Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 206 results


CVE-2024-53901

Medium priority
Needs evaluation

The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim() method is called on a crafted input image.

1 affected packages

libimager-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libimager-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-10224

Medium priority
Fixed

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|"...

1 affected packages

libmodule-scandeps-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libmodule-scandeps-perl Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-35326

Medium priority
Ignored

libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free.

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35325

Medium priority
Ignored

A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35328

Medium priority
Ignored

libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c.

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35329

Medium priority
Ignored

** DISPUTED ** libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application,...

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-4140

Medium priority
Needs evaluation

An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total...

1 affected packages

libemail-mime-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libemail-mime-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-2467

Medium priority
Vulnerable

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would...

1 affected packages

libcrypt-openssl-rsa-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libcrypt-openssl-rsa-perl Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2021-47208

Medium priority
Needs evaluation

The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service.

1 affected packages

libmojolicious-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libmojolicious-perl Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-36829

Medium priority
Needs evaluation

The Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected.

1 affected packages

libmojolicious-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libmojolicious-perl Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages