Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

TIMLEGGE

Source -

CNA

BOS Name -

N/A

CNA CVEs -

6

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
6Vulnerabilities found
CVE-2026-8704
Assigner-CPAN Security Group
ShareView Details
Assigner-CPAN Security Group
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 1.65%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 22:18
Updated-18 May, 2026 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.

Action-Not Available
Vendor-TIMLEGGE
Product-Crypt::DSA
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2026-8700
Assigner-CPAN Security Group
ShareView Details
Assigner-CPAN Security Group
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.63%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 22:10
Updated-18 May, 2026 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crypt::DSA versions before 1.20 for Perl generate seeds using rand

Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

Action-Not Available
Vendor-TIMLEGGE
Product-Crypt::DSA
CWE ID-CWE-331
Insufficient Entropy
CVE-2026-30909
Assigner-CPAN Security Group
ShareView Details
Assigner-CPAN Security Group
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 8.91%
||
7 Day CHG~0.00%
Published-08 Mar, 2026 | 00:46
Updated-18 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows

Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows. bin2hex, encrypt, aes256gcm_encrypt_afternm and seal functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. Encountering this issue is unlikely as the message length would need to be very large. For bin2hex() the bin_len would have to be > SIZE_MAX / 2 For encrypt() the msg_len would need to be > SIZE_MAX - 16U For aes256gcm_encrypt_afternm() the msg_len would need to be > SIZE_MAX - 16U For seal() the enc_len would need to be > SIZE_MAX - 64U

Action-Not Available
Vendor-timleggeTIMLEGGE
Product-crypt\Crypt::NaCl::Sodium
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-2588
Assigner-CPAN Security Group
ShareView Details
Assigner-CPAN Security Group
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 18.13%
||
7 Day CHG~0.00%
Published-22 Feb, 2026 | 23:31
Updated-04 Mar, 2026 | 02:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems

Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium functions. On 32-bit systems size_t is typically 32-bits while an unsigned long long is at least 64-bits.

Action-Not Available
Vendor-timleggeTIMLEGGE
Product-crypt\Crypt::NaCl::Sodium
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-40934
Assigner-CPAN Security Group
ShareView Details
Assigner-CPAN Security Group
CVSS Score-9.3||CRITICAL
EPSS-0.02% / 5.91%
||
7 Day CHG~0.00%
Published-26 Nov, 2025 | 22:34
Updated-30 Dec, 2025 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XML-Sig prior to 0.68 for Perl improperly validates XML without signatures

XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files.  An unsigned XML file should return an error message.  The affected versions return true when attempting to validate an XML file that contains no signatures.

Action-Not Available
Vendor-xml\TIMLEGGE
Product-\XML::Sig
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-36846
Assigner-9b29abf9-4ab0-4765-b253-1875cd9b441e
ShareView Details
Assigner-9b29abf9-4ab0-4765-b253-1875cd9b441e
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 68.15%
||
7 Day CHG~0.00%
Published-30 May, 2025 | 00:50
Updated-30 May, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IO::Compress::Brotli versions prior to 0.007 for Perl have an integer overflow in the bundled Brotli C library

A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library.  Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your IO::Compress::Brotli module to 0.007 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

Action-Not Available
Vendor-TIMLEGGE
Product-IO::Compress::Brotli
CWE ID-CWE-1395
Dependency on Vulnerable Third-Party Component