Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 204 results


CVE-2024-35326

Medium priority
Ignored

libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free.

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35325

Medium priority
Ignored

A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35328

Medium priority
Ignored

libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c.

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35329

Medium priority
Ignored

** DISPUTED ** libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application,...

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-4140

Medium priority
Needs evaluation

An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total...

1 affected packages

libemail-mime-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libemail-mime-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-2467

Medium priority
Vulnerable

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would...

1 affected packages

libcrypt-openssl-rsa-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libcrypt-openssl-rsa-perl Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2021-47208

Medium priority
Needs evaluation

The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service.

1 affected packages

libmojolicious-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libmojolicious-perl Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-36829

Medium priority
Needs evaluation

The Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected.

1 affected packages

libmojolicious-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libmojolicious-perl Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2018-25100

Medium priority
Needs evaluation

The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar.

1 affected packages

libmojolicious-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libmojolicious-perl Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2021-47155

Medium priority
Needs evaluation

The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

1 affected packages

libnetwork-ipv4addr-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libnetwork-ipv4addr-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages