137 matches found
CVE-2026-5087 PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...
Security update for perl-Crypt-URandom (important)
openSUSE Security Update: Security update for perl-Crypt-URandom Announcement ID: openSUSE-SU-2026:0110-1 Rating: important References: 1258266 Cross-References: CVE-2026-2474 CVSS scores: CVE-2026-2474 SUSE: 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products:...
EUVD-2025-209114
Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...
CVE-2025-15604 Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions
Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...
CVE-2025-15604 Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions
Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...
CVE-2025-15604
Summary (CVE-2025-15604) Amon2 for Perl with vulnerable random_string implementation affects versions before 6.17. In 6.06–6.16, random_string reads /dev/urandom if available; if not, it falls back to a SHA-1 hash seeded with rand(), the PID, and the high-resolution epoch time. The epoch time can...
PT-2026-28276
Name of the Vulnerable Software and Affected Versions Amon2 versions prior to 6.17 Description Amon2 for Perl utilizes an insecure random string implementation in its security functions. Versions 6.06 through 6.16 attempt to use /dev/urandom, but fall back to a SHA-1 hash seeded with the built-in...
perl-Crypt-URandom-0.550.0-1.1 on GA media (moderate)
perl-Crypt-URandom-0.550.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10414-1 Rating: moderate Cross-References: CVE-2026-2474 CVSS scores: CVE-2026-2474 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-2474 SUSE : 8.2...
OPENSUSE-SU-2026:10414-1 perl-Crypt-URandom-0.550.0-1.1 on GA media
These are all security issues fixed in the perl-Crypt-URandom-0.550.0-1.1 package on the GA media of openSUSE Tumbleweed...
[SECURITY] Fedora 44 Update: perl-Crypt-URandom-0.55-1.fc44
This Module is intended to provide an interface to the strongest available source of non-blocking randomness on the current platform...
Fedora 44 : perl-Crypt-URandom (2026-eb6b1039eb)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-eb6b1039eb advisory. This release fixes CVE-2026-2474 a heap buffer overflow and handling failed read syscalls. Tenable has extracted the preceding description block directly fro...
Fedora 43 : perl-Crypt-URandom (2026-88f1155b8b)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-88f1155b8b advisory. This release fixes CVE-2026-2474 a heap buffer overflow and handling failed read syscalls. Tenable has extracted the preceding description block...
Fedora 42 : perl-Crypt-URandom (2026-b0bf6e9c9b)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b0bf6e9c9b advisory. This release fixes CVE-2026-2474 a heap buffer overflow and handling failed read syscalls. Tenable has extracted the preceding description block...
[SECURITY] Fedora 42 Update: perl-Crypt-URandom-0.55-1.fc42
This Module is intended to provide an interface to the strongest available source of non-blocking randomness on the current platform...
[SECURITY] Fedora 43 Update: perl-Crypt-URandom-0.55-1.fc43
This Module is intended to provide an interface to the strongest available source of non-blocking randomness on the current platform...
Fedora: Security Advisory (FEDORA-2026-88f1155b8b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2026-b0bf6e9c9b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EUVD-2026-9063
HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...
CVE-2026-3255
HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...
CVE-2026-3255 HTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() function
HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...