Lucene search
K

1572 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: tpm: Added !tpmamdisrngdefective to the hwrngunregister call site The following crash was reported: 1950.279393 listdel corruption, ffff99560d485790-next is NULL 1950.279400 ------------ cut here ------------ 1950.279401 Kerne...

5.3AI score0.00168EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: hwrng: cavium – fixed the NULL pointer dereference issue in coccicheck. Fixed the following coccicheck warnings: ./drivers/char/hwrandom/cavium-rng-vf.c:182:17-20: Error: pdev is NULL, but it was dereferenced...

5.5CVSS6.3AI score0.00216EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Netfilter: Use getrandomu32 instead of prandom. This issue may occur when updating the per-cpu rndstate from a user context, i.e., the localout path. BUG: Using smpprocessorid in preemptible 00000000 code: nginx/2725. Caller is...

7.8CVSS6AI score0.0029EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Apache::Session::Generate::SHA256 安全特征问题漏洞

Apache::Session::Generate::SHA256 is a session management module developed by the Apache Foundation. Versions of Apache::Session::Generate::SHA256 prior to 1.3.19 contained security vulnerabilities. These vulnerabilities stemmed from insecure session ID generation. The use of the built-in rand...

6.5CVSS5.7AI score0.00243EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 7:24 p.m.9 views

EUVD-2026-30381

Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values...

7.4CVSS5.8AI score0.00159EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 7:24 p.m.21 views

CVE-2026-3290

CVE-2026-3290 affects the HRNG in the RS9116. When power-save mode is enabled, timing limitations produce predictable random values, as described in the connected records. The CVSS 4.0 vector indicates high impact on confidentiality and integrity with adjacent access and no privileges, and passiv...

7.4CVSS5.8AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.10 views

PT-2026-41021

Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values...

7.4CVSS5.8AI score0.00159EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:17 p.m.8 views

SUSE CVE-2022-48629

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...

5.5CVSS6.1AI score0.00378EPSS
Exploits1References12
EUVD
EUVD
added 2026/05/08 3:31 p.m.12 views

EUVD-2026-28620

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...

5.8AI score0.00425EPSS
Exploits0References9
OSV
OSV
added 2026/05/08 2:16 p.m.13 views

UBUNTU-CVE-2026-43336

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...

7.5CVSS5.7AI score0.00425EPSS
Exploits0References11
EUVD
EUVD
added 2026/04/30 11:49 a.m.7 views

EUVD-2026-26369

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

5.9CVSS5.3AI score0.00374EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.5 views

PT-2026-36091

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

5.9CVSS5.3AI score0.00374EPSS
Exploits0References3
OSV
OSV
added 2026/04/27 8:35 p.m.21 views

JLSEC-2026-278

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

7.5CVSS5.3AI score0.01336EPSS
Exploits1References8
OSV
OSV
added 2026/04/27 6:33 p.m.16 views

JLSEC-2026-215 OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include...

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

5.3CVSS6.3AI score0.06232EPSS
Exploits0References25
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.11 views

WordPress plugin Taqnix 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.8AI score0.0017EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

WordPress plugin Fast & Fancy Filter – 3F 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.10 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013302)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013302 advisory. The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, a...

4.3CVSS6.8AI score0.05228EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/15 7:3 a.m.4 views

CVE-2026-5088 Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

5.8AI score0.00572EPSS
Exploits0References4
RustSec
RustSec
added 2026/04/09 12:0 p.m.27 views

Rand is unsound with a custom logger using `rand::rng()`

It has been reported by @lopopolo that the rand library is unsound i.e. that safe code using the public API can cause Undefined Behaviour when all the following conditions are met: - The log and threadrng features are enabled - A custom logger is defined - The custom logger accesses rand::rng...

5.7AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

WordPress plugin Download Monitor 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.7AI score0.00161EPSS
Exploits0References7
Rows per page
Query Builder