MiracleLinux 8 : perl-CPAN-2.18-399.el8 (AXSA:2024-8271:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8271:01 advisory. perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS CVE-2023-31484 Tenable has extracted the preceding description block...

MiracleLinux 9 : perl-CPAN-2.29-3.el9 (AXSA:2023-6650:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6650:01 advisory. perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS CVE-2023-31484 Tenable has extracted the preceding description block...

RHEL 7 : perl (RHSA-2026:0079)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0079 advisory. Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes: perl: CPAN.p...

MGASA-2025-0276 Updated perl-CPAN & perl-HTTP-Tiny packages fix security vulnerabilities

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CVE-2023-31484 HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

MGASA-2025-0274 Updated perl packages fix security vulnerabilities

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CVE-2023-31484 Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes. CVE-2024-56406 Perl threads have a working directory race condition where file operations may target...

Updated perl-CPAN & perl-HTTP-Tiny packages fix security vulnerabilities

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CVE-2023-31484 HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

EUVD-2020-8121

Malware in sbrugna...

EUVD-2020-8122

Malware in sbrugna...

EUVD-2004-2324

Malware in sbrugna...

EUVD-2023-35789

Malicious code in bioql PyPI...

CLSA-2025-1759497192 perl-CPAN: Fix of CVE-2023-31484

CVE-2023-31484: verify TLS certificates when downloading distributions over HTTPS...

Advisory ROSA-SA-2025-2957

Software: perl-CPAN 2.18 OS: ROSA Virtualization 2.1 unaffected versions = perl-CPAN-2.18-397.0.1.rv3 affected versions perl-CPAN-2.18-397.0.1.rv3 CVE-ID: CVE-2023-31484 BDU-ID: 2023-03871 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the CPAN.pm component of the Perl programming language is relat...

RLSA-2025:8432 Moderate: perl-CPAN security update

The CPAN module is a tool to query, download and build perl modules from CPAN sites. Security Fixes: perl-CPAN: Bypass of verification of signatures in CHECKSUMS files CVE-2020-16156 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

NewStart CGSL MAIN 7.02 : perl-CPAN Vulnerability (NS-SA-2025-0188)

The remote NewStart CGSL host, running version MAIN 7.02, has perl-CPAN packages installed that are affected by a vulnerability: - CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CVE-2023-31484 Note that Nessus has not tested for these issues but ha...

MAL-2025-6483 Malicious code in cpan (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e70433969aea3c8283f99098b25b8a598f427b5fd451e9bfd5bc46098704bfb2 Installing the package starts a revshell and download and starts a remote script depending on version, different malicious functionality. The name seems to...

TencentOS Server 4: perl-CPAN (TSSA-2024:0859)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0859 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: perl-CPAN (TSSA-2024:0146)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0146 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-40914

A critical integer overflow vulnerability has been discovered in the CPAN CryptX module. This flaw is inherited from an underlying dependency within the module. If successfully exploited, this vulnerability could lead to arbitrary code execution, allowing an attacker to gain full control over the...

CVE-2025-40912

A denial-of-service vulnerability has been discovered in the CPAN CryptX module. This flaw can be triggered by an attacker who is able to supply specially malformed Unicode input. Such malicious input could lead to a program crash, impacting the availability of any applications or services that...

Oracle Linux 8 : perl-CPAN (ELSA-2025-8432)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-8432 advisory. 2.18-402 - Resolves: RHEL-9605 - Add 2022 PAUSE public key. - Change default value for urllist to https://www.cpan.org - Use gpg --verify --output ... to...