{"id":"PYSEC-2014-76","details":"Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors.  NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).","aliases":["CVE-2012-6661","GHSA-48vv-2pmq-9fvv","PYSEC-2014-51"],"modified":"2023-11-08T03:57:11.946374Z","published":"2014-11-03T22:55:00Z","references":[{"type":"ADVISORY","url":"https://plone.org/products/plone/security/advisories/20121106/24"},{"type":"WEB","url":"https://plone.org/products/plone-hotfix/releases/20121124"},{"type":"WEB","url":"https://bugs.launchpad.net/zope2/+bug/1071067"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"},{"type":"WEB","url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-48vv-2pmq-9fvv"}],"affected":[{"package":{"name":"zope2","ecosystem":"PyPI","purl":"pkg:pypi/zope2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.13.19"}]}],"versions":["2.12.0","2.12.0.a1","2.12.0a2","2.12.0a3","2.12.0a4","2.12.0b1","2.12.0b2","2.12.0b3","2.12.0b4","2.12.0c1","2.12.1","2.12.10","2.12.11","2.12.12","2.12.13","2.12.14","2.12.15","2.12.16","2.12.17","2.12.18","2.12.19","2.12.2","2.12.20","2.12.21","2.12.22","2.12.23","2.12.24","2.12.25","2.12.26","2.12.27","2.12.28","2.12.3","2.12.4","2.12.5","2.12.6","2.12.7","2.12.8","2.12.9","2.13.0","2.13.0a1","2.13.0a2","2.13.0a3","2.13.0a4","2.13.0b1","2.13.0c1","2.13.1","2.13.10","2.13.11","2.13.12","2.13.13","2.13.14","2.13.15","2.13.16","2.13.17","2.13.18","2.13.2","2.13.3","2.13.4","2.13.5","2.13.6","2.13.7","2.13.8","2.13.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/zope2/PYSEC-2014-76.yaml"}}],"schema_version":"1.7.3"}