1234 matches found
EUVD-2025-198505
Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values...
CVE-2025-62626
Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values...
UBUNTU-CVE-2025-62626
Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values...
CVE-2025-62626
Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values...
CVE-2025-62626
CVE-2025-62626 describes an entropy mishandling issue in AMD CPUs that can cause the RDSEED instruction to return less random values. The vulnerability is discussed across multiple connected advisories indicating a local attacker could influence randomness, with potential implications for cryptog...
CVE-2025-62626
Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values...
RLSA-2025:21111 Important: bind9.18 security update
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...
WordPress plugin AuthorSure 跨站请求伪造漏洞
WordPress AuthorSure plugin is an open source plugin designed for the WordPress platform, mainly used to manage the submission process of multi-author sites. WordPress AuthorSure plugin has a cross-site request forgery vulnerability, the vulnerability stems from the lack of random number validati...
RHEL 9 : bind (RHSA-2025:21887)
"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21887 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...
Important: Red Hat Security Advisory: bind security update
An update for bind is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
bind: Cache poisoning due to weak PRNG
A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...
AlmaLinux 9 : bind9.18 (ALSA-2025:19950)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19950 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 bind: Resource exhaustion via...
AlmaLinux 9 : bind (ALSA-2025:21110)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21110 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 Tenable has extracted the precedi...
SUSE-SU-2025:4107-1 Security update for bind
This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks bsc1252379. - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380...
Siemens SIMATIC S7-1500 Use of Insufficiently Random Values (CVE-2020-11501)
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...
Siemens SIMATIC S7-1500 Use of Insufficiently Random Values (CVE-2019-1010025)
DISPUTED GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthreadcreated thread. The component is: glibc. NOTE: the vendor's position is ASLR bypass itself is not a vulnerability. This plugin only works with Tenable.ot. Please visit...
CVE-2025-64429
DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...
PYSEC-2025-112
DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...
MAL-2025-162603 Malicious code in nokire-kilua17 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5db4ea2fd04e60bffd2385818ff307c777dd5767a34b0be071538a3ab9769adc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-12787
The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin's "tfhbmeetingformsubmitcallback" function using insufficiently random values to generate...