Lucene search
K

276 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/05 2:18 a.m.9 views

CVE-2024-57854

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...

5.9AI score0.00409EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/27 8:12 p.m.4 views

CVE-2026-3255 HTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() function

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...

5.9AI score0.00418EPSS
Exploits0References4
CVE
CVE
added 2026/02/27 8:12 p.m.17 views

CVE-2026-3255

HTTP::Session2 (Perl) vulnerable in versions before 1.12, where the session-id generator creates a SHA-1 hash seeded with the built-in rand() output, epoch time, and the process ID. The PID comes from a small set of numbers, and the epoch time may be guessed if not leaked via HTTP Date. rand() is...

6.5CVSS5.9AI score0.00418EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-2966

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS...

6.3CVSS5.2AI score0.0038EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/23 2:2 a.m.6 views

CVE-2026-2966 Cesanta Mongoose DNS Transaction ID dns.c mg_sendnsreq random values

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...

6.3CVSS4.6AI score0.0038EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/23 2:2 a.m.29 views

CVE-2026-2966 Cesanta Mongoose DNS Transaction ID dns.c mg_sendnsreq random values

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...

6.3CVSS0.0038EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/02/23 12:0 a.m.7 views

CVE-2026-2966

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...

6.3CVSS5.5AI score0.0038EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : [security - high] nodejs:16 (AXSA:2022-3898:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3898:01 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...

9.1CVSS5.6AI score0.02587EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : nodejs-16.17.1-1.el9 (AXSA:2022-4091:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4091:01 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...

9.1CVSS8.5AI score0.02587EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 4 : postgresql-8.4.20-1.AXS4 (AXSA:2014-004:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-004:01 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselect...

8.5CVSS7.3AI score0.06666EPSS
Exploits5References10
CVE
CVE
added 2026/01/13 7:29 p.m.19 views

CVE-2025-68704

CVE-2025-68704 concerns the Jervis library used by Jenkins Job DSL plugin scripts and shared pipelines. Prior to version 2.2, Jervis relies on java.util.Random() for timing attack mitigation, which is not cryptographically secure. The vulnerability, fixed in 2.2, can affect timing-related defense...

8.2CVSS6.4AI score0.00231EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/01/13 7:29 p.m.7 views

EUVD-2026-2024

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

8.2CVSS6.2AI score0.00231EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.3 views

RustCrypto: Elliptic Curves 安全特征问题漏洞

RustCrypto: Elliptic Curves is a Rust cryptographic library open-sourced by Rust Crypto. A security signature issue vulnerability exists in RustCrypto: Elliptic Curves version 0.14.0-pre.0 and 0.14.0-rc.0, which stems from a severe lack of entropy of temporary random numbers in the SM2 public-key...

8.7CVSS6.4AI score0.00245EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/12/30 12:41 a.m.27 views

CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation.

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS0.00363EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/12/30 12:41 a.m.4 views

CVE-2025-69217

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS7AI score0.00363EPSS
Exploits0References3
OSV
OSV
added 2025/12/30 12:41 a.m.5 views

CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation.

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS6.9AI score0.00363EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/29 5:54 a.m.4 views

CVE-2025-68932

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...

9.8CVSS7AI score0.00498EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/27 12:0 a.m.5 views

FreshRSS 安全特征问题漏洞

FreshRSS is a free, self-hosted RSS aggregator from FreshRSS Open Source. A security feature issue vulnerability exists in FreshRSS versions prior to 1.28.0 that stems from the use of a weak random number generator to generate session tokens, which could lead to account takeover...

9.8CVSS6.6AI score0.00498EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2025/12/27 12:0 a.m.5 views

When RSA Fails: Exploiting Prime Selection Vulnerabilities in Public Key Cryptography

This paper explores vulnerabilities in RSA cryptosystems that arise from improper prime number selection during key generation. We examine two primary attack vectors: Fermat's factorization method, which exploits RSA keys generated with primes that are too close together, and the Greatest Common...

7AI score
Exploits0
Cvelist
Cvelist
added 2025/12/26 11:43 p.m.18 views

CVE-2025-68932 FreshRSS has weak cryptographic randomness in remember-me token and nonce generation

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...

6.3CVSS0.00498EPSS
Exploits1References3
Rows per page
Query Builder