1122 matches found
Fedora 41 : perl-Crypt-URandom-Token / perl-DBIx-Class-EncodedColumn (2025-0a8c805972)
The remote Fedora 41 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-0a8c805972 advisory. Needed for perl-DBIx-Class-EncodedColumn-0.11 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
[SECURITY] Fedora 41 Update: perl-Crypt-URandom-Token-0.003-1.fc41
This module provides a secure way to generate a random token for passwords and similar using Crypt::URandom as the source of random bits...
DEBIAN-CVE-2025-2814
Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...
CVE-2025-2814
Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...
MetaCPAN Crypt::CBC 安全特征问题漏洞
MetaCPAN Crypt::CBC is a component of the MetaCPAN Foundation. A security signature issue vulnerability exists in MetaCPAN Crypt::CBC versions 1.21 through 3.04, which stems from the default use of an insecure rand function as an entropy source...
CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions
Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...
CVE-2025-2814
Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...
CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions
Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...
CVE-2025-2814
CVE-2025-2814 affects Crypt::CBC for Perl versions 1.21–3.05, which may use the non-cryptographically secure rand() as the entropy source when /dev/urandom is unavailable. Several advisories confirm the issue and report a fix that sources randomness via Crypt::URandom instead of falling back to r...
PT-2025-16174 · Unknown +2 · Crypt::Cbc +2
Name of the Vulnerable Software and Affected Versions: Crypt::CBC versions 1.21 through 3.04 Description: The issue affects Crypt::CBC for Perl, where versions between 1.21 and 3.04 may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographi...
The vulnerability of the rand() function in the Crypt-Random random number generation module for Perl allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the rand function in the Crypt-Random random number generation module for Perl is related to errors in the code of the pseudo-random number generator. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the...
CVE-2025-1805
Crypt::Salt for Perl version 0.01 uses insecure rand function when generating salts for cryptographic purposes...
SUSE CVE-2025-2704
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...
OpenVPN Server versions 2.6.1 <= 2.6.13 DoS
OpenVPN from 2.6.1 through 2.6.13, setup with tls-crypt-v2. is affected by a denial of service vulnerability. A local attacker who can monitor network traffic, can inject specially crafted packets during the tls-crypt2-v2 handshake and corrupt the server. %NASLMINLEVEL 80900 C Tenable, Inc...
FreeBSD : openvpn -- server-side denial-of-service vulnerability with tls-crypt-v2 (2cad4541-0f5b-11f0-89f8-411aefea0df9)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2cad4541-0f5b-11f0-89f8-411aefea0df9 advisory. Gert Doering reports: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abor...
ALPINE-CVE-2025-2704
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...
CVE-2025-2704
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...
DEBIAN-CVE-2025-2704
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...
CVE-2025-2704
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...
CVE-2025-2704
CVE-2025-2704 affects OpenVPN server mode with TLS-crypt-v2, for versions 2.6.1–2.6.13. The vulnerability allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase. Impact is described as Availability loss with a network attack...