Lucene search
K

333 matches found

Snyk
Snyk
added 2026/03/31 10:31 p.m.1 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

9.8CVSS5.8AI score0.00376EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 10:31 p.m.2 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

9.8CVSS5.8AI score0.00376EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 10:31 p.m.4 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

9.8CVSS5.8AI score0.00376EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/31 10:31 p.m.5 views

Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)

Impact This vulnerability affects Cloudreve instances that were first deployed/initialized with versions prior to V4.10.0. The application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and...

9.8CVSS5.9AI score0.00376EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.4 views

EulerOS Virtualization 2.13.1 : bind (EulerOS-SA-2026-1633)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker ...

8.6CVSS6.9AI score0.00509EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.5 views

EulerOS Virtualization 2.12.0 : bind (EulerOS-SA-2026-1474)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker ...

8.6CVSS5.9AI score0.00509EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.6 views

EulerOS Virtualization 2.12.1 : bind (EulerOS-SA-2026-1417)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker ...

8.6CVSS5.9AI score0.00509EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.4 views

EulerOS 2.0 SP11 : bind (EulerOS-SA-2026-1570)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the...

8.6CVSS5.9AI score0.00509EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/06 7:0 p.m.3 views

Predictable Seed in Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Predictable Seed in Pseudo-Random Number Generator PRNG in the loop plugin during self-test on server startup. An attacker can cause the DNS server to crash by sending specially crafted DNS queries that exploit the use of a predictable...

8.2CVSS5.8AI score0.01093EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 3:35 p.m.5 views

CVE-2026-26018

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable...

7.5CVSS5.7AI score0.01093EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 3:35 p.m.2 views

CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable...

7.5CVSS5.7AI score0.01093EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/26 6:18 a.m.4 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG due to the use of a predictable algorithm for generating device lock and wipe PINs based solely on the current Unix timestamp. An attacker can gain unauthorized access to...

5.5CVSS6AI score0.00124EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/02 12:0 a.m.7 views

EulerOS 2.0 SP13 : bind (EulerOS-SA-2026-1217)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the...

8.6CVSS5.6AI score0.00509EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/02/02 12:0 a.m.6 views

EulerOS 2.0 SP13 : bind (EulerOS-SA-2026-1205)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the...

8.6CVSS5.6AI score0.00509EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 9 : bind-9.16.23-34.el9_7.1 (AXSA:2025-11501:12)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11501:12 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 Tenable has extracted the...

8.6CVSS7.5AI score0.00509EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002399)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002399 advisory. Off-by-one error in the getprngbytes function in crypto/ansicprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat...

5.8CVSS7.1AI score0.03181EPSS
Exploits0References21
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.5 views

Astra Linux – Vulnerability in bind9

Under certain circumstances, due to a flaw in the Pseudo Random Number Generator PRNG used, an attacker may be able to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through...

8.6CVSS6.6AI score0.00454EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/22 2:21 p.m.34 views

CVE-2025-26379 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG use of Cryptographically Weak Pseudo-Random Number Generator

Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets...

7.2CVSS0.00167EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/22 2:21 p.m.5 views

EUVD-2025-204711

Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets...

7.2CVSS6.3AI score0.00167EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.7 views

PT-2025-52650

Name of the Vulnerable Software and Affected Versions Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG affected versions not specified Description The software utilizes a weak pseudo-random number generator. This could allow an attacker to read or inject encrypted PowerG packets...

7.2CVSS6.3AI score0.00167EPSS
Exploits0References5
Rows per page
Query Builder