14 matches found
Fedora: Security Advisory (FEDORA-2025-f0077db20c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2025-22376
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand function, which is...
Mageia: Security Advisory (MGASA-2025-0062)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 41 : perl-Net-OAuth (2025-f0077db20c)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f0077db20c advisory. Update to 0.30, fixes CVE-2025-22376 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Fedora 40 : perl-Net-OAuth (2025-05e642f1ef)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-05e642f1ef advisory. Update to 0.30, fixes CVE-2025-22376 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Fedora: Security Advisory (FEDORA-2025-05e642f1ef)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-237R-R8M4-4Q88 Guzzle OAuth Subscriber has insufficient nonce entropy
Impact Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.phpL192. This can leave servers vulnerable to replay attacks when TLS is not used. Patches Upgrade to version 0.8.1 or higher...
CVE-2025-22376
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand function, which is not cryptographically strong...
CVE-2025-22376
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand function, which is not cryptographically strong...
CVE-2025-22376
creationtimestamp| type| source ---|---|--- 2025-01-03 21:15:41+00:00| seen| https://infosec.exchange/users/cve/statuses/113766494448501172 2025-01-03 23:42:36+00:00| seen| https://t.me/cvedetector/14245 2025-01-04 15:11:40+00:00| seen| https://bsky.app/profile/rrwo.bsky.social/post/3lewfbwsj722w...
CVE-2025-22376
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand function, which is not cryptographically strong...
CVE-2025-22376
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand function, which is not cryptographically strong...
CVE-2025-22376
Net::OAuth::Client in the Perl Net::OAuth package before 0.29 uses a 32-bit nonce generated from rand(), not cryptographically strong, risking nonce predictability in OAuth flows. Affected: Perl Net-OAuth
CVE-2025-22376
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand function, which is not cryptographically strong...