Lucene search
K

58 matches found

Fedora
Fedora
added 2025/04/08 1:29 a.m.9 views

[SECURITY] Fedora 41 Update: perl-Data-Entropy-0.008-1.fc41

This module maintains a concept of a current selection of entropy source. Algorithms that require entropy, such as those in Data::Entropy::Algorithms, can use the source nominated by this module, avoiding the need for entropy source objects to be explicitly passed around. This is convenient becau...

7.7CVSS6.5AI score0.00179EPSS
Exploits0
NVD
NVD
added 2025/04/05 7:15 p.m.22 views

CVE-2024-56370

Net::Xero 0.044 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Rand...

6.5CVSS0.00328EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/04/05 3:35 p.m.21 views

CVE-2024-57868

Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...

5.5CVSS5.2AI score0.00279EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/05 12:0 a.m.5 views

PT-2025-15068 · Unknown +1 · Data::Random +1

Name of the Vulnerable Software and Affected Versions: Net::Xero versions 0.044 and earlier Description: The issue concerns the use of the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically, Net::Xero uses the...

6.5CVSS6.4AI score0.00328EPSS
Exploits0References11
OSV
OSV
added 2025/03/28 1:15 a.m.15 views

CVE-2025-1860

Data::Entropy for Perl 0.007 and earlier use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

7.2AI score
Exploits0References3
CNNVD
CNNVD
added 2025/03/28 12:0 a.m.5 views

Perl 安全漏洞

Perl is a general-purpose, interpreted, dynamic cross-platform programming language from the PERL community. A security vulnerability exists in Perl 0.007 and earlier versions that stems from the use of the rand function as the default entropy source for cryptographic functions that are not...

7.7CVSS5.3AI score0.00179EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.9 views

PT-2026-7944

Name of the Vulnerable Software and Affected Versions WWW::OAuth versions 1.000 and earlier Description The software utilizes the rand function as the default source of entropy for cryptographic functions, which is not cryptographically secure. This can potentially compromise the security of...

7.3CVSS5.3AI score0.00255EPSS
Exploits0References13
OSV
OSV
added 2024/12/16 2:1 p.m.15 views

BIT-NODE-MIN-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...

9.1CVSS8.7AI score0.0187EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/09/04 12:15 a.m.5 views

kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems

CVE-2024-35875 addresses a security concern in the Linux kernel's handling of confidential computing CoCo environments. In these setups, the virtual machine VM host is untrusted and may attempt to compromise guest VMs. A critical component for maintaining security in such environments is a reliab...

5.5CVSS7AI score0.00235EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/05/21 1:59 a.m.5 views

SUSE CVE-2024-35875

In the Linux kernel, the following vulnerability has been resolved: x86/coco: Require seeding RNG with RDRAND on CoCo systems There are few uses of CoCo that don't rely on working cryptography and hence a working RNG. Unfortunately, the CoCo threat model means that the VM host cannot be trusted a...

5.6CVSS6.5AI score0.00235EPSS
Exploits0References17
NVD
NVD
added 2024/02/08 8:15 p.m.31 views

CVE-2024-23660

The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 202...

7.5CVSS7.2AI score0.00552EPSS
Exploits1References2
Prion
Prion
added 2024/02/08 8:15 p.m.21 views

Design/Logic Flaw

The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 202...

5CVSS7AI score0.00552EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/02/08 12:0 a.m.34 views

CVE-2024-23660

The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 202...

7.4AI score0.00552EPSS
Exploits1References2
CVE
CVE
added 2024/02/08 12:0 a.m.70 views

CVE-2024-23660

The CVE-2024-23660 entry concerns Binance Trust Wallet for iOS (version 0.0.4). The root cause is misuse of the trezor-crypto library, causing mnemonic words to be generated with device time as the sole entropy source. This leads to predictable mnemonics and potential theft of funds, with real-wo...

7.5CVSS7.2AI score0.00552EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/05/25 10:15 p.m.6 views

AZL-26875 CVE-2023-31147 affecting package nodejs18 for versions less than 18.17.1-2

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

6.5CVSS6.7AI score0.00905EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.25 views

Siemens SCALANCE X-200 switches Insufficient Entropy Source (CVE-2013-5709)

The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value. This plugin...

8.3CVSS5.6AI score0.02988EPSS
Exploits0References3
OSV
OSV
added 2022/12/05 10:15 p.m.3 views

ALPINE-CVE-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...

9.1CVSS6.9AI score0.0187EPSS
Exploits1References1
OSV
OSV
added 2022/12/05 10:15 p.m.3 views

DEBIAN-CVE-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...

9.1CVSS6.9AI score0.0187EPSS
Exploits1References1
OSV
OSV
added 2022/12/05 12:0 a.m.32 views

CVE-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...

9.1CVSS2AI score0.0187EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2022/12/05 12:0 a.m.108 views

CVE-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...

9.1CVSS7.6AI score0.0187EPSS
Exploits1
Rows per page
Query Builder