openSUSE 15 Security Update : perl-Data-Entropy (openSUSE-SU-2025:0123-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2025:0123-1 advisory. Updated to 0.8.0 0.008: see /usr/share/doc/packages/perl-Data-Entropy/Changes Version 0.008; 2025-03-27: Use Crypt::URandom to seed the default algorithm...

Fedora 41 : perl-Crypt-URandom-Token / perl-DBIx-Class-EncodedColumn (2025-0a8c805972)

The remote Fedora 41 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-0a8c805972 advisory. Needed for perl-DBIx-Class-EncodedColumn-0.11 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

[SECURITY] Fedora 41 Update: perl-Crypt-URandom-Token-0.003-1.fc41

This module provides a secure way to generate a random token for passwords and similar using Crypt::URandom as the source of random bits...

CVE-2025-2814

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...

DEBIAN-CVE-2025-2814

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...

MetaCPAN Crypt::CBC 安全特征问题漏洞

MetaCPAN Crypt::CBC is a component of the MetaCPAN Foundation. A security signature issue vulnerability exists in MetaCPAN Crypt::CBC versions 1.21 through 3.04, which stems from the default use of an insecure rand function as an entropy source...

CVE-2025-2814

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...

CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...

CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...

CVE-2025-2814

CVE-2025-2814 affects Crypt::CBC for Perl versions 1.21–3.05, which may use the non-cryptographically secure rand() as the entropy source when /dev/urandom is unavailable. Several advisories confirm the issue and report a fix that sources randomness via Crypt::URandom instead of falling back to r...

PT-2025-16174 · Unknown +2 · Crypt::Cbc +2

Name of the Vulnerable Software and Affected Versions: Crypt::CBC versions 1.21 through 3.04 Description: The issue affects Crypt::CBC for Perl, where versions between 1.21 and 3.04 may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographi...

CVE-2025-1805

Crypt::Salt for Perl version 0.01 uses insecure rand function when generating salts for cryptographic purposes...

SUSE CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...

OpenVPN Server versions 2.6.1 <= 2.6.13 DoS

OpenVPN from 2.6.1 through 2.6.13, setup with tls-crypt-v2. is affected by a denial of service vulnerability. A local attacker who can monitor network traffic, can inject specially crafted packets during the tls-crypt2-v2 handshake and corrupt the server. %NASLMINLEVEL 80900 C Tenable, Inc...

FreeBSD : openvpn -- server-side denial-of-service vulnerability with tls-crypt-v2 (2cad4541-0f5b-11f0-89f8-411aefea0df9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2cad4541-0f5b-11f0-89f8-411aefea0df9 advisory. Gert Doering reports: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abor...

ALPINE-CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...

DEBIAN-CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...

CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...

CVE-2025-2704

CVE-2025-2704 affects OpenVPN server mode with TLS-crypt-v2, for versions 2.6.1–2.6.13. The vulnerability allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase. Impact is described as Availability loss with a network attack...

CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...