431 matches found
SUSE CVE-2016-9244
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer SSL session IDs from other sessions. It is possible...
PT-2026-41294
Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...
Apache::Session::Generate::SHA256 安全特征问题漏洞
Apache::Session::Generate::SHA256 is a session management module developed by the Apache Foundation. Versions of Apache::Session::Generate::SHA256 prior to 1.3.19 contained security vulnerabilities. These vulnerabilities stemmed from insecure session ID generation. The use of the built-in rand...
CVE-2026-5084
CVE-2026-5084 affects WebDyne::Session for Perl up to version 2.075. The vulnerability stems from generating the session id via an MD5 hash seeded with rand(), where rand() is seeded with 32 bits based on process id, epoch time, and the object’s address. This seed is predictable, making session I...
EUVD-2026-29039
WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand function. The rand function is passed a maximum value based on the process id, the epoch time and the referen...
WebDyne::Session 安全特征问题漏洞
WebDyne::Session is a server-side component developed by ASPEER’s individual developers, used for session management in web applications. Versions of WebDyne::Session 2.075 and earlier contained security vulnerabilities. These vulnerabilities stemmed from insecure session ID generation. The sessi...
PT-2026-39577
Name of the Vulnerable Software and Affected Versions WebDyne::Session versions prior to 2.076 Description The session handler generates session identifiers insecurely using an MD5 hash seeded with the built-in rand function. The rand function is seeded by 32-bits, making it predictable and...
EUVD-2026-28997
Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' session ids may be leaked. This may allow an attacker to use session ids a...
Catalyst::Plugin::Statsd 安全漏洞
Catalyst::Plugin::Statsd is a plugin module by Robert Rothenberg, an individual developer, for capturing application runtime metrics and sending them to a statistics system. A security vulnerability exists in Catalyst::Plugin::Statsd 0.10.0 and earlier versions, which stems from an unencrypted...
CVE-2026-5081
The CVE-2026-5081 entry concerns Apache::Session::Generate::ModUniqueId for Perl. Affected versions: 1.54 through 1.94 use the UNIQUE_ID environment variable (set by mod_unique_id) as the session id. The UNIQUE_ID is built from the request’s IPv4 address, process id, epoch time, a 16-bit counter,...
PT-2026-37627
Name of the Vulnerable Software and Affected Versions Apache::Session::Generate::ModUniqueId versions 1.54 through 1.94 Description Apache::Session::Generate::ModUniqueId uses the UNIQUE ID environment variable for session identifiers. This variable is generated by the Apache mod unique id plugin...
Linux Distros Unpatched Vulnerability : CVE-2026-5081
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in versio...
Linux Distros Unpatched Vulnerability : CVE-2026-5080
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints o...
EUVD-2026-26369
Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...
Dancer::Session::Abstract 安全特征问题漏洞
Dancer::Session::Abstract is an abstract module for session management developed by BIGPRESH’s individual developers. Versions of Dancer::Session::Abstract prior to 1.3522 have security vulnerabilities. These vulnerabilities stem from insecure session ID generation, which could allow attackers to...
EUVD-2026-21885
Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...
CVE-2026-5085 Solstice::Session versions through 1440 for Perl generates session ids insecurely
Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...
CVE-2026-5085
CVE-2026-5085 affects Solstice::Session (Perl) versions through 1440. The root cause is insecure session ID generation in _generateSessionID (and _generateID in Solstice::Subsession), which uses an MD5 digest seeded by the epoch time, a random hash reference, the built-in rand() (seeded with 16 b...
EUVD-2026-20060
Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generatesessionid function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand...
CVE-2026-5083
Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked fr...