Fedora 44 : perl-Crypt-DSA (2026-cdcb20089b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-cdcb20089b advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...

CVE-2026-40585

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a passwordresetat timestamp. However, the token redemption function findUserIDFromEmailAndToken queries only for a matching...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the GetRelationships API when a forged pagination token is provided. An attacker can execute arbitrary SQL queries by submitting crafted pagination tokens if the secrets.pagination configuration is not set or is known ...

PT-2026-26787

Name of the Vulnerable Software and Affected Versions Ory Kratos affected versions not specified Description The ListCourierMessages Admin API in Ory Kratos is susceptible to SQL injection because of issues in its pagination implementation. Pagination tokens are encrypted using a secret configure...

EUVD-2022-7123

Malicious code in bioql PyPI...

GHSA-75V8-2H7P-7M2M Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content

Formidable aka node-formidable 2.x before 2.1.3 and 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...

OPENSUSE-SU-2025:0123-1 Security update for perl-Data-Entropy

This update for perl-Data-Entropy fixes the following issues: Updated to 0.8.0 0.008: see /usr/share/doc/packages/perl-Data-Entropy/Changes Version 0.008; 2025-03-27: Use Crypt::URandom to seed the default algorithm with cryptographically secure random bytes instead of the builtin rand function...

DEBIAN-CVE-2025-1860

Data::Entropy for Perl 0.007 and earlier use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

GHSA-237R-R8M4-4Q88 Guzzle OAuth Subscriber has insufficient nonce entropy

Impact Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.phpL192. This can leave servers vulnerable to replay attacks when TLS is not used. Patches Upgrade to version 0.8.1 or higher...

GHSA-6943-QR24-82VX sftpgo vulnerable to brute force takeover of OpenID Connect session cookies

Impact The OpenID Connect implementation, in the affected SFTPGo versions, allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are generated predictably using the xid library and are therefore unique but not cryptographically...

CVE-2024-52801

sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are...

CVE-2024-52801 Brute force takeover of OpenID Connect session cookies in sftpgo

sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are...

Fedora 41 : aws (2024-7908ee39a9)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-7908ee39a9 advisory. CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator. AWS.Utils.Random and AWS.Utils.RandomString used...

Fedora: Security Advisory (FEDORA-2024-63f98f8c60)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-d940f25a53)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : aws (2024-63f98f8c60)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-63f98f8c60 advisory. CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator. AWS.Utils.Random and AWS.Utils.RandomString used...

CVE-2024-42475 OAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNG

In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...

CVE-2024-24553

Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure function...

CVE-2024-24553

CVE-2024-24553 relates to Bludit, where password hashes are computed with SHA-1 and the salt is generated by a non-cryptographically secure function. Attackers could brute-force SHA-1 to recover plaintext passwords, per the description in multiple sources. The connected documents consistently des...

GHSA-848F-MPH5-9PM9 Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability

In Zend Framework, ZendCaptchaWord v1 and Zend\Captcha\Word v2 generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal arrayrand function. This function does not generate...