Lucene search
+L

135 matches found

nvd
nvd
added 4 days ago7 views

CVE-2026-57433

Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SXHOOK record. retrievehookcommon reads a signed 32-bit item count from an SXHOOK record and calls avextend with that count plus one. A count of I32MAX wraps the addition to a negative value. A...

9.8CVSS0.00345EPSS
Exploits0References2
osv
osv
added 4 days ago4 views

UBUNTU-CVE-2026-57433

Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SXHOOK record. retrievehookcommon reads a signed 32-bit item count from an SXHOOK record and calls avextend with that count plus one. A count of I32MAX wraps the addition to a negative value. A...

9.8CVSS6.2AI score0.00345EPSS
Exploits0References3
cvelist
cvelist
added 4 days ago38 views

CVE-2026-57433 Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record

Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SXHOOK record. retrievehookcommon reads a signed 32-bit item count from an SXHOOK record and calls avextend with that count plus one. A count of I32MAX wraps the addition to a negative value. A...

0.00345EPSS
Exploits0References1
cve
cve
added 4 days ago21 views

CVE-2026-57433

CVE-2026-57433 affects Perl’s Storable before 3.41. A signed 32-bit item count read from an SX_HOOK record is added to one and then fed to av_extend; when the count equals I32_MAX the addition overflows to negative, causing av_extend to panic during thaw/retrieve and terminate deserialization. Mu...

9.8CVSS6.2AI score0.00345EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2026/06/18 7:16 p.m.13 views

CVE-2026-9692

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...

5.3CVSS0.00274EPSS
Exploits0References4
cve
cve
added 2026/06/18 5:53 p.m.21 views

CVE-2026-9692

Summary (CVE-2026-9692): Mojolicious::Sessions::Storable in Perl versions up to 0.05 generates insecure session IDs. The default generator seeds a SHA-1 hash with a mix of low-entropy sources: built-in rand, epoch time, heap address of an anonymous hash, and the process ID, making IDs predictable...

5.3CVSS5.3AI score0.00274EPSS
Exploits0References4
osv
osv
added 2026/06/18 5:53 p.m.4 views

CVE-2026-9692 Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...

5.3CVSS6AI score0.00329EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.22 views

PT-2026-50778

Name of the Vulnerable Software and Affected Versions Mojolicious::Sessions::Storable versions prior to 0.06 Description The software generates session IDs insecurely. The default session ID generator utilizes a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address o...

5.3CVSS5.9AI score0.00274EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/06/05 7:43 p.m.9 views

CVE-2026-8612

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

5.3CVSS5.9AI score0.00127EPSS
Exploits0References1
nvd
nvd
added 2026/05/15 2:16 a.m.37 views

CVE-2026-8612

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

5.3CVSS0.00127EPSS
Exploits0References4
euvd
euvd
added 2026/05/15 1:11 a.m.16 views

EUVD-2026-30495

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

5.3CVSS6.1AI score0.00127EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/15 1:11 a.m.8 views

CVE-2026-8612

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

6.1AI score0.00127EPSS
Exploits0References4
osv
osv
added 2026/05/15 1:11 a.m.4 views

CVE-2026-8612 WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

5.3CVSS6.2AI score0.00127EPSS
Exploits0References8
alpinelinux
alpinelinux
added 2026/05/15 1:11 a.m.11 views

CVE-2026-8612

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

5.3CVSS6.1AI score0.00127EPSS
Exploits0
cnnvd
cnnvd
added 2026/05/15 12:0 a.m.14 views

WWW::Mechanize::Cached 代码问题漏洞

WWW::Mechanize::Cached is an open-source module developed by libwww-perl for the Perl language, serving as an extension to WWW::Mechanize. Versions of WWW::Mechanize::Cached prior to version 2.00 contained code vulnerabilities. These vulnerabilities stemmed from the ability to deserialize HTTP...

5.3CVSS6.1AI score0.00127EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/15 12:0 a.m.16 views

PT-2026-41236

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

6.1AI score0.00127EPSS
Exploits0References4
nessus
nessus
added 2026/04/24 12:0 a.m.4 views

SUSE SLES12 Security Update : perl (SUSE-SU-2026:1567-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1567-1 advisory. This update for perl fixes the following issue: - CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow bsc1262486. Tenable has...

10CVSS5.6AI score0.00641EPSS
Exploits0References4
suse
suse
added 2026/04/23 12:10 p.m.4 views

Security update for perl

This update for perl fixes the following issue: CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow bsc1262486. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...

10CVSS5.8AI score0.00641EPSS
Exploits0References4
osv
osv
added 2026/04/23 12:10 p.m.2 views

SUSE-SU-2026:1567-1 Security update for perl

This update for perl fixes the following issue: - CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow bsc1262486...

10CVSS5.4AI score0.00641EPSS
Exploits0References3
susecve
susecve
added 2026/04/23 1:36 a.m.8 views

SUSE CVE-2017-20230

Storable versions before 3.05 for Perl has a stack overflow. The retrievehook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow...

10CVSS5.8AI score0.00641EPSS
Exploits0References4
Rows per page
Query Builder