Lucene search
K

135 matches found

Mageia
Mageia
added 2026/05/19 2:46 a.m.12 views

Updated perl-libwww-perl & perl-HTTP-Message packages fix security vulnerabilities

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects...

6.5CVSS5.8AI score0.00266EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/17 6:43 p.m.9 views

CVE-2026-8507 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING attribute on a SAFEBAG, via info or infoashash, a heap out-of-bounds write would be triggered with remote-code-execution potential RCE du...

5.9AI score0.00648EPSS
Exploits0References4
CVE
CVE
added 2026/05/17 5:51 p.m.18 views

CVE-2026-46720

Net::Statsd::Tiny for Perl is affected by CVE-2026-46720 in versions before 0.3.8. The vulnerability arises because metric names and set values are not validated for newlines, colons, or pipes, allowing metrics from untrusted sources to inject additional statsd metrics. Affected product/version: ...

8.2CVSS5.8AI score0.00344EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/16 1:37 p.m.9 views

CVE-2026-46719 Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections

Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

5.8AI score0.00306EPSS
Exploits0References2
CVE
CVE
added 2026/05/16 1:37 p.m.25 views

CVE-2026-46719

Net::Statsd::Lite (Perl) is affected by CVE-2026-46719 for versions prior to 0.9.0, where metric names are not validated for newlines, colons, or pipes. This allows metrics from untrusted sources to inject additional statsd metrics. Public sources in the included documents confirm the impact on m...

6.5CVSS5.8AI score0.00306EPSS
Exploits0References3
OSV
OSV
added 2026/05/15 11:16 p.m.7 views

DEBIAN-CVE-2026-8704

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

6.5CVSS5.8AI score0.00318EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 7:35 p.m.8 views

CLSA-2026-1778787308 perl: Fix of CVE-2023-31486

CVE-2023-31486: HTTP::Tiny verifies TLS certificates by default...

8.1CVSS5.8AI score0.01742EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 12:40 p.m.14 views

CVE-2026-8463

Crypt::Argon2 for Perl (versions 0.017 before 0.031) contains a heap out-of-bounds read in argon2_verify when given an empty encoded input. The auto-detect path passes encoded_len-1 to memchr without ensuring encoded_len is non-zero; with an empty string this underflows to SIZE_MAX and may cause ...

5.3CVSS5.8AI score0.00327EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/12 3:31 p.m.8 views

EUVD-2026-29492

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...

5.8AI score0.00266EPSS
Exploits0References5
OSV
OSV
added 2026/05/12 3:16 p.m.4 views

UBUNTU-CVE-2026-8368

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...

6.5CVSS5.8AI score0.00266EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/12 2:1 p.m.8 views

CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...

5.8AI score0.00266EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/12 2:1 p.m.11 views

CVE-2026-8368

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...

6.5CVSS5.8AI score0.00266EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

YAML::Syck 安全漏洞

YAML::Syck is a Perl library open-sourced by CPAN authors. Versions of YAML::Syck prior to 1.38 contained security vulnerabilities. These vulnerabilities stemmed from the base60 parsing code in perlsyck.h, which experienced a buffer underflow. When processing the leftmost segment of colon-separat...

7.3CVSS6.1AI score0.00333EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 10:22 p.m.5 views

UBUNTU-CVE-2026-7010

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one ...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References3
OSV
OSV
added 2026/05/11 9:44 a.m.8 views

CLSA-2026-1778492641 perl: Fix of 2 CVEs

CVE-2023-47038: fix write past buffer end via illegal user-defined Unicode property, for almalinux9.2esu - CVE-2025-40909: clone dirhandles without fchdir, for almalinux9.2esu...

7.8CVSS6.8AI score0.00832EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39733

Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries. Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such as CVE-2015-0852 and CVE-2025-65803. The library embeds other images libraries that also have...

7.3CVSS5.8AI score0.00291EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/10 8:48 p.m.9 views

CVE-2026-8177

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory...

5.8AI score0.00531EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 6:16 p.m.5 views

UBUNTU-CVE-2026-6659

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.5 views

Oracle Linux 8 : perl-XML-Parser (ELSA-2026-7681)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-7681 advisory. 2.44-12.0.1 - Add perlLWP, perlURI, perlURI::file Requires 2.44-12 - Fix CVE-2006-10002, CVE-2006-10003 Tenable has extracted the preceding description...

9.8CVSS5.9AI score0.00604EPSS
Exploits0References3
OSV
OSV
added 2026/04/10 10:16 p.m.3 views

UBUNTU-CVE-2026-40199

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

6.5CVSS5.8AI score0.00309EPSS
Exploits0References7
Rows per page
Query Builder