Malicious code in @zalastax/nolb-rand6 (npm)

The package @zalastax/nolb-rand6 was found to contain malicious code...

MAL-2025-13536 Malicious code in @zalastax/nolb-rand- (npm)

The package @zalastax/nolb-rand- was found to contain malicious code...

MAL-2025-13535 Malicious code in @zalastax/nolb-rand (npm)

The package @zalastax/nolb-rand was found to contain malicious code...

Malicious code in @zalastax/nolb-rand2 (npm)

The package @zalastax/nolb-rand2 was found to contain malicious code...

FreeBSD : p5-Crypt-CBC -- Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (cd7f969e-6cb4-11f0-97c4-40b034429ecf)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cd7f969e-6cb4-11f0-97c4-40b034429ecf advisory. Lib-Crypt-CBC project reports: Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand...

Use of Predictable Algorithm in Random Number Generator

Overview Affected versions of this package are vulnerable to Use of Predictable Algorithm in Random Number Generator via the RANDpoll function. An attacker can obtain predictable random values by invoking RANDbytes after a fork operation in affected applications. This is only exploitable if the...

PT-2025-30102

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description The OpenSSL compatibility layer implementation had an issue with the RAND poll function, potentially leading to predictable values returned from RAND bytes after a fork call. This could resul...

AZL-65541 CVE-2025-40918 affecting package perl-Authen-SASL 2.16-21

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...

UBUNTU-CVE-2025-40918

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...

UBUNTU-CVE-2025-40923

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...

ROS-20250710-05

The vulnerability in the Perl programming language is due to the fact that the software uses the function rand as the default entropy source, which is not cryptographically secure. Exploitation of the vulnerability could allow an attacker to bypass the implemented security restrictions...

MAL-2025-4496 Malicious code in rand-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6436f09942f4f079368c746cf4533b29a25e588f206b9fe93a3162cc2af031fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in rand-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6436f09942f4f079368c746cf4533b29a25e588f206b9fe93a3162cc2af031fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-47945

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions...

CVE-2024-56830

The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand if no strong randomization module is present...

CVE-2022-30634

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 32 - 1 bytes...

CVE-2021-34430

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic...

CVE-2021-3727

Vulnerability in rand-quote and hitokoto plugins Description: the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to insufficient validation in the MsgCommitPubRandList handler, combined with a lack of domain separation in signed messages. An attacker can store an invalid PubRand commitment by crafting the message parameters ...

AZL-61822 CVE-2024-58135 affecting package perl-Mojolicious 8.57-3

Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and...