87 matches found
CVE-2026-5084
CVE-2026-5084 affects WebDyne::Session for Perl up to version 2.075. The vulnerability stems from generating the session id via an MD5 hash seeded with rand(), where rand() is seeded with 32 bits based on process id, epoch time, and the object’s address. This seed is predictable, making session I...
Weak Random Value Generation For Secrets (weak PRNG)
Spring Boot is vulnerable to the use of a weak pseudo-random number generator PRNG. The vulnerability is due to the use of predictable random value sources e.g., $random.value, $random.int, $random.long, which allows an attacker to guess or brute-force generated secrets and compromise application...
EUVD-2026-10043
CoreDNS Loop Detection Denial of Service Vulnerability...
CVE-2025-40931
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...
CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...
EUVD-2012-2663
Malware in sbrugna...
EUVD-2009-1691
Malware in sbrugna...
EUVD-2010-5048
Malware in sbrugna...
EUVD-2013-4560
Malware in sbrugna...
EUVD-2014-4349
Malware in sbrugna...
EUVD-2018-9708
Malware in sbrugna...
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
CVE-2025-7394
In CVE-2025-7394, the OpenSSL compatibility layer’s RAND_poll() misbehavior can yield predictable random values from RAND_bytes() when fork() occurs, affecting only applications that call RAND_bytes() after forking (not internal TLS operations). WolfSSL implemented a complementary change so RAND_...
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
PT-2025-30102
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description The OpenSSL compatibility layer implementation had an issue with the RAND poll function, potentially leading to predictable values returned from RAND bytes after a fork call. This could resul...
CVE-2024-45751
tgt aka Linux target framework before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical...
CVE-2013-5180
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveragi...