Lucene search
K

728 matches found

RedHat Linux
RedHat Linux
added 2026/05/23 5:23 a.m.25 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nginx: nginx-1.30.2-1.hum1 aarch64, x8664 nginx-all-modules-1.30.2-1.hum1 noarch nginx-core-1.30.2-1.hum1 aarch64, x8664 nginx-filesystem-1.30.2-1.hum1 noarch nginx-mod-devel-1.30.2-1.hum1 aarch6...

9.2CVSS5.8AI score0.04261EPSS
Exploits7References6
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.12 views

Unity Linux 20.1050e / 20.1070e Security Update: perl-Net-CIDR-Lite (UTSA-2026-016598)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016598 advisory. The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some...

6.3CVSS6.6AI score0.00493EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/21 6:53 p.m.10 views

CVE-2026-46473 Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

5.8AI score0.00416EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/21 1:11 p.m.14 views

SUSE CVE-2026-47372

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References3
CVE
CVE
added 2026/05/20 10:8 p.m.31 views

CVE-2026-47372

CVE-2026-47372 affects Crypt::SaltedHash for Perl up to version 0.09, where salts are generated using the built-in rand function. This produces insecure, predictable randomness, compromising cryptographic strength. Multiple sources (SUSE, ENISA EUVD, NVD, Debian tracker, CVE lists) describe the s...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 8:25 p.m.10 views

CVE-2026-47373

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...

5.8AI score0.00393EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in libmodule-scandeps-perl

Qualys discovered that if unsanitized input was used with the Modules::ScanDeps library, before version 1.36, a local attacker could potentially execute arbitrary shell commands by opening a “pesky pipe” e.g., passing “commands|” as a filename or by passing arbitrary strings to the eval function...

7.8CVSS7.6AI score0.08598EPSS
Exploits3References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in libdata-validate-ip-perl

The Data::Validate::IP module in Perl version 0.29 does not properly handle extra zero characters at the beginning of an IP address string. In some cases, this allows attackers to bypass access controls that are based on IP addresses...

7.5CVSS7.3AI score0.02219EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/19 9:30 p.m.8 views

CVE-2026-5090 Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...

6AI score0.00282EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/18 2:52 p.m.18 views

CVE-2026-45190

A flaw was found in Net::CIDR::Lite, a Perl module for handling IP address ranges. This vulnerability allows a remote attacker to bypass IP Access Control Lists ACLs due to improper validation of IP address and CIDR Classless Inter-Domain Routing mask inputs. Specifically, inputs containing...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References6
OSV
OSV
added 2026/05/18 7:41 a.m.9 views

SUSE-SU-2026:1936-1 Security update for perl-Text-CSV_XS

This update for perl-Text-CSVXS fixes the following issue - CVE-2026-7111: use-after-free when registered callbacks extend the Perl argument stack may enable type confusion or memory corruption bsc1263690...

8.4CVSS5.8AI score0.00158EPSS
Exploits0References3
OSV
OSV
added 2026/05/18 12:0 a.m.4 views

OPENSUSE-SU-2026:10805-1 perl-HTTP-Tiny-0.094-1.1 on GA media

These are all security issues fixed in the perl-HTTP-Tiny-0.094-1.1 package on the GA media of openSUSE Tumbleweed...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/17 7:16 p.m.11 views

CVE-2026-8721

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

9.8CVSS5.9AI score0.00447EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/05/17 7:16 p.m.14 views

CVE-2026-8507

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING attribute on a SAFEBAG, via info or infoashash, a heap out-of-bounds write would be triggered with remote-code-execution potential RCE du...

9.8CVSS5.9AI score0.00648EPSS
Exploits0References7
OSV
OSV
added 2026/05/17 7:16 p.m.23 views

UBUNTU-CVE-2026-8721

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

9.8CVSS5.9AI score0.00447EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

Crypt::OpenSSL::PKCS12 安全漏洞

Crypt::OpenSSL::PKCS12 is an open-source cryptographic extension module developed by Dan Sully for the Perl language. It primarily provides functionality for calling the OpenSSL PKCS12 API. Versions of Crypt::OpenSSL::PKCS12 up to 1.94 contained security vulnerabilities. These vulnerabilities...

9.8CVSS5.8AI score0.00447EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/16 1:16 a.m.21 views

SUSE CVE-2026-8503

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:14 a.m.9 views

SUSE CVE-2026-8612

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

5.3CVSS6.1AI score0.00127EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/16 12:31 a.m.17 views

EUVD-2026-30668

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

5.8AI score0.00318EPSS
Exploits0References3
CVE
CVE
added 2026/05/15 10:10 p.m.32 views

CVE-2026-8700

CVE-2026-8700 concerns Crypt::DSA for Perl, where seeds are generated with Perl’s built-in rand. The affected components are Crypt::DSA versions before 1.20. The root cause is the use of a non-cryptographically secure RNG, making seeds predictable for security-sensitive operations. This can under...

7.3CVSS5.8AI score0.00355EPSS
Exploits0References3
Rows per page
Query Builder