Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/04/08 5:53 a.m.23 views

CVE-2026-5083 Ado::Sessions versions through 0.935 for Perl generates insecure session ids

Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked fr...

0.00428EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 8:12 p.m.4 views

CVE-2026-3255

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...

6.5CVSS5.9AI score0.00418EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/13 7:29 p.m.6 views

CVE-2025-68704 Jervis has a Weak Random for Timing Attack Mitigation

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

8.2CVSS6.4AI score0.00231EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/30 12:41 a.m.4 views

CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation.

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS6.6AI score0.00363EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-0584

Malware in sbrugna...

5.1CVSS5.3AI score0.00338EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2025/07/16 2:0 p.m.5 views

CVE-2025-40918

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...

6.5CVSS5.5AI score0.00394EPSS
Exploits0
OSV
OSV
added 2025/04/05 4:15 p.m.5 views

UBUNTU-CVE-2024-58036

Net::Dropbox::API 1.9 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is "Useful mostly for test...

5.5CVSS5.8AI score0.00264EPSS
Exploits0References8
OSV
OSV
added 2018/11/07 12:29 a.m.2 views

GHSA-QV2V-M59F-V5FW Insecure randomness in socket.io

Affected versions of socket.io depend on Math.random to create socket IDs, and therefore the IDs are predictable. With enough information on prior IDs, an attacker may be able to guess the socket ID and gain access to socket.io servers without authorization. Recommendation Update to v0.9.7 or lat...

7.5CVSS7AI score0.02EPSS
Exploits0References7
Rows per page
Query Builder