EUVD-2015-8873

Malware in sbrugna...

EUVD-2022-2379

Malicious code in bioql PyPI...

form-data uses unsafe random function in form-data for choosing boundary

Summary form-data uses Math.random to select a boundary value for multipart form-encoded data. This can lead to a security issue if an attacker: 1. can observe other values produced by Math.random in the target application, and 2. can control one field of a request made using form-data Because th...

Predictable Boundary Selection

Undici is vulnerable to predictable boundary selection. The vulnerability is due to the use of Math.random to choose the boundary, which can be predicted if several of its values are known, potentially allowing an attacker to tamper with requests to backend APIs...

New Admin Takeover Vulnerability Exposed in Synology's DiskStation Manager

A medium-severity flaw has been discovered in Synology's DiskStation Manager DSM that could be exploited to decipher an administrator's password and remotely hijack the account. "Under some rare conditions, an attacker could leak enough information to restore the seed of the pseudorandom number...

Fastly Compute@Edge JS Runtime has fixed random number seed during compilation

Impact Math.random and crypto.getRandomValues methods failed to use sufficiently random values. The initial value to seed the CSPRNG cryptographically secure pseudorandom number generator was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for th...

GHSA-CMR8-5W4C-44V8 Fastly Compute@Edge JS Runtime has fixed random number seed during compilation

Impact Math.random and crypto.getRandomValues methods failed to use sufficiently random values. The initial value to seed the CSPRNG cryptographically secure pseudorandom number generator was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for th...

CVE-2022-36045

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and...

phpMyAdmin Cryptographic Vulnerability

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

CVE-2022-30782

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers...

CVE-2022-30782

The CVE-2022-30782 entry concerns the Openmoney API (through 2020-06-29) that uses JavaScript Math.random for randomness. The provided sources state this function does not provide cryptographically secure random numbers, implying potential security weaknesses in any cryptographic or security-sens...

CSS paint API: Being predictably random

Take a look at this: Space invaders If you're using a browser that supports the CSS paint API, the element will have a 'random' pixel-art gradient in the background. But it turns out, doing random in CSS isn't as easy as it seems… Initial implementation This isn't a full tutorial on the CSS paint...

Insecure Randomness

firefox is vulnerable to insecure randomness. The vulnerability exists as a flaw was found in the Firefox Math.random function. This function could be used to identify a browsing session and track a user across different websites...

Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-1052)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2013-4102

Cryptocat before 2.0.22 strophe.js Math.random Random Number Generator Weakness...

EulerOS Virtualization for ARM 64 3.0.2.0 : libxslt (EulerOS-SA-2019-1625)

According to the versions of the libxslt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite...

Security Bulletin: Current Releases of IBM® SDK for Node.js™ are affected by CVE-2015-8851

Summary Unsafe fallback to Math.random in module node-uuid, used by the npm package management tool Vulnerability Details CVE-ID: CVE-2015-8851 Description: node.js node-uuid could provide weaker than expected, caused by the use of Math.random instead of a more cryptographically sound source of...

Security Bulletin: node-uuid unsafe fallback to Math.random affects IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux (CVE-2015-8851)

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. A vulnerability in the node-uuid module causes the module to...

Security Bulletin: node-uuid unsafe fallback to Math.random (CVE-2015-8851)

Summary A vulnerability in the node-uuid module causes the module to fallback on math.random under certain circumstances, which leads to predictable UUIDs. The node-uuid module is used by the Node.js Package Manager npm. Vulnerability Details CVEID: CVE-2015-8851 DESCRIPTION: node.js node-uuid...

Unspecified vulnerability in socket.io

socket.io is an application framework that supports real-time two-way traffic. A security vulnerability exists in socket.io that stems from the program's reliance on the 'Math.random' function to create socket IDs, which can be exploited by an attacker to guess the socket ID and gain access to th...