CVE-2026-2474

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

Crypt::URandom 安全漏洞

Crypt::URandom is an encrypted Perl library developed by DDICK’s individual developers. Versions of Crypt::URandom prior to 0.55 contained security vulnerabilities. These vulnerabilities stemmed from a heap buffer overflow in the XS function crypturandomgetrandom. This function did not validate t...

openSUSE 16 Security Update : gpg2 (openSUSE-SU-2026:20136-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20136-1 advisory. - CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys bsc1257396. - CVE-2026-24883: denial of service...

ROS-20260128-73-0019

A vulnerability in the drivers/md/dm-crypt.c module of the Linux operating system kernel is related to improper resource locking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

MiracleLinux 4 : rh-postgresql94-postgresql-9.4.5-1.AXS4 (AXSA:2015-867:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-867:02 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll nee...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002450)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002450 advisory. crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is...

MiracleLinux 3 : postgresql-8.1.23-1.2.0.1.AXS3 (AXSA:2011-340:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-340:02 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and...

CVE-2019-11222

gfbin128parse in utils/osdivers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafteddrmfile.xml file...

Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium

...

CVE-2022-35928

AES Crypt is a file encryption software for multiple platforms. AES Crypt for Linux built using the source on GitHub and having the version number 3.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. Passwords lengths were not checke...

smb: client: fix use-after-free in crypt_message when using async crypto

...

SUSE CVE-2025-15444

Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium = 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://vulners.com/cve/CVE-2025-69277 . The libsodium...

CVE-2025-1828

Crypt::Random Perl package 1.05 through 1.55 may use rand function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon egd service is not available Crypt::Random will default to use the insecure...

CVE-2025-15444

Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium = 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://vulners.com/cve/CVE-2025-69277 . The libsodium...

CVE-2025-15444

Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium = 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://vulners.com/cve/CVE-2025-69277 . The libsodium...

CVE-2025-15444 Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium

Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium = 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://vulners.com/cve/CVE-2025-69277 . The libsodium...

PT-2026-1359

Name of the Vulnerable Software and Affected Versions Crypt::Sodium::XS versions prior to 0.000042 libsodium versions 1.0.20 and earlier Description The Crypt::Sodium::XS module for Perl includes a vulnerable version of libsodium. libsodium versions up to and including 1.0.20 may improperly handl...

PT-2026-8385

Name of the Vulnerable Software and Affected Versions Crypt::URandom versions 0.41 through 0.55 Description The Perl module Crypt::URandom is susceptible to a heap buffer overflow within the crypt urandom getrandom function. The issue arises because the function does not properly validate the...

ROS-20251215-7306

A vulnerability in the perl-Crypt-OpenSSL-RSA package of Red Hat Enterprise Linux operating systems is related to information disclosure through a mismatch. Exploitation of the vulnerability could allow an attacker acting remotely to implement the Bleichenbacher attack...

SUSE SLES12 Security Update : perl-Authen-SASL, perl-Crypt-URandom (SUSE-SU-2025:03088-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:03088-1 advisory. Changes in perl-Authen-SASL: - CVE-2025-40918: insecurely generated client nonce bsc1246623 Changes in perl-Crypt-URandom: Shipped in version 0.540.0...