67 matches found
OESA-2026-2423 perl-Authen-SASL security update
Authen::SASL::Perl is the pure Perl implementation of SASL mechanisms in the Authen::SASL framework, At the time of this writing it provides the client part implementation for the following SASL mechanisms. Security Fixes: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl...
CVE-2026-46473
Summary of CVE-2026-46473 : The issue affects the Perl module Authen::TOTP prior to version 0.1.1, where secrets are generated using Perl’s built‑in rand() function. This makes secret values predictable, undermining security for TOTP-based authentication. The practical impact is limited to implem...
CVE-2026-46473
Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : perl-Authen-SASL, perl-Crypt-URandom (SUSE-SU-2025:03087-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03087-1 advisory. Changes in perl-Authen-SASL: - CVE-2025-40918: Fixed insecurely generated client nonce bsc1246623 Change...
TencentOS Server 4: perl-Authen-SASL (TSSA-2025:0713)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0713 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Mageia: Security Advisory (MGASA-2025-0285)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EUVD-2012-2750
Malware in sbrugna...
EUVD-2025-21696
Malicious code in bioql PyPI...
Medium: perl-Authen-SASL
Issue Overview: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time m...
openSUSE Security Advisory (SUSE-SU-2025:03087-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2025:03088-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2025:03087-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for perl-Authen-SASL, perl-Crypt-URandom
This update for perl-Authen-SASL, perl-Crypt-URandom fixes the following issues: Changes in perl-Authen-SASL: CVE-2025-40918: insecurely generated client nonce bsc1246623 Changes in perl-Crypt-URandom: Shipped in version 0.540.0 0.54. Patch Instructions: To install this SUSE update use the SUSE...
Security update for perl-Authen-SASL, perl-Crypt-URandom
This update for perl-Authen-SASL, perl-Crypt-URandom fixes the following issues: Changes in perl-Authen-SASL: CVE-2025-40918: Fixed insecurely generated client nonce bsc1246623 Changes in perl-Crypt-URandom: Included 0.540.0 for use by perl-Authen-SASL in SLE-15 jscPED-13306 / bsc1246623. Patch...
SUSE-SU-2025:03087-1 Security update for perl-Authen-SASL, perl-Crypt-URandom
This update for perl-Authen-SASL, perl-Crypt-URandom fixes the following issues: Changes in perl-Authen-SASL: - CVE-2025-40918: Fixed insecurely generated client nonce bsc1246623 Changes in perl-Crypt-URandom: - Included 0.540.0 for use by perl-Authen-SASL in SLE-15 jscPED-13306 / bsc1246623...
Fedora 42 : perl-Authen-SASL (2025-fddaaaf9f0)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-fddaaaf9f0 advisory. 2.1900 Fixed - CVE-2025-40918 Insecure source of randomness, required addition of dependency on Crypt::URandom Changed - Modules Authen::SASL::Perl::CRAMMD5,...
perl-Authen-SASL-2.180.0-2.1 on GA media (moderate)
perl-Authen-SASL-2.180.0-2.1 on GA media Announcement ID: openSUSE-SU-2025:15385-1 Rating: moderate Cross-References: CVE-2025-40918 CVSS scores: CVE-2025-40918 SUSE : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2025-40918 SUSE : 8.2...
CVE-2025-40918
Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...
CVE-2025-40919
The CVE-2025-40919 entry concerns Authen::DigestMD5 for Perl, affecting versions 0.01–0.02. The vulnerability stems from generating the cnonce with an MD5 hash of the PID, epoch time, and Perl’s rand(), which can yield low-entropy values (PID from a small set and potentially guessable epoch time)...
CVE-2025-40919 Authen::DigestMD5 versions 0.01 through 0.04 for Perl generate the cnonce insecurely
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not...