UBUNTU-CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

Security Bulletin: Astronomer with IBM is vulnerable to session security compromise due to the CIRCL package (CVE-2025-8556)

Summary CIRCL is used by Astronomer with IBM as part of crytographic processing functionality. Vulnerability Details CVEID:CVE-2025-8556 DESCRIPTION: A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via...

EUVD-2019-14198

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2025-40924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple...

CIRCL-Fourq: Missing and wrong validation can lead to incorrect results

Impact The CIRCL implementation of FourQ fails to validate user-supplied low-order points during Diffie-Hellman key exchange, potentially allowing attackers to force the identity point and compromise session security. Moreover, there is an incorrect point validation in ScalarMult can lead to...