[SECURITY] Fedora 43 Update: haveged-1.9.22-1.fc43

A Linux entropy source using the HAVEGE algorithm Haveged is a user space entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction e.g. headless server...

Smolder 安全漏洞

Smolder is a smoke testing report platform developed by WONKO’s individual developers. Versions of Smolder 1.51 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of the insecure rand function as the default entropy source in encryption functions, which may lead...

CVE-2025-40905

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

UBUNTU-CVE-2025-40905

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2025-40905

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

MetaCPAN WWW::OAuth 安全漏洞

MetaCPAN WWW::OAuth is a Perl authentication library developed by the MetaCPAN Foundation. Versions of MetaCPAN WWW::OAuth 1.000 and earlier contained a security vulnerability. This vulnerability stemmed from using the rand function as the default entropy source for encryption functions, which is...

CVE-2025-40905 WWW::OAuth 1.000 and earlier for Perl uses insecure rand() function for cryptographic functions

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2025-40109

The CVE-2025-40109 entry affects the Linux kernel crypto RNG path. Root cause: set_ent is not guaranteed to be present in all paths, even though only DRBG provides it. The fix ensures set_ent is always present. Impact and exploit specifics are not detailed in the provided documents. Remediation: ...

EUVD-2003-0090

Malware in sbrugna...

EUVD-2025-10846

Malicious code in bioql PyPI...

EUVD-2022-31488

Malicious code in bioql PyPI...

ROS-20250710-05

The vulnerability in the Perl programming language is due to the fact that the software uses the function rand as the default entropy source, which is not cryptographically secure. Exploitation of the vulnerability could allow an attacker to bypass the implemented security restrictions...

Adaptive Variation-Resilient Random Number Generator for Embedded Encryption

With a growing interest in securing user data within the internet-of-things IoT, embedded encryption has become of paramount importance, requiring light-weight high-quality Random Number Generators RNGs. Emerging stochastic device technologies produce random numbers from stochastic physical...

CVE-2012-4898

Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere...

DEBIAN-CVE-2025-2814

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...

CVE-2025-2814

CVE-2025-2814 affects Crypt::CBC for Perl versions 1.21–3.05, which may use the non-cryptographically secure rand() as the entropy source when /dev/urandom is unavailable. Several advisories confirm the issue and report a fix that sources randomness via Crypt::URandom instead of falling back to r...

PT-2025-16174 · Unknown +2 · Crypt::Cbc +2

Name of the Vulnerable Software and Affected Versions: Crypt::CBC versions 1.21 through 3.04 Description: The issue affects Crypt::CBC for Perl, where versions between 1.21 and 3.04 may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographi...

[SECURITY] Fedora 42 Update: perl-Data-Entropy-0.008-1.fc42

This module maintains a concept of a current selection of entropy source. Algorithms that require entropy, such as those in Data::Entropy::Algorithms, can use the source nominated by this module, avoiding the need for entropy source objects to be explicitly passed around. This is convenient becau...

[SECURITY] Fedora 40 Update: perl-Data-Entropy-0.008-1.fc40

This module maintains a concept of a current selection of entropy source. Algorithms that require entropy, such as those in Data::Entropy::Algorithms, can use the source nominated by this module, avoiding the need for entropy source objects to be explicitly passed around. This is convenient becau...

[SECURITY] Fedora 41 Update: perl-Data-Entropy-0.008-1.fc41

This module maintains a concept of a current selection of entropy source. Algorithms that require entropy, such as those in Data::Entropy::Algorithms, can use the source nominated by this module, avoiding the need for entropy source objects to be explicitly passed around. This is convenient becau...