SUSE CVE-2024-22368

The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells...

CVE-2024-22368

The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells...

Fedora 39 : perl-Spreadsheet-ParseExcel (2023-921f6975c2)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-921f6975c2 advisory. Fix for CVE-2023-7101 unvalidated input can lead to arbitrary code execution vulnerability. Tenable has extracted the preceding description block...

[SECURITY] [DLA 3702-1] libspreadsheet-parseexcel-perl security update

Debian LTS Advisory DLA-3702-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin December 31, 2023 https://wiki.debian.org/LTS Package : libspreadsheet-parseexcel-perl Version : 0.6500-1+deb10u1 CVE ID : CVE-2023-7101 Debian Bug : 1059450 Le Dinh Hai discovered that...

[SECURITY] [DSA 5592-1] libspreadsheet-parseexcel-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5592-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 30, 2023 https://www.debian.org/security/faq -...

p5-Spreadsheet-ParseExcel -- Remote Code Execution Vulnerability

Spreadsheet-ParseExcel reports: Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type eval "eval". Specifically, the...

CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...

UBUNTU-CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...

CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...

CVE-2023-7101 Arbitrary Code Execution (ACE) Vulnerability

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...

CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...

http-tiny: perl: insecure TLS cert default

A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verifySSL=1 flag to ensure secure HTTPS connections. This oversight can potentially expose...

Debian: Security Advisory (DLA-3509-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3509-1] libmail-dkim-perl update

Debian LTS Advisory DLA-3509-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany July 27, 2023 https://wiki.debian.org/LTS Package : libmail-dkim-perl Version : 0.54-1+deb10u1 Debian Bug : 1039489 It was discovered that the domain check in libmail-dkim-perl, a Perl...

OESA-2023-1420 perl-CPAN security update

The CPAN module automates or at least simplifies the make and install of perl modules and extensions. It includes some primitive searching capabilities and knows how to use LWP, HTTP::Tiny, Net::FTP and certain external download clients to fetch distributions from the net. The CPAN module also...

Important: perl-HTTP-Tiny

Issue Overview: HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CVE-2023-31486 Affected Packages: perl-HTTP-Tiny Issue Correction: Run dnf update perl-HTTP-Tiny --releasev...

Important: perl

Issue Overview: HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CVE-2023-31484 Affected Packages: perl Issue Correction: Run dnf update perl --releasever 2023.0.20230517 o...

DEBIAN-CVE-2023-31484

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...

UBUNTU-CVE-2023-31484

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...

UBUNTU-CVE-2023-31486

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...