690 matches found
CVE-2013-4184
Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks...
CVE-2012-1102
It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used...
Oracle Linux 9 : perl-Module-ScanDeps (ELSA-2025-7350)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-7350 advisory. - Fix CVE-2024-10224 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...
PT-2025-21665 · Mongodb +2 · Bson::Xs +1
CVE-2025-40906 Multiple Vulnerabilities in BSON::XS Perl Module Versions... https://t.co/9tevViFm0B Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd...
RHSA-2025:7350 Red Hat Security Advisory: perl-Module-ScanDeps security update
Bulletin has no description...
Moderate: Red Hat Security Advisory: perl-Module-ScanDeps security update
An update for perl-Module-ScanDeps is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
ALSA-2025:7350 Moderate: perl-Module-ScanDeps security update
This module scans potential modules used by perl programs and returns a hash reference. Its keys are the module names as they appear in %INC e.g. Test/More.pm. The values are hash references. Security Fixes: module-scandeps: local privilege escalation via unsanitized input CVE-2024-10224 For more...
Moderate: perl-Module-ScanDeps security update
This module scans potential modules used by perl programs and returns a hash reference. Its keys are the module names as they appear in %INC e.g. Test/More.pm. The values are hash references. Security Fixes: module-scandeps: local privilege escalation via unsanitized input CVE-2024-10224 For more...
[SECURITY] Fedora 41 Update: perl-Compress-Raw-Lzma-2.212-6.fc41
This module provides a Perl interface to the lzma compression library. It is used by IO::Compress::Lzma...
[SECURITY] Fedora 40 Update: perl-Compress-Raw-Lzma-2.209-9.fc40
This module provides a Perl interface to the lzma compression library. It is used by IO::Compress::Lzma...
RLSA-2024:3094 Moderate: perl-CPAN security update
The CPAN module is a tool to query, download and build perl modules from CPAN sites. Security Fixes: perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS CVE-2023-31484 For more details about the security issues, including the impact, a CVSS score,...
[SECURITY] Fedora 41 Update: perl-Devel-Cover-1.44-4.fc41
This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an...
[SECURITY] Fedora 40 Update: perl-String-Compare-ConstantTime-0.321-19.fc40
This module provides one function, "equals", which works like perl's "eq", but which does not provide a timing side-channel. Such comparison is useful when matching against a secret string...
SUSE CVE-2025-2814
Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to u...
[SECURITY] Fedora 42 Update: perl-Data-Entropy-0.008-1.fc42
This module maintains a concept of a current selection of entropy source. Algorithms that require entropy, such as those in Data::Entropy::Algorithms, can use the source nominated by this module, avoiding the need for entropy source objects to be explicitly passed around. This is convenient becau...
PT-2025-14484 · Unknown · Crypt::Salt
Name of the Vulnerable Software and Affected Versions: Crypt::Salt for Perl version 0.01 Description: The issue concerns the use of an insecure rand function when generating salts for cryptographic purposes. This could potentially lead to weaknesses in the cryptographic mechanisms that rely on...
CVE-2025-1828 Perl's Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions
Crypt::Random Perl package 1.05 through 1.55 may use rand function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon egd service is not available Crypt::Random will default to use the...
Azure Linux 3.0 Security Update: perl-Module-ScanDeps (CVE-2024-10224)
The version of perl-Module-ScanDeps installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10224 advisory. - Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, befor...
Medium: perl-Module-ScanDeps
Issue Overview: Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
Medium: perl-Module-ScanDeps
Issue Overview: Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...