Search CVE reports
21 – 30 of 206 results
CVE-2023-47038
Medium prioritySome fixes available 6 of 12
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
3 affected packages
perl, perl6, raku
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
perl | Fixed | Fixed | Fixed | Not affected | Not affected |
perl6 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
raku | Needs evaluation | Not in release | Not in release | Ignored | Ignored |
CVE-2022-48522
Low priorityIn Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
1 affected packages
perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
perl | — | Fixed | Not affected | Not affected | Not affected |
CVE-2023-31486
Medium priorityHTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
2 affected packages
libhttp-tiny-perl, perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libhttp-tiny-perl | — | Ignored | Ignored | Ignored | Ignored |
perl | — | Ignored | Ignored | Ignored | Ignored |
CVE-2023-31485
Medium priorityGitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.
1 affected packages
libgitlab-api-v4-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgitlab-api-v4-perl | Not affected | Ignored | Ignored | Ignored | Ignored |
CVE-2023-31484
Medium priorityCPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
1 affected packages
perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
perl | — | Fixed | Fixed | Fixed | Fixed |
CVE-2020-36659
Medium priorityIn Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE:...
1 affected packages
libapache-session-browseable-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libapache-session-browseable-perl | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-36658
Medium priorityIn Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can,...
1 affected packages
libapache-session-ldap-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libapache-session-ldap-perl | — | Not affected | Fixed | Fixed | Fixed |
CVE-2023-24038
Medium prioritySome fixes available 6 of 7
The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.
1 affected packages
libhtml-stripscripts-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libhtml-stripscripts-perl | — | Fixed | Fixed | Fixed | Fixed |
CVE-2018-25052
Medium priorityA vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID...
1 affected packages
libcatalyst-plugin-session-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libcatalyst-plugin-session-perl | Not affected | Not affected | Not affected | Needs evaluation | Not affected |
CVE-2022-31081
Medium prioritySome fixes available 6 of 7
HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It...
1 affected packages
libhttp-daemon-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libhttp-daemon-perl | — | Fixed | Fixed | Fixed | Fixed |