2 matches found
GHSA-75V8-2H7P-7M2M Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content
Formidable aka node-formidable 2.x before 2.1.3 and 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...
DEBIAN-CVE-2025-1860
Data::Entropy for Perl 0.007 and earlier use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...