Lucene search
K

137 matches found

Vulnrichment
Vulnrichment
added 2026/03/31 4:3 p.m.2 views

CVE-2026-5087 PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

5.9AI score0.00316EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/30 12:0 a.m.8 views

Security update for perl-Crypt-URandom (important)

openSUSE Security Update: Security update for perl-Crypt-URandom Announcement ID: openSUSE-SU-2026:0110-1 Rating: important References: 1258266 Cross-References: CVE-2026-2474 CVSS scores: CVE-2026-2474 SUSE: 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products:...

8.2CVSS6.1AI score0.00295EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/28 9:33 p.m.4 views

EUVD-2025-209114

Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...

5.8AI score0.00521EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/28 6:43 p.m.3 views

CVE-2025-15604 Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions

Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...

5.8AI score0.00521EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/28 6:43 p.m.34 views

CVE-2025-15604 Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions

Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...

0.00521EPSS
Exploits0References4
CVE
CVE
added 2026/03/28 6:43 p.m.22 views

CVE-2025-15604

Summary (CVE-2025-15604) Amon2 for Perl with vulnerable random_string implementation affects versions before 6.17. In 6.06–6.16, random_string reads /dev/urandom if available; if not, it falls back to a SHA-1 hash seeded with rand(), the PID, and the high-resolution epoch time. The epoch time can...

9.8CVSS5.8AI score0.00521EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.11 views

PT-2026-28276

Name of the Vulnerable Software and Affected Versions Amon2 versions prior to 6.17 Description Amon2 for Perl utilizes an insecure random string implementation in its security functions. Versions 6.06 through 6.16 attempt to use /dev/urandom, but fall back to a SHA-1 hash seeded with the built-in...

9.8CVSS5.8AI score0.00521EPSS
Exploits0References10
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/25 12:0 a.m.5 views

perl-Crypt-URandom-0.550.0-1.1 on GA media (moderate)

perl-Crypt-URandom-0.550.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10414-1 Rating: moderate Cross-References: CVE-2026-2474 CVSS scores: CVE-2026-2474 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-2474 SUSE : 8.2...

8.2CVSS5.8AI score0.00295EPSS
Exploits0
OSV
OSV
added 2026/03/24 12:0 a.m.5 views

OPENSUSE-SU-2026:10414-1 perl-Crypt-URandom-0.550.0-1.1 on GA media

These are all security issues fixed in the perl-Crypt-URandom-0.550.0-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00295EPSS
Exploits0References1
Fedora
Fedora
added 2026/03/07 12:33 a.m.8 views

[SECURITY] Fedora 44 Update: perl-Crypt-URandom-0.55-1.fc44

This Module is intended to provide an interface to the strongest available source of non-blocking randomness on the current platform...

7.5CVSS5.8AI score0.00295EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/07 12:0 a.m.7 views

Fedora 44 : perl-Crypt-URandom (2026-eb6b1039eb)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-eb6b1039eb advisory. This release fixes CVE-2026-2474 a heap buffer overflow and handling failed read syscalls. Tenable has extracted the preceding description block directly fro...

7.5CVSS6AI score0.00295EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.4 views

Fedora 43 : perl-Crypt-URandom (2026-88f1155b8b)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-88f1155b8b advisory. This release fixes CVE-2026-2474 a heap buffer overflow and handling failed read syscalls. Tenable has extracted the preceding description block...

7.5CVSS6.1AI score0.00295EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.5 views

Fedora 42 : perl-Crypt-URandom (2026-b0bf6e9c9b)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b0bf6e9c9b advisory. This release fixes CVE-2026-2474 a heap buffer overflow and handling failed read syscalls. Tenable has extracted the preceding description block...

7.5CVSS6.1AI score0.00295EPSS
Exploits0References2
Fedora
Fedora
added 2026/03/04 1:26 a.m.11 views

[SECURITY] Fedora 42 Update: perl-Crypt-URandom-0.55-1.fc42

This Module is intended to provide an interface to the strongest available source of non-blocking randomness on the current platform...

7.5CVSS6AI score0.00295EPSS
Exploits0
Fedora
Fedora
added 2026/03/04 12:57 a.m.9 views

[SECURITY] Fedora 43 Update: perl-Crypt-URandom-0.55-1.fc43

This Module is intended to provide an interface to the strongest available source of non-blocking randomness on the current platform...

7.5CVSS6AI score0.00295EPSS
Exploits0
OpenVAS
OpenVAS
added 2026/03/04 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2026-88f1155b8b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6AI score0.00295EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2026/03/04 12:0 a.m.2 views

Fedora: Security Advisory (FEDORA-2026-b0bf6e9c9b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6AI score0.00295EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/27 9:31 p.m.8 views

EUVD-2026-9063

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...

5.9AI score0.00418EPSS
Exploits0References5
OSV
OSV
added 2026/02/27 8:21 p.m.6 views

CVE-2026-3255

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...

6.5CVSS5.9AI score
Exploits0References5
Cvelist
Cvelist
added 2026/02/27 8:12 p.m.24 views

CVE-2026-3255 HTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() function

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...

0.00418EPSS
Exploits0References4
Rows per page
Query Builder