Lucene search
K

1839 matches found

EUVD
EUVD
added 2026/07/07 8:36 a.m.8 views

EUVD-2026-42021

EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...

5.1CVSS5.9AI score0.00114EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:36 a.m.7 views

CVE-2026-13199

EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...

5.1CVSS5.9AI score0.00114EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 8:36 a.m.36 views

CVE-2026-13199 Insufficient Entropy in Raspberry Pi 5 and Compute Module 5

EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...

5.1CVSS0.00114EPSS
Exploits0References2
CVE
CVE
added 2026/07/07 8:36 a.m.16 views

CVE-2026-13199

CVE-2026-13199 affects Raspberry Pi 5 and Compute Module 5 EEPROM firmware. The issue is that the EEPROM produced non-random KASLR and RNG seed values, resulting in consistent kernel addresses across boots and devices. This may lower entropy and potentially ease exploitation of other vulnerabilit...

5.1CVSS5.9AI score0.00114EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/01 11:4 a.m.10 views

CVE-2026-56016

A flaw was found in perl-CGI-Session. This vulnerability allows a remote attacker to predict session identifiers due to the use of low-entropy sources in the generateid method. By predicting a session identifier, an attacker can impersonate a user's session, leading to a bypass of authentication...

7.4CVSS5.7AI score0.00322EPSS
Exploits0References5
NVD
NVD
added 2026/07/01 8:16 a.m.9 views

CVE-2026-56016

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

5.9CVSS0.00322EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 8:16 a.m.4 views

UBUNTU-CVE-2026-56016

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

5.9CVSS5.8AI score0.00322EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/01 6:46 a.m.37 views

CVE-2026-56016 CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

0.00322EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/07/01 6:46 a.m.8 views

CVE-2026-56016

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

5.9CVSS5.8AI score0.00322EPSS
Exploits0
CVE
CVE
added 2026/07/01 6:46 a.m.22 views

CVE-2026-56016

CVE-2026-56016 (CGI::Session::ID::md5) affects Perl CGI::Session versions before 4.49. The vulnerable code path uses generate_id to build a session id from a MD5 digest of the process ID, epoch time, and rand(), all low-entropy/predictable sources. This enables an attacker to predict session IDs ...

5.9CVSS5.8AI score0.00322EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 6:46 a.m.7 views

EUVD-2026-40927

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

5.9CVSS5.8AI score0.00322EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/25 12:0 a.m.7 views

Security update for perl-Net-Dropbox-API (moderate)

openSUSE Security Update: Security update for perl-Net-Dropbox-API Announcement ID: openSUSE-SU-2026:0217-1 Rating: moderate References: 1240884 Cross-References: CVE-2024-58036 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description:...

5.5CVSS6.1AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/24 3:37 p.m.11 views

CVE-2026-52936

A flaw was found in the Linux kernel's jitterentropy cryptographic module. A long-held spinlock during entropy collection could cause parallel readers to stall. This issue allows a local attacker to trigger a Denial of Service DoS by causing contention for the shared lock, making the system...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 8:16 a.m.8 views

CVE-2026-52936

In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy call. That path performs expensive jitter...

5.5CVSS0.00114EPSS
Exploits0References5
OSV
OSV
added 2026/06/24 8:16 a.m.3 views

UBUNTU-CVE-2026-52936

In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy call. That path performs expensive jitter...

5.5CVSS5.6AI score0.00114EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.8 views

CVE-2026-52936

In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy call. That path performs expensive jitter...

5.7AI score0.00114EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/06/24 7:14 a.m.16 views

CVE-2026-52936

The CVE-2026-52936 vulnerability affects the Linux kernel’s jitterentropy path. Specifically, jent_kcapi_random() serialized the shared jitterentropy state while holding a spinlock during jent_read_entropy(), causing contention and stalls due to expensive entropy collection and SHA3 conditioning....

5.5CVSS5.8AI score0.00114EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/24 7:14 a.m.10 views

EUVD-2026-38706

In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy call. That path performs expensive jitter...

5.8AI score0.00114EPSS
Exploits0References5
OSV
OSV
added 2026/06/24 7:14 a.m.2 views

CVE-2026-52936 crypto: jitterentropy - replace long-held spinlock with mutex

In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy call. That path performs expensive jitter...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51729

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The jent kcapi random function serializes the shared jitterentropy state by holding a spinlock during the jent read entropy call. Because this process involves expensive jitter collectio...

5.5CVSS6AI score0.00114EPSS
Exploits0References20
Rows per page
Query Builder