Fedora 40 : glibc (2025-69207650a4)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-69207650a4 advisory. This update addresses two security vulnerabilities: CVE-2025-0395: A buffer overflow may occur in the assert function with certain large program nam...

Fedora 41 : glibc (2025-497995b101)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-497995b101 advisory. This update addresses two security vulnerabilities: CVE-2025-0395: A buffer overflow may occur in the assert function with certain large program nam...

CVE-2025-0577

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions. Mitigation Red Hat Product Security do...

AZL-55931 CVE-2025-22150 affecting package nodejs18 for versions less than 18.20.3-3

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

UBUNTU-CVE-2025-22150

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

undici 安全特征问题漏洞

undici is an HTTP/1.1 client for Node.js open source. A security feature issue vulnerability exists in Undici version 4.5.0, versions prior to 5.28.5, 6.21.1, and 7.2.3, which stems from the use of predictable Math.random to generate bounds for multipart/form-data requests, allowing an attacker t...

PT-2025-4384

Name of the Vulnerable Software and Affected Versions undici versions 4.5.0 through 5.28.4 undici versions 4.5.0 through 6.21.0 undici versions 4.5.0 through 7.2.2 Description The issue arises from undici using Math.random to choose the boundary for a multipart/form-data request. It is known that...

DEBIAN-CVE-2024-55566

ColPack 1.0.10 through 9a7293a has a predictable temporary file located under /tmp with a name derived from an unseeded RNG. The impact can be overwriting files or making ColPack graphing unavailable to other users...

FIWARE Keyrock 安全漏洞

FIWARE Keyrock is a FIWARE open source component responsible for identity management. A cryptographic vulnerability exists in FIWARE Keyrock 8.4 and prior versions, which arises from a predictable random value for user-created activation tokens that can be exploited by an attacker to predict...

Chilkat 安全漏洞

Chilkat is a cross-language, cross-platform API from Chilkat, Inc. A security vulnerability exists in Chilkat versions prior to v9.5.0.98. An attacker exploited the vulnerability to obtain sensitive information via a predictable PRNG in the ChilkatRand::randomBytes function...

samba: GnuTLS gnutls_rnd() can fail and give predictable random values

A flaw was found in Samba. When the gnutlsrnd function is called, its return value is not verified, allowing it to give predictable random values when the call to the gnutlsrnd function fails...

PKP Web Application Library Security Vulnerability

The PKP Web Application Library is a library shared by PKP's Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS, and Open Harvester System OHS. A security vulnerability exists in the PKP Web Application Library prior to version 3.3.0-16, which...

Node.js 安全特征问题漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in versions of Node.js prior to version 3.2.1 that stems from the crypto-js package generating random numbers by concatenating strings, but using integers, which makes the output predictable...

DEBIAN-CVE-2023-31147

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

Amazon Fire TV Stick 安全特征问题漏洞

The Amazon Fire TV Stick is a television voice recognition remote control from Amazon.com, Inc. The Amazon Fire TV Stick suffers from a security signature issue vulnerability that stems from initializing random numbers to known values and incorrect JPAKE implementation that allows for brute force...

SUSE CVE-2011-0755

Integer overflow in the mtrand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mtgetrandmax...

SUSE CVE-2011-2705

The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an...

SUSE CVE-2014-0878

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier f...

SUSE CVE-2015-0800

The PRNG implementation in the DNS resolver in Mozilla Firefox aka Fennec before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to...

SUSE CVE-2020-8631

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function...