Search CVE reports
101 – 110 of 204 results
CVE-2015-8607
Medium priorityThe canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection...
2 affected packages
libfile-spec-perl, perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libfile-spec-perl | — | — | — | — | — |
perl | — | — | — | — | — |
CVE-2015-5667
Medium prioritySome fixes available 1 of 4
Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.
1 affected packages
libhtml-scrubber-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libhtml-scrubber-perl | — | — | — | Not affected | Not affected |
CVE-2015-7686
Low priorityAlgorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail...
1 affected packages
libemail-address-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libemail-address-perl | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2013-7422
Low prioritySome fixes available 2 of 3
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long...
1 affected packages
perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
perl | — | — | — | — | — |
CVE-2015-3451
Medium priorityThe _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
1 affected packages
libxml-libxml-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxml-libxml-perl | — | — | — | — | — |
CVE-2015-3409
Medium prioritySome fixes available 4 of 5
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.
1 affected packages
libmodule-signature-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libmodule-signature-perl | — | — | — | — | — |
CVE-2015-3408
Medium prioritySome fixes available 4 of 5
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.
1 affected packages
libmodule-signature-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libmodule-signature-perl | — | — | — | — | — |
CVE-2015-3407
Medium prioritySome fixes available 4 of 5
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.
1 affected packages
libmodule-signature-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libmodule-signature-perl | — | — | — | — | — |
CVE-2015-3406
Medium prioritySome fixes available 4 of 5
The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.
1 affected packages
libmodule-signature-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libmodule-signature-perl | — | — | — | — | — |
CVE-2015-2788
Low prioritySome fixes available 10 of 11
Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding...
1 affected packages
libdbd-firebird-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libdbd-firebird-perl | — | — | — | Fixed | Fixed |