1057 matches found
CVE-2025-2704
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...
CVE-2025-2704
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...
CVE-2025-1805
Crypt::Salt for Perl version 0.01 uses insecure rand function when generating salts for cryptographic purposes...
CVE-2025-1805 Crypt::Salt for Perl uses insecure rand() function when generating salts for cryptographic purposes
Crypt::Salt for Perl version 0.01 uses insecure rand function when generating salts for cryptographic purposes...
CVE-2025-1805 Crypt::Salt for Perl uses insecure rand() function when generating salts for cryptographic purposes
Crypt::Salt for Perl version 0.01 uses insecure rand function when generating salts for cryptographic purposes...
CVE-2025-1805
CVE-2025-1805 affects Crypt::Salt for Perl 0.01, where an insecure rand() is used to generate cryptographic salts. The issue’s impact is described as partial in the assessment (base CVSS 5.3, MEDIUM). Exploitation details are not provided in the sources. Remediation is not specified; several entr...
PT-2025-14550
Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.6.1 through 2.6.13 Description The issue allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase when OpenVPN is used in server mode with TLS-crypt-v2. ...
MetaCPAN Crypt::Salt 安全特征问题漏洞
MetaCPAN Crypt::Salt is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Crypt::Salt version 0.01, which stems from the use of an insecure rand function when generating cryptographic salts...
CVE-2025-27552
DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032...
CVE-2025-27552
CVE-2025-27552 affects the Perl DBIx::Class::EncodedColumn component, where the salting of password hashes uses the non-cryptographically secure rand() function in Crypt/Eksblowfish/Bcrypt.pm. The issue impacts DBIx::Class::EncodedColumn up to version 0.00032. According to the connected documents...
CVE-2025-27552 DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm
DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032...
CVE-2025-27552 DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm
DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032...
openvpn -- server-side denial-of-service vulnerability with tls-crypt-v2
Gert Doering reports: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abort with an ASSERT message by sending a particular combination of authenticated and malformed packets. To trigger the bug, a valid tls-crypt-v2 client key is needed, or network observation of a...
perl-Crypt-OpenSSL-RSA bug fix and enhancement update
An update is available for perl-Crypt-OpenSSL-RSA. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...
CVE-2025-1828
Crypt::Random Perl package 1.05 through 1.55 may use rand function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon egd service is not available Crypt::Random will default to use the...
CVE-2025-1828
CVE-2025-1828 affects the Crypt::Random Perl package versions 1.05 through 1.55. The vulnerability arises because cryptographic functions may use the non-cryptographically strong rand() function when a provider is not specified and /dev/urandom or an Entropy Gathering Daemon is unavailable; Crypt...
CVE-2025-1828 Perl's Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions
Crypt::Random Perl package 1.05 through 1.55 may use rand function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon egd service is not available Crypt::Random will default to use the...
CVE-2025-1828 Perl's Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions
Crypt::Random Perl package 1.05 through 1.55 may use rand function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon egd service is not available Crypt::Random will default to use the...
Linux Distros Unpatched Vulnerability : CVE-2024-26718
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm-crypt, dm-verity: disable tasklets Tasklets have an inherent problem with memory corruption. The function taskletactioncommon calls tasklettrylock, then it...
Linux Distros Unpatched Vulnerability : CVE-2024-26763
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is...