AZL-55931 CVE-2025-22150 affecting package nodejs18 for versions less than 18.20.3-3

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

AZL-55950 CVE-2025-22150 affecting package nodejs for versions less than 20.14.0-5

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

UBUNTU-CVE-2025-22150

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

PT-2025-4384 · Undici +7 · Undici +7

Name of the Vulnerable Software and Affected Versions: undici versions 4.5.0 through 5.28.4 undici versions 4.5.0 through 6.21.0 undici versions 4.5.0 through 7.2.2 Description: The issue arises from undici using Math.random to choose the boundary for a multipart/form-data request. It is known th...

undici 安全特征问题漏洞

undici is an HTTP/1.1 client for Node.js open source. A security feature issue vulnerability exists in Undici version 4.5.0, versions prior to 5.28.5, 6.21.1, and 7.2.3, which stems from the use of predictable Math.random to generate bounds for multipart/form-data requests, allowing an attacker t...

DEBIAN-CVE-2025-0218

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-creat...

UBUNTU-CVE-2024-56830

The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand if no strong randomization module is present...

MetaCPAN Net::EasyTCP 安全漏洞

MetaCPAN Net::EasyTCP is a module of the MetaCPAN Foundation. It is used to create secure, bandwidth-friendly TCP/IP clients and servers. A security vulnerability exists in MetaCPAN Net::EasyTCP versions 0.15 through 0.26, which stems from the use of Perl's built-in rand if a strong randomization...

CVE-2018-25107

The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...

DEBIAN-CVE-2018-25107

The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...

Perl 安全漏洞

Perl is a general-purpose, interpreted, dynamic cross-platform programming language from the PERL community. A security vulnerability exists in Perl versions prior to 0.13, which stems from the Crypt::Random::Source package falling back to the built-in rand function, which is not a safe source of...

PT-2024-10625 · Unknown · Crypt::Random::Source

Name of the Vulnerable Software and Affected Versions: Crypt::Random::Source versions prior to 0.13 Description: The issue concerns the Crypt::Random::Source package for Perl, which has a fallback to the built-in rand function. This function is not a secure source of random bits, potentially...

CVE-2024-12432

The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generatekey' function not producing a sufficiently random value. This makes it possible for authenticated...

WordPress plugin WPC Shop as a Customer for WooCommerce 安全特征问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security feature...

CLSA-2024-1734368297 gnutls: Fix of 3 CVEs

Keep the broken pkcs11 tests disabled. - Added CVE-2024-0567 PoC test. - CVE-2023-5981-pre1: improve level of randomness for each operations, always use gnutlsswitchlibstate for pk wrappers. - CVE-2023-5981-pre2: add constant time/cache operations to prevent or minimaze timining or cache side...

BIT-NODE-MIN-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...

php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...

DEBIAN-CVE-2024-55566

ColPack 1.0.10 through 9a7293a has a predictable temporary file located under /tmp with a name derived from an unseeded RNG. The impact can be overwriting files or making ColPack graphing unavailable to other users...

DEBIAN-CVE-2024-53125

In the Linux kernel, the following vulnerability has been resolved: bpf: synclinkedregs must preserve subregdef Range propagation must not affect subregdef marks, otherwise the following example is rewritten by verifier incorrectly when BPFFTESTRNDHI32 flag is set: 0: call bpfktimegetns call...

AZL-53579 CVE-2024-52616 affecting package avahi for versions less than 0.8-5

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs...