12 matches found
CVE-2026-39031
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a...
PT-2026-50778
Name of the Vulnerable Software and Affected Versions Mojolicious::Sessions::Storable versions prior to 0.06 Description The software generates session IDs insecurely. The default session ID generator utilizes a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address o...
SUSE CVE-2023-43635
Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...
EUVD-2026-20063
Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked fr...
CVE-2026-3256
HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will come...
PT-2026-23117
Name of the Vulnerable Software and Affected Versions Plack::Middleware::Session::Simple versions through 0.04 Description The software generates session IDs insecurely. The default session ID generator uses a SHA-1 hash seeded with the built-in rand function, the epoch time, and the process ID...
OpenClaw 加密问题漏洞
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a cryptographic issue vulnerability that stems from the use of SHA-1 hashed Docker and browser sandbox configurations of the sandbox identifier cache key, which can be exploited by an attacker to enable...
CVE-2025-40925
Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch...
CVE-2025-40925
Starch versions 0.14 and earlier are affected. The insecure session-id generator uses a SHA-1 hash seeded with a counter, epoch time, the built‑in rand, the PID, and Perl reference addresses, making session IDs predictable and potentially enabling unauthorized access. The issue is confirmed acros...
PT-2024-23165 · Brocade · Brocade Sannav
Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: The issue concerns the use of the SHA-1 hash in internal SSH ports. These ports are not open to remote connection. Recommendations: For Brocade SANnav versions...
PT-2024-3222 · Brocade · Brocade Sannav
Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: The issue is related to the class FileTransfer in Brocade SANnav, which uses the ssh-rsa signature scheme with a SHA-1 hash. This could allow a remote,...
CVE-2005-4900
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is...