SUSE CVE-2020-36829

The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

CVE-2021-47208

The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service...

DEBIAN-CVE-2020-36829

The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

Fedora 39 : perl-Data-UUID (2024-a58a7e2388)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a58a7e2388 advisory. This update fixes CVE-2013-4184 possible symlink attack due to use of predictable temporary file names. The module no longer saves state in temporary files a...

Fedora: Security Advisory (FEDORA-2024-3cf9eb64ba)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-10619 · Unknown · Mojolicious

Name of the Vulnerable Software and Affected Versions: Mojolicious versions prior to 7.66 Description: The issue concerns a situation where the Mojolicious module for Perl may leak cookies when dealing with multiple similar cookies for the same domain. This affects the Mojo::UserAgent::CookieJar...

CVE-2021-47154

A vulnerability was found in the Perl module Net::CIDR::Lite, where extraneous zero characters at the start of an IP address string are not adequately handled. This flaw may enable attackers to circumvent IP address-based access controls in certain scenarios...

DEBIAN-CVE-2018-25099

In the CryptX module before 0.062 for Perl, gcmdecryptverify and chacha20poly1305decryptverify do not verify the tag...

CVE-2021-47155

The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

DEBIAN-CVE-2021-47155

The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

UBUNTU-CVE-2021-47154

The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

PT-2024-10618

Name of the Vulnerable Software and Affected Versions CryptX versions prior to 0.062 Description The issue concerns the CryptX module for Perl, where the functions gcm decrypt verify and chacha20poly1305 decrypt verify do not verify the tag, potentially leading to security issues. Recommendations...

Net-IPv4Addr Security Vulnerability

Net-IPv4Addr is an open source Perl module from metacpan for working with IPv4 addresses. A security vulnerability exists in Net-IPv4Addr version 0.10 that stems from not properly filtering IP address strings that begin with 0, allowing an attacker to bypass IP address-based access control...

PT-2024-11203 · Unknown +1 · Net::Ipv4Addr +1

Name of the Vulnerable Software and Affected Versions: Net::IPV4Addr module version 0.10 for Perl Description: The issue arises from the Net::IPV4Addr module's improper handling of extraneous zero characters in IP address strings. This can lead to the bypassing of access control mechanisms that...

USN-6667-1 libcpanel-json-xs-perl vulnerability

It was discovered that Cpanel-JSON-XS incorrectly decoded certain data. A remote attacker could use this issue to cause Cpanel-JSON-XS to crash, resulting in a denial of service, or possibly obtain sensitive information...

DEBIAN-CVE-2022-48623

The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service...

http-tiny: perl: insecure TLS cert default

A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verifySSL=1 flag to ensure secure HTTPS connections. This oversight can potentially expose...

[SECURITY] [DLA 3723-1] libspreadsheet-parsexlsx-perl security update

Debian LTS Advisory DLA-3723-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 27, 2024 https://wiki.debian.org/LTS Package : libspreadsheet-parsexlsx-perl Version : 0.27-2+deb10u1 CVE ID : CVE-2024-22368 CVE-2024-23525 Debian Bug : 1061098 Security...

http-tiny: perl: insecure TLS cert default

A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verifySSL=1 flag to ensure secure HTTPS connections. This oversight can potentially expose...

Important: perl-Spreadsheet-ParseExcel

Issue Overview: Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type "eval". Specifically, the issue stems from the...