CVE-2025-1828 Perl's Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions

Crypt::Random Perl package 1.05 through 1.55 may use rand function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon egd service is not available Crypt::Random will default to use the...

SUSE CVE-2025-22376

In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand function, which is not cryptographically strong...

PT-2026-7944

Name of the Vulnerable Software and Affected Versions WWW::OAuth versions 1.000 and earlier Description The software utilizes the rand function as the default source of entropy for cryptographic functions, which is not cryptographically secure. This can potentially compromise the security of...

PT-2024-10625 · Unknown · Crypt::Random::Source

Name of the Vulnerable Software and Affected Versions: Crypt::Random::Source versions prior to 0.13 Description: The issue concerns the Crypt::Random::Source package for Perl, which has a fallback to the built-in rand function. This function is not a secure source of random bits, potentially...

CVE-2024-47945 Predictable Session ID

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions...

UBUNTU-CVE-2024-4772

An HTTP digest authentication nonce value was generated using rand which could lead to predictable values. This vulnerability affects Firefox 126...

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

CVE-2021-34430

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic...

CVE-2021-34430

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic...

Open redirect

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic...

CVE-2021-34430

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic...

openSUSE: Security Advisory for froxlor (openSUSE-SU-2021:0415-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for froxlor (moderate)

openSUSE Security Update: Security update for froxlor Announcement ID: openSUSE-SU-2021:0450-1 Rating: moderate References: 1025193 1082318 846355 958100 Cross-References: CVE-2016-5100 CVSS scores: CVE-2016-5100 NVD : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE...

openSUSE Security Update : froxlor (openSUSE-2021-415)

This update for froxlor fixes the following issues : - Upstream upgrade to version 0.10.23 boo846355 - Upstream upgrade to version 0.10.22 boo846355 - BuildRequire cron as this contains now the cron directories - Use %license for COPYING file instead of %doc boo1082318 Upstream upgrade to version...

Security update for froxlor (moderate)

openSUSE Security Update: Security update for froxlor Announcement ID: openSUSE-SU-2021:0415-1 Rating: moderate References: 1025193 1082318 846355 958100 Cross-References: CVE-2016-5100 CVSS scores: CVE-2016-5100 NVD : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE...

Joomla 1.6.x < 3.9.25 Multiple Vulnerabilities (5834-joomla-3-9-25)

According to its self-reported version, the instance of Joomla! running on the remote web server is 1.6.x prior to 3.9.25. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand function within the process of...

Design/Logic Flaw

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand function within the process of generating the 2FA secret...

CVE-2021-23126

CVE-2021-23126 applies to Joomla! core in versions 3.2.0 through 3.9.24, where the 2FA secret is generated using the insecure rand() function, introducing predictable randomness in the 2FA secret generation. This vulnerability is tied to insecure randomness in the 2FA secret generation process. M...

DEBIAN-CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...

GHSA-H7QW-MXRM-C6H2 Unauthenticated crypto and weak IV in Magento\Framework\Encryption

The construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value...