Group Email Manager

login signup

Date Index - April 2025 - CPANSec CVE announcements

01 Apr 2025 01:55 UTC CVE-2025-30672: Mite for Perl generates code with an untrusted search path vulnerability Stig Palmquist
01 Apr 2025 02:13 UTC CVE-2025-30673: Sub::HandlesVia for Perl allows untrusted code to be included from the current working directory Timothy Legge
01 Apr 2025 02:23 UTC CVE-2025-3051: Linux::Statm::Tiny for Perl allows untrusted code to be included from the current working directory Stig Palmquist
02 Apr 2025 12:57 UTC CVE-2025-1805: Crypt::Salt for Perl uses insecure rand() function when generating salts for cryptographic purposes Stig Palmquist
05 Apr 2025 15:39 UTC CVE-2024-57868: Web::API 2.8 and earlier for Perl uses insecure rand() function for cryptographic functions Timothy Legge
05 Apr 2025 16:08 UTC CVE-2024-58036: Net::Dropbox::API 1.9 and earlier for Perl uses insecure rand() function for cryptographic functions Timothy Legge
05 Apr 2025 18:22 UTC CVE-2024-57835: Amon2::Auth::Site::LINE versions through 0.04 for Perl uses insecure rand() function for cryptographic functions Timothy Legge
05 Apr 2025 18:23 UTC CVE-2024-52322: WebService::Xero 0.11 for Perl uses insecure rand() function for cryptographic functions Timothy Legge
05 Apr 2025 18:27 UTC CVE-2024-56370: Net::Xero 0.044 and earlier for Perl uses insecure rand() function for cryptographic functions Timothy Legge
12 Apr 2025 23:46 UTC CVE-2025-2814: Crypt::CBC versions between 1.21 and 3.04 for Perl may use insecure rand() function for cryptographic functions Timothy Legge
13 Apr 2025 13:18 UTC CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes Stig Palmquist