CVE-2026-46473

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

USN-8325-1 tgt vulnerability

It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could possibly use this issue to make tgt generate an identical sequence of challenges, resulting in authentication bypass...

CVE-2026-46473

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

CVE-2026-46473 Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

SUSE CVE-2026-47372

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

CVE-2026-47372

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

DEBIAN-CVE-2026-47372

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

UBUNTU-CVE-2026-47372

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

CVE-2026-47372

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

CVE-2026-47372

CVE-2026-47372 affects Crypt::SaltedHash for Perl up to version 0.09, where salts are generated using the built-in rand function. This produces insecure, predictable randomness, compromising cryptographic strength. Multiple sources (SUSE, ENISA EUVD, NVD, Debian tracker, CVE lists) describe the s...

UBUNTU-CVE-2026-8700

Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

CVE-2026-8700 Crypt::DSA versions before 1.20 for Perl generate seeds using rand

Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

CVE-2026-8700

CVE-2026-8700 concerns Crypt::DSA for Perl, where seeds are generated with Perl’s built-in rand. The affected components are Crypt::DSA versions before 1.20. The root cause is the use of a non-cryptographically secure RNG, making seeds predictable for security-sensitive operations. This can under...

CVE-2026-46474

Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

CVE-2026-8503 Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

PT-2026-41338

Name of the Vulnerable Software and Affected Versions Trog::TOTP versions prior to 1.006 Description Secrets are generated using the built-in Perl rand function, which is predictable and unsuitable for security purposes. Recommendations Update to version 1.006 or later...

PT-2026-41376

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.20 Description Seeds are generated using the built-in rand function in Perl, which is predictable and unsuitable for security purposes. Recommendations Update to version 1.20 or later...

CVE-2026-5084 WebDyne::Session versions through 2.075 for Perl generates the session id insecurely

WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand function. The rand function is passed a maximum value based on the process id, the epoch time and the referen...

PT-2026-39577

Name of the Vulnerable Software and Affected Versions WebDyne::Session versions prior to 2.076 Description The session handler generates session identifiers insecurely using an MD5 hash seeded with the built-in rand function. The rand function is seeded by 32-bits, making it predictable and...

Amazon::Credentials 安全特征问题漏洞

Amazon::Credentials is a credential management library developed by BIGFOOT developers, used for managing access keys and authentication information for cloud services. Versions of Amazon::Credentials prior to 1.2.0 had security vulnerabilities. These vulnerabilities stemmed from the use of the...