CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31486 – http-tiny: insecure TLS cert default
https://notcve.org/view.php?id=CVE-2023-31486
28 Apr 2023 — HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verify_SSL=>1 flag to ensure secure HTTPS connections. This oversight can potentially expose applications to man-in-the-middle (MIT... • http://www.openwall.com/lists/oss-security/2023/04/29/1 • CWE-295: Improper Certificate Validation CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2020-16156 – perl-CPAN: Bypass of verification of signatures in CHECKSUMS files
https://notcve.org/view.php?id=CVE-2020-16156
13 Dec 2021 — CPAN 2.28 allows Signature Verification Bypass. CPAN versión 2.28, permite una Omisión de Verificación de Firmas A flaw was found in the way the perl-CPAN performed verification of package signatures stored in CHECKSUMS files. A malicious or compromised CPAN server used by a user, or a man-in-the-middle attacker, could use this flaw to bypass signature verification. USN-5689-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 22.10. • http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-36770 – Gentoo Linux Security Advisory 202411-09
https://notcve.org/view.php?id=CVE-2021-36770
10 Aug 2021 — Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value. Encode.pm, distribuido en Perl versiones hasta 5.34.0, permite a usuarios loc... • https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9 • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20919 – Ubuntu Security Notice USN-4534-1
https://notcve.org/view.php?id=CVE-2019-20919
17 Sep 2020 — An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. Se detectó un problema en el módulo DBI versiones anteriores a 1.643 para Perl. La documentación de la función hv_fetch() requiere comprobación para NULL y el código lo hace. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00012.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-10402 – Ubuntu Security Notice USN-5030-1
https://notcve.org/view.php?id=CVE-2014-10402
16 Sep 2020 — An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. Se detectó un problema en el módulo DBI versiones hasta 1.643 para Perl. Los controladores DBD::File pueden abrir archivos de carpetas distintas de las que son pasadas específicamente por medio del atributo f_dir en el data source... • https://lists.debian.org/debian-lts-announce/2022/05/msg00046.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14392 – Ubuntu Security Notice USN-4503-1
https://notcve.org/view.php?id=CVE-2020-14392
14 Sep 2020 — An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. Se encontró un fallo de desreferencia del puntero no confiable en Perl-DBI versiones anteriores a 1.643. Un atacante local que es capaz de manipular llamadas a la función dbd_db_login6_sv() podría causar una corrupción de la memoria, afectando la disponibilidad del servicio Multiple vulnerabilities hav... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14393 – Ubuntu Security Notice USN-5030-1
https://notcve.org/view.php?id=CVE-2020-14393
14 Sep 2020 — A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. Se encontró un desbordamiento de búfer en perl-DBI versiones anteriores a 1.643 en el archivo DBI.xs. Un atacante local que es capaz de suministrar una cadena de más de 300 caracteres que podría causar una escritura fuera de límites, afectando la disponibilidad del servicio o l... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-10401 – Ubuntu Security Notice USN-4509-1
https://notcve.org/view.php?id=CVE-2014-10401
11 Sep 2020 — An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute. Se detectó un problema en el módulo DBI versiones anteriores a 1.632 para Perl. Los controladores DBD::File pueden abrir archivos desde carpetas distintas de las que son pasadas específicamente por medio del atributo f_dir It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue... • https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-7490 – Ubuntu Security Notice USN-4509-1
https://notcve.org/view.php?id=CVE-2013-7490
11 Sep 2020 — An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. Se detectó un problema en el módulo DBI versiones anteriores a 1.632 para Perl. El uso de muchos argumentos en métodos para las devoluciones de llamada puede conllevar a una corrupción de la memoria It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. • https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7491
https://notcve.org/view.php?id=CVE-2013-7491
11 Sep 2020 — An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated. Se detectó un problema en el módulo DBI versiones anteriores a 1.628 para Perl. La corrupción de la pila ocurre cuando una función definida por el usuario requiere una cantidad de memoria no trivial y la pila de Perl logra reasignarse • https://github.com/perl5-dbi/dbi/commit/401f1221311c71f760e21c98772f0f7e3cbead1d • CWE-787: Out-of-bounds Write •