135 matches found
RHSA-2026:6470 Red Hat Security Advisory: perl-YAML-Syck security update
Bulletin has no description...
CVE-2026-3256
HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will come...
ALPINE-CVE-2026-3381
Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...
AZL-79362 CVE-2026-3381 affecting package keras 2.11.0-3
Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...
CVE-2026-3381
Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...
AZL-79296 CVE-2026-3381 affecting package cloud-hypervisor 32.0-7
Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...
AZL-79415 CVE-2026-3381 affecting package mariadb-connector-c 3.3.8-3
Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...
PT-2026-23124
Name of the Vulnerable Software and Affected Versions Compress::Raw::Zlib versions through 2.219 Description The software includes a copy of the zlib library, and versions up to 2.219 may use potentially insecure versions of zlib. Version 2.220 includes zlib 1.3.2, which addresses findings from a...
UBUNTU-CVE-2021-4456
Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions addr2cidr and cidrlookup may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attacker ma...
CVE-2025-40932
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...
Crypt::SysRandom::XS 安全漏洞
Crypt::SysRandom::XS is a Perl library developed by LEONT’s individual developers, designed for generating encrypted random numbers. Versions of Crypt::SysRandom::XS prior to 0.010 contained security vulnerabilities. These vulnerabilities stemmed from the XS function randombytes, which did not...
CVE-2026-2588
Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN sizet to unsigned long long when passing a length pointer to libsodium functions. On 32-bit systems sizet is typically 32-bits while an unsigned long long is at least 64-bi...
Maypole 安全漏洞
Maypole is a Perl language library developed by TEEJAY’s individual developers. Versions 2.10 to 2.13 of Maypole contain security vulnerabilities, which stem from insecure session ID generation, potentially leading to session hijacking...
MetaCPAN WWW::OAuth 安全漏洞
MetaCPAN WWW::OAuth is a Perl authentication library developed by the MetaCPAN Foundation. Versions of MetaCPAN WWW::OAuth 1.000 and earlier contained a security vulnerability. This vulnerability stemmed from using the rand function as the default entropy source for encryption functions, which is...
EUVD-2025-199778
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should retur...
USN-7844-1 libyaml-syck-perl vulnerability
It was discovered that YAML::Syck did not properly handle parsing YAML files. An attacker could possibly use this issue to expose sensitive information...
EUVD-2025-27141
Malicious code in bioql PyPI...
EUVD-2025-16304
Malicious code in bioql PyPI...
CLSA-2025-1759497739 perl-HTTP-Tiny: Fix of CVE-2023-31486
CVE-2023-31486: fix insecure default TLS configuration - Enable automated tests during build...
CVE-2024-58040
Crypt::RandomEncryption for Perl version 0.01 uses insecure rand function during encryption...