CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...

CVE-2024-56370 Net::Xero 0.044 and earlier for Perl uses insecure rand() function for cryptographic functions

Net::Xero 0.044 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Rand...

CVE-2024-58036 Net::Dropbox::API 1.9 and earlier for Perl uses insecure rand() function for cryptographic functions

Net::Dropbox::API 1.9 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is "Useful mostly for test...

CVE-2025-1805 Crypt::Salt for Perl uses insecure rand() function when generating salts for cryptographic purposes

Crypt::Salt for Perl version 0.01 uses insecure rand function when generating salts for cryptographic purposes...

Perl 安全漏洞

Perl is a general-purpose, interpreted, dynamic cross-platform programming language from the PERL community. A security vulnerability exists in Perl 0.007 and earlier versions that stems from the use of the rand function as the default entropy source for cryptographic functions that are not...

CVE-2025-27552

DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032...

CVE-2025-27552

CVE-2025-27552 affects the Perl DBIx::Class::EncodedColumn component, where the salting of password hashes uses the non-cryptographically secure rand() function in Crypt/Eksblowfish/Bcrypt.pm. The issue impacts DBIx::Class::EncodedColumn up to version 0.00032. According to the connected documents...

CVE-2025-27551

CVE-2025-27551 affects DBIx::Class::EncodedColumn (Digest.pm) up to version 0.00032. The issue stems from salting password hashes with the non-cryptographically secure rand() function. Impact is described as: local attack vector and limited scope of exploitability within affected module until 0.0...

UBUNTU-CVE-2024-56830

The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand if no strong randomization module is present...

CVE-2018-25107

The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...

Node.js: Usage of unsafe random function in undici for choosing boundary

The vulnerability in the Undici library involves the use of an unsafe random function to choose the boundary for a multipart/form-data request. The use of Math.random to generate this boundary can be predicted if several of its generated values are known. This could potentially allow an attacker ...

CVE-2024-45723

The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast ...

CVE-2024-45723

Summary: CVE-2024-45723 affects the goTenna Pro ATAK Plugin. The root cause is the use of a cryptographically weak pseudo-random number generator (not SecureRandom) when generating passwords for sharing cryptographic keys, enabling easier brute-force if the RF-broadcast key is captured. Affected ...

CVE-2024-47126

CVE-2024-47126 is confirmed via connected sources as a vulnerability in the goTenna Pro ecosystem where the app does not use SecureRandom when generating passwords to share cryptographic keys. The underlying flaw is a weak PRNG in the key-sharing flow, enabling a potential brute-force attack if t...

SUSE CVE-2008-1637

PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate 1 TRXID values and 2 UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to a algorithmic deficiencies in rand and random functions in external libraries, b use of a 32-bit seed...

SUSE CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...

b2evolution 安全特征问题漏洞

b2evolution is a community content management system based on PHP and MySQL. A security signature issue vulnerability exists in b2evolution 7.2.3 and earlier versions, which stems from the ability to predict any user's password through the use of a bad random function, which can be exploited by a...

Sharperner - Simple Executable Generator With Encrypted Shellcode

Sharperner is a tool written in CSharp that generate .NET dropper with AES and XOR obfuscated shellcode. Generated executable can possibly bypass signature check but I cant be sure it can bypass heuristic scanning. Features PE binary Process Hollowing PPID Spoofing Random generated AES key and iv...

CryptoSaga has a flawed logic vulnerability

CryptoSaga is an Ether-based digital currency. A security vulnerability exists in the 'random' function in CryptoSaga's smart contract implementation. An attacker could use the vulnerability to pre-calculate random numbers and manipulate the game...

DEBIAN-CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...