17038 matches found
CVE-2026-11373
Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...
CVE-2026-11373
Summary of CVE-2026-11373 (Net::Statsite::Client) : The Perl client (versions through 1.1.0) is vulnerable to metric injections because metric names are not sanitized for newlines or other protocol control characters (e.g., colons, pipes), and newlines are not removed from metrics. This can allow...
CVE-2026-11373 Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections
Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...
EUVD-2026-38224
Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...
UBUNTU-CVE-2026-9265
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OO...
CVE-2026-9265
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...
EUVD-2026-38103
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...
CVE-2026-9265 Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...
CVE-2026-9265
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...
CVE-2026-9265
Crypt::OpenSSL::PKCS12 for Perl prior to 1.96 is affected by a heap OOB read in print_attribute: the function copies a UTF8STRING ASN.1 attribute value into a heap buffer sized to the declared length using strncpy, but does not append a NUL terminator. Downstream, strlen() is used and the inflate...
ROOT-OS-DEBIAN-11-CVE-2026-8376 CVE-2026-8376 in rootio-perl - Patched by Root
Root has patched CVE-2026-8376 in the rootio-perl package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-42497 CVE-2026-42497 in rootio-perl - Patched by Root
Root has patched CVE-2026-42497 in the rootio-perl package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2025-40909 CVE-2025-40909 in rootio-perl - Patched by Root
Root has patched CVE-2025-40909 in the rootio-perl package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-48962 CVE-2026-48962 in rootio-perl - Patched by Root
Root has patched CVE-2026-48962 in the rootio-perl package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-42496 CVE-2026-42496 in rootio-perl - Patched by Root
Root has patched CVE-2026-42496 in the rootio-perl package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-9538 CVE-2026-9538 in rootio-perl - Patched by Root
Root has patched CVE-2026-9538 in the rootio-perl package for Root:Debian:11. Multiple fixed versions available...
CVE-2026-9692
Summary (CVE-2026-9692): Mojolicious::Sessions::Storable in Perl versions up to 0.05 generates insecure session IDs. The default generator seeds a SHA-1 hash with a mix of low-entropy sources: built-in rand, epoch time, heap address of an anonymous hash, and the process ID, making IDs predictable...
PT-2026-50778
Name of the Vulnerable Software and Affected Versions Mojolicious::Sessions::Storable versions prior to 0.06 Description The software generates session IDs insecurely. The default session ID generator utilizes a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address o...
UBUNTU-CVE-2026-12087
Socket versions before 2.041 for Perl have an out-of-bounds heap read...
ROOT-OS-DEBIAN-13-CVE-2026-8376 CVE-2026-8376 in rootio-perl - Patched by Root
Root has patched CVE-2026-8376 in the rootio-perl package for Root:Debian:13. Multiple fixed versions available...