CVE-2022-32284

Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router WAC Router AW810D, which may allow a remote attacker to cause denial-of-service DoS condition by sending a specially crafted packet...

GO-2022-0411 Insufficient randomness in github.com/Masterminds/goutils

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...

Insecure Randomness

github.com/argoproj/argo-cd is vulnerable to insecure randomness. The vulnerability exists because the library used insufficient entropy to seed the non-cryptographically-secure pseudo-random number generator in Oauth2/OIDC login flows when SSO login is initiated from the Argo CD CLI or UI,...

PT-2022-7528 · Gnutls +7 · Gnutls +7

Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: The issue is related to the function gnutls rnd in the GnuTLS package used by Samba, which generates insufficiently random values. This can potentially allow an attacker to gain access to...

SSH.NET 安全特征问题漏洞

SSH.NET is an SSH library for .NET optimized for parallelism. A security signature issue vulnerability exists in SSH.NET versions 2020.0.0 and 2020.0.1, which stems from a client's private key being generated during an X25519 key exchange using System.Random. System.Random is not a...

GHSA-V367-P58W-98H5 PyCrypto makes Use of Insufficiently Random Values

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key...

CVE-2022-30782

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers...

CVE-2022-30782

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers...

Openmoney API 安全特征问题漏洞

The Openmoney API is a domain-driven model consisting of supervisors, namespaces, currencies, accounts, and journals. A security vulnerability exists in the Openmoney API that stems from the use of the JavaScript Math.random function, which does not provide cryptographically secure random numbers...

GHSA-53MR-44PP-CRF4 pip lack of randomness in build directory

pip 1.3 through 1.5.6 allows local users to cause a denial of service prevention of package installation by creating a /tmp/pip-build- file for another user...

Phusion Passenger incorrect permission assignment

An issue was discovered in switchGroup in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups gidset is not set correctly, leaving it up to randomness i.e., uninitialized memory which supplementary groups are actually being set while lowering privileges...

GHSA-WQMM-Q65G-2HQR Paramiko Unsafe randomness usage may allow access to sensitive information

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool...

Paramiko Unsafe randomness usage may allow access to sensitive information

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool...

TYPO3 is vulnerable to Insecure randomness in uniqid function

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function...

GHSA-C7XR-736P-29J3 TYPO3 is vulnerable to Insecure randomness in uniqid function

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function...

TYPO3 is vulnerable to insecure randomness during hash generation in forgot password function

TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function...

GHSA-3276-P9F2-8Q89 TYPO3 is vulnerable to insecure randomness during hash generation in forgot password function

TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function...

CoreCollection: Starting index is pseudo-randomly generated, allowing for gameable NFT launches

Lines of code Vulnerability details Details & Impact In Paradigm’s article “A Guide to Designing Effective NFT Launches”, one of the desirable properties of an NFT launch is unexploitable fairness: Launches must have true randomness to ensure that predatory users cannot snipe the rarest items at...

Apache CloudStack 安全特征问题漏洞

Apache CloudStack is an Infrastructure-as-a-Service IaaS cloud computing platform from the Apache Foundation. The platform is primarily used to deploy and manage large networks of virtual machines.A security feature issue vulnerability exists in versions of Apache CloudStack prior to 4.16.1.0,...

Unbonding validator random selection can be predicted

Lines of code Vulnerability details Impact When unbonding, the pickvalidator function is supposed to choose a random validator to unstake from. However, this randomness can be predicted knowing the block height which is very easy to predict. let mut iterationindex = 0; while claimed.u128 0 let mu...