1235 matches found
SUSE CVE-2025-1828
Crypt::Random Perl package 1.05 through 1.55 may use rand function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon egd service is not available Crypt::Random will default to use the insecure...
CVE-2025-20908
Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting...
CVE-2025-20908
Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting...
CVE-2025-20908
Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting...
CVE-2025-20908
Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting...
PT-2025-9879
Name of the Vulnerable Software and Affected Versions Auracast versions prior to SMR Mar-2025 Release 1 Description The issue arises from the use of insufficiently random values in Auracast, allowing adjacent attackers to access Auracast broadcasting. Recommendations For versions prior to SMR...
Linux Distros Unpatched Vulnerability : CVE-2022-48629
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in...
CVE-2025-1953
A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently random values. The...
CVE-2025-1953 vLLM AIBrix Prefix Caching hash.go random values
A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently random values. The...
AIBrix 安全特征问题漏洞
AIBrix is a cost-effective and pluggable infrastructure component for GenAI inference open-sourced by vLLM. AIBrix version 0.2.0 suffers from a security feature issue vulnerability that stems from the presence of an insufficient randomness issue...
RLSA-2025:1611 Important: nodejs:22 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...
UBUNTU-CVE-2022-49698
In the Linux kernel, the following vulnerability has been resolved: netfilter: use getrandomu32 instead of prandom bh might occur while updating per-cpu rndstate from user context, ie. localout path. BUG: using smpprocessorid in preemptible 00000000 code: nginx/2725 caller is...
CVE-2022-49698 netfilter: use get_random_u32 instead of prandom
In the Linux kernel, the following vulnerability has been resolved: netfilter: use getrandomu32 instead of prandom bh might occur while updating per-cpu rndstate from user context, ie. localout path. BUG: using smpprocessorid in preemptible 00000000 code: nginx/2725 caller is...
RockyLinux 8 : nodejs:18 (RLSA-2025:1582)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:1582 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 Tenable has...
undici: Undici Uses Insufficiently Random Values
A flaw was found in the undici package for Node.js. Undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests t...
Moderate: Red Hat Security Advisory: nodejs:18 security update
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...
Undici Uses Insufficiently Random Values
...
SUSE CVE-2023-1732
When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...
SUSE CVE-2023-3247
In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...