Lucene search
K

334 matches found

redhat
redhat
added 2025/11/26 7:25 a.m.6 views

bind: Cache poisoning due to weak PRNG

A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...

8.6CVSS6.1AI score0.00454EPSS
Exploits0References4
redhat
redhat
added 2025/11/20 9:12 p.m.5 views

bind: Cache poisoning due to weak PRNG

A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...

8.6CVSS6.1AI score0.00454EPSS
Exploits0References4
redhat
redhat
added 2025/11/20 8:5 a.m.10 views

bind: Cache poisoning due to weak PRNG

A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...

8.6CVSS6.1AI score0.00454EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/11/19 4:16 a.m.4 views

CVE-2025-52578

Incorrect Usage of Seeds in Pseudo-Random Number Generator CWE- 335 vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communications. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in...

5.7CVSS6.6AI score0.0013EPSS
Exploits0References1
euvd
euvd
added 2025/11/18 6:30 a.m.3 views

EUVD-2025-197913

Incorrect Usage of Seeds in Pseudo-Random Number Generator CWE- 335 vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communications. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in...

5.7CVSS6.1AI score0.0013EPSS
Exploits0References2
cvelist
cvelist
added 2025/11/18 3:26 a.m.15 views

CVE-2025-52578

Incorrect Usage of Seeds in Pseudo-Random Number Generator CWE- 335 vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communications. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in...

5.7CVSS0.0013EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/11/18 12:0 a.m.6 views

PT-2025-47241

Incorrect Usage of Seeds in Pseudo-Random Number Generator CWE- 335 vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communications. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in...

5.7CVSS6.7AI score0.0013EPSS
Exploits0References2
suse
suse
added 2025/11/14 3:56 p.m.5 views

Security update for bind

This update for bind fixes the following issues: CVE-2025-40778: Address various spoofing attacks bsc1252379. CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

9.2CVSS6.9AI score0.00509EPSS
Exploits1References8
redos
redos
added 2025/11/13 12:0 a.m.5 views

ROS-20251113-06

The BIND DNS server vulnerability is related to a pseudo-random number generator PRNG vulnerability. Exploitation exploitation of the vulnerability could allow a remote attacker to compromise the integrity of data in the DNS system A vulnerability in the BIND DNS server is related to the loading ...

8.6CVSS5.5AI score0.1096EPSS
Exploits1
osv
osv
added 2025/11/12 3:42 p.m.5 views

USN-7836-2 bind9 vulnerabilities

USN-7836-1 fixed vulnerabilities in Bind. This update provides the corresponding fixes for Ubuntu 20.04 LTS. Original advisory details: Zuyao Xu and Xiang Li discovered that Bind incorrectly handled certain malformed DNSKEY records. A remote attacker could possibly use this issue to cause Bind to...

8.6CVSS6.8AI score0.1096EPSS
Exploits1References4
redhat
redhat
added 2025/11/12 10:49 a.m.7 views

bind: Cache poisoning due to weak PRNG

A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...

8.6CVSS6.1AI score0.00454EPSS
Exploits0References4
redhat
redhat
added 2025/11/12 10:44 a.m.7 views

Important: Red Hat Security Advisory: bind9.18 security update

An update for bind9.18 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

8.6CVSS6.7AI score0.1096EPSS
Exploits1References4
cve
cve
added 2025/11/10 7:44 a.m.35 views

CVE-2025-41731

CVE-2025-41731 involves Jumo variTRON300 devices where the password for the debug interface is generated from a weak PRNG. An unauthenticated local attacker who knows the password-generation timeframe could brute-force the password in a timely manner and gain root access if the debug interface re...

7.4CVSS6.6AI score0.00125EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/11/10 7:44 a.m.4 views

CVE-2025-41731 Jumo: Insufficient entropy in PRNG may lead to root access

A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the...

7.4CVSS6.6AI score0.00125EPSS
Exploits0References1
cvelist
cvelist
added 2025/11/10 7:44 a.m.12 views

CVE-2025-41731 Jumo: Insufficient entropy in PRNG may lead to root access

A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the...

7.4CVSS0.00125EPSS
Exploits0References1
redhat
redhat
added 2025/11/10 2:58 a.m.11 views

bind: Cache poisoning due to weak PRNG

A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...

8.6CVSS6.1AI score0.00454EPSS
Exploits0References4
nessus
nessus
added 2025/11/07 12:0 a.m.4 views

RHEL 10 : bind (RHSA-2025:19912)

"The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19912 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

8.6CVSS6.6AI score0.1096EPSS
Exploits1References8
openvas
openvas
added 2025/10/23 12:0 a.m.6 views

ISC BIND Cache Poisoning Vulnerability (CVE-2025-40780) - Windows

ISC BIND is prone to cache poisoning attacks due to a weak Pseudo Random Number Generator PRNG. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

8.6CVSS7AI score0.00454EPSS
Exploits0References2
snyk
snyk
added 2025/10/22 10:43 p.m.2 views

Predictable Seed in Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Predictable Seed in Pseudo-Random Number Generator PRNG via the use of RandomStringUtils with the default java.util.Random PRNG. An attacker can recover sensitive information by predicting the server-side encryption key if they can obta...

5.9CVSS6.7AI score0.00182EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/10/22 10:19 p.m.3 views

CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...

2.6CVSS6.3AI score0.00182EPSS
Exploits0References2
Rows per page
Query Builder