626 matches found
RLSA-2026:36189 Important: perl-HTTP-Daemon security update
The perl-HTTP-Daemon package includes the HTTP::Daemon class, a subclass of IO::Socket::IP. Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a socket for incoming requests. Security Fixes: perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in...
perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in send_file()
A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...
perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in send_file()
A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...
ALSA-2026:36188 Important: perl-HTTP-Daemon security update
The perl-HTTP-Daemon package includes the HTTP::Daemon class, a subclass of IO::Socket::IP. Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a socket for incoming requests. Security Fixes: perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in...
PYSEC-2026-436 SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely
The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely. A patch is available on the master branch of the repository...
PYSEC-2026-541 Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely
The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
OPENSUSE-SU-2026:21119-1 Security update for perl-HTTP-Daemon
This update for perl-HTTP-Daemon fixes the following issue - CVE-2026-8450: HTTP: Daemon versions before 6.17 for Perl allow OS command injection via sendfile bsc1266370...
Fedora 44 : perl-HTTP-Daemon (2026-8982379b5c)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8982379b5c advisory. Changes: 6.17 2026-05-19 23:11:06Z - Fix CVE-2026-8450 affects 6.15 and earlier: 2-arg open in sendfile enabled RCE / arbitrary file write / response-body...
SUSE SLED15 / SLES15 Security Update : perl-HTTP-Daemon (SUSE-SU-2026:2442-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2442-1 advisory. - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370. Tenable has extracted the preceding description...
SUSE SLES12 Security Update : perl-HTTP-Daemon (SUSE-SU-2026:2408-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2408-1 advisory. - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370. Tenable has extracted the preceding description block directly from the SUSE...
SUSE-SU-2026:2408-1 Security update for perl-HTTP-Daemon
This update for perl-HTTP-Daemon fixes the following issues: - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370...
Amazon Linux 2 : perl-HTTP-Daemon, --advisory ALAS2-2026-3341 (ALAS-2026-3341)
The version of perl-HTTP-Daemon installed on the remote host is prior to 6.01-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3341 advisory. HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with...
EUVD-2026-32050
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...
CVE-2026-8450
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...
CVE-2026-8450 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file()
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...
Linux Distros Unpatched Vulnerability : CVE-2026-8450
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form...
CVE-2022-31575
The duducosmos/livropython repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31548
The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31584
The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31531
The dainst/cilantro repository through 0.0.4 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...