321 matches found
Use Of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Cloudreve is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG. The vulnerability is due to the generation of security-sensitive secrets using math/rand seeded with predictable timestamps, which allows an attacker to recover the secret key, forge JWTs, and gain...
JLSEC-2026-465 Mbed TLS may use a low entropy PRNG seed
An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator PRNG...
JLSEC-2026-464 Mbed TLS might use cloned PSA random generator states
Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in the start function. An attacker can gain unauthorized access to active...
Spring Boot's random value property source uses a weak PRNG unsuitable for secrets
Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...
VMware Spring Boot 安全特征问题漏洞
VMware Spring Boot is an open-source framework developed by the American company VMware. There are security vulnerabilities in versions 4.0.0 to 4.0.5, 3.5.0 to 3.5.13, 3.4.0 to 3.4.15, 3.3.0 to 3.3.18, and 2.7.0 to 2.7.32 of VMware Spring Boot. These vulnerabilities stem from the use of random...
SUSE CVE-2026-41564
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A...
CVE-2026-41564
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A...
CVE-2026-41564
CVE-2026-41564 concerns CryptX for Perl before 0.088, where per-object PRNG state seeded in Crypt::PK::* constructors is not reseeded after fork. A Crypt::PK::* object created before a fork can be inherited by multiple child processes with byte-identical PRNG state, enabling identical outputs in ...
CVE-2026-41564 CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A...
CVE-2026-41564
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A...
Linux Distros Unpatched Vulnerability : CVE-2026-41564
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC,...
SUSE CVE-2026-25835
Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...
CVE-2026-25726
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...
CVE-2026-25726
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...
EUVD-2026-18001
An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator PRNG...
CVE-2026-34871
An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator PRNG...
DEBIAN-CVE-2026-34871
An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator PRNG...
CVE-2026-25835
Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...
DEBIAN-CVE-2026-25835
Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...