12 matches found
CVE-2026-8700 Crypt::DSA versions before 1.20 for Perl generate seeds using rand
Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...
CVE-2026-5084
CVE-2026-5084 affects WebDyne::Session for Perl up to version 2.075. The vulnerability stems from generating the session id via an MD5 hash seeded with rand(), where rand() is seeded with 32 bits based on process id, epoch time, and the object’s address. This seed is predictable, making session I...
CVE-2025-40931 Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...
CVE-2025-40932
Apache::SessionX
CVE-2025-15578
Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time which is available from HTTP response headers, a call to the built-in rand function, and the PID...
EUVD-2024-0614
Malicious code in bioql PyPI...
DEBIAN-CVE-2025-40923
Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...
CVE-2024-1631
Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...
PT-2024-40180 · Unknown · @Nfid/Embed Sdk +2
Name of the Vulnerable Software and Affected Versions: @nfid/embed SDK versions prior to 0.10.1-alpha.6 @dfinity/auth-client versions prior to 1.0.1 @dfinity/identity versions prior to 1.0.1 Description: The issue affects user sessions in the @nfid/embed SDK that utilize Ed25519 keys, due to a...
CVE-2024-1631
Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...
CVE-2024-1631
Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...
Authentication flaw
Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...