5 matches found
OESA-2026-2423 perl-Authen-SASL security update
Authen::SASL::Perl is the pure Perl implementation of SASL mechanisms in the Authen::SASL framework, At the time of this writing it provides the client part implementation for the following SASL mechanisms. Security Fixes: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl...
TencentOS Server 4: perl-Authen-SASL (TSSA-2025:0713)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0713 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
EUVD-2025-21696
Malicious code in bioql PyPI...
CVE-2025-40918 Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely
Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...
PT-2025-29831
Name of the Vulnerable Software and Affected Versions Authen::SASL::Perl::DIGEST MD5 versions 2.04 through 2.1800 Description The cnonce client nonce is generated insecurely from an MD5 hash of the PID, the epoch time, and the built-in rand function. The PID originates from a limited set of...