ByteOS Network

ETHER

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-40920

Assigner-CPAN Security Group

View Details

Assigner-CPAN Security Group

CVSS Score-8.6||HIGH

EPSS-0.11% / 30.80%

7 Day CHG~0.00%

Published-11 Aug, 2025 | 20:19

Updated-28 Aug, 2025 | 12:15

Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces

Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.

Vendor-ETHER

Product-Catalyst::Authentication::Credential::HTTP

CWE ID-CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CWE ID-CWE-340

Generation of Predictable Numbers or Identifiers

CVE-2025-40907

Assigner-CPAN Security Group

View Details

Assigner-CPAN Security Group

CVSS Score-5.3||MEDIUM

EPSS-0.11% / 30.31%

7 Day CHG~0.00%

Published-16 May, 2025 | 13:03

Updated-02 Jul, 2025 | 01:01

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

Vendor-fastcgi ETHER

Product-fcgi FCGI

CWE ID-CWE-190

Integer Overflow or Wraparound

CWE ID-CWE-1395

Dependency on Vulnerable Third-Party Component