Lucene search
+L

101 matches found

rocky
rocky
added 2 days ago5 views

perl-XML-LibXML security update

An update is available for perl-XML-LibXML. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This module implements a Perl interface to the GNOME libxml2 library...

7.5CVSS6.1AI score0.00531EPSS
Exploits0
cve
cve
added 3 days ago11 views

CVE-2026-60081

The provided data indicate a memory‑consumption risk in DBI::ProfileData prior to version 1.651 for Perl. The issue arises from an unbounded path index in profile dump files, which can be used to allocate an excessively large array and exhaust memory. Affected component: DBI::ProfileData (Perl). ...

7.5CVSS6.1AI score0.00209EPSS
Exploits0References4
osv
osv
added 4 days ago3 views

ALSA-2026:38512 Important: perl-DBI security update

DBI is a database access Application Programming Interface API for the Perl Language. The DBI API Specification defines a set of functions, variables and conventions that provide a consistent database interface independent of the actual database being used. Security Fixes: DBI: DBI: Buffer overfl...

9.8CVSS6.5AI score0.00452EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/07 10:5 p.m.34 views

CVE-2026-14739 DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders

DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders...

0.00396EPSS
Exploits0References3
redhat
redhat
added 2026/07/07 9:54 a.m.5 views

perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in send_file()

A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...

9.1CVSS6.2AI score0.01452EPSS
Exploits0References7
nvd
nvd
added 2026/07/05 2:17 a.m.15 views

CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS0.00508EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/01 6:46 a.m.37 views

CVE-2026-56016 CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

0.00322EPSS
Exploits0References2
fedora
fedora
added 2026/06/30 1:8 a.m.5 views

[SECURITY] Fedora 43 Update: perl-DBI-1.648-1.fc43

DBI is a database access Application Programming Interface API for the Perl Language. The DBI API Specification defines a set of functions, variables and conventions that provide a consistent database interface independent of the actual database being used...

9.8CVSS5.8AI score0.00452EPSS
Exploits0
redhat
redhat
added 2026/06/29 2:16 a.m.8 views

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

7.8CVSS6.1AI score0.00292EPSS
Exploits3References6
osv
osv
added 2026/06/25 3:26 p.m.2 views

CVE-2026-12844 List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function

List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling alloc = 2 instead of a...

7.5CVSS6.2AI score0.00419EPSS
Exploits0References7
cve
cve
added 2026/06/22 11:28 a.m.22 views

CVE-2026-11373

Summary of CVE-2026-11373 (Net::Statsite::Client) : The Perl client (versions through 1.1.0) is vulnerable to metric injections because metric names are not sanitized for newlines or other protocol control characters (e.g., colons, pipes), and newlines are not removed from metrics. This can allow...

9.1CVSS5.8AI score0.00352EPSS
Exploits0References6
osv
osv
added 2026/06/12 2:16 p.m.2 views

CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.9AI score
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/12 1:19 p.m.10 views

CVE-2017-20240 Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.2AI score0.00319EPSS
Exploits0References3
suse
suse
added 2026/06/09 2:33 p.m.9 views

Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

8.2CVSS5.4AI score0.00531EPSS
Exploits0References4
euvd
euvd
added 2026/06/09 7:34 a.m.15 views

EUVD-2009-5128

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

9.1CVSS5.5AI score0.00369EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.16 views

PT-2026-47705

Name of the Vulnerable Software and Affected Versions DBI versions prior to 1.648 Description Error messages returned when RaiseError, PrintError, or HandleError are enabled are written to a 200-byte buffer that lacks a length limit. Attackers capable of influencing the error text within an...

9.8CVSS5.7AI score0.00452EPSS
Exploits0References51
osv
osv
added 2026/06/06 10:16 a.m.8 views

UBUNTU-CVE-2026-10725

Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...

7.5CVSS5.4AI score0.00414EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/06/05 7:46 p.m.14 views

CVE-2026-46473

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

7.5CVSS5.4AI score0.00416EPSS
Exploits0References1
osv
osv
added 2026/06/04 4:7 p.m.3 views

CVE-2026-49941 Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses

Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit...

7.5CVSS5.9AI score0.00329EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.16 views

PT-2026-46135

Name of the Vulnerable Software and Affected Versions HTML::Entities versions prior to 3.84 Description The XS routine supporting decode entities caches a pointer repl to the entity-value SV returned by hv fetch on the entity2char hash. If the input SV is identical to a value SV in that hash and...

7.5CVSS5.4AI score0.0031EPSS
Exploits0References33
Rows per page
Query Builder