Unspecified Vulnerability in ISC BIND 9

ISC BIND 9 is a domain name system software from the ISC organization. A security vulnerability exists in ISC BIND 9 that stems from a weakness in the pseudo-random number generator, which can be exploited by an attacker to cause prediction of source ports and query IDs...

CVE-2025-62917

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jamel.Z Tooltipy bluet-keywords-tooltip-generator allows Stored XSS.This issue affects Tooltipy: from n/a through = 5.5.9...

Predictable Random Number Generator (PRNG)

org.sakaiproject.kernel, sakai-kernel-impl is vulnerable to Use of a Predictable Random Number Generator PRNG. The vulnerability is due to the use of java.util.Random, a non-cryptographic PRNG, for initializing the AES256TextEncryptor password, which allows an attacker to predict the encryption k...

EUVD-2025-36023

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jamel.Z Tooltipy bluet-keywords-tooltip-generator allows Stored XSS.This issue affects Tooltipy: from n/a through = 5.5.9...

RejSCore: Rejection Sampling Core for Multivariate-Based Public Key Cryptography

Post-quantum multivariate public key cryptography MPKC schemes resist quantum threats but require heavy operations, such as rejection sampling, which challenge resource-limited devices. Prior hardware designs have addressed various aspects of MPKC signature generation. However, rejection sampling...

[SECURITY] Fedora 43 Update: gi-docgen-2025.5-1.fc43

GI-DocGen is a document generator for GObject-based libraries. GObject is the base type system of the GNOME project. GI-Docgen reuses the introspection data generated by GObject-based libraries to generate the API reference of these libraries, as well as other ancillary documentation. GI-DocGen i...

Cache poisoning due to weak PRNG

...

Fedora 44 : bind / bind-dyndb-ldap (2025-5a73e9e251)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-5a73e9e251 advisory. Update to 9.18.41 rhbz2405786 Security fixes: - DNSSEC validation fails if matching but invalid DNSKEY is found. CVE-2025-8677 - Address various...

CVE-2025-49945

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kylegetson Shortcode Generator shortcode-generator allows Reflected XSS.This issue affects Shortcode Generator: from n/a through = 1.1...

CVE-2025-62009

Cross-Site Request Forgery CSRF vulnerability in Dmitry V. CEO of "UKR Solution" UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Cross Site Request Forgery.This issue affects UPC/EAN/GTIN Code Generator: from n/a through = 2.0.2...

ISC BIND Cache Poisoning Vulnerability (CVE-2025-40780) - Linux

ISC BIND is prone to cache poisoning attacks due to a weak Pseudo Random Number Generator PRNG. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

SUSE CVE-2025-40780

In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.1...

EUVD-2025-35623

Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl...

GHSA-GR7H-XW4F-WH86 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

Impact EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information e.g., start time window, substantially...

Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

Impact EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information e.g., start time window, substantially...

EUVD-2025-35609

In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.1...

USN-7836-1: Bind vulnerabilities

Zuyao Xu and Xiang Li discovered that Bind incorrectly handled certain malformed DNSKEY records. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service. CVE-2025-8677 Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan discovered that...

ALPINE-CVE-2025-40780

In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.1...

AZL-68739 CVE-2025-40780 affecting package bind for versions less than 9.20.15-1

In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.1...

CVE-2025-40780 Cache poisoning due to weak PRNG

In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.1...