Search CVE reports
91 – 100 of 251 results
PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open.
1 affected package
libperlspeak-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libperlspeak-perl | Not in release | Not in release | Not in release | Vulnerable |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
1 affected package
libmp3-info-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libmp3-info-perl | — | — | — | Ignored |
_is_safe in the File::Temp module for Perl does not properly handle symlinks.
2 affected packages
perl, libfile-temp-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| perl | — | — | — | — |
| libfile-temp-perl | — | — | — | — |
Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files.
1 affected package
libparallel-forkmanager-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libparallel-forkmanager-perl | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.
2 affected packages
libmodule-metadata-perl, perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libmodule-metadata-perl | — | — | — | — |
| perl | — | — | — | — |
Not in release
Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks
1 affected package
libdata-uuid-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libdata-uuid-perl | — | — | — | — |
SQL injection vulnerability in Jifty::DBI before 0.68.
1 affected package
libjifty-dbi-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjifty-dbi-perl | — | — | — | — |
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which...
1 affected package
libpoe-component-irc-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libpoe-component-irc-perl | — | — | — | — |
Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro.
1 affected package
perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| perl | — | — | — | — |
Some fixes available 4 of 26
Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.
3 affected packages
libpdl-io-matlab-perl, libmatio, mldemos
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libpdl-io-matlab-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libmatio | Not affected | Not affected | Fixed | Fixed |
| mldemos | Not in release | Not in release | Needs evaluation | Not in release |