CVE-2025-1828 Perl's Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions

Crypt::Random Perl package 1.05 through 1.55 may use rand function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon egd service is not available Crypt::Random will default to use the...

Crypt::Random::Source 安全特征问题漏洞

Crypt::Random::Source is a library from the personal developer Karen Etheridge. A security signature issue vulnerability exists in Crypt::Random::Source versions 1.05 through 1.55, which stems from a cryptographic operation using an insecure rand function...

SUSE CVE-2025-22376

In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand function, which is not cryptographically strong...

DEBIAN-CVE-2024-56830

The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand if no strong randomization module is present...

MetaCPAN Net::EasyTCP 安全漏洞

MetaCPAN Net::EasyTCP is a module of the MetaCPAN Foundation. It is used to create secure, bandwidth-friendly TCP/IP clients and servers. A security vulnerability exists in MetaCPAN Net::EasyTCP versions 0.15 through 0.26, which stems from the use of Perl's built-in rand if a strong randomization...

PT-2026-7944

Name of the Vulnerable Software and Affected Versions WWW::OAuth versions 1.000 and earlier Description The software utilizes the rand function as the default source of entropy for cryptographic functions, which is not cryptographically secure. This can potentially compromise the security of...

DEBIAN-CVE-2018-25107

The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...

PT-2024-10625 · Unknown · Crypt::Random::Source

Name of the Vulnerable Software and Affected Versions: Crypt::Random::Source versions prior to 0.13 Description: The issue concerns the Crypt::Random::Source package for Perl, which has a fallback to the built-in rand function. This function is not a secure source of random bits, potentially...

CVE-2024-38921

Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions were discovered to contain a use-after-free via the nav2amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter/amcl zrand...

Nav2 安全漏洞

Nav2 is the ROS community's navigation framework and system for ROS2. A security vulnerability exists in Nav2 that originates from the nav2amcl process containing post-release reuse. The vulnerability is triggered by remotely sending a request to change the value of zrand in the dynamic...

PT-2024-28277 · Open Robotics · Ros2 +1

Name of the Vulnerable Software and Affected Versions: Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions Description: A use-after-free vulnerability was discovered in the nav2 amcl process of Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions. This issue i...

GHSA-M52V-24P8-654F SurrealDB has an Uncaught Exception Sorting Tables by Random Order

Sorting table records using an ORDER BY clause with the rand function as sorting mechanism could cause a panic due to relying on a comparison function that did not implement total order. This event resulted in a panic due to a recent change in Rust 1.81. Impact A client that is authorized to run...

SurrealDB has an Uncaught Exception Sorting Tables by Random Order

Sorting table records using an ORDER BY clause with the rand function as sorting mechanism could cause a panic due to relying on a comparison function that did not implement total order. This event resulted in a panic due to a recent change in Rust 1.81. Impact A client that is authorized to run...

GHSA-H4F5-H82V-5W4R SurrealDB has an Uncaught Exception in Function Generating Random Time

The rand::time function in SurrealQL generates a random time from an optional range of two Unix timestamps. Due to the underlying use of timestampopt from the chrono crate, this function could potentially return None in some instances, leading to a panic when unwrap was called on its result in...

SurrealDB has an Uncaught Exception in Function Generating Random Time

The rand::time function in SurrealQL generates a random time from an optional range of two Unix timestamps. Due to the underlying use of timestampopt from the chrono crate, this function could potentially return None in some instances, leading to a panic when unwrap was called on its result in...

PT-2024-40311 · Surrealdb · Surrealdb

Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 2.1.0 Description: The issue arises from the rand::time function in SurrealQL, which can potentially return None and cause a panic when unwrap is called, leading to a denial of service. An authorized client can mak...

PT-2024-40361 · Surrealdb · Surrealdb

Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 2.1.0 Description: The issue arises when using an ORDER BY clause with the rand function for sorting table records, which can cause a panic due to a comparison function that does not implement total order. This can...

On November 13, NIST NVD finally admitted the obvious: they had failed to process the CVE analysis backlog before the end of the fiscal year (September 30)

On November 13, NIST NVD finallyadmittedthe obvious: they had failed to process the CVE analysis backlog before the end of the fiscal year September 30. This is actually visible in their own statistics. At the moment, there are 19860 identifiers in the backlog. This week, 1136 new CVEs were...

CVE-2024-47945 Predictable Session ID

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions...

PT-2024-32907 · Rittal Gmbh & Co. Kg +1 · Iot Interface & Cmc Iii Processing Unit +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, wit...