17042 matches found
Important: Red Hat Security Advisory: perl-IO-Compress security update
An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob
A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...
nginx: ngx_http_rewrite_module: code execution and denial of service
A flaw was found in the ngxhttprewritemodule module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context, an...
nginx: ngx_http_rewrite_module: code execution and denial of service
A flaw was found in the ngxhttprewritemodule module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context, an...
CVE-2026-11373
Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...
CVE-2026-11373 Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections
Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...
EUVD-2026-38224
Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...
CVE-2026-11373
Summary of CVE-2026-11373 (Net::Statsite::Client) : The Perl client (versions through 1.1.0) is vulnerable to metric injections because metric names are not sanitized for newlines or other protocol control characters (e.g., colons, pipes), and newlines are not removed from metrics. This can allow...
CVE-2026-9265
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...
UBUNTU-CVE-2026-9265
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...
CVE-2026-9265
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...
EUVD-2026-38103
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...
CVE-2026-9265 Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...
CVE-2026-9265
Crypt::OpenSSL::PKCS12 for Perl prior to 1.96 is affected by a heap OOB read in print_attribute: the function copies a UTF8STRING ASN.1 attribute value into a heap buffer sized to the declared length using strncpy, but does not append a NUL terminator. Downstream, strlen() is used and the inflate...
ROOT-OS-DEBIAN-11-CVE-2025-40909 CVE-2025-40909 in rootio-perl - Patched by Root
Root has patched CVE-2025-40909 in the rootio-perl package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-9538 CVE-2026-9538 in rootio-perl - Patched by Root
Root has patched CVE-2026-9538 in the rootio-perl package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-42496 CVE-2026-42496 in rootio-perl - Patched by Root
Root has patched CVE-2026-42496 in the rootio-perl package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-42497 CVE-2026-42497 in rootio-perl - Patched by Root
Root has patched CVE-2026-42497 in the rootio-perl package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-8376 CVE-2026-8376 in rootio-perl - Patched by Root
Root has patched CVE-2026-8376 in the rootio-perl package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-48962 CVE-2026-48962 in rootio-perl - Patched by Root
Root has patched CVE-2026-48962 in the rootio-perl package for Root:Debian:11. Multiple fixed versions available...