51 matches found
JLSEC-2026-278
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...
CVE-2025-26379
Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets...
EUVD-2021-12912
Malware in sbrugna...
EUVD-2025-18387
Malicious code in bioql PyPI...
CVE-2022-29245
SSH.NET is a Secure Shell SSH library for .NET. In versions 2020.0.0 and 2020.0.1, during an X25519 key exchange, the client’s private key is generated with System.Random. System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic...
CVE-2002-20002
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand, which is not a strong random number generator, for cryptographic keys...
RLSA-2024:5297 Moderate: edk2 security update
EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: Predictable TCP Initial Sequence Numbers CVE-2023-45236 edk2: Use of a Weak PseudoRandom Number Generator CVE-2023-452...
p5-Crypt-CBC -- Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Lib-Crypt-CBC project reports: Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case...
CVE-2021-26091
A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset thei...
SUSE SLES15 Security Update : ovmf (SUSE-SU-2025:0503-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0503-1 advisory. - CVE-2024-1298: potential division-by-zero crash in edk2 due to UINT32 overflow in S3 ResumeCount. bsc1225889 - CVE-2023-45229:...
CVE-2002-20002
CVE-2002-20002 affects Net::EasyTCP (Perl) before 0.15. The issue is that cryptographic keys are generated using Perl’s built-in rand(), which is not a strong RNG. Impact: potential weakness in cryptographic keys. CVSSv3.1 base score 5.4 (Network, High attack complexity, No privileges required, U...
Admin account takeover through weak Pseudo-Random number generator used in generating password reset codes
This report is not public...
Design/Logic Flaw
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...
CVE-2023-24828 Use of Cryptographically Weak Pseudo-Random Number Generator in Onedev
Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users or everyone if it allows self-registration may exploit this to elevate privilege to...
aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.
...
CVE-2021-36171
The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame...
GHSA-VFP4-XX6M-7VF6 Cryptographic Issues in ECK
Elastic Cloud on Kubernetes ECK versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK...
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...
CVE-2020-28924
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...
CVE-2020-28924
CVE-2020-28924 affects rclone prior to 1.53.3. The issue stems from using a weak random number generator in the password generator, producing low-entropy passwords deterministically tied to the startup time. Attack surface includes encryption in the crypt backend, enabling potential password gues...