CVE-2018-19441

An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secretkey values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to...

UBUNTU-CVE-2025-69217

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

CVE-2025-68932

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...

CVE-2025-64429

A vulnerability was found in DuckDB’s database encryption design. In certain situations, DuckDB could generate encryption keys using a weak random number generator, fail to reliably wipe keys from memory, accept manipulated database headers that disable integrity protection, or miss detecting...

Important: bind9.16 security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

EUVD-2020-0156

Malware in sbrugna...

EUVD-2014-0039

Malware in sbrugna...

OpenSSL 安全漏洞

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

CVE-2011-4321

The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors...

goTenna Pro 安全特征问题漏洞

goTenna Pro is a series of devices from goTenna that can create networks for off-grid communications and situational awareness. A security signature issue vulnerability exists in goTenna Pro that stems from not using strong random numbers when generating its cryptographic keys...

RT-Thread 安全漏洞

RT-Thread is an open source IoT real-time operating system RTOS open-sourced by RT-Thread. A security vulnerability exists in RT-Thread version 5.0.2, which stems from the calcrandom method in drivers/misc/rtrandom.c that uses a weak algorithm to generate random numbers...

WordPress Plugin Frontend File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces

The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...

pyrad is vulnerable to the use of Insufficiently Random Values

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

GHSA-Q4V3-WMM6-HCRX pyrad is vulnerable to the use of Insufficiently Random Values

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

in beestat/app

✍️ Description The random number generator implemented by mtrand cannot withstand a cryptographic attack. In this case the function that generates weak random numbers is mtrand in user.php at line 58. 🕵️‍♂️ Proof of Concept Vulnerable Code / Create an anonymous user so we can log in and have access...

in w7corp/easywechat

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...

in phpservermon/phpservermon

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...

CVE-2013-0294

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

CVE-2013-0294

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...