Search CVE reports
1 – 10 of 204 results
CVE-2024-35326
Medium prioritylibyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free.
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | Not in release | Not in release | Not in release | — | Vulnerable |
| golang-yaml.v2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libyaml | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libyaml-libyaml-perl | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2024-35325
Medium priorityA vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | Not in release | Not in release | Not in release | — | Vulnerable |
| golang-yaml.v2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libyaml | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libyaml-libyaml-perl | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2024-35328
Medium prioritylibyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c.
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | Not in release | Not in release | Not in release | — | Vulnerable |
| golang-yaml.v2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libyaml | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libyaml-libyaml-perl | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2024-35329
Medium priority** DISPUTED ** libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application,...
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | Not in release | Not in release | Not in release | — | Not affected |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-4140
Medium priorityAn excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total...
1 affected packages
libemail-mime-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libemail-mime-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-2467
Medium priorityA timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would...
1 affected packages
libcrypt-openssl-rsa-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libcrypt-openssl-rsa-perl | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2021-47208
Medium priorityThe Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service.
1 affected packages
libmojolicious-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libmojolicious-perl | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-36829
Medium priorityThe Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected.
1 affected packages
libmojolicious-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libmojolicious-perl | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2018-25100
Medium priorityThe Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar.
1 affected packages
libmojolicious-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libmojolicious-perl | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
CVE-2021-47155
Medium priorityThe Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
1 affected packages
libnetwork-ipv4addr-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libnetwork-ipv4addr-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |