Lucene search
K

123 matches found

nessus
nessus
added 2025/04/16 12:0 a.m.8 views

Fedora 41 : perl-Crypt-URandom-Token / perl-DBIx-Class-EncodedColumn (2025-0a8c805972)

The remote Fedora 41 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-0a8c805972 advisory. Needed for perl-DBIx-Class-EncodedColumn-0.11 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

4CVSS5.1AI score0.0011EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/04/12 11:41 p.m.9 views

CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...

4.3AI score0.00176EPSS
Exploits0References4
rocky
rocky
added 2025/03/17 8:16 p.m.7 views

perl-Crypt-OpenSSL-RSA bug fix and enhancement update

An update is available for perl-Crypt-OpenSSL-RSA. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

6.8AI score
Exploits0
nessus
nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2024-2467

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a...

5.9CVSS6.3AI score0.00516EPSS
Exploits0References4
osv
osv
added 2024/12/29 7:15 a.m.2 views

DEBIAN-CVE-2018-25107

The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...

7.5CVSS5.3AI score0.00414EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2024/07/25 12:0 a.m.10 views

The vulnerability of the perl-Crypt-OpenSSL-RSA package on Red Hat Enterprise Linux operating systems allows a attacker to execute the Bleichenbacher attack.

The vulnerability of the perl-Crypt-OpenSSL-RSA package in Red Hat Enterprise Linux operating systems is related to the disclosure of information due to incompatibility. Exploiting this vulnerability could allow a remote attacker to execute a Bleichenbacher attack...

7.1CVSS6.3AI score0.00516EPSS
Exploits0References6Affected Software2
nessus
nessus
added 2024/05/11 12:0 a.m.28 views

RHEL 7 : perl-crypt-openssl-rsa (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - perl-Crypt-OpenSSL-RSA: side-channel attack in PKCS1 v1.5 padding mode Marvin Attack CVE-2024-2467 Note that Nessus...

5.8AI score0.00516EPSS
Exploits0References1
nessus
nessus
added 2024/05/11 12:0 a.m.21 views

RHEL 6 : perl-crypt-openssl-rsa (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - perl-Crypt-OpenSSL-RSA: side-channel attack in PKCS1 v1.5 padding mode Marvin Attack CVE-2024-2467 Note that Nessus...

5.8AI score0.00516EPSS
Exploits0References1
osv
osv
added 2024/04/25 5:15 p.m.6 views

AZL-44739 CVE-2024-2467 affecting package perl-Crypt-OpenSSL-RSA 0.33-1

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS6.2AI score0.00516EPSS
Exploits0References1
osv
osv
added 2024/04/25 5:15 p.m.23 views

CVE-2024-2467

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS6.3AI score0.00516EPSS
Exploits0References4
nvd
nvd
added 2024/04/25 5:15 p.m.19 views

CVE-2024-2467

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS5.4AI score0.00516EPSS
Exploits0References4
osv
osv
added 2024/04/25 5:15 p.m.9 views

UBUNTU-CVE-2024-2467

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS5.8AI score0.00516EPSS
Exploits0References3
cvelist
cvelist
added 2024/04/25 4:45 p.m.81 views

CVE-2024-2467 Perl-crypt-openssl-rsa: side-channel attack in pkcs#1 v1.5 padding mode (marvin attack)

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS5.6AI score0.00516EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/04/25 4:45 p.m.280 views

CVE-2024-2467 Perl-crypt-openssl-rsa: side-channel attack in pkcs#1 v1.5 padding mode (marvin attack)

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS6.4AI score0.00516EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/03/12 12:0 a.m.4 views

PT-2024-5167

Name of the Vulnerable Software and Affected Versions: perl-Crypt-OpenSSL-RSA affected versions not specified Description: A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attac...

7.1CVSS5.7AI score0.00516EPSS
Exploits0References38
rocky
rocky
added 2022/05/17 7:12 a.m.17 views

new packages: perl-Crypt-OpenSSL-RSA

An update is available for perl-Crypt-OpenSSL-RSA. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

2.2AI score
Exploits0
rocky
rocky
added 2022/05/17 7:12 a.m.12 views

new packages: perl-Crypt-OpenSSL-Bignum

An update is available for perl-Crypt-OpenSSL-Bignum. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see th...

2.2AI score
Exploits0
openvas
openvas
added 2022/01/28 12:0 a.m.15 views

Mageia: Security Advisory (MGASA-2013-0289)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS6.7AI score0.01958EPSS
Exploits0References4
nvd
nvd
added 2019/07/25 2:15 p.m.11 views

CVE-2019-1010161

perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in decodejws. The attack vector is: network connectivitycrafting user-controlled input to bypass authentication. The fixed...

9.8CVSS9.6AI score0.01103EPSS
Exploits0References1
osv
osv
added 2019/07/25 2:15 p.m.18 views

CVE-2019-1010161

perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in decodejws. The attack vector is: network connectivitycrafting user-controlled input to bypass authentication. The fixed...

9.8CVSS7AI score
Exploits0References1
Rows per page
Query Builder