Total
145 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1805 | 2025-04-03 | N/A | 5.3 MEDIUM | ||
| Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes. | |||||
| CVE-2024-4772 | 1 Mozilla | 1 Firefox | 2025-04-01 | N/A | 5.9 MEDIUM |
| An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. This vulnerability affects Firefox < 126. | |||||
| CVE-2022-45782 | 1 Dotcms | 1 Dotcms | 2025-03-27 | N/A | 8.8 HIGH |
| An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover. | |||||
| CVE-2023-31290 | 1 Trustwallet | 2 Trust Wallet Browser Extension, Trust Wallet Core | 2025-01-30 | N/A | 5.9 MEDIUM |
| Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input seed, resulting in only four billion possible mnemonics. The affected versions of the browser extension are 0.0.172 through 0.0.182. To steal funds efficiently, an attacker can identify all Ethereum addresses created since the 0.0.172 release, and check whether they are Ethereum addresses that could have been created by this extension. To respond to the risk, affected users need to upgrade the product version and also move funds to a new wallet address. | |||||
| CVE-2025-22376 | 2025-01-21 | N/A | 5.3 MEDIUM | ||
| In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong. | |||||
| CVE-2024-40762 | 2025-01-09 | N/A | 9.8 CRITICAL | ||
| Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass. | |||||
| CVE-2025-21617 | 2025-01-06 | N/A | N/A | ||
| Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave servers vulnerable to replay attacks when TLS is not used. This vulnerability is fixed in 0.8.1. | |||||
| CVE-2023-34363 | 1 Progress | 1 Datadirect Odbc Oracle Wire Protocol Driver | 2025-01-06 | N/A | 5.9 MEDIUM |
| An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security (OAS) encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses an insecure random number generator to generate the private key. It is possible for a well-placed attacker to predict the output of this random number generator, which could lead to an attacker decrypting traffic between the driver and the database server. The vulnerability does not exist if SSL / TLS encryption is used. | |||||
| CVE-2022-48506 | 1 Dominionvoting | 1 Democracy Suite | 2025-01-02 | N/A | 2.4 LOW |
| A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant. | |||||
| CVE-2002-20002 | 2025-01-02 | N/A | 5.4 MEDIUM | ||
| The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys. | |||||
| CVE-2018-25107 | 2024-12-31 | N/A | 7.5 HIGH | ||
| The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand() function, which is not a secure source of random bits. | |||||
| CVE-2024-45751 | 2024-11-30 | N/A | 5.9 MEDIUM | ||
| tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical. | |||||
| CVE-2024-5264 | 1 Thalesgroup | 1 Luna Eft | 2024-11-21 | N/A | 5.9 MEDIUM |
| Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis | |||||
| CVE-2024-34538 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography. | |||||
| CVE-2023-50059 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Galxe, the signed message lacks a nonce (random number) | |||||
| CVE-2023-39910 | 1 Libbitcoin | 1 Libbitcoin Explorer | 2024-11-21 | N/A | 7.5 HIGH |
| The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet private keys generated from "bx seed" entropy output and steal funds. (Affected users need to move funds to a secure new cryptocurrency wallet.) NOTE: the vendor's position is that there was sufficient documentation advising against "bx seed" but others disagree. NOTE: this was exploited in the wild in June and July 2023. | |||||
| CVE-2023-36993 | 1 Travianz Project | 1 Travianz | 2024-11-21 | N/A | 9.8 CRITICAL |
| The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts. | |||||
| CVE-2023-32549 | 1 Canonical | 1 Landscape | 2024-11-21 | N/A | 6.8 MEDIUM |
| Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator. | |||||
| CVE-2023-2884 | 1 Cbot | 2 Cbot Core, Cbot Panel | 2024-11-21 | N/A | 9.8 CRITICAL |
| Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | |||||
| CVE-2023-28835 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 3.5 LOW |
| Nextcloud server is an open source home cloud implementation. In affected versions the generated fallback password when creating a share was using a weak complexity random number generator, so when the sharer did not change it the password could be guessable to an attacker willing to brute force it. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. This issue only affects users who do not have a password policy enabled, so enabling a password policy is an effective mitigation for users unable to upgrade. | |||||