PYSEC-2025-112

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

EUVD-2020-17922

Malware in sbrugna...

EUVD-2023-38443

Malicious code in bioql PyPI...

EUVD-2022-44451

Malicious code in bioql PyPI...

The vulnerability of the rand() function in the Crypt::CBC module of the Perl programming language allows a hacker to trigger a denial-of-service attack.

The vulnerability of the rand function in the Crypt::CBC module of the Perl programming language is related to the use of a insecure program for generating random numbers. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2022-41210

SAP Customer Data Cloud Gigya mobile app for Android - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings...

CVE-2022-30782

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers...

CVE-2020-9449

An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS client, and BlaB! WS Pro client version 19.11 allows an attacker with a guest or user session cookie to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitra...

CVE-2024-57835

Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl's built-in predictable random number generator, the rand function, which is not cryptographically secure...

CVE-2024-57835 Amon2::Auth::Site::LINE versions through 0.04 for Perl uses insecure rand() function for cryptographic functions

Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl's built-in predictable random number generator, the rand function, which is not cryptographically secure...

CVE-2024-57835

CVE-2024-57835 affects Amon2::Auth::Site::LINE, which uses String::Random to generate nonces. The underlying issue is that String::Random relies on Perl’s built-in rand(), a non-cryptographically secure RNG, potentially enabling nonce-related weaknesses. Technical details across connected docs in...

CVE-2025-1860 Data::Entropy for Perl uses insecure rand() function for cryptographic functions

Data::Entropy for Perl 0.007 and earlier use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2023-36993

The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts...

CVE-2023-36993

The CVE concerns TravianZ 8.3.4 and 8.3.3 where the password reset function uses a cryptographically insecure random number generator. This root cause permits an attacker to guess password reset parameters and take over accounts. Public sources in connected documents corroborate the same affected...

CVE-2023-34363

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...

Progress Software DataDirect Connect 安全特征问题漏洞

Progress Software DataDirect Connect is a data connectivity solution from Progress Software, Inc. that can run in the cloud or locally. A security vulnerability previously existed in Progress Software DataDirect Connect version 08.02.2770, which arose when using Oracle Advanced Security OAS...

CVE-2022-43485 Insecure random number used for generating keys for signing Jwt tokens

Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1...

CVE-2022-43485 Insecure random number used for generating keys for signing Jwt tokens

Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1...

GHSA-MHHF-VGWH-FW9H Passeo uses insecure random number generator

Impact Everyone below v1.0.5 is impacted by this flaw, of confidentiality being at risk due to the passwords being easily able to be guessed with Passeo's use of the random library. It is recommended to change any passwords made with Passeo before v1.0.5 and upgrade to v1.0.5, and v1.0.5 patches...

Passeo uses insecure random number generator

Impact Everyone below v1.0.5 is impacted by this flaw, of confidentiality being at risk due to the passwords being easily able to be guessed with Passeo's use of the random library. It is recommended to change any passwords made with Passeo before v1.0.5 and upgrade to v1.0.5, and v1.0.5 patches...