Total
125 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35255 | 3 Debian, Nodejs, Siemens | 3 Debian Linux, Node.js, Sinec Ins | 2025-04-24 | N/A | 9.1 CRITICAL |
| A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material. | |||||
| CVE-2017-17845 | 2 Debian, Enigmail | 2 Debian Linux, Enigmail | 2025-04-20 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001. | |||||
| CVE-2017-8081 | 1 Cagintranetworks | 1 Getsimple Cms | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce. | |||||
| CVE-2017-9230 | 1 Bitcoin | 1 Bitcoin | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability | |||||
| CVE-2017-5493 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup. | |||||
| CVE-2017-11671 | 1 Gnu | 1 Gcc | 2025-04-20 | 2.1 LOW | 4.0 MEDIUM |
| Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. | |||||
| CVE-2024-25389 | 1 Rt-thread | 1 Rt-thread | 2025-04-16 | N/A | 7.5 HIGH |
| RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;" in calc_random in drivers/misc/rt_random.c. | |||||
| CVE-2025-3495 | 2025-04-16 | N/A | 9.8 CRITICAL | ||
| Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code. | |||||
| CVE-2025-2814 | 2025-04-15 | N/A | 4.0 MEDIUM | ||
| Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to use the insecure rand() function. | |||||
| CVE-2024-56370 | 2025-04-14 | N/A | 6.5 MEDIUM | ||
| Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function. | |||||
| CVE-2025-32754 | 2025-04-11 | N/A | 9.1 CRITICAL | ||
| In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter. | |||||
| CVE-2025-32755 | 2025-04-11 | N/A | 9.1 CRITICAL | ||
| In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter. | |||||
| CVE-2024-58036 | 1 Norbu09 | 1 Net\ | 2025-04-10 | N/A | 5.5 MEDIUM |
| Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function. | |||||
| CVE-2024-52322 | 1 Localshop | 1 Webservice\ | 2025-04-10 | N/A | 5.5 MEDIUM |
| WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically WebService::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function. | |||||
| CVE-2024-57868 | 1 Lev | 1 Web\ | 2025-04-09 | N/A | 5.5 MEDIUM |
| Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function. | |||||
| CVE-2009-3278 | 1 Qnap | 4 Ts-239 Pro, Ts-239 Pro Firmware, Ts-639 Pro and 1 more | 2025-04-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack. | |||||
| CVE-2009-3238 | 4 Canonical, Linux, Opensuse and 1 more | 5 Ubuntu Linux, Linux Kernel, Opensuse and 2 more | 2025-04-09 | 7.8 HIGH | 5.5 MEDIUM |
| The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time." | |||||
| CVE-2009-2367 | 1 Iomega | 2 Storcenter Pro, Storcenter Pro Firmware | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter. | |||||
| CVE-2008-0166 | 3 Canonical, Debian, Openssl | 3 Ubuntu Linux, Debian Linux, Openssl | 2025-04-09 | 7.8 HIGH | 7.5 HIGH |
| OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. | |||||
| CVE-2024-57835 | 1 Nipotan | 1 Line Integration For Amon2 | 2025-04-08 | N/A | 5.5 MEDIUM |
| Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl's built-in predictable random number generator, the rand() function, which is not cryptographically secure | |||||