Lucene search
+L

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/18 5:53 p.m.9 views

CVE-2026-9692

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...

7.3CVSS5.2AI score0.00329EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/15 5:5 p.m.45 views

CVE-2026-42155 Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS0.00267EPSS
Exploits0References1
CVE
CVE
added 2004/09/01 4:0 a.m.64 views

CVE-2003-0094

CVE-2003-0094 affects Mandrake Linux 8.2/9.0 util-linux mcookie. The patch changed the entropy source from /dev/random to /dev/urandom, making mcookie output more predictable and potentially aiding certain attacks. The Nessus advisory notes the patch was removed in these updates, restoring a bett...

5CVSS6.5AI score0.0155EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2003/03/03 5:0 a.m.15 views

CVE-2003-0094

A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed...

5CVSS6.5AI score0.0155EPSS
Exploits0References3
Rows per page
Query Builder