Lucene search
+L

203 matches found

Tenable Nessus
Tenable Nessus
added 2023/07/09 12:0 a.m.17 views

Fedora 37 : perl-CPAN (2023-1e5af38524)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1e5af38524 advisory. Security fix for CVE-2023-31484 CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CPAN 2.35 - Add...

8.1CVSS8.1AI score0.01548EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/07/09 12:0 a.m.26 views

Fedora 38 : perl-CPAN (2023-46924e402a)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-46924e402a advisory. Security fix for CVE-2023-31484 CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CPAN 2.35 - Add...

8.1CVSS8.1AI score0.01548EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2023/07/03 5:17 p.m.28 views

CVE-2023-31484

A flaw was found in Perl's CPAN, which doesn't check TLS certificates when downloading content. This happens due to verifySSL missing when suing the HTTP::Tiny library during the connection. This may allow an attacker to inject into the network path and perform a Man-In-The-Middle attack, causing...

7.4CVSS7.7AI score0.01548EPSS
Exploits1References3
Amazon
Amazon
added 2023/06/27 12:0 a.m.31 views

Important: perl-HTTP-Tiny

Issue Overview: HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CVE-2023-31486 Affected Packages: perl-HTTP-Tiny Note: This advisory is applicable to Amazon Linux 2 AL2 Co...

8.1CVSS7.6AI score0.01742EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/06/09 12:0 a.m.13 views

Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2023-2163)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.8AI score0.00791EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/06/08 12:0 a.m.32 views

Amazon Linux 2023 : perl-CPAN, perl-CPAN-tests (ALAS2023-2023-182)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-182 advisory. HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CVE-2023-31484 Tenable has...

8.1CVSS8AI score0.01548EPSS
Exploits1References4
Amazon
Amazon
added 2023/06/07 12:0 a.m.6 views

Important: perl-CPAN

Issue Overview: HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CVE-2023-31484 Affected Packages: perl-CPAN Issue Correction: Run dnf update perl-CPAN --releasever...

8.1CVSS8AI score0.01548EPSS
Exploits1
Ubuntu
Ubuntu
added 2023/06/05 10:31 a.m.63 views

USN-6112-2: Perl vulnerability

USN-6112-1 fixed vulnerabilities in Perl. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. Original advisory details: It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with...

8.1CVSS8AI score0.01548EPSS
Exploits1
OSV
OSV
added 2023/05/29 6:16 p.m.11 views

USN-6112-1 perl vulnerability

It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with HTTP::Tiny to download modules over HTTPS. If a remote attacker were able to intercept communications, this flaw could potentially be used to install altered modules...

8.1CVSS5.8AI score0.01548EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2023/05/29 6:16 p.m.71 views

USN-6112-1: Perl vulnerability

It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with HTTP::Tiny to download modules over HTTPS. If a remote attacker were able to intercept communications, this flaw could potentially be used to install altered modules...

8.1CVSS8AI score0.01548EPSS
Exploits1
OSV
OSV
added 2023/05/19 11:5 a.m.6 views

OESA-2023-1287 perl security update

Perl 5 is a highly capable, feature-rich programming language with over 30 years of development. Perl 5 runs on over 100 platforms from portables to mainframes and is suitable for both rapid prototyping and large scale development projects. Security Fixes: CPAN.pm before 2.35 does not verify TLS...

8.1CVSS6.9AI score0.01548EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/05/03 2:29 a.m.4 views

SUSE CVE-2023-31484

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...

7.4CVSS8.4AI score0.01548EPSS
Exploits1References82
NVD
NVD
added 2023/04/29 12:15 a.m.24 views

CVE-2023-31486

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

8.1CVSS7.9AI score0.01742EPSS
Exploits0References11
OSV
OSV
added 2023/04/29 12:15 a.m.9 views

AZL-37126 CVE-2023-31484 affecting package perl for versions less than 5.34.1-489

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...

8.1CVSS7.2AI score0.01548EPSS
Exploits1References1
Prion
Prion
added 2023/04/29 12:15 a.m.51 views

Default configuration

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

5.1CVSS7.7AI score0.01742EPSS
Exploits0References10Affected Software1
UbuntuCve
UbuntuCve
added 2023/04/29 12:15 a.m.44 views

CVE-2023-31486

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

8.1CVSS6.9AI score0.01742EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/04/29 12:0 a.m.1 views

Comprehensive Perl Archive Network 信任管理问题漏洞

The Comprehensive Perl Archive Network Cpan is a repository of over 200,000 Perl programming language modules. A security vulnerability exists in Comprehensive Perl Archive Network versions prior to 2.35, which stems from a TLS certificate not being validated during distribution via HTTPS downloa...

8.1CVSS8AI score0.01548EPSS
Exploits1References13
OSV
OSV
added 2023/04/28 12:0 a.m.26 views

CVE-2023-31486

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

8.1CVSS7AI score0.01742EPSS
Exploits0References13
Debian CVE
Debian CVE
added 2023/04/28 12:0 a.m.445 views

CVE-2023-31486

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

8.1CVSS7.5AI score0.01742EPSS
Exploits0
OSV
OSV
added 2022/11/10 10:8 p.m.9 views

CLSA-2022-1668118081 Fix CVE(s): CVE-2020-16156

SECURITY UPDATE: Signature verification bypass - debian/patches/fixes/CVE-2020-16156.patch: recognize CANNOTVERIFY signature verification type, add two new failure modes based on 'cpanpath' and improve interaction with external 'gpg' executable. - CVE-2020-16156...

7.8CVSS7.3AI score0.00791EPSS
Exploits1References1
Rows per page
Query Builder