EUVD-2026-31332

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

CVE-2026-46474 Trog::TOTP versions before 1.006 for Perl generate secrets using rand

Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

AZL-55950 CVE-2025-22150 affecting package nodejs for versions less than 20.14.0-5

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

PT-2024-5263 · Qualcomm · Qualcomm Embedded Platform

Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform software affected versions not specified Description: The issue is related to information disclosure when Address Space Layout Randomization ASLR relocates certain portions in virtual address space as one chunk...

CVE-2020-27213

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...

SUSE CVE-2009-3238

The getrandomint function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)

Summary There are multiple vulnerabilities identified in IBM Guardium Data Encryption GDE. These vulnerabilities have been fixed in GDE 4.0.0.4. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2017-7957 DESCRIPTION: XStream is vulnerable to a denial of service,...

Ethereum Lottery Security Breach

Ethereum Lottery is an ethereum-based betting game. A security vulnerability in the 'PayWinner' function in Ethereum Lottery's simplelottery smart contract implementation stems from the fact that the 'PayWinner' function employs the publicly readable variable maxTickets to generate random values...

Ethereum Lottery has a flawed logic vulnerability

Ethereum Lottery is an ethereum-based betting game.Ethereum Lottery's simplelottery smart contract implementation has a security vulnerability in the 'PayWinner' function that stems from the ' PayWinner' function uses the publicly readable variable maxTickets to generate random values. The...

UBUNTU-CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

PT-2019-6750 · Openbsd · Openbsd

Name of the Vulnerable Software and Affected Versions: OpenBSD affected versions not specified Description: The issue concerns a problem in the random number generation functionality. Specifically, when the random number generator is seeded with 0, it returns 0. This behavior is observed in the...

ntp: ntp-keygen may generate non-random symmetric keys on big-endian systems

A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server...