Search CVE reports
1 – 10 of 208 results
CVE-2024-55918
Medium priorityAn issue was discovered in the Graphics::ColorNames package before 3.2.0 for Perl. There is an ambiguity between modules and filenames that can lead to HTML injection by an attacker who can create a file in the current working directory.
1 affected package
libgraphics-colornames-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgraphics-colornames-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-55564
Medium priorityThe POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow.
1 affected package
libposix-2008-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libposix-2008-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-53901
Medium priorityThe Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim() method is called on a crafted input image.
1 affected package
libimager-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libimager-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-10224
Medium priorityQualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|"...
1 affected package
libmodule-scandeps-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libmodule-scandeps-perl | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2024-35326
Medium prioritylibyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free.
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-goyaml | Not in release | Not in release | Not in release | — | Not affected |
golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
libyaml | Not affected | Not affected | Not affected | Not affected | Not affected |
libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-35325
Medium priorityA vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-goyaml | Not in release | Not in release | Not in release | — | Not affected |
golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
libyaml | Not affected | Not affected | Not affected | Not affected | Not affected |
libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-35328
Medium prioritylibyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c.
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-goyaml | Not in release | Not in release | Not in release | — | Not affected |
golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
libyaml | Not affected | Not affected | Not affected | Not affected | Not affected |
libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-35329
Medium priority** DISPUTED ** libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application,...
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-goyaml | Not in release | Not in release | Not in release | — | Not affected |
golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
libyaml | Not affected | Not affected | Not affected | Not affected | Not affected |
libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-4140
Medium priorityAn excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total...
1 affected package
libemail-mime-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libemail-mime-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-2467
Medium priorityA timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would...
1 affected package
libcrypt-openssl-rsa-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libcrypt-openssl-rsa-perl | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |