CVE-2024-58040

Affected software: Crypt::RandomEncryption (Perl) version 0.01. Root cause: uses insecure rand() during encryption, potentially weakening confidentiality and integrity. Impact (per CVSS metrics): high confidentiality impact, high integrity impact, network attack vector, no user interaction, no pr...

CVE-2024-58040 Crypt::RandomEncryption for Perl uses insecure rand() function during encryption

Crypt::RandomEncryption for Perl version 0.01 uses insecure rand function during encryption...

Medium: perl-Cpanel-JSON-XS

Issue Overview: Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact CVE-2025-40929 Affected Packages: perl-Cpanel-JSON-XS Issue Correction: Run dnf update...

ROS-20250929-03

A vulnerability in a perl module that provides a convenient way to describe rules for searching files and directories File-Find-Rule is related to incorrect input validation when grep is detected. directories File-Find-Rule is related to incorrect input validation when grep detects a specially...

CLSA-2025-1758821123 perl-HTTP-Tiny: Fix of CVE-2023-31486

CVE-2023-31486: fix insecure default TLS configuration...

[SECURITY] Fedora 43 Update: perl-Catalyst-Authentication-Credential-HTTP-1.019-1.fc43

This module lets you use HTTP authentication with Catalyst::Plugin::Authentication. Both basic and digest authentication are currently supported...

[SECURITY] Fedora 41 Update: perl-Cpanel-JSON-XS-4.40-1.fc41

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

CVE-2025-40933 Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...

OESA-2025-2242 perl-Cpanel-JSON-XS security update

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C. Security Fixes: Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault...

[SECURITY] [DSA 6000-1] libcpanel-json-xs-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6000-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 11, 2025 https://www.debian.org/security/faq -...

ALPINE-CVE-2025-40929

Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact...

AZL-67088 CVE-2025-40929 affecting package perl-Cpanel-JSON-XS 4.39-1

Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact...

Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow

...

Linux Distros Unpatched Vulnerability : CVE-2021-29662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in som...

DEBIAN-CVE-2025-40927

CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions. Although some...

CVE-2025-40927

CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions. Although some...

CVE-2025-30058 SQL injection in getPatientIdentifier function of PatientService.pl

In the PatientService.pl service, the "getPatientIdentifier" function is vulnerable to SQL injection through the "pesel" parameter...

Linux Distros Unpatched Vulnerability : CVE-2024-58036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::Dropbox::API 1.9 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic...

Linux Distros Unpatched Vulnerability : CVE-2018-9246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part...

Linux Distros Unpatched Vulnerability : CVE-2011-4115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files. CVE-2011-4115 Note that Nessus relies on the presence of the packag...