Lucene search
K

246 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-47831

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS7.1AI score0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 3:33 a.m.8 views

EUVD-2026-40879

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...

4.8CVSS5.8AI score0.00283EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 3:33 a.m.8 views

CVE-2026-44040 UltraVNC vncauth.c uses time-seeded libc rand() to generate VNC authentication challenge bytes

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...

4.8CVSS5.8AI score0.00283EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 3:33 a.m.15 views

CVE-2026-44040

UltraVNC

6.5CVSS5.8AI score0.00283EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54477

Name of the Vulnerable Software and Affected Versions UltraVNC versions prior to 1.8.2.3 Description The software uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. Specifically, the vncRandomBytes function seeds libc rand using a combinati...

6.5CVSS6AI score0.00283EPSS
Exploits0References7
CVE
CVE
added 2026/06/30 11:5 a.m.15 views

CVE-2026-57082

The CVE-2026-57082 issue affects Net::BitTorrent for Perl (up to version 2.0.1). The MSE handshake derives its 160-bit Diffie-Hellman private key from Perl’s rand(), a non-cryptographic PRNG seeded once per process, via KeyExchange.pm. As a result, the shared secret and the RC4 keys (SHA-1("keyA"...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 11:5 a.m.6 views

CVE-2026-57082

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/26 8:13 a.m.6 views

CVE-2026-11702 Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess...

5.8AI score0.00292EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 8:13 a.m.9 views

EUVD-2026-39641

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess...

7.5CVSS5.7AI score0.00447EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/26 8:7 a.m.6 views

CVE-2026-11625 Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

5.8AI score0.00309EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 8:16 a.m.14 views

CVE-2026-9733

Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time which is leaked via t...

9.1CVSS0.00339EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.29 views

CVE-2026-45673

A flaw was found in Netty's DNS resolver component. This vulnerability arises from the use of a predictable pseudo-random number generator PRNG for DNS transaction IDs and a static User Datagram Protocol UDP source port. This combination significantly reduces the randomness of DNS queries, making...

6.8CVSS4.9AI score0.00256EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/27 11:52 p.m.16 views

CVE-2026-45949

A flaw was found in the Linux kernel's hardware random number generator hwrng core. A race condition exists where concurrent or rapid calls to the hwrngunregister function can lead to a use-after-free vulnerability. This issue allows the system to attempt to access freed memory, potentially causi...

5.5CVSS6AI score0.00088EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 12:58 p.m.11 views

EUVD-2026-32457

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path Unregister the hwrng to prevent new -read calls and flush the Atmel I2C workqueue before teardown to prevent a potential UAF if a queued callback runs while...

5.8AI score0.00129EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.14 views

CVE-2026-45949

hwrng: core - use RCU and workstruct to fix race condition...

5.8AI score0.00088EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.19 views

PT-2026-43816

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the hardware random number generator hwrng core. The hwrng fill pointer is not cleared until the hwrng fillfn thread exits. Because hwrng unregister reads hwrn...

4.7CVSS5.5AI score0.00088EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/05/21 11:42 a.m.10 views

CVE-2026-40975

A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...

8.2CVSS5.8AI score0.00312EPSS
Exploits0References4
OSV
OSV
added 2026/05/18 7:52 a.m.12 views

SUSE-SU-2026:1952-1 Security update for ovmf

This update for ovmf fixes the following issues - CVE-2026-25833: mbedtls: buffer underflow in x509inetptonipv6 bsc1261476. - CVE-2026-25834: mbedtls: Algorithm downgrade vulnerability bsc1261477. - CVE-2026-25835: mbedtls: PSA random generator cloning bsc1261478. - CVE-2026-34874: mbedtls: NULL...

7.7CVSS5.9AI score0.00308EPSS
Exploits0References9
NVD
NVD
added 2026/05/15 6:16 p.m.28 views

CVE-2026-46474

Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

7.5CVSS0.00316EPSS
Exploits0References3
NVD
NVD
added 2026/05/14 8:17 p.m.14 views

CVE-2026-3290

Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values...

7.4CVSS0.00159EPSS
Exploits0References2
Rows per page
Query Builder