Search CVE reports


Toggle filters

1 – 10 of 208 results


CVE-2024-55918

Medium priority
Needs evaluation

An issue was discovered in the Graphics::ColorNames package before 3.2.0 for Perl. There is an ambiguity between modules and filenames that can lead to HTML injection by an attacker who can create a file in the current working directory.

1 affected package

libgraphics-colornames-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgraphics-colornames-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-55564

Medium priority
Needs evaluation

The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow.

1 affected package

libposix-2008-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libposix-2008-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-53901

Medium priority
Needs evaluation

The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim() method is called on a crafted input image.

1 affected package

libimager-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libimager-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-10224

Medium priority
Fixed

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|"...

1 affected package

libmodule-scandeps-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libmodule-scandeps-perl Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-35326

Medium priority
Ignored

libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free.

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35325

Medium priority
Ignored

A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35328

Medium priority
Ignored

libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c.

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35329

Medium priority
Ignored

** DISPUTED ** libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application,...

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-4140

Medium priority
Needs evaluation

An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total...

1 affected package

libemail-mime-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libemail-mime-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-2467

Medium priority
Vulnerable

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would...

1 affected package

libcrypt-openssl-rsa-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libcrypt-openssl-rsa-perl Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages