Lucene search
K

275 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-47831

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS7.1AI score0.00191EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 3:33 a.m.16 views

CVE-2026-7830

CVE-2026-7830 affects UltraVNC up to version 1.8.2.2 and concerns the MS-Logon II authentication. The DH key exchange uses parameters within 64-bit space (DH_MAX_BITS) and the private exponent is generated using a rng() that relies on three libc rand() calls seeded from time(NULL). This yields an...

7.4CVSS5.8AI score0.0022EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/07/01 3:33 a.m.6 views

CVE-2026-44040 UltraVNC vncauth.c uses time-seeded libc rand() to generate VNC authentication challenge bytes

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...

4.8CVSS5.8AI score0.00283EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 3:33 a.m.8 views

EUVD-2026-40879

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...

4.8CVSS5.8AI score0.00283EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 3:33 a.m.14 views

CVE-2026-44040

UltraVNC

6.5CVSS5.8AI score0.00283EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54477

Name of the Vulnerable Software and Affected Versions UltraVNC versions prior to 1.8.2.3 Description The software uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. Specifically, the vncRandomBytes function seeds libc rand using a combinati...

6.5CVSS6AI score0.00283EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 8:41 p.m.4 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Link Resolution Before File Access ('Link Following'), Use of Insufficiently Random Values, Insecure Temporary File (CVE-2026-40977, CVE-2026-40975, CVE-2026-40973)

Summary There are vulnerabilities in spring-boot-3.5.12.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-40977, CVE-2026-40975, CVE-2026-40973. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as...

8.2CVSS5.6AI score0.00312EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.11 views

Fedora 45 : perl-Crypt-PasswdMD5 (2026-5f1dfcb5c8)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5f1dfcb5c8 advisory. Automatic update for perl-Crypt-PasswdMD5-1.4.3-1.fc45. Changelog Sat May 23 2026 Paul Howarth - 1.4.3-1 - Update to 1.43 - Replace use of the...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/21 11:42 a.m.8 views

CVE-2026-40975

A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...

8.2CVSS5.8AI score0.00312EPSS
Exploits0References4
Veracode
Veracode
added 2026/04/29 9:24 a.m.6 views

Weak Random Value Generation For Secrets (weak PRNG)

Spring Boot is vulnerable to the use of a weak pseudo-random number generator PRNG. The vulnerability is due to the use of predictable random value sources e.g., $random.value, $random.int, $random.long, which allows an attacker to guess or brute-force generated secrets and compromise application...

8.2CVSS5.8AI score0.00312EPSS
Exploits0References10Affected Software2
NVD
NVD
added 2026/04/28 12:16 a.m.7 views

CVE-2026-40975

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

8.2CVSS0.00312EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

VMware Spring Boot 安全特征问题漏洞

VMware Spring Boot is an open-source framework developed by the American company VMware. There are security vulnerabilities in versions 4.0.0 to 4.0.5, 3.5.0 to 3.5.13, 3.4.0 to 3.4.15, 3.3.0 to 3.3.18, and 2.7.0 to 2.7.32 of VMware Spring Boot. These vulnerabilities stem from the use of random...

7.5CVSS5.8AI score0.00312EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 11:32 p.m.6 views

CVE-2026-40975

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

4.8CVSS5.2AI score0.00312EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/27 8:35 p.m.21 views

JLSEC-2026-278

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

7.5CVSS5.3AI score0.01336EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/04/27 2:21 p.m.35 views

CVE-2026-40514 SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

8.2CVSS0.00155EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/06 5:0 p.m.2 views

CVE-2026-25726

Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...

9.8CVSS5.8AI score0.00376EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/03 8:6 p.m.30 views

CVE-2026-25726 Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)

Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...

8.1CVSS0.00376EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.8 views

Cloudreve 安全特征问题漏洞

Cloudreve is an open-source public cloud file system that supports multiple cloud storage drivers. Versions of Cloudreve prior to 4.13.0 have a security feature vulnerability. This vulnerability stems from the use of a weak pseudo-random number generator for generating security keys, which may le...

9.8CVSS5.8AI score0.00376EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/31 10:31 p.m.7 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

9.8CVSS5.8AI score0.00376EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 10:31 p.m.4 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

9.8CVSS5.8AI score0.00376EPSS
Exploits0References2
Rows per page
Query Builder