17350 matches found
Security update for perl-CGI-Session (moderate)
openSUSE Security Update: Security update for perl-CGI-Session Announcement ID: openSUSE-SU-2026:0240-1 Rating: moderate References: 1269983 Cross-References: CVE-2026-56016 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This...
CVE-2026-10879
A flaw was found in perl-DBI. A heap overflow vulnerability exists when preparsing SQL statements with more than 9 binders. The preparse method incorrectly allocates buffer space for SQL placeholder characters, leading to an overflow when processing binders with two or more digits. This can resul...
Linux Distros Unpatched Vulnerability : CVE-2026-14741
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - libhttp-date-perl - None Ubuntu Linux - Unknown description CVE-2026-14741 Note that Nessus relies on the presence of the package as reported by...
perl: Perl threads have a working directory race condition where file operations may target unintended paths
A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...
Moderate: Red Hat Security Advisory: perl:5.32 security update
An update for the perl:5.32 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...
Linux Distros Unpatched Vulnerability : CVE-2026-14454
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as...
CVE-2026-49146
App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...
CVE-2026-49147
App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...
CVE-2026-49147 App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes
App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...
CVE-2026-49147
App::Ack for Perl, up to version 3.10.0, is affected by a vulnerability where terminal control bytes in filenames can be emitted un-sanitised in several output modes. The root cause is that while a _safe_filename helper was added in 3.10.0 to sanitise filenames for -f, -g, the colored match headi...
EUVD-2026-42274
App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...
CVE-2026-49146
CVE-2026-49146 affects App::Ack for Perl prior to 3.10.0. A project .ackrc can set --before-context to an unbounded positive integer, causing ack to allocate a before-context buffer of that size and trigger memory exhaustion. Public descriptions specify the attack path: ack searches upward for a ...
CVE-2026-49145
App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...
CVE-2026-14454
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...
CVE-2026-14454 Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...
CVE-2026-14454
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...
EUVD-2026-42226
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...
CVE-2026-14454
Imager for Perl prior to 1.033 mishandles unsigned EXIF IFD entry counts by treating them as signed, potentially causing an attempt to allocate a block near the address space and terminating a worker process. This can be triggered by crafting an image with crafted EXIF data. The published fix is ...
EUVD-2026-42127
String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s$//u. Because \s matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex...
EUVD-2026-42124
DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders...