Lucene search
K

700 matches found

OSV
OSV
added 2026/06/30 11:5 a.m.2 views

CVE-2026-57082 Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...

5.9CVSS5.9AI score0.00152EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-11625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the...

7.5CVSS6.1AI score0.00309EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:7 a.m.6 views

CVE-2026-11625

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/26 8:7 a.m.43 views

CVE-2026-11625 Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

0.00309EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52682

Name of the Vulnerable Software and Affected Versions Bytes::Random::Secure::Tiny versions prior to 1.012 Description Internal state for the Pseudo-Random Number Generator PRNG is shared across forked processes when an object is initialized before the fork occurs. This leads to the production of...

7.5CVSS5.7AI score0.00292EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.6 views

Oracle Linux 9 : bind (ELSA-2026-18786)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18786 advisory. - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 Tenable has...

8.6CVSS6.9AI score0.1096EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Crypt-SaltedHash vulnerability (USN-8418-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8418-1 advisory. It was discovered that Crypt-SaltedHash incorrectly generated salts using a cryptographically...

9.1CVSS5.5AI score0.00397EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/30 12:0 a.m.13 views

One (Thread) Can Keep a (PRNG) Secret, but Not Two

We present a novel, practical attack on the IPv6 Fragment ID generation algorithm of XNU, which is the kernel used by Apple products such as macOS and iOS. This attack exploits a race-condition vulnerability in the algorithm's pseudorandom number generator PRNG to cryptanalytically break, learn t...

5.9CVSS7.3AI score0.00687EPSS
Exploits0
EUVD
EUVD
added 2026/04/27 11:32 p.m.6 views

EUVD-2026-25939

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

4.8CVSS5.2AI score0.00312EPSS
Exploits0References1
CVE
CVE
added 2026/04/27 11:32 p.m.40 views

CVE-2026-40975

CVE-2026-40975 describes use of a cryptographically weak PRNG for Spring Boot’s random value property source (e.g., ${random.value}, ${random.int}, ${random.long}) used for secrets. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (...

8.2CVSS5.2AI score0.00312EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.8 views

PT-2026-35547

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

4.8CVSS5.2AI score0.00312EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/23 9:52 a.m.6 views

CVE-2026-41564

A flaw was found in CryptX. CryptX versions before 0.088 for Perl do not properly reseed the pseudo-random number generator PRNG state after a process forks. This vulnerability allows an attacker to recover the signing private key by observing two signatures from different child processes, as the...

7.5CVSS5.7AI score0.00447EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/23 7:29 a.m.9 views

CVE-2026-41564

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A...

7.5CVSS5.3AI score0.00447EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

CryptX 安全漏洞

CryptX is a open-source cryptographic toolkit developed by DCIT, based on various encryption algorithms. Versions of CryptX prior to 0.088 contained security vulnerabilities. These vulnerabilities stemmed from the failure to reseed the Crypt::PK PRNG state after a fork, allowing sub-programs to...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/23 12:0 a.m.6 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG for the property source for $random.value as well as $random.int and $random.long. Standard PRNGs like java.util.Random use deterministic mathematical algorithms starting...

8.2CVSS5.5AI score0.00312EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.8 views

PT-2026-34646

Name of the Vulnerable Software and Affected Versions CryptX versions prior to 0.088 Description CryptX for Perl fails to reseed the Crypt::PK Pseudo-Random Number Generator PRNG state after a fork operation. The modules Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC,...

7.5CVSS5.2AI score0.00447EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-34871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number...

6.7CVSS5.8AI score0.00192EPSS
Exploits0References3
OSV
OSV
added 2026/04/01 7:16 p.m.9 views

UBUNTU-CVE-2026-25835

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

7.7CVSS5.8AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/01 12:0 a.m.28 views

CVE-2026-25835

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

0.0017EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 10:31 p.m.2 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

9.8CVSS5.8AI score0.00376EPSS
Exploits0References2
Rows per page
Query Builder