CVE-2024-58041

Smolder versions through 1.51 for Perl uses insecure rand function for cryptographic functions. Smolder 1.51 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Smolder::DB::Developer uses t...

CVE-2024-58041 Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions

Smolder versions through 1.51 for Perl uses insecure rand function for cryptographic functions. Smolder 1.51 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Smolder::DB::Developer uses t...

EUVD-2025-10846

Malicious code in bioql PyPI...

MetaCPAN Crypt::CBC 安全特征问题漏洞

MetaCPAN Crypt::CBC is a component of the MetaCPAN Foundation. A security signature issue vulnerability exists in MetaCPAN Crypt::CBC versions 1.21 through 3.04, which stems from the default use of an insecure rand function as an entropy source...

CVE-2024-56370

Net::Xero 0.044 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Rand...

CVE-2024-52322

WebService::Xero 0.11 and earlier for Perl uses the non-cryptographically secure rand() as entropy via the Data::Random library, which is described as intended for testing. The vulnerability stems from using a non-cryptographic RNG for cryptographic functions, potentially affecting secrecy of ent...

CVE-2024-58036

Net::Dropbox::API 1.9 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is "Useful mostly for test...

DEBIAN-CVE-2024-57868

Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...

CVE-2024-58036

Net::Dropbox::API 1.9 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is "Useful mostly for test...

CVE-2024-58036

CVE-2024-58036 affects the Perl module stack Net::Dropbox::API 1.9 and earlier, where cryptographic functions default to using the non-cryptographically secure rand() entropy source. The issue is tied to the use of the Data::Random library by Net::Dropbox::API, which itself notes it is “Useful mo...

PT-2025-15065

Name of the Vulnerable Software and Affected Versions WebService::Xero versions 0.11 and earlier Description The issue concerns the use of a non-cryptographically secure source of entropy for cryptographic functions. Specifically, WebService::Xero uses the Data::Random library, which relies on th...

CVE-2025-1860

Data::Entropy for Perl 0.007 and earlier use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2022-31034 Insecure entropy in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in...

CVE-2022-31034 Insecure entropy in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in...

Insecure Entropy Source - Math.random() in node-uuid

Affected versions of node-uuid consistently fall back to using Math.random as an entropy source instead of crypto, which may result in guessable UUID's. Recommendation Update to version 1.4.4 or later...

nodejs-node-uuid: insecure entropy source - Math.random()

It was found that NodeJS node-uuid used Math.random to create a GUID Globally Unique Identifier which does not provide enough entropy on some platforms it only provides 32 bits which can result in collisions of GUIDs. An attacker could use this to guess GUID values and leverage further attacks...

Insecure Entropy Source - Math.random()

Overview Affected versions of node-uuid consistently fall back to using Math.random as an entropy source instead of crypto, which may result in guessable UUID's. Recommendation Update to version 1.4.4 or later. References - Issue 108 - Issue 122 - GitHub Advisory...