CVE-2026-8647

A flaw was found in perl-Crypt-ScryptKDF. The randombytes function in versions through 0.010 uses an insecure random number source when no cryptographically secure pseudorandom number generator CSPRNG module is available. This occurs because the function falls back to using the built-in rand...

CVE-2026-2597

According to the Debian security tracker, CVE-2026-2597 is described as: "Disallow requesting strings with negative lengths." The connected document does not specify affected products, versions, or remediation details beyond this description.

CVE-2026-2597

Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function randombytes. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer wraparound,...

CVE-2026-2597 Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function random_bytes()

Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function randombytes. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer wraparound,...

in ampache/ampache

✍️ Description According to PHP official documents 1 we have for mtrand function an security issue that says "This function does not generate cryptographically secure values, and should not be used for cryptographic purposes" and as we see in permalinks you use the mtrand function for generate...

CVE-2021-23128 [20210302] - Core - Potential Insecure FOFEncryptRandval

An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF FOFEncryptRandval used an potential insecure implemetation. That has now been replaced with a call to 'randombytes' and its backport that is shipped within randomcompat...

[20210302] - Core - Potential Insecure FOFEncryptRandval

The core shipped but unused randval implementation within FOF FOFEncryptRandval used an potential insecure implemetation. That has now been replaced with a call to "randombytes" and its backport that is shipped within randomcompat...

Nextcloud: Reduced purmations on encryption

OC\Security\SecureRandom::generate Reduced Permutations OC\Security\SecureRandom::generate will by default use a-Z0-9+/ 64 bytes character set. The numbers are not predictable, due to the use of randomint. Most notably the OC\Security\Crypto::encrypt method uses an IV with a length of 16 bytes. I...

Debian DSA-3588-1 : symfony - security update

Two vulnerabilities were discovered in Symfony, a PHP framework. - CVE-2016-1902 Lander Brandt discovered that the class SecureRandom might generate weak random numbers for cryptographic use under certain settings. If the functions randombytes or opensslrandompseudobytes are not available, the...

Design/Logic Flaw

The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an...

CVE-2011-2705

The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an...

Ruby Random Number Generation Local Denial Of Service Vulnerability

The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an...