381 matches found
EUVD-2026-42021
EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...
CVE-2026-7830 UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception
UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...
CVE-2026-7830 UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception
UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...
EUVD-2026-40882
UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...
PT-2026-54486
Name of the Vulnerable Software and Affected Versions UltraVNC versions prior to 1.8.2.3 Description Inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNC MsLogonIIAuth allows a network attacker to disclose credentials. In the file rfb/dh.cpp, the Diffie-Hellman key exchang...
EUVD-2026-40291
Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: hwrng: core – Use RCU and workstruct to fix race conditions Currently, the hwrngfill function is not cleared until the hwrngfillfn thread exits. Since hwrngunregister reads hwrngfill outside of the rngmutex lock, a concurrent...
Cloud Foundry windows-utilities-release 安全漏洞
Cloud Foundry Windows-Utilities-Release is a collection of Windows platform maintenance tools provided by the Cloud Foundry company. There are security vulnerabilities in Cloud Foundry Foundation Windows-Utilities-Release; these vulnerabilities stem from the use of a predictable random number...
EUVD-2026-32233
In the Linux kernel, the following vulnerability has been resolved: hwrng: core - use RCU and workstruct to fix race condition Currently, hwrngfill is not cleared until the hwrngfillfn thread exits. Since hwrngunregister reads hwrngfill outside the rngmutex lock, a concurrent hwrngunregister may...
CVE-2026-46075 crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path Unregister the hwrng to prevent new -read calls and flush the Atmel I2C workqueue before teardown to prevent a potential UAF if a queued callback runs while...
CVE-2026-45949
In the Linux kernel, the following vulnerability has been resolved: hwrng: core - use RCU and workstruct to fix race condition Currently, hwrngfill is not cleared until the hwrngfillfn thread exits. Since hwrngunregister reads hwrngfill outside the rngmutex lock, a concurrent hwrngunregister may...
Fedora 43 : perl-Crypt-DSA (2026-fdc100f74f)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fdc100f74f advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: hwrng: geode – Fixed the PCI device reference count leak issue. The function foreachpcidev is implemented through pcigetdevice. The comment accompanying pcigetdevice states that it will increase the reference count of the...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: hwrng: virtio – Fixed a race condition related to dataavail and actual data. The virtio rng device initiates a new entropy request whenever the data available becomes zero. When a new request occurs at the end of a read...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: hwrng: amd – Fixed the PCI device reference count leak. foreachpcidev is implemented through pcigetdevice. The comment accompanying pcigetdevice states that it will increase the reference count of the returned pcidev, and also...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: x86/coco: Requires seeding the RNG with RDRAND on CoCo systems. There are few uses of CoCo that do not rely on functional cryptography and, consequently, a functioning RNG. Unfortunately, the CoCo threat model means that the VM...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng – ensure the buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. The qcomrngread function may...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013007)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013007 advisory. In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in kssarnginit Fix division by zero in kssarnginit caused by...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013171)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013171 advisory. In the Linux kernel, the following vulnerability has been resolved: hwrng: virtio - Fix race on dataavail and actual data The virtio rng device kicks off a new entro...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013017)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013017 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: rng - Ensure setent is always present Ensure that setent is always set since only drbg...