Search CVE reports
21 – 30 of 243 results
Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where...
1 affected package
libcrypt-cbc-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libcrypt-cbc-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API uses the Data::Random library...
1 affected package
libnet-dropbox-api-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libnet-dropbox-api-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which...
1 affected package
libweb-api-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libweb-api-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may...
1 affected package
libsub-handlesvia-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsub-handlesvia-perl | Needs evaluation | Needs evaluation | Not in release | — |
Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
1 affected package
libdata-entropy-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libdata-entropy-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different,...
1 affected package
libstring-compare-constanttime-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libstring-compare-constanttime-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects...
1 affected package
libdbix-class-encodedcolumn-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libdbix-class-encodedcolumn-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm. This issue affects...
1 affected package
libdbix-class-encodedcolumn-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libdbix-class-encodedcolumn-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.
1 affected package
libnet-oauth-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libnet-oauth-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomization module is present.
1 affected package
libnet-easytcp-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libnet-easytcp-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |