1850 matches found
CVE-2026-11403
The CVE affects Sonatype Nexus Repository Manager. The flaw is in the format-specific API key generation, where a remote attacker could gain unauthorized access to repository operations as a targeted user if a format-specific API key realm (NuGet API Key, Docker Bearer Token, or npm Bearer Token)...
USN-8524-1: Python vulnerability
It was discovered that Python did not use sufficient entropy for Expat hash-flooding protection in the xml.parsers.expat and xml.etree.ElementTree modules. An attacker could use this to cause a denial of service via a crafted XML document...
USN-8520-1: Expat vulnerability
It was discovered that Expat used insufficient entropy when generating hash salt values for its internal hash table. An attacker could use this to craft an XML document that triggers hash flooding, leading to a denial of service...
EUVD-2026-42021
EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...
CVE-2026-13199
CVE-2026-13199 affects Raspberry Pi 5 and Compute Module 5 EEPROM firmware. The issue is that the EEPROM produced non-random KASLR and RNG seed values, resulting in consistent kernel addresses across boots and devices. This may lower entropy and potentially ease exploitation of other vulnerabilit...
CVE-2026-13199
EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...
CVE-2026-13199 Insufficient Entropy in Raspberry Pi 5 and Compute Module 5
EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...
CVE-2026-56016
A flaw was found in perl-CGI-Session. This vulnerability allows a remote attacker to predict session identifiers due to the use of low-entropy sources in the generateid method. By predicting a session identifier, an attacker can impersonate a user's session, leading to a bypass of authentication...
CVE-2026-56016
CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...
UBUNTU-CVE-2026-56016
CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...
CVE-2026-56016 CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources
CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...
CVE-2026-56016
CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...
CVE-2026-56016
CVE-2026-56016 (CGI::Session::ID::md5) affects Perl CGI::Session versions before 4.49. The vulnerable code path uses generate_id to build a session id from a MD5 digest of the process ID, epoch time, and rand(), all low-entropy/predictable sources. This enables an attacker to predict session IDs ...
EUVD-2026-40927
CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...
Security update for perl-Net-Dropbox-API (moderate)
openSUSE Security Update: Security update for perl-Net-Dropbox-API Announcement ID: openSUSE-SU-2026:0217-1 Rating: moderate References: 1240884 Cross-References: CVE-2024-58036 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description:...
CVE-2026-52936
A flaw was found in the Linux kernel's jitterentropy cryptographic module. A long-held spinlock during entropy collection could cause parallel readers to stall. This issue allows a local attacker to trigger a Denial of Service DoS by causing contention for the shared lock, making the system...
CVE-2026-52936
In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy call. That path performs expensive jitter...
UBUNTU-CVE-2026-52936
In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy call. That path performs expensive jitter...
EUVD-2026-38706
In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy call. That path performs expensive jitter...
CVE-2026-52936
The CVE-2026-52936 vulnerability affects the Linux kernel’s jitterentropy path. Specifically, jent_kcapi_random() serialized the shared jitterentropy state while holding a spinlock during jent_read_entropy(), causing contention and stalls due to expensive entropy collection and SHA3 conditioning....