Search CVE reports
1 – 10 of 205 results
CVE-2024-10224
Medium priorityQualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|"...
1 affected packages
libmodule-scandeps-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libmodule-scandeps-perl | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2024-35326
Medium prioritylibyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free.
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | Not in release | Not in release | Not in release | — | Not affected |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-35325
Medium priorityA vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | Not in release | Not in release | Not in release | — | Not affected |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-35328
Medium prioritylibyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c.
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | Not in release | Not in release | Not in release | — | Not affected |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-35329
Medium priority** DISPUTED ** libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application,...
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | Not in release | Not in release | Not in release | — | Not affected |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-4140
Medium priorityAn excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total...
1 affected packages
libemail-mime-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libemail-mime-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-2467
Medium priorityA timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would...
1 affected packages
libcrypt-openssl-rsa-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libcrypt-openssl-rsa-perl | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2021-47208
Medium priorityThe Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service.
1 affected packages
libmojolicious-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libmojolicious-perl | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-36829
Medium priorityThe Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected.
1 affected packages
libmojolicious-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libmojolicious-perl | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2018-25100
Medium priorityThe Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar.
1 affected packages
libmojolicious-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libmojolicious-perl | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |