8 matches found
Fedora 42 : perl-Catalyst-Plugin-Session (2025-90d5989bee)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-90d5989bee advisory. This update upgrade the package to version 0.44. This version fixes CVE-2025-40924 by using Crypt::SysRandom to generate properly random session IDs. Tenable...
Fedora: Security Advisory (FEDORA-2025-90d5989bee)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-40924
Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...
CVE-2025-40924
Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...
CVE-2025-40924 Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely
Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...
CVE-2025-40924
Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...
CVE-2025-40924
CVE-2025-40924 concerns Catalyst::Plugin::Session for Perl, where session IDs are generated from a low-entropy mix (typically a SHA-1 hash of a counter, epoch time, rand(), PID, and Catalyst context). Multiple sources (NVD entry and OSV-facing disclosures) confirm the underlying cause and the ris...
CVE-2025-40924
Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...