700 matches found
CVE-2026-57082 Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG
Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...
Linux Distros Unpatched Vulnerability : CVE-2026-11625
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the...
CVE-2026-11625
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...
CVE-2026-11625 Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...
PT-2026-52682
Name of the Vulnerable Software and Affected Versions Bytes::Random::Secure::Tiny versions prior to 1.012 Description Internal state for the Pseudo-Random Number Generator PRNG is shared across forked processes when an object is initialized before the fork occurs. This leads to the production of...
Oracle Linux 9 : bind (ELSA-2026-18786)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18786 advisory. - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 Tenable has...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Crypt-SaltedHash vulnerability (USN-8418-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8418-1 advisory. It was discovered that Crypt-SaltedHash incorrectly generated salts using a cryptographically...
One (Thread) Can Keep a (PRNG) Secret, but Not Two
We present a novel, practical attack on the IPv6 Fragment ID generation algorithm of XNU, which is the kernel used by Apple products such as macOS and iOS. This attack exploits a race-condition vulnerability in the algorithm's pseudorandom number generator PRNG to cryptanalytically break, learn t...
EUVD-2026-25939
Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...
CVE-2026-40975
CVE-2026-40975 describes use of a cryptographically weak PRNG for Spring Boot’s random value property source (e.g., ${random.value}, ${random.int}, ${random.long}) used for secrets. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (...
PT-2026-35547
Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...
CVE-2026-41564
A flaw was found in CryptX. CryptX versions before 0.088 for Perl do not properly reseed the pseudo-random number generator PRNG state after a process forks. This vulnerability allows an attacker to recover the signing private key by observing two signatures from different child processes, as the...
CVE-2026-41564
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A...
CryptX 安全漏洞
CryptX is a open-source cryptographic toolkit developed by DCIT, based on various encryption algorithms. Versions of CryptX prior to 0.088 contained security vulnerabilities. These vulnerabilities stemmed from the failure to reseed the Crypt::PK PRNG state after a fork, allowing sub-programs to...
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG for the property source for $random.value as well as $random.int and $random.long. Standard PRNGs like java.util.Random use deterministic mathematical algorithms starting...
PT-2026-34646
Name of the Vulnerable Software and Affected Versions CryptX versions prior to 0.088 Description CryptX for Perl fails to reseed the Crypt::PK Pseudo-Random Number Generator PRNG state after a fork operation. The modules Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC,...
Linux Distros Unpatched Vulnerability : CVE-2026-34871
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number...
UBUNTU-CVE-2026-25835
Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...
CVE-2026-25835
Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...