CVE-2025-64429 DuckDB Encryption Crypto implementation is vulnerable

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

GHSA-R4XG-4WRV-W72H Duplicate Advisory: Lemur subject to insecure random generation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5fqv-mpj8-h7gm. This link is maintained to preserve external references. Original Description Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The...

CVE-2023-30797 Insecure Random Generation in Netflix Lemur

Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur...

Insecure Random Number Generation

cryptiles is vulnerable to insecure random number generation. The application uses the randomDigits method which does not have sufficient entropy to be securely random, allowing an attacker to gain access through a brute-force attack...

Insecure Random Number Generation

github.com/vmware/harbor uses math/rand to generate salt values. This is not cryptographically secure and makes it easier for attackers to brute force the value...