Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

21 – 30 of 206 results


CVE-2023-47038

Medium priority

Some fixes available 6 of 12

A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

3 affected packages

perl, perl6, raku

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
perl Fixed Fixed Fixed Not affected Not affected
perl6 Not in release Not in release Needs evaluation Needs evaluation Ignored
raku Needs evaluation Not in release Not in release Ignored Ignored
Show less packages

CVE-2022-48522

Low priority
Fixed

In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.

1 affected packages

perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
perl Fixed Not affected Not affected Not affected
Show less packages

CVE-2023-31486

Medium priority
Ignored

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

2 affected packages

libhttp-tiny-perl, perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libhttp-tiny-perl Ignored Ignored Ignored Ignored
perl Ignored Ignored Ignored Ignored
Show less packages

CVE-2023-31485

Medium priority
Ignored

GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.

1 affected packages

libgitlab-api-v4-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgitlab-api-v4-perl Not affected Ignored Ignored Ignored Ignored
Show less packages

CVE-2023-31484

Medium priority
Fixed

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

1 affected packages

perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
perl Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-36659

Medium priority
Needs evaluation

In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE:...

1 affected packages

libapache-session-browseable-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libapache-session-browseable-perl Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-36658

Medium priority
Fixed

In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can,...

1 affected packages

libapache-session-ldap-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libapache-session-ldap-perl Not affected Fixed Fixed Fixed
Show less packages

CVE-2023-24038

Medium priority

Some fixes available 6 of 7

The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.

1 affected packages

libhtml-stripscripts-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libhtml-stripscripts-perl Fixed Fixed Fixed Fixed
Show less packages

CVE-2018-25052

Medium priority
Needs evaluation

A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID...

1 affected packages

libcatalyst-plugin-session-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libcatalyst-plugin-session-perl Not affected Not affected Not affected Needs evaluation Not affected
Show less packages

CVE-2022-31081

Medium priority

Some fixes available 6 of 7

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It...

1 affected packages

libhttp-daemon-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libhttp-daemon-perl Fixed Fixed Fixed Fixed
Show less packages