CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not...

7.2AI score0.00208EPSS

Exploits0References2

CVE•added 2025/07/16 2:0 p.m.•38 views

CVE-2025-40918

Authen::SASL::Perl::DIGEST_MD5 (versions 2.04–2.1800) uses an insecure cnonce generator, composing the nonce from an MD5 of the PID, epoch time, and rand(), which weakens entropy below the RFC 2831-recommended 64 bits. Exploitation potential is supported by the CVSS data (Network, Low-to-Medium i...

6.5CVSS6.5AI score0.00414EPSS

Exploits0References6

RedhatCVE•added 2025/04/07 4:52 p.m.•14 views

CVE-2024-52322

WebService::Xero 0.11 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically WebService::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs...

5.5CVSS7AI score0.00158EPSS

Exploits0References1

CVE•added 2025/04/05 3:35 p.m.•79 views

CVE-2024-57868

CVE-2024-57868 affects Web::API 2.8 and earlier for Perl. The root cause is use of rand() as the default entropy source via Data::Random, which is not cryptographically secure, for cryptographic functions. This is stated in the CVE description and supported by references to Data::Random and rand(...

5.5CVSS6.7AI score0.00184EPSS

Exploits0References5Affected Software1

RedhatCVE•added 2025/04/03 2:37 a.m.•23 views

CVE-2025-30673

Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory '.' to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code...

7.8CVSS7.8AI score0.00441EPSS

Exploits0References1

Cvelist•added 2025/04/02 12:53 p.m.•13 views

CVE-2025-1805 Crypt::Salt for Perl uses insecure rand() function when generating salts for cryptographic purposes

Crypt::Salt for Perl version 0.01 uses insecure rand function when generating salts for cryptographic purposes...

0.00315EPSS

Exploits0References3

OSV•added 2020/09/11 7:15 p.m.•4 views

CVE-2014-10401

An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute...

6.1CVSS6.2AI score

Exploits0References5

OSV•added 2016/01/13 3:59 p.m.•4 views

CVE-2015-8607

The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string...

7.3CVSS6.9AI score

Exploits0References13

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by