1582 matches found
PT-2026-45637
Memory Corruption when sending random number generator command with insufficient output buffer size...
Qualcomm Chipsets 缓冲区错误漏洞
Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. Qualcomm Chipsets have a buffer error vulnerability, which stems from insufficient output buffer size during the execution of random number generator commands, leading to memory corruption...
USN-8325-1 tgt vulnerability
It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could possibly use this issue to make tgt generate an identical sequence of challenges, resulting in authentication bypass...
USN-8325-1: tgt vulnerability
It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could possibly use this issue to make tgt generate an identical sequence of challenges, resulting in authentication bypass...
CVE-2026-46075
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path Unregister the hwrng to prevent new -read calls and flush the Atmel I2C workqueue before teardown to prevent a potential UAF if a queued callback runs while...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: hwrng: cavium – fixed the NULL pointer dereference issue in coccicheck. Fixed the following coccicheck warnings: ./drivers/char/hwrandom/cavium-rng-vf.c:182:17-20: Error: pdev is NULL, but it was dereferenced...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: tpm: Added !tpmamdisrngdefective to the hwrngunregister call site The following crash was reported: 1950.279393 listdel corruption, ffff99560d485790-next is NULL 1950.279400 ------------ cut here ------------ 1950.279401 Kerne...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Netfilter: Use getrandomu32 instead of prandom. This issue may occur when updating the per-cpu rndstate from a user context, i.e., the localout path. BUG: Using smpprocessorid in preemptible 00000000 code: nginx/2725. Caller is...
Astra Linux – Vulnerability in pgagent
When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator was used when generating the directory name, which allows a local attacker to pre-create the directory a...
Apache::Session::Generate::SHA256 安全特征问题漏洞
Apache::Session::Generate::SHA256 is a session management module developed by the Apache Foundation. Versions of Apache::Session::Generate::SHA256 prior to 1.3.19 contained security vulnerabilities. These vulnerabilities stemmed from insecure session ID generation. The use of the built-in rand...
EUVD-2026-30381
Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values...
CVE-2026-3290
CVE-2026-3290 affects the HRNG in the RS9116. When power-save mode is enabled, timing limitations produce predictable random values, as described in the connected records. The CVSS 4.0 vector indicates high impact on confidentiality and integrity with adjacent access and no privileges, and passiv...
PT-2026-41021
Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values...
SUSE CVE-2022-48629
In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...
EUVD-2026-28620
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...
UBUNTU-CVE-2026-43336
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...
EUVD-2026-26369
Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...
PT-2026-36091
Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...
JLSEC-2026-278
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...
JLSEC-2026-215 OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include...
OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...