CVE-2024-56370

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-338
View all →

Vulnerability Description

Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.

Related Vulnerabilities

CVE-2018-5871

MEDIUM
CVSS:6.5(Medium)

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD...

CWE-3382018

CVE-2021-0131

MEDIUM
CVSS:6.5(Medium)

Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable information dis...

CWE-3382021

CVE-2021-3990

MEDIUM
CVSS:6.5(Medium)

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CWE-3382021

CVE-2024-45723

HIGH
CVSS:6.5(Medium)

The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if...

CWE-3382024

CVE-2024-5264

MEDIUM
CVSS:6.5(Medium)

Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis

CWE-3382024

CVE-2008-3280

MEDIUM
CVSS:5.9(Medium)

It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the...

CWE-3382008