

Quantum Enhanced Entropy Pool for Cryptographic Applications and Proofs

This paper investigates the integration of quantum randomness into Verifiable Random Functions VRFs using the Ed25519 elliptic curve to strengthen cryptographic security. By replacing traditional pseudorandom number generators with quantum entropy sources, we assess the impact on key security and...

Certified Randomness from Quantum Speed Limits

Quantum speed limits are usually regarded as fundamental restrictions, constraining the amount of computation that can be achieved within some given time and energy. Complementary to this intuition, here we show that these limitations are also of operational value: they enable the secure generati...

CVE-2025-52464

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...