EUVD-2021-0584

Malware in sbrugna...

Predictable Value Range from Previous Values

Overview Affected versions of this package are vulnerable to Predictable Value Range from Previous Values via the boundary value, which uses Math.random. An attacker can manipulate HTTP request boundaries by exploiting predictable values, potentially leading to HTTP parameter pollution. Remediati...

Predictable Value Range from Previous Values

Overview Affected versions of this package are vulnerable to Predictable Value Range from Previous Values via the boundary value, which uses Math.random. An attacker can manipulate HTTP request boundaries by exploiting predictable values, potentially leading to HTTP parameter pollution. Remediati...

undici: Undici Uses Insufficiently Random Values

A flaw was found in the undici package for Node.js. Undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests t...

undici: Undici Uses Insufficiently Random Values

A flaw was found in the undici package for Node.js. Undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests t...

ALPINE-CVE-2025-22150

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

SUSE CVE-2010-3171

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acti...

SUSE CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

js-compute-runtime 安全漏洞

js-compute-runtime is a Fastly Compute@Edge JavaScript runtime open-sourced by Fastly. A security vulnerability exists in js-compute-runtime versions 0.4.0 through 0.5.3, which stems from the failure of the Math.random and crypto.getRandomValues methods to use sufficient random values...

CVE-2022-30782

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers...

CVE-2022-30782

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers...

GHSA-QV2V-M59F-V5FW Insecure randomness in socket.io

Affected versions of socket.io depend on Math.random to create socket IDs, and therefore the IDs are predictable. With enough information on prior IDs, an attacker may be able to guess the socket ID and gain access to socket.io servers without authorization. Recommendation Update to v0.9.7 or lat...

CVE-2017-16028

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG Math.random...

CVE-2017-17845

An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random is used by pretty Easy privacy pEp, aka TBE-01-001...

Unspecified vulnerability in libxslt math.random function

libxslt is an XSLT XML Language for Defining XML Transformations C library developed for the GNOME project. A security vulnerability exists in libxslt 1.1.29 and earlier versions due to the program failing to initialize the EXSLT math.random function with a random seed. An attacker could use this...

DEBIAN-CVE-2015-9019

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs...

CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

UBUNTU-CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

DEBIAN-CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

Google Chrome 'Math.Random()' Unauthorized Access Vulnerability

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in Google Chrome that originates from the application generating weak random numbers. The vulnerability can be exploited by an attacker to obtain sensitive information and unauthorized...