Lucene search
K

135 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-40288

Net::BitTorrent versions through 2.0.1 for Perl write files outside the download directory via path traversal in peer-supplied metadata. Net::BitTorrent validates file path components only on the .torrent-file ingest path. The peer and magnet metadata path onmetadatareceived, reached from the BEP...

5.3CVSS5.8AI score
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-13758

CVE-2026-13758 affects CryptX for Perl versions before 0.088_001. The vulnerability stems from a non-constant-time comparison of AEAD authentication tags in the streaming decrypt_done path, using memNE (memcmp() != 0). The run time varies with the number of matching leading bytes across all five ...

3.7CVSS5.8AI score0.00226EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Debian dla-4639 : libhttp-daemon-perl - security update

The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dla-4639 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4639-1 [email protected]...

9.1CVSS6.1AI score0.01231EPSS
Exploits0References5
OSV
OSV
added 2026/06/20 2:16 a.m.5 views

UBUNTU-CVE-2026-9265

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

9.1CVSS6AI score0.00354EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in libimage-exiftool-perl

In ExifTool’s lib/Image/ExifTool.pm, version 12.38 incorrectly handles the $file = /|$/ check, resulting in command injection...

7.8CVSS7.3AI score0.07575EPSS
Exploits5References1
Fedora
Fedora
added 2026/06/19 1:10 a.m.9 views

[SECURITY] Fedora 43 Update: perl-HTTP-Daemon-6.17-1.fc43

Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a socket for incoming requests. The HTTP::Daemon is a subclass of IO::Socket::IP, so you can perform socket operations directly on it too...

9.1CVSS5.2AI score0.01231EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/17 8:2 a.m.7 views

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer

...

9.8CVSS5.8AI score0.00376EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.7 views

SUSE SLED15 / SLES15 Security Update : perl-XML-LibXML (SUSE-SU-2026:2324-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2324-1 advisory. This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing...

7.5CVSS5.5AI score0.00531EPSS
Exploits0References4
CVE
CVE
added 2026/06/12 2:41 p.m.30 views

CVE-2026-9638

Crypt::PBKDF2 for Perl versions before 0.261630 are vulnerable because they generate salts with the built-in rand function, which is predictable and not suitable for cryptography. Affected component: Crypt::PBKDF2 (Perl). Root cause: use of insecure RNG for salts. Impact: cryptographic salts may ...

7.5CVSS5.3AI score0.00305EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 2:16 p.m.6 views

UBUNTU-CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.3AI score0.00319EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/12 1:19 p.m.6 views

EUVD-2017-18978

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.2AI score0.00319EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 1:49 p.m.6 views

USN-8419-1 libhttp-daemon-perl vulnerability

It was discovered that HTTP-Daemon incorrectly handled untrusted input under certain circumstances. A remote attacker could possibly use this issue to execute arbitrary commands, create or overwrite arbitrary files, or expose sensitive information...

9.1CVSS5.9AI score0.01231EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 8:58 a.m.9 views

USN-8418-1 libcrypt-saltedhash-perl vulnerability

It was discovered that Crypt-SaltedHash incorrectly generated salts using a cryptographically weak pseudo-random number generator. An attacker could possibly use this issue to predict generated salts, leading to a weakening of cryptographic protections...

9.1CVSS5.3AI score0.00397EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 2:33 p.m.5 views

SUSE-SU-2026:2324-1 Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715...

7.5CVSS5.4AI score0.00531EPSS
Exploits0References3
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Medium: perl-libwww-perl

Issue Overview: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorizatio...

6.5CVSS5.5AI score0.00266EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Medium: perl-libwww-perl

Issue Overview: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorizatio...

6.5CVSS5.4AI score0.00266EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.7 views

Amazon Linux 2 : perl-libwww-perl, --advisory ALAS2-2026-3325 (ALAS-2026-3325)

The version of perl-libwww-perl installed on the remote host is prior to 6.05-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3325 advisory. LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross- origin redirects...

6.5CVSS5.5AI score0.00266EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.6 views

Amazon Linux 2023 : perl-libwww-perl, perl-libwww-perl-tests (ALAS2023-2026-1764)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1764 advisory. LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross- origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before...

6.5CVSS5.5AI score0.00266EPSS
Exploits0References4
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Medium: perl-XML-LibXML

Issue Overview: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjace...

7.5CVSS5.5AI score0.00531EPSS
Exploits0
Fedora
Fedora
added 2026/06/07 12:57 a.m.12 views

[SECURITY] Fedora 44 Update: perl-CryptX-0.089-1.fc44

This Perl library provides a cryptography based on LibTomCrypt library...

7.5CVSS5.4AI score0.00469EPSS
Exploits0
Rows per page
Query Builder