[SECURITY] Fedora 36 Update: perl-Alien-ProtoBuf-0.09-17.fc36

Depending on Alien::ProtoBuf Perl module ensures the Protocol Buffers library is installed on your system...

Debian: Security Advisory (DLA-264-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-320-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

libhtml-stripscripts is vulnerable to denial of service DoS. The perl module which removes html scripts is causing this vulnerability by backtracking for HTML content with specially crafted style attributes. This causes regular expression denial of service...

SUSE CVE-2004-0452

Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack...

SUSE CVE-2007-3409

Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service stack consumption via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop...

SUSE CVE-2007-4829

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences...

SUSE CVE-2009-0663

Heap-based buffer overflow in the DBD::Pg aka DBD-Pg or libdbd-pg-perl module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pggetline functions to read database rows...

SUSE CVE-2009-1341

Memory leak in the dequotebytea function in quote.c in the DBD::Pg aka DBD-Pg or libdbd-pg-perl module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service memory consumption by fetching data with BYTEA columns...

SUSE CVE-2009-3560

The big2toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service application crash via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlo...

SUSE CVE-2011-4116

issafe in the File::Temp module for Perl does not properly handle symlinks...

SUSE CVE-2012-1152

Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML aka YAML-LibYAML and perl-YAML-LibYAML module 0.38 for Perl allow remote attackers to cause a denial of service process crash via format string specifiers in a 1 YAML stream to the Load function, 2 YA...

SUSE CVE-2012-1151

Multiple format string vulnerabilities in dbdimp.c in DBD::Pg aka DBD-Pg or libdbd-pg-perl module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service process crash via format string specifiers in 1 a crafted database warning to the pgwarn function or 2 a...

SUSE CVE-2012-2451

The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be...

SUSE CVE-2012-5526

CGI.pm module before 3.63 for Perl does not properly escape newlines in 1 Set-Cookie or 2 P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm...

SUSE CVE-2013-4184

Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks...

SUSE CVE-2013-4407

HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...

SUSE CVE-2014-9130

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML aka YAML-XS module for Perl, allows context-dependent attackers to cause a denial of service assertion failure and crash via vectors involving line-wrapping...

SUSE CVE-2014-10401

An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute...

SUSE CVE-2016-1249

The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service out-of-bounds read via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression...