Lucene search
K

20 matches found

Oracle linux
Oracle linux
added 5 days ago4 views

perl-IO-Compress security update

2.081-2 - Remove use of eval in File::GlobMapper for safer string interpolation - Resolves: RHEL-180411...

7.8CVSS5.8AI score0.00292EPSS
Exploits2
Cvelist
Cvelist
added 2026/06/24 5:25 p.m.29 views

CVE-2026-48703 Warp: Command Injection via Warp code search tool arguments

Warp is an agentic development environment. From 0.2025.04.09.08.11.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions are authorized as read/search operations, but their implementations...

7.8CVSS0.00177EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 12:26 p.m.8 views

OESA-2026-2653 perl-IO-Compress security update

This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. Security Fixes: IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob...

7.8CVSS5.9AI score0.00292EPSS
Exploits2References2
OSV
OSV
added 2026/06/12 12:26 p.m.8 views

OESA-2026-2652 perl-IO-Compress security update

This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. Security Fixes: IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob...

7.8CVSS5.9AI score0.00292EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48373

Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.04.09.08.11.stable 00 through 0.2026.05.06.15.42.stable 00 Description Warp contains a command execution policy bypass within its Agent code search tools. The Grep and FileGlob actions, which are authorized as read or sear...

7.8CVSS6.1AI score0.00177EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/06/10 12:0 a.m.48 views

📄 IO-Compress 2.219 Eval Injection

An eval injection vulnerability in File::GlobMapper::getFiles allows any attacker who can control the output fileglob argument passed to IO::Compress::Gzip::gzip, IO::Compress::Zip::zip, or any sibling function to execute arbitrary Perl code in the context of the running process. Summary An eval...

7.3CVSS5.9AI score0.00292EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.17 views

TencentOS Server 4: perl-IO-Compress (TSSA-2026:0426)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0426 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.8CVSS6.1AI score0.00292EPSS
Exploits2References2
NVD
NVD
added 2026/05/27 4:16 a.m.21 views

CVE-2026-48962

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob wraps the caller-supplied output glob string in double quotes and stores it in the parser state; getFiles then runs the stored expression through eval...

7.8CVSS0.00292EPSS
Exploits2References18
ATTACKERKB
ATTACKERKB
added 2026/05/27 3:12 a.m.8 views

CVE-2026-48962

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob wraps the caller-supplied output glob string in double quotes and stores it in the parser state; getFiles then runs the stored expression through eval...

6.2AI score0.00292EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/05/27 3:12 a.m.67 views

CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob wraps the caller-supplied output glob string in double quotes and stores it in the parser state; getFiles then runs the stored expression through eval...

0.00292EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-43488

Name of the Vulnerable Software and Affected Versions IO::Compress versions prior to 2.220 Description An issue in File::GlobMapper allows the execution of arbitrary code through an attacker-controlled output glob. The function parseOutputGlob wraps the provided output glob string in double quote...

7.8CVSS6.1AI score0.00292EPSS
Exploits2References61
SUSE CVE
SUSE CVE
added 2023/02/15 5:52 a.m.4 views

SUSE CVE-2011-2728

The bsdglob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service crash via a glob expression with the GLOBALTDIRFUNC flag, which triggers an uninitialized pointer dereference...

4.3CVSS6.8AI score0.01397EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2013/03/27 12:0 a.m.34 views

Active Perl Modules Multiple Vulnerabilities (Windows)

The host is installed with Active Perl and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbactiveperlmodulesmultvulnwin.nasl 6115 2017-05-12 09:03:25Z teissa $ Active Perl Modules Multiple Vulnerabilities Windows Authors: Arun Kallavi Copyright: Copyright c 2012 Greenbone...

7.5CVSS0.8AI score0.13526EPSS
Exploits2References6
NVD
NVD
added 2012/12/21 5:46 a.m.16 views

CVE-2011-2728

The bsdglob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service crash via a glob expression with the GLOBALTDIRFUNC flag, which triggers an uninitialized pointer dereference...

4.3CVSS6.2AI score0.01397EPSS
Exploits1References7
OSV
OSV
added 2012/12/21 5:46 a.m.3 views

DEBIAN-CVE-2011-2728

The bsdglob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service crash via a glob expression with the GLOBALTDIRFUNC flag, which triggers an uninitialized pointer dereference...

4.3CVSS6.3AI score0.01397EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2012/12/21 5:46 a.m.41 views

CVE-2011-2728

The bsdglob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service crash via a glob expression with the GLOBALTDIRFUNC flag, which triggers an uninitialized pointer dereference...

4.3CVSS7.2AI score0.01397EPSS
Exploits1References7
CVE
CVE
added 2012/12/21 2:0 a.m.71 views

CVE-2011-2728

CVE-2011-2728 affects the File::Glob module in Perl prior to 5.14.2. An attacker can trigger a denial-of-service (crash) by using a glob expression with the GLOB_ALTDIRFUNC flag, causing an uninitialized pointer dereference. The vulnerability is documented in multiple sources linked to Perl relea...

4.3CVSS6.2AI score0.01397EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2012/12/21 2:0 a.m.27 views

CVE-2011-2728

The bsdglob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service crash via a glob expression with the GLOBALTDIRFUNC flag, which triggers an uninitialized pointer dereference...

6AI score0.01397EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2012/12/21 2:0 a.m.30 views

CVE-2011-2728

The bsdglob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service crash via a glob expression with the GLOBALTDIRFUNC flag, which triggers an uninitialized pointer dereference...

4.3CVSS6AI score0.01397EPSS
Exploits1
seebug.org
seebug.org
added 2011/09/30 12:0 a.m.51 views

Perl "decode_xs()"和"File::Glob::bsd_glob()"远程代码执行漏洞

BUGTRAQ ID: 49858 CVE ID: CVE-2011-2728,CVE-2011-2939 Perl是一种高级、通用、直译式、动态的程序语言。 Perl的"decodexs"和"File::Glob::bsdglob"函数在实现上存在远程代码执行漏洞,远程攻击者可利用此漏洞执行任意代码。 1)在处理GLOBALTDIRFUNC旗标时,"File::Glob::bsdglob"函数中存在的错误可被利用造成非法访问和执行任意代码。 2)Encode中的"decodexs"函数中的错误可通过特制输入造成堆缓冲区溢出。 Perl 5.14.1 厂商补丁: Perl ----...

5.1CVSS6.2AI score0.02653EPSS
Exploits2
Rows per page
Query Builder