Lucene search
K

1302 matches found

CVE
CVE
added 2025/11/26 8:50 a.m.26 views

CVE-2025-59390

Apache Druid’s Kerberos authenticator is affected. If the configuration druid.auth.authenticator.kerberos.cookieSignatureSecret is not set, a weak fallback secret is generated with ThreadLocalRandom, which is not cryptographically secure. This can allow an attacker to predict or brute‑force the c...

9.8CVSS6.8AI score0.00597EPSS
Exploits0References2Affected Software1
Gentoo Linux
Gentoo Linux
added 2025/11/26 12:0 a.m.9 views

librnp: Weak random number generation

Background librnp is a high performance C++ OpenPGP library. Description The affected librnp version generated weak session keys for its public key encryption PKESK mode. Impact Messages encrypted using the affected librnp version might be readable by an attacker with just the public key...

8.7CVSS6.7AI score0.00274EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/26 12:0 a.m.4 views

GLSA-202511-07 : librnp: Weak random number generation

The remote host is affected by the vulnerability described in GLSA-202511-07 librnp: Weak random number generation The affected librnp version generated weak session keys for its public key encryption PKESK mode. Tenable has extracted the preceding description block directly from the Gentoo Linux...

8.7CVSS6AI score0.00274EPSS
Exploits0References3
OSV
OSV
added 2025/11/25 3:27 p.m.4 views

CLSA-2025-1764084458 bind: Fix of 2 CVEs

CVE-2025-40780: fix randomness sources, drop obsolete PRNG test - CVE-2025-40778: fix NS caching, DNAME/referral handling, restore IPv6 TCP tests...

8.6CVSS6.9AI score0.00509EPSS
Exploits1References1
OSV
OSV
added 2025/11/25 8:53 a.m.3 views

SUSE-SU-2025:4222-1 Security update for bind

This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks bsc1252379. - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380...

8.6CVSS6.4AI score0.00509EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2025/11/25 12:24 a.m.2 views

SUSE CVE-2025-62626

Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values...

7.2CVSS7.3AI score0.00156EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.8 views

AlmaLinux 10 : bind (ALSA-2025:21034)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21034 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 bind: Resource exhaustion via...

8.6CVSS6.7AI score0.1096EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/11/24 10:36 a.m.8 views

bind: Cache poisoning due to weak PRNG

A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...

8.6CVSS6.1AI score0.00454EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/11/24 10:36 a.m.4 views

Important: Red Hat Security Advisory: bind9.16 security update

An update for bind9.16 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

8.6CVSS6.7AI score0.00509EPSS
Exploits1References3
EUVD
EUVD
added 2025/11/21 9:30 p.m.4 views

EUVD-2025-198505

Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values...

7.2CVSS6AI score0.00156EPSS
Exploits0References2
NVD
NVD
added 2025/11/21 7:16 p.m.7 views

CVE-2025-62626

Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values...

7.2CVSS0.00156EPSS
Exploits0References1
OSV
OSV
added 2025/11/21 7:16 p.m.3 views

UBUNTU-CVE-2025-62626

Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values...

7.2CVSS7.1AI score0.00156EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2025/11/21 6:52 p.m.2 views

CVE-2025-62626

Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values...

7.2CVSS6.1AI score0.00156EPSS
Exploits0References1
CVE
CVE
added 2025/11/21 6:52 p.m.27 views

CVE-2025-62626

CVE-2025-62626 describes an entropy mishandling issue in AMD CPUs that can cause the RDSEED instruction to return less random values. The vulnerability is discussed across multiple connected advisories indicating a local attacker could influence randomness, with potential implications for cryptog...

7.2CVSS6.2AI score0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/21 6:52 p.m.15 views

CVE-2025-62626

Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values...

7.2CVSS0.00156EPSS
Exploits0References1
OSV
OSV
added 2025/11/21 6:13 p.m.7 views

RLSA-2025:21111 Important: bind9.18 security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

8.6CVSS5.4AI score0.1096EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.2 views

WordPress plugin AuthorSure 跨站请求伪造漏洞

WordPress AuthorSure plugin is an open source plugin designed for the WordPress platform, mainly used to manage the submission process of multi-author sites. WordPress AuthorSure plugin has a cross-site request forgery vulnerability, the vulnerability stems from the lack of random number validati...

6.1CVSS6.8AI score0.00099EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/21 12:0 a.m.5 views

RHEL 9 : bind (RHSA-2025:21887)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21887 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

8.6CVSS6.6AI score0.00509EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/11/20 9:12 p.m.8 views

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.6CVSS6.9AI score0.0325EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2025/11/20 8:47 p.m.4 views

bind: Cache poisoning due to weak PRNG

A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...

8.6CVSS6.1AI score0.00454EPSS
Exploits0References4
Rows per page
Query Builder