EUVD-2025-7415

Malicious code in bioql PyPI...

CVE-2024-58040

Crypt::RandomEncryption for Perl version 0.01 uses insecure rand function during encryption...

PT-2025-39923

Name of the Vulnerable Software and Affected Versions Crypt::RandomEncryption for Perl version 0.01 Description The Crypt::RandomEncryption Perl module version 0.01 utilizes an insecure rand function during encryption processes. This can compromise the security of encrypted data. Recommendations ...

FreeBSD : p5-Crypt-CBC -- Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (cd7f969e-6cb4-11f0-97c4-40b034429ecf)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cd7f969e-6cb4-11f0-97c4-40b034429ecf advisory. Lib-Crypt-CBC project reports: Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand...

The vulnerability of the rand() function in the Crypt::CBC module of the Perl programming language allows a hacker to trigger a denial-of-service attack.

The vulnerability of the rand function in the Crypt::CBC module of the Perl programming language is related to the use of a insecure program for generating random numbers. Exploiting this vulnerability could allow an attacker to cause a service failure...

ROS-20250710-05

The vulnerability in the Perl programming language is due to the fact that the software uses the function rand as the default entropy source, which is not cryptographically secure. Exploitation of the vulnerability could allow an attacker to bypass the implemented security restrictions...

CVE-2024-47945

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions...

CVE-2024-56830

The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand if no strong randomization module is present...

CVE-2021-34430

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic...

AZL-61822 CVE-2024-58135 affecting package perl-Mojolicious 8.57-3

Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and...

DEBIAN-CVE-2024-58135

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

CVE-2024-58135

Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and...

CVE-2024-58135 Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

CVE-2025-2814

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...

CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...

CVE-2025-2814

CVE-2025-2814 affects Crypt::CBC for Perl versions 1.21–3.05, which may use the non-cryptographically secure rand() as the entropy source when /dev/urandom is unavailable. Several advisories confirm the issue and report a fix that sources randomness via Crypt::URandom instead of falling back to r...

PT-2025-16174 · Unknown +2 · Crypt::Cbc +2

Name of the Vulnerable Software and Affected Versions: Crypt::CBC versions 1.21 through 3.04 Description: The issue affects Crypt::CBC for Perl, where versions between 1.21 and 3.04 may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographi...

The vulnerability of the rand() function in the Crypt-Random random number generation module for Perl allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the rand function in the Crypt-Random random number generation module for Perl is related to errors in the code of the pseudo-random number generator. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

Fedora 41 : perl-Data-Entropy (2025-8a7bd987fe)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-8a7bd987fe advisory. Prior to version 0.008, the Perl module Data::Entropy relied on Perl's builtin rand function to choose an entropy source. Version 0.008 does away wi...

CVE-2024-52322

WebService::Xero 0.11 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically WebService::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs...