CVE-2025-40905

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2023-31290

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input...

Amazon Linux 2 : linux-firmware, --advisory ALAS2-2025-3092 (ALAS-2025-3092)

The version of linux-firmware installed on the remote host is prior to 20200421-85.git78c0348. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3092 advisory. Improper isolation of shared resources on a system on a chip by a malicious local attacker with high...

CVE-2025-62626

Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values...

Mageia: Security Advisory (MGASA-2025-0279)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-41731

CVE-2025-41731 involves Jumo variTRON300 devices where the password for the debug interface is generated from a weak PRNG. An unauthenticated local attacker who knows the password-generation timeframe could brute-force the password in a timely manner and gain root access if the debug interface re...

UBUNTU-CVE-2024-57868

Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...

CVE-2024-20513

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device. This vulnerability is due to...

PT-2023-20533 · Pubnub · Pubnub/Swift +7

Name of the Vulnerable Software and Affected Versions: pubnub versions prior to 7.4.0 com.pubnub:pubnub all versions github.com/pubnub/go all versions github.com/pubnub/go/v7 versions prior to 7.2.0 pubnub/pubnub versions prior to 6.1.0 pubnub/c-core versions prior to 4.5.0 com.pubnub:pubnub-kotl...

CVE-2023-20107

A vulnerability in the deterministic random bit generator DRBG, also known as pseudorandom number generator PRNG, in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an...

CVE-2019-1715

A vulnerability in the Deterministic Random Bit Generator DRBG, also known as Pseudorandom Number Generator PRNG, used in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a cryptographic...

DEBIAN-CVE-2015-3405

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not , which might allow remote attackers to obtain the value of generated MD5...

UBUNTU-CVE-2015-3405

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not , which might allow remote attackers to obtain the value of generated MD5...

Design/Logic Flaw

Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere...

Design/Logic Flaw

The Linear Congruential Generator LCG in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function...

PT-2010-2032 · Microsoft · Windows Server 2003 +7

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2 Description: The issue is related to the SMB...