Lucene search
+L

434 matches found

Vulnrichment
Vulnrichment
added 2025/09/17 2:25 p.m.2 views

CVE-2025-40933 Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...

6.6AI score0.00383EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.13 views

PT-2025-38160

Name of the Vulnerable Software and Affected Versions: Apache::AuthAny::Cookie versions 0.201 and earlier Description: The software generates session IDs insecurely using an MD5 hash of the epoch time and the rand function. The epoch time may be guessable if not concealed by the HTTP Date header,...

7.5CVSS6.3AI score0.00383EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.5 views

MetaCPAN Apache::AuthAny::Cookie 安全漏洞

MetaCPAN Apache::AuthAny::Cookie is a Perl authentication module from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Apache::AuthAny::Cookie version 0.201 and earlier, which stems from the use of MD5 hash and rand functions to generate insecure session IDs, which could lead ...

7.5CVSS6.8AI score0.00383EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/16 12:0 a.m.12 views

Fedora 42 : perl-Plack-Middleware-Session (2025-ca07c36a0a)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ca07c36a0a advisory. This update upgrade the package to version 0.36. This version fixes CVE-2025-40923 by using Crypt::SysRandom to generate secure session IDs. Tenable has...

7.3CVSS5.5AI score0.00329EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/16 12:0 a.m.4 views

Fedora 42 : perl-Catalyst-Plugin-Session (2025-90d5989bee)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-90d5989bee advisory. This update upgrade the package to version 0.44. This version fixes CVE-2025-40924 by using Crypt::SysRandom to generate properly random session IDs. Tenable...

6.5CVSS5.5AI score0.00252EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-10945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Centreon before 19.10.7 exposes Session IDs in server responses. CVE-2020-10945 Note that Nessus relies on the presence of the package as reported by the vendor...

4.3CVSS5.1AI score0.00597EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/30 6:18 p.m.5 views

CVE-2025-30041

The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs...

9CVSS7AI score0.00165EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2014-2875

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrar...

6.1CVSS6.4AI score0.01631EPSS
Exploits0References2
OSV
OSV
added 2025/07/17 2:15 p.m.1 views

DEBIAN-CVE-2025-40924

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

6.5CVSS5.3AI score0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/17 1:33 p.m.13 views

CVE-2025-40924 Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

0.00252EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/17 1:33 p.m.2 views

CVE-2025-40924 Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

7AI score0.00252EPSS
Exploits0References3
OSV
OSV
added 2025/07/17 1:33 p.m.6 views

CVE-2025-40924 Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

6.5CVSS6.1AI score0.00252EPSS
Exploits0References7
NVD
NVD
added 2025/07/16 1:15 p.m.7 views

CVE-2025-40923

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...

7.3CVSS0.00329EPSS
Exploits0References5
OSV
OSV
added 2025/07/16 1:15 p.m.3 views

DEBIAN-CVE-2025-40923

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...

7.3CVSS5.3AI score0.00329EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/16 1:5 p.m.6 views

CVE-2025-40923 Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...

7.3AI score0.00329EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/16 1:5 p.m.11 views

CVE-2025-40923 Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...

0.00329EPSS
Exploits0References4
OSV
OSV
added 2025/07/16 1:5 p.m.8 views

CVE-2025-40923 Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...

7.3CVSS6.1AI score0.00329EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/23 10:44 a.m.15 views

CVE-2024-47945

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions...

9.8CVSS6.9AI score0.00856EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 12:21 a.m.5 views

CVE-2022-46353

A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The webserver of affected device...

9.8CVSS7AI score0.01001EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:27 p.m.10 views

CVE-2021-26098

An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs...

7.5CVSS6.6AI score0.00814EPSS
Exploits0References1
Rows per page
Query Builder