CVE-2026-8450

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

CVE-2026-8704

A flaw was found in Crypt-DSA for Perl. This vulnerability arises from the insecure use of the open function with two arguments, which can allow an attacker to modify existing files. This could lead to unauthorized alteration of data, impacting the integrity of the system. Mitigation Mitigation f...

PT-2026-43494

Name of the Vulnerable Software and Affected Versions HTTP::Daemon versions prior to 6.17 Description OS command injection is possible through the send file function. This occurs because send file utilizes Perl's 2-arg open function, which interprets magic prefixes. Specifically, prefixes like '|...

HTTP::Daemon 安全漏洞

HTTP::Daemon is a simple HTTP class developed under the open-source license of libwww-perl. Versions of HTTP::Daemon prior to version 6.17 contained security vulnerabilities. These vulnerabilities stemmed from the use of the Perl’s 2-arg open method to open string parameters, which could lead to ...

Astra Linux - уязвимость в libfile-find-rule-perl

File::Find::Rule in version 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. The open function is called with the 2-argument form, allowing an attacker-controlled filename to specify the MODE parameter. This turns the filename into an executable...

Astra Linux - уязвимость в libyaml-libyaml-perl

YAML-LibYAML before version 0.903.0 for Perl uses 2-args open, allowing existing files to be modified...

EUVD-2026-30668

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

CVE-2026-8704

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

DEBIAN-CVE-2026-8704

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

CVE-2026-8704

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

UBUNTU-CVE-2026-8704

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

CVE-2026-8704

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

CVE-2026-8704 Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

CVE-2026-8704

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

CVE-2026-8704

CVE-2026-8704 affects Crypt::DSA for Perl, version up to 1.19, where the 2-argument open function can allow existing files to be modified. This is the underlying root cause described across multiple sources. A fixed version is indicated as later than 1.19 (e.g., 1.20 per release notes), with reme...

PT-2026-41377

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.20 Description Crypt::DSA for Perl uses a 2-args open function, which can allow existing files to be modified. Recommendations Update to a version later than 1.19...

TencentOS Server 4: perl-YAML-LibYAML (TSSA-2025:0507)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0507 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Updated perl-YAML-LibYAML packages fix security vulnerability

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified. CVE-2025-40908...

MGASA-2025-0275 Updated perl-YAML-LibYAML packages fix security vulnerability

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified. CVE-2025-40908...

TencentOS Server 2: perl-File-Find-Rule-Perl (TSSA-2025:0709)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0709 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...