Lucene search
K

51 matches found

OSV
OSV
added 2026/04/27 8:35 p.m.17 views

JLSEC-2026-278

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

7.5CVSS5.3AI score0.01336EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/12/23 2:31 p.m.3 views

CVE-2025-26379

Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets...

7.2CVSS6.8AI score0.00167EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-12912

Malware in sbrugna...

7.5CVSS6.2AI score0.00294EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-18387

Malicious code in bioql PyPI...

9.1CVSS6.6AI score0.00332EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 1:15 a.m.8 views

CVE-2022-29245

SSH.NET is a Secure Shell SSH library for .NET. In versions 2020.0.0 and 2020.0.1, during an X25519 key exchange, the client’s private key is generated with System.Random. System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic...

6.5CVSS6.7AI score0.01384EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 10:40 p.m.8 views

CVE-2002-20002

The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand, which is not a strong random number generator, for cryptographic keys...

5.4CVSS6.9AI score0.00294EPSS
Exploits0References1
OSV
OSV
added 2025/05/07 7:11 p.m.6 views

RLSA-2024:5297 Moderate: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: Predictable TCP Initial Sequence Numbers CVE-2023-45236 edk2: Use of a Weak PseudoRandom Number Generator CVE-2023-452...

7.5CVSS6.6AI score0.00986EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2025/04/12 12:0 a.m.6 views

p5-Crypt-CBC -- Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Lib-Crypt-CBC project reports: Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case...

4CVSS7.3AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/26 4:19 p.m.8 views

CVE-2021-26091

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset thei...

7.5CVSS7.5AI score0.00294EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/19 12:0 a.m.7 views

SUSE SLES15 Security Update : ovmf (SUSE-SU-2025:0503-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0503-1 advisory. - CVE-2024-1298: potential division-by-zero crash in edk2 due to UINT32 overflow in S3 ResumeCount. bsc1225889 - CVE-2023-45229:...

8.8CVSS8AI score0.02084EPSS
Exploits1References31
CVE
CVE
added 2025/01/02 12:0 a.m.56 views

CVE-2002-20002

CVE-2002-20002 affects Net::EasyTCP (Perl) before 0.15. The issue is that cryptographic keys are generated using Perl’s built-in rand(), which is not a strong RNG. Impact: potential weakness in cryptographic keys. CVSSv3.1 base score 5.4 (Network, High attack complexity, No privileges required, U...

5.4CVSS7AI score0.00294EPSS
Exploits0References3
Huntr
Huntr
added 2024/10/26 8:54 a.m.4 views

Admin account takeover through weak Pseudo-Random number generator used in generating password reset codes

This report is not public...

8.8CVSS7.1AI score0.00542EPSS
Exploits1
Prion
Prion
added 2023/05/25 10:15 p.m.19 views

Design/Logic Flaw

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

6.4CVSS6.8AI score0.00905EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2023/02/07 11:25 p.m.10 views

CVE-2023-24828 Use of Cryptographically Weak Pseudo-Random Number Generator in Onedev

Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users or everyone if it allows self-registration may exploit this to elevate privilege to...

8.1CVSS8.3AI score0.00713EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2022/04/02 7:0 a.m.8 views

aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.

...

9.8CVSS8.4AI score0.02038EPSS
Exploits0
Cvelist
Cvelist
added 2022/03/01 6:5 p.m.35 views

CVE-2021-36171

The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame...

8.1CVSS8.4AI score0.01136EPSS
Exploits0References1
OSV
OSV
added 2022/02/15 1:57 a.m.24 views

GHSA-VFP4-XX6M-7VF6 Cryptographic Issues in ECK

Elastic Cloud on Kubernetes ECK versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK...

7.5CVSS7.3AI score0.01439EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/06/10 5:23 p.m.74 views

Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

7.5CVSS7.3AI score0.01336EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2020/11/19 8:15 p.m.32 views

CVE-2020-28924

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

7.5CVSS6.9AI score0.01336EPSS
Exploits1References2
CVE
CVE
added 2020/11/19 7:32 p.m.213 views

CVE-2020-28924

CVE-2020-28924 affects rclone prior to 1.53.3. The issue stems from using a weak random number generator in the password generator, producing low-entropy passwords deterministically tied to the startup time. Attack surface includes encryption in the crypt backend, enabling potential password gues...

7.5CVSS7.3AI score0.01336EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder