Lucene search
+L

703 matches found

Cvelist
Cvelist
added 2026/04/01 12:0 a.m.30 views

CVE-2026-25835

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

0.0017EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 10:31 p.m.2 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

9.8CVSS5.8AI score0.00376EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 10:31 p.m.3 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

9.8CVSS5.8AI score0.00376EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.4 views

EulerOS 2.0 SP11 : bind (EulerOS-SA-2026-1598)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the...

8.6CVSS5.9AI score0.00502EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/07 12:25 a.m.7 views

SUSE CVE-2026-26018

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable...

7.5CVSS5.7AI score0.01093EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2026/02/03 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2026-1217)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS5.4AI score0.00502EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/30 3:24 a.m.8 views

CVE-2026-24889

soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the Bytes::slice, Vec::slice, and Prng::genrange for u64 methods in the soroban-sdk in versions up to and including 25.0.1, 23.5.1, and 25.0.2. Contracts that pass user-controlled or computed range bounds to...

5.3CVSS5.9AI score0.00353EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/28 10:20 p.m.10 views

soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64

Impact Arithmetic overflow can be triggered in the Bytes::slice, Vec::slice, and Prng::genrange for u64 methods in the soroban-sdk in versions prior to and including 25.0.1. Contracts that pass user-controlled or computed range bounds to Bytes::slice, Vec::slice, or Prng::genrange may silently...

5.3CVSS5.9AI score0.00353EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2026/01/28 10:20 p.m.23 views

GHSA-96XM-FV9W-PF3F soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64

Impact Arithmetic overflow can be triggered in the Bytes::slice, Vec::slice, and Prng::genrange for u64 methods in the soroban-sdk in versions prior to and including 25.0.1. Contracts that pass user-controlled or computed range bounds to Bytes::slice, Vec::slice, or Prng::genrange may silently...

5.3CVSS5.9AI score0.00353EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/01/28 10:1 p.m.6 views

CVE-2026-24889

soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the Bytes::slice, Vec::slice, and Prng::genrange for u64 methods in the soroban-sdk in versions up to and including 25.0.1, 23.5.1, and 25.0.2. Contracts that pass user-controlled or computed range bounds to...

5.3CVSS5.9AI score0.00353EPSS
Exploits0References9Affected Software1
EUVD
EUVD
added 2026/01/28 10:1 p.m.8 views

EUVD-2026-4848

soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the Bytes::slice, Vec::slice, and Prng::genrange for u64 methods in the soroban-sdk in versions up to and including 25.0.1, 23.5.1, and 25.0.2. Contracts that pass user-controlled or computed range bounds to...

5.3CVSS5.9AI score0.00353EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.10 views

rs-soroban-sdk input validation vulnerability

rs-soroban-sdk is a Rust development toolkit open source by Stellar. Versions of rs-soroban-sdk 25.0.1 and earlier, as well as 23.5.1 and earlier, and 25.0.2 and earlier, have a vulnerability related to input validation errors. This vulnerability stems from arithmetic overflow in the Bytes::slice...

5.3CVSS5.9AI score0.00353EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 9 : bind9.18-9.18.29-4.el9_6.2 (AXSA:2025-11099:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11099:05 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 bind: Resource exhaustion v...

8.6CVSS7.5AI score0.11203EPSS
Exploits1References4
OSV
OSV
added 2026/01/15 10:43 a.m.2 views

SUSE-SU-2026:20085-1 Security update for bind

This update for bind fixes the following issues: - Upgrade to release 9.20.15 Security Fixes: CVE-2025-40778: Fixed cache poisoning attacks with unsolicited RRs bsc1252379 CVE-2025-40780: Fixed cache poisoning due to weak PRNG bsc1252380 CVE-2025-8677: Fixed resource exhaustion via malformed DNSK...

8.6CVSS6.7AI score0.11203EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.8 views

EulerOS 2.0 SP12 : bind (EulerOS-SA-2026-1062)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the...

8.6CVSS6.7AI score0.00502EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.8 views

EulerOS 2.0 SP12 : bind (EulerOS-SA-2026-1082)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the...

8.6CVSS6.7AI score0.00502EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:15 a.m.6 views

CVE-2021-0131

Use of cryptographically weak pseudo-random number generator PRNG in an API for the IntelR Security Library before version 3.3 may allow an authenticated user to potentially enable information disclosure via network access...

6.5CVSS6.1AI score0.0081EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:34 a.m.9 views

CVE-2017-18486

Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote...

7.2CVSS7.5AI score0.04807EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:40 a.m.11 views

CVE-2022-26943

The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited...

8.8CVSS6.9AI score0.00314EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:54 a.m.17 views

CVE-2013-7372

The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNGSecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture JCA in Android before 4.4 and...

5CVSS6.9AI score0.0234EPSS
Exploits1References1
Rows per page
Query Builder