84061 matches found
CVE-2026-13199
CVE-2026-13199 affects Raspberry Pi 5 and Compute Module 5 EEPROM firmware. The issue is that the EEPROM produced non-random KASLR and RNG seed values, resulting in consistent kernel addresses across boots and devices. This may lower entropy and potentially ease exploitation of other vulnerabilit...
CVE-2026-13199
EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...
CVE-2026-13199 Insufficient Entropy in Raspberry Pi 5 and Compute Module 5
EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...
CVE-2026-14702
Technical details are not publicly available in the provided documents. Monitor for updates to the CVE entry and connected sources for further information.
CVE-2026-14702 zcaceres markdownify-mcp webpage-to-markdown Markdownify.ts saveToTempFile random values
A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted ...
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes
...
CVE-2026-56016
CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...
CVE-2026-7830
UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...
CVE-2026-7830
CVE-2026-7830 affects UltraVNC up to version 1.8.2.2 and concerns the MS-Logon II authentication. The DH key exchange uses parameters within 64-bit space (DH_MAX_BITS) and the private exponent is generated using a rng() that relies on three libc rand() calls seeded from time(NULL). This yields an...
CVE-2026-44040 UltraVNC vncauth.c uses time-seeded libc rand() to generate VNC authentication challenge bytes
UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...
EUVD-2026-40879
UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...
CVE-2026-44040
UltraVNC
PT-2026-54477
Name of the Vulnerable Software and Affected Versions UltraVNC versions prior to 1.8.2.3 Description The software uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. Specifically, the vncRandomBytes function seeds libc rand using a combinati...
CVE-2026-57082 Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG
Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...
CVE-2026-57082
Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...
CVE-2026-57082
The CVE-2026-57082 issue affects Net::BitTorrent for Perl (up to version 2.0.1). The MSE handshake derives its 160-bit Diffie-Hellman private key from Perl’s rand(), a non-cryptographic PRNG seeded once per process, via KeyExchange.pm. As a result, the shared secret and the RC4 keys (SHA-1("keyA"...
CVE-2026-57082 Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG
Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...
PT-2026-54445
Name of the Vulnerable Software and Affected Versions Sigstore Timestamp Authority versions prior to v2.0.7 Description An unauthenticated remote attacker can cause unbounded memory growth on the timestamp authority server. The issue occurs because the wrapMetrics middleware records the raw HTTP...
Linux Distros Unpatched Vulnerability : CVE-2026-53162
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - memcg: use round-robin victim selection in refillstock Harry Yoo reported that getrandomu32below is not safe to call in the nmi context and memcg charge drainin...
Linux Distros Unpatched Vulnerability : CVE-2026-11625
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the...