Lucene search
+L

289 matches found

Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.12 views

PT-2026-22392

Name of the Vulnerable Software and Affected Versions HTTP::Session2 versions prior to 1.12 Description The software may generate weak session IDs using the rand function. The session ID generator returns a SHA-1 hash seeded with the rand function, epoch time, and the process ID PID. The rand...

6.5CVSS5.9AI score0.00418EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/02/27 12:0 a.m.7 views

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.8AI score0.002EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/26 11:33 p.m.2 views

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.7AI score0.002EPSS
Exploits0References2
CVE
CVE
added 2026/02/26 11:33 p.m.18 views

CVE-2025-40932

Apache::SessionX for Perl up to version 2.01 uses a default MD5-based session-id generator that seeds the MD5 with the built-in rand(), the epoch time, and the PID. This yields predictable, low-entropy session identifiers because rand() is not cryptographically secure and the epoch/PID have limit...

8.2CVSS5.5AI score0.002EPSS
Exploits0References1Affected Software1
Oracle linux
Oracle linux
added 2026/02/16 12:0 a.m.27 views

openssl security update

1.0.2k-26.0.1fips - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison Orabug: 32467026 - Add DH support changes for SP 800-56A rev3 requirements Orabug: 32467059 - Add TLS KDF self-test Orabug: 32467193 - Add EC keys pairwise consistency test Orabug: 32467059...

7.5CVSS6.5AI score0.01744EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/02/05 3:8 p.m.15 views

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...

5.8AI score0.00179EPSS
Exploits0References5
NVD
NVD
added 2026/01/30 6:15 p.m.12 views

CVE-2025-15497

Insufficient epoch key slot processing in OpenVPN 2.7alpha1 through 2.7rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...

7CVSS0.00323EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/30 6:6 p.m.6 views

EUVD-2025-206570

Insufficient epoch key slot processing in OpenVPN 2.7alpha1 through 2.7rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...

7CVSS5.9AI score0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/30 6:6 p.m.5 views

CVE-2025-15497

Insufficient epoch key slot processing in OpenVPN 2.7alpha1 through 2.7rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...

7CVSS5.9AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/30 6:6 p.m.33 views

CVE-2025-15497

Insufficient epoch key slot processing in OpenVPN 2.7alpha1 through 2.7rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...

7CVSS0.00323EPSS
Exploits0References2
NVD
NVD
added 2026/01/23 4:15 p.m.6 views

CVE-2026-22990

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUGON in osdmapapplyincremental If the osdmap is maliciously corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the...

7.5CVSS0.00341EPSS
Exploits0References7
OSV
OSV
added 2026/01/23 4:15 p.m.6 views

AZL-78467 CVE-2026-22990 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUGON in osdmapapplyincremental If the osdmap is maliciously corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the...

7.5CVSS5.8AI score0.00341EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/23 4:15 p.m.4 views

CVE-2026-22990

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUGON in osdmapapplyincremental If the osdmap is maliciously corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the...

7.5CVSS5.9AI score0.00341EPSS
Exploits0References28
OSV
OSV
added 2026/01/23 4:15 p.m.3 views

UBUNTU-CVE-2026-22990

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUGON in osdmapapplyincremental If the osdmap is maliciously corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the...

7.5CVSS5.8AI score0.00341EPSS
Exploits0References29
ATTACKERKB
ATTACKERKB
added 2026/01/23 3:24 p.m.7 views

CVE-2026-22990

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUGON in osdmapapplyincremental If the osdmap is maliciously corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the...

5.7AI score0.00341EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/01/23 3:24 p.m.31 views

CVE-2026-22990 libceph: replace overzealous BUG_ON in osdmap_apply_incremental()

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUGON in osdmapapplyincremental If the osdmap is maliciously corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the...

7.5CVSS0.00341EPSS
Exploits0References7
CVE
CVE
added 2026/01/23 3:24 p.m.75 views

CVE-2026-22990

CVE-2026-22990 affects the Linux kernel libceph component, where an overzealous BUG_ON in osdmap_apply_incremental() could misreact to a maliciously corrupted incremental osdmap epoch. The mitigation is to treat such an incongruent incremental osdmap as invalid rather than triggering a BUG. Conne...

7.5CVSS5.2AI score0.00341EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/01/23 3:24 p.m.3 views

CVE-2026-22990 libceph: replace overzealous BUG_ON in osdmap_apply_incremental()

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUGON in osdmapapplyincremental If the osdmap is maliciously corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the...

7.5CVSS5.7AI score0.00341EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/01/19 1:18 a.m.5 views

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...

5.8AI score0.00179EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:58 a.m.6 views

CVE-2025-40933

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...

7.5CVSS7AI score0.00383EPSS
Exploits0References1
Rows per page
Query Builder