203 matches found
Fedora 37 : perl-CPAN (2023-1e5af38524)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1e5af38524 advisory. Security fix for CVE-2023-31484 CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CPAN 2.35 - Add...
Fedora 38 : perl-CPAN (2023-46924e402a)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-46924e402a advisory. Security fix for CVE-2023-31484 CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CPAN 2.35 - Add...
CVE-2023-31484
A flaw was found in Perl's CPAN, which doesn't check TLS certificates when downloading content. This happens due to verifySSL missing when suing the HTTP::Tiny library during the connection. This may allow an attacker to inject into the network path and perform a Man-In-The-Middle attack, causing...
Important: perl-HTTP-Tiny
Issue Overview: HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CVE-2023-31486 Affected Packages: perl-HTTP-Tiny Note: This advisory is applicable to Amazon Linux 2 AL2 Co...
Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2023-2163)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2023 : perl-CPAN, perl-CPAN-tests (ALAS2023-2023-182)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-182 advisory. HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CVE-2023-31484 Tenable has...
Important: perl-CPAN
Issue Overview: HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CVE-2023-31484 Affected Packages: perl-CPAN Issue Correction: Run dnf update perl-CPAN --releasever...
USN-6112-2: Perl vulnerability
USN-6112-1 fixed vulnerabilities in Perl. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. Original advisory details: It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with...
USN-6112-1 perl vulnerability
It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with HTTP::Tiny to download modules over HTTPS. If a remote attacker were able to intercept communications, this flaw could potentially be used to install altered modules...
USN-6112-1: Perl vulnerability
It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with HTTP::Tiny to download modules over HTTPS. If a remote attacker were able to intercept communications, this flaw could potentially be used to install altered modules...
OESA-2023-1287 perl security update
Perl 5 is a highly capable, feature-rich programming language with over 30 years of development. Perl 5 runs on over 100 platforms from portables to mainframes and is suitable for both rapid prototyping and large scale development projects. Security Fixes: CPAN.pm before 2.35 does not verify TLS...
SUSE CVE-2023-31484
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...
CVE-2023-31486
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...
AZL-37126 CVE-2023-31484 affecting package perl for versions less than 5.34.1-489
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...
Default configuration
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...
CVE-2023-31486
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...
Comprehensive Perl Archive Network 信任管理问题漏洞
The Comprehensive Perl Archive Network Cpan is a repository of over 200,000 Perl programming language modules. A security vulnerability exists in Comprehensive Perl Archive Network versions prior to 2.35, which stems from a TLS certificate not being validated during distribution via HTTPS downloa...
CVE-2023-31486
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...
CVE-2023-31486
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...
CLSA-2022-1668118081 Fix CVE(s): CVE-2020-16156
SECURITY UPDATE: Signature verification bypass - debian/patches/fixes/CVE-2020-16156.patch: recognize CANNOTVERIFY signature verification type, add two new failure modes based on 'cpanpath' and improve interaction with external 'gpg' executable. - CVE-2020-16156...