CVE-2013-7372

The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNGSecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture JCA in Android before 4.4 and...

EUVD-2011-2686

Malware in sbrugna...

EUVD-2013-7142

Malware in sbrugna...

EUVD-2024-42278

Malicious code in bioql PyPI...

EUVD-2024-41566

Malicious code in bioql PyPI...

EUVD-2022-4395

Malicious code in bioql PyPI...

CVE-2024-47126

The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast of an...

CVE-2022-29035

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...

Linux Distros Unpatched Vulnerability : CVE-2011-2705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, whic...

CVE-2024-47126

The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast of an...

Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length

Summary Under the default configuration, Devise-Two-Factor version = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier...

SUSE CVE-2011-2705

The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an...

GHSA-JJX5-FQ5G-8XPC Symfony Cryptographic Vulnerability

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

JetBrains Ktor Native Security Feature Issue Vulnerability

JetBrains Ktor Native is an asynchronous framework for creating microservices, web applications, etc. JetBrains Ktor Native versions prior to 2.0.0 are vulnerable to a security feature that stems from the fact that random values used for random number generation are not implemented using...

Design/Logic Flaw

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...

CVE-2022-29035

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...

JetBrains Ktor Native 安全特征问题漏洞

JetBrains Ktor Native is an asynchronous framework for creating microservices, web applications, etc. JetBrains Ktor Native versions prior to 2.0.0 are vulnerable to a security feature that stems from the fact that random values used for random number generation are not implemented using...

Cryptographically weak CSRF tokens in Apache MyFaces

In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery CSRF tokens. Due to that limitation, it is possible although difficult for an attacker ...

GHSA-GQ67-PP9W-43GP Cryptographically weak CSRF tokens in Apache MyFaces

In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery CSRF tokens. Due to that limitation, it is possible although difficult for an attacker ...

JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0

JHipster Kotlin is using an insecure source of randomness to generate all of its random values. JHipster Kotlin relies upon apache commons lang3 RandomStringUtils. From the documentation: Caveat: Instances of Random, upon which the implementation of this class relies, are not cryptographically...