Lucene search
K

372 matches found

Cvelist
Cvelist
added 2026/05/11 7:12 p.m.31 views

CVE-2026-6146 Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys

Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys. Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object. Before version 1.3.0, the secrets were encrypted using a 64-bit key that was...

0.00174EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

WebDyne::Session 安全特征问题漏洞

WebDyne::Session is a server-side component developed by ASPEER’s individual developers, used for session management in web applications. Versions of WebDyne::Session 2.075 and earlier contained security vulnerabilities. These vulnerabilities stemmed from insecure session ID generation. The sessi...

6.5CVSS5.8AI score0.00304EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 6:16 p.m.5 views

UBUNTU-CVE-2026-6659

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References5
CVE
CVE
added 2026/05/08 5:17 p.m.25 views

CVE-2026-6659

CVE-2026-6659 affects Crypt::PasswdMD5 up to 1.42 for Perl. Root cause: salts generated with Perl’s built-in rand are predictable, making password hashes vulnerable to weaknesses in randomness. Exploitation details are not provided in the documents. No remediation information is present in the pr...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/30 11:49 a.m.5 views

CVE-2026-5080

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

5.9CVSS5.3AI score0.00374EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/16 1:22 p.m.5 views

CVE-2026-5088

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

7.5CVSS5.8AI score0.00572EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-33009

Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The make salt and make salt bcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simpl...

5.8AI score0.00572EPSS
Exploits0References4
OSV
OSV
added 2026/04/14 1:3 a.m.2 views

GHSA-CQ8V-F236-94QC Rand is unsound with a custom logger using rand::rng()

It has been reported by @lopopolo that the rand library is unsound i.e. that safe code using the public API can cause Undefined Behaviour when all the following conditions are met: - The log and threadrng features are enabled - A custom logger is defined - The custom logger accesses rand::rng...

5.7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/14 1:3 a.m.7 views

Rand is unsound with a custom logger using rand::rng()

It has been reported by @lopopolo that the rand library is unsound i.e. that safe code using the public API can cause Undefined Behaviour when all the following conditions are met: - The log and threadrng features are enabled - A custom logger is defined - The custom logger accesses rand::rng...

5.7AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/13 9:31 a.m.11 views

EUVD-2026-21885

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

9.1CVSS5.7AI score0.00339EPSS
Exploits0References4
NVD
NVD
added 2026/04/13 7:16 a.m.6 views

CVE-2026-5085

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

9.1CVSS0.00339EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:56 a.m.3 views

CVE-2026-5085

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

5.7AI score0.00339EPSS
Exploits0References4
OSV
OSV
added 2026/04/09 12:0 p.m.13 views

RUSTSEC-2026-0097 Rand is unsound with a custom logger using `rand::rng()`

It has been reported by @lopopolo that the rand library is unsound i.e. that safe code using the public API can cause Undefined Behaviour when all the following conditions are met: - The log and threadrng features are enabled - A custom logger is defined - The custom logger accesses rand::rng...

5.7AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/01 5:40 p.m.3 views

CVE-2026-5087

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

7.5CVSS5.9AI score0.00316EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/31 10:4 a.m.3 views

CVE-2025-15618 Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

5.9AI score0.00328EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/06 7:55 a.m.7 views

CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

9.1CVSS5.8AI score0.00583EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:51 a.m.8 views

CVE-2024-57854

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...

9.1CVSS5.8AI score0.00409EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 3:31 a.m.7 views

EUVD-2024-55467

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...

9.1CVSS5.9AI score0.00409EPSS
Exploits0References3
OSV
OSV
added 2026/03/05 3:15 a.m.7 views

CVE-2024-57854

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...

9.1CVSS5.8AI score0.00409EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/05 2:18 a.m.31 views

CVE-2024-57854 Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...

0.00409EPSS
Exploits0References2
Rows per page
Query Builder