1235 matches found
DEBIAN-CVE-2026-2966
A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...
CVE-2026-2966
A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...
CVE-2026-2966 Cesanta Mongoose DNS Transaction ID dns.c mg_sendnsreq random values
A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...
CVE-2026-2966 Cesanta Mongoose DNS Transaction ID dns.c mg_sendnsreq random values
A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...
CVE-2026-2966
A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...
PT-2026-21579
Name of the Vulnerable Software and Affected Versions Smolder versions through 1.51 Description Smolder for Perl versions through 1.51 utilizes an insecure rand function for cryptographic operations. Specifically, Smolder::DB::Developer employs the Data::Random library, which relies on the rand...
CVE-2026-2966
A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...
Cesanta Mongoose 安全特征问题漏洞
Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose 7.20 and earlier contained security vulnerabilities. These...
PT-2026-21490
A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...
GO-2026-4471 Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() on crypto/rand failure in github.com/gofiber/fiber
Fiber has an insecure fallback in utils.UUIDv4 / utils.UUID — predictable / zero‑UUID on crypto/rand failure in github.com/gofiber/fiber...
AI-generated passwords are a security risk
Using Artificial Intelligence AI to generate your passwords is a bad idea. It's likely to give that password to a criminal who can then use it in a dictionary attack—which is when an attacker runs through a prepared list of likely passwords words, phrases, patterns with automated tools until one ...
CVE-2025-0577
An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions...
CVE-2025-0577
CVE-2025-0577 is a glibc vulnerability affecting randomness sources (getrandom/arc4random) when a multi-threaded process forks and creates additional threads; Fedora advisories attribute fixed updates to glibc (e.g., Fedora 40/41) with CVE-2025-0395 as well, documenting that patched versions incl...
CVE-2025-0577 Glibc: vdso getrandom acceleration may return predictable randomness
An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions...
CVE-2025-0577
An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions...
CVE-2025-40905
The CVE concerns WWW::OAuth 1.000 and earlier for Perl, which uses the rand() function as the default entropy source for cryptographic functions. This non-cryptographic randomness source can undermine security of cryptographic operations in affected releases. The connected CVE entry confirms the ...
CVE-2025-66630
A flaw was found in the Fiber web framework github.com/gofiber/fiber/v2. On Go versions prior to 1.24, the framework's Universally Unique Identifier UUID generation functions do not return an error when the underlying cryptographic randomness source fails. This can cause applications to use...
CVE-2025-66630
Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...
CVE-2025-66630 Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure
Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...
CVE-2025-66630 Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure
Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...