Lucene search
+L

703 matches found

CVE
CVE
added 2025/12/22 2:21 p.m.29 views

CVE-2025-26379

CVE-2025-26379 concerns Johnson Controls PowerG products (IQ Panels2, 2+, IQHub, IQPanel 4). The issue is use of a cryptographically weak pseudo-random number generator, enabling an attacker to read or inject encrypted PowerG packets. Documents consistently cite the weak PRNG as the root cause an...

7.2CVSS6.4AI score0.00167EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.6 views

Oracle Linux 10 : bind (ELSA-2025-21034)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21034 advisory. - Fix upstream reported regression in recent CVE fix CVE-2025-8677 - Refuse malformed DNSKEY records CVE-2025-8677 - Address various spoofing attacks...

8.6CVSS6.6AI score0.11203EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.6 views

Oracle Linux 9 : bind (ELSA-2025-21110)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21110 advisory. - Prevent cache poisoning due to weak PRNG CVE-2025-40780 - Address various spoofing attacks CVE-2025-40778 Tenable has extracted the preceding...

8.6CVSS6.6AI score0.00502EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/24 12:0 a.m.5 views

F5 Networks BIG-IP : BIND vulnerability (K000157948)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000157948 advisory. In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, ...

8.6CVSS6.5AI score0.00464EPSS
Exploits0References2
CVE
CVE
added 2025/11/18 3:26 a.m.18 views

CVE-2025-52578

CVE-2025-52578 describes an incorrect usage of seeds in a pseudo-random number generator (PRNG) affecting Gallagher Command Centre Server. The issue allows a sophisticated attacker with physical access to compromise internal device communications. Affected versions include 9.30 before vCR9.30.251...

5.7CVSS6.3AI score0.00142EPSS
Exploits0References1
OSV
OSV
added 2025/11/14 12:38 p.m.8 views

OESA-2025-2654 bind security update

Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. Security Fixes: Under...

8.6CVSS8.8AI score0.11203EPSS
Exploits1References4
Redos
Redos
added 2025/11/13 12:0 a.m.7 views

ROS-20251113-07

The BIND DNS server vulnerability is related to a pseudo-random number generator PRNG vulnerability. Exploitation exploitation of the vulnerability could allow a remote attacker to compromise the integrity of data in the DNS system A vulnerability in the BIND DNS server is related to the loading ...

8.6CVSS5.5AI score0.11203EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2025/11/10 2:58 a.m.12 views

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 9.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.6CVSS6.7AI score0.00502EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/10 12:0 a.m.9 views

AlmaLinux 10 : bind (ALSA-2025:19912)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19912 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 bind: Resource exhaustion via...

8.6CVSS6.7AI score0.11203EPSS
Exploits1References5
Oracle linux
Oracle linux
added 2025/11/10 12:0 a.m.9 views

bind9.18 security update

32:9.18.29-4.2 - Fix upstream reported regression in recent CVE fix CVE-2025-8677 - Add upstream created test to this regression 32:9.18.29-4.1 - Refuse malformed DNSKEY records CVE-2025-8677 - Address various spoofing attacks CVE-2025-40778 - Prevent cache poisoning due to weak PRNG CVE-2025-407...

8.6CVSS7AI score0.11203EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2025/11/06 3:50 p.m.6 views

bind: Cache poisoning due to weak PRNG

A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...

8.6CVSS6.1AI score0.00464EPSS
Exploits0References4
NCSC
NCSC
added 2025/10/27 8:24 a.m.8 views

Vulnerabilities fixed in BIND 9

ISC has fixed vulnerabilities in BIND 9 Specifically for versions 9.16.0 to 9.16.50, 9.18.0 to 9.18.39, 9.20.0 to 9.20.13, and 9.21.0 to 9.21.12. The vulnerabilities are located in BIND 9's DNS resolvers. The first vulnerability allows attackers to inject forged DNS records into the cache, which...

8.6CVSS7.1AI score0.11203EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-40780

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the source port...

8.6CVSS6.2AI score0.00464EPSS
Exploits0References2
CVE
CVE
added 2025/10/22 10:19 p.m.30 views

CVE-2025-62710

CVE-2025-62710 affects Sakai (Sakai kernel-impl) where EncryptionUtilityServiceImpl initializes an AES-256 text encryptor password (serverSecretKey) with RandomStringUtils backed by java.util.Random. The non-cryptographic PRNG can be predicted from limited state/seed information, reducing the sea...

5.9CVSS6.3AI score0.00186EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/10/22 10:19 p.m.60 views

CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...

5.9CVSS0.00186EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/22 3:48 p.m.22 views

CVE-2025-40780 Cache poisoning due to weak PRNG

In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.1...

8.6CVSS0.00464EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/10/22 3:48 p.m.5 views

CVE-2025-40780

In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.1...

8.6CVSS6.8AI score0.00464EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.9 views

PT-2025-43373

Name of the Vulnerable Software and Affected Versions BIND versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1. Description Due to a weakness in the...

8.6CVSS6AI score0.11203EPSS
Exploits1References95
OSV
OSV
added 2025/10/22 12:0 a.m.5 views

UBUNTU-CVE-2025-40780

In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.1...

8.6CVSS6.3AI score0.00464EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-0068

Malware in sbrugna...

5CVSS6.1AI score0.0152EPSS
Exploits1References9
Rows per page
Query Builder