Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-338 (使用具有密码学弱点缺陷的PRNG) — Vulnerability Class 69

69 vulnerabilities classified as CWE-338 (使用具有密码学弱点缺陷的PRNG). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-27551 DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Digest.pm — DBIx::Class::EncodedColumn 7.5AIHighAI2025-03-26
CVE-2021-26091 Fortinet FortiMail 安全特征问题特征问题漏洞 — FortiMail 6.9 High2025-03-24
CVE-2025-1796 Admin account takeover through weak Pseudo-Random number generator used in generating password reset codes in langgenius/dify — langgenius/dify 8.8 -2025-03-20
CVE-2025-1828 Perl's Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions — Crypt::Random 7.5 -2025-03-10
CVE-2024-40762 SonicWALL SonicOS 安全漏洞 — SonicOS 9.1 -2025-01-09
CVE-2025-21617 Guzzle OAuth Subscriber has insufficient nonce entropy — oauth-subscriber 9.1 -2025-01-06
CVE-2025-22376 MetaCPAN Net::OAuth 安全漏洞 — n/a 9.8 -2025-01-03
CVE-2002-20002 MetaCPAN Net::EasyTCP 安全漏洞 — n/a 5.4 Medium2025-01-02
CVE-2024-56830 MetaCPAN Net::EasyTCP 安全漏洞 — n/a 5.4 Medium2025-01-02
CVE-2018-25107 Perl 安全漏洞 — n/a 8.2 -2024-12-29
CVE-2024-53702 SonicWALL SMA100 安全漏洞 — SMA100 7.5 -2024-12-05
CVE-2024-45723 goTenna Pro ATAK Plugin Use of Cryptographically Weak Pseudo-Random Number Generator — Pro ATAK Plugin 6.5 Medium2024-09-26
CVE-2024-47126 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in goTenna Pro — Pro 6.5 Medium2024-09-26
CVE-2024-38353 CodiMD - Missing Image Access Controls and Unauthorized Image Access — codimd 5.3 Medium2024-07-10
CVE-2024-29868 Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation — Apache StreamPipes 8.1AIHighAI2024-06-24
CVE-2024-24554 Bludit - Insecure Token Generation — Bludit 9.1AICriticalAI2024-06-24
CVE-2024-5264 Network Key Transfer with AES KHT vulnerability in Luna EFT — Luna EFT 5.9 Medium2024-05-23
CVE-2023-45237 Use of a Weak PseudoRandom Number Generator in EDK II Network Package — edk2 5.3 Medium2024-01-16
CVE-2023-48224 Cryptographically Weak Generation of One-Time Codes for Identity Verification in ethyca-fides — fides 8.2 High2023-11-15
CVE-2022-26943 Weak PRNG entropy source used for authentication challenge generation in Motorola MTM5000 — Mobile Radio 8.8 High2023-10-19
CVE-2023-32549 Landscape insecure token generation — Landscape 6.8 Medium2023-06-06
CVE-2023-2884 Insecure Randomness in CBOT's Chatbot — Chatbot 9.8 Critical2023-05-25
CVE-2023-28835 Insecure randomness for default password in nextcloud — security-advisories 3.5 Low2023-03-30
CVE-2023-24828 Use of Cryptographically Weak Pseudo-Random Number Generator in Onedev — onedev 8.1 High2023-02-07
CVE-2022-23472 Use of insecure random number generator in Passeo — Passeo 5.9 Medium2022-12-06
CVE-2022-35255 Node.js 安全特征问题漏洞 — Node 9.1 -2022-12-05
CVE-2022-41210 SAP Customer Data Cloud 安全特征问题漏洞 — SAP Customer Data Cloud (Gigya) 8.2 -2022-10-11
CVE-2022-20817 Cisco IP Phone Duplicate Key Vulnerability — Cisco IP Phones with Multiplatform Firmware 7.4 High2022-06-15
CVE-2022-29245 Weak private key generation in SSH.NET — SSH.NET 6.5 Medium2022-05-31
CVE-2021-43799 RabbitMQ exposes ports with weak default secrets in Zulip Server — zulip 8.6 High2022-01-25

Vulnerabilities classified as CWE-338 (使用具有密码学弱点缺陷的PRNG) represent 69 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.