Search for packages
| purl | pkg:deb/debian/perl@5.36.0-7%2Bdeb12u2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-m8p9-8hjz-aaae
Aliases: CVE-2023-31484 |
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-wp6a-qnkv-aaaf
Aliases: CVE-2023-31486 |
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-8v62-79q2-aaaj | CPAN 2.28 allows Signature Verification Bypass. |
CVE-2020-16156
|
| VCID-m8p9-8hjz-aaae | CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. |
CVE-2023-31484
|
| VCID-tnb2-6jhr-z3gx | A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses. |
CVE-2024-56406
|
| VCID-wp6a-qnkv-aaaf | HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. |
CVE-2023-31486
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-22T15:19:56.599474+00:00 | Debian Importer | Affected by | VCID-m8p9-8hjz-aaae | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-22T13:44:05.690233+00:00 | Debian Importer | Affected by | VCID-wp6a-qnkv-aaaf | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T07:57:51.033911+00:00 | Debian Importer | Fixing | VCID-m8p9-8hjz-aaae | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T03:42:32.755684+00:00 | Debian Importer | Fixing | VCID-8v62-79q2-aaaj | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-20T23:47:01.263643+00:00 | Debian Importer | Fixing | VCID-wp6a-qnkv-aaaf | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-01T21:50:35.223182+00:00 | Debian Importer | Affected by | VCID-m8p9-8hjz-aaae | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-06-01T20:31:19.398521+00:00 | Debian Importer | Affected by | VCID-wp6a-qnkv-aaaf | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-05-17T21:40:40.552624+00:00 | Debian Importer | Fixing | VCID-8v62-79q2-aaaj | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-23T18:47:25.903910+00:00 | Debian Importer | Fixing | VCID-tnb2-6jhr-z3gx | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-22T03:36:08.478023+00:00 | Debian Importer | Fixing | VCID-wp6a-qnkv-aaaf | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-22T02:20:00.643644+00:00 | Debian Importer | Fixing | VCID-m8p9-8hjz-aaae | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |