EUVD-2026-35197

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

Security update for mutt

This update for mutt fixes the following issues CVE-2026-43859: strfcpy used instead of memcpy for the IMAP authcram MD5 digest bsc1263897. CVE-2026-43860: truncation of hashpasswd by one byte for IMAP authcram MD5 digest bsc1263896. CVE-2026-43861: missing check for \0 in urlpctdecode bsc1263895...

Amazon Linux 2023 : perl-Crypt-PasswdMD5 (ALAS2023-2026-1796)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1796 advisory. Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography. CVE-2026-6659 Tenable has extract...

Medium: perl-Crypt-PasswdMD5

Issue Overview: Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography. CVE-2026-6659 Affected Packages: perl-Crypt-PasswdMD5 Note: This advisory is applicable to Amazon Linux 2 AL2 Cor...

Medium: perl-Crypt-PasswdMD5

Issue Overview: Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography. CVE-2026-6659 Affected Packages: perl-Crypt-PasswdMD5 Issue Correction: Run dnf update perl-Crypt-PasswdMD5...

MGASA-2026-0176 Updated perl-DBIx-Class-EncodedColumn and new perl-Crypt-URandom-Token packages fix security vulnerabilities

The updated perl-DBIx-Class-EncodedColumn and new perl-Crypt-URandom-Token packages fix security issues: DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand function for salting password hashes in Digest.pm CVE-2025-27551 DBIx::Class::EncodedColumn until 0.00032 for Perl uses...

CVE-2026-47372

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

CVE-2026-47373

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...

CVE-2026-8704

A flaw was found in Crypt-DSA for Perl. This vulnerability arises from the insecure use of the open function with two arguments, which can allow an attacker to modify existing files. This could lead to unauthorized alteration of data, impacting the integrity of the system. Mitigation Mitigation f...

CVE-2026-8201

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

BIT-MARIADB-MIN-2026-35549

An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...

[SECURITY] Fedora 43 Update: perl-Crypt-Argon2-0.031-1.fc43

This module implements the Argon2 key derivation function, which is suitable to convert any password into a cryptographic key. This is most often used to for secure storage of passwords but can also be used to derive a encryption key from a password. It offers variable time and memory costs as we...

Fedora 44 : perl-Crypt-Argon2 / perl-Dist-Build / perl-ExtUtils-Builder / etc (2026-dafdad8fd3)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-dafdad8fd3 advisory. Update to 0.031 2477035 2481131 fixes CVE-2026-8463 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

Fedora 43 : perl-Crypt-Argon2 / perl-Dist-Build / perl-ExtUtils-Builder / etc (2026-f2c746ff8e)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-f2c746ff8e advisory. Update to 0.031 2477035 2481131 fixes CVE-2026-8463 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

ate (>=0.1.0 <=0.8.0), ate-auth (>=1.1.0 <=1.6.0) +19 more potentially affected by unknown CVE via pqcrypto-falcon (>=0.2.10 <=0.4.1)

pqcrypto-falcon CARGO version =0.2.10, =0.1.0, =1.1.0, =1.0.0, =1.1.0, =0.1.4, =0.1.1, =0.1.0, =0.1.1, =0.1.0, =0.12.2, =0.1.0, =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0165...

ate (>=0.1.0 <=0.8.0), ate-auth (>=1.1.0 <=1.6.0) +73 more potentially affected by unknown CVE via pqcrypto-traits (>=0.1.1 <=0.3.5)

pqcrypto-traits CARGO version =0.1.1, =0.1.0, =1.1.0, =1.0.0, =1.1.0, =2.0.0, =0.1.2-alpha, =0.1.4, =0.1.1, =0.1.0, =0.1.1, =0.1.0, =0.1.2 - envencryptiontool =0.9.17 - ever-crypto =0.1.0 - hanzo-agentic =1.1.21 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0162...

crypt_guard (=0.1.4), env_encryption_tool (=0.9.17) +5 more potentially affected by unknown CVE via pqcrypto-hqc (>=0.0.4 <=0.2.2)

pqcrypto-hqc CARGO version =0.0.4, =0.12.2, =0.1.0, =0.1.0, =0.5.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0168...

CVE-2026-8647

A flaw was found in perl-Crypt-ScryptKDF. The randombytes function in versions through 0.010 uses an insecure random number source when no cryptographically secure pseudorandom number generator CSPRNG module is available. This occurs because the function falls back to using the built-in rand...

[SECURITY] Fedora 43 Update: perl-Crypt-PasswdMD5-1.4.3-1.fc43

This package provides MD5-based crypt functions...