briandfoy/cpan-security-advisory

briandfoy/cpan-security-advisory

Releases176

Frequency3 days 5 hours

Last Release 18 days ago

Stars25

CPAN Security Advisory Database

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-56830 ↗	Jan 2, 2025Thursday, 2 January 2025, 05:15	5.4 MEDIUM	—
The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomization module is present.
CVE-2002-20002 ↗	Jan 2, 2025Thursday, 2 January 2025, 05:15	5.4 MEDIUM	—
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys.
CVE-2024-53901 ↗	Nov 24, 2024Sunday, 24 November 2024, 17:15	5.5 MEDIUM	—
The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim() method is called on a crafted input image.
CVE-2022-48623 ↗	Feb 13, 2024Tuesday, 13 February 2024, 05:15	9.1 CRITICAL	—
The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service.
CVE-2023-52431 ↗	Feb 13, 2024Tuesday, 13 February 2024, 05:15	8.8 HIGH	—
The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled).