Search CVE reports
11 – 20 of 205 results
CVE-2021-47155
Medium priorityThe Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
1 affected packages
libnetwork-ipv4addr-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libnetwork-ipv4addr-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-47154
Medium prioritySome fixes available 1 of 3
The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on...
1 affected packages
libnet-cidr-lite-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libnet-cidr-lite-perl | Not affected | Not affected | Fixed | Needs evaluation | Needs evaluation |
CVE-2018-25099
Medium priorityIn the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag.
1 affected packages
libcryptx-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libcryptx-perl | Not affected | Not affected | Not affected | Needs evaluation | — |
CVE-2022-48623
Medium prioritySome fixes available 2 of 4
The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service.
1 affected packages
libcpanel-json-xs-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libcpanel-json-xs-perl | Not affected | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2024-23525
Medium prioritySome fixes available 3 of 4
The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.
1 affected packages
libspreadsheet-parsexlsx-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libspreadsheet-parsexlsx-perl | Not affected | Fixed | Fixed | Ignored | Ignored |
CVE-2024-22368
Medium prioritySome fixes available 3 of 4
The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on...
1 affected packages
libspreadsheet-parsexlsx-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libspreadsheet-parsexlsx-perl | Not affected | Fixed | Fixed | Ignored | Ignored |
CVE-2023-7101
Medium prioritySome fixes available 5 of 7
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a...
1 affected packages
libspreadsheet-parseexcel-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libspreadsheet-parseexcel-perl | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2023-47100
Medium priorityIn Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
1 affected packages
perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
perl | — | Not affected | Not affected | Not affected | Not affected |
CVE-2023-47039
Negligible priorityA vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter,...
3 affected packages
perl, perl6, raku
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
perl | — | Ignored | Ignored | Ignored | Ignored |
perl6 | — | Not in release | Ignored | Ignored | Ignored |
raku | — | Not in release | Not in release | Ignored | Ignored |
CVE-2023-47038
Medium prioritySome fixes available 6 of 12
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
3 affected packages
perl, perl6, raku
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
perl | Fixed | Fixed | Fixed | Not affected | Not affected |
perl6 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
raku | Needs evaluation | Not in release | Not in release | Ignored | Ignored |