Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

cpan

cpan

374 packages · metacpan.org

Security Advisories in cpan

Critical
about 15 years ago

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI. CPANSA-Mojolicious-2011-02

cpan Mojolicious
Critical
almost 12 years ago

Plack::Middleware::Session::Cookie 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server, when the middleware is enabled without a secret. CPANSA-Plack-Middleware-Session-2014-01

cpan Plack-Middleware-Session
Critical
over 11 years ago

Directory traversal on Windows CPANSA-Mojolicious-2015-01

cpan Mojolicious
Critical
about 10 years ago

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-ba... CPANSA-Alien-OTR-2016-2851-libotr

cpan Alien-OTR
Critical
over 9 years ago

perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting. CPANSA-XML-Twig-2016-9180

cpan XML-Twig
Critical
over 9 years ago

SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vect... CPANSA-MT-2016-5742

cpan MT
Critical
over 9 years ago

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument. CPANSA-perl-2015-8608

cpan perl
Critical
about 9 years ago

Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet. CPANSA-Git-Raw-2016-10128-libgit2

cpan Git-Raw
Critical
about 9 years ago

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source p... CPANSA-Dpkg-2017-8283

cpan Dpkg
Critical
almost 9 years ago

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. CPANSA-DBD-SQLite-2017-10989

cpan DBD-SQLite
Critical
almost 9 years ago

libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log. CPANSA-Apache-AuthenHook-2010-3845

cpan Apache-AuthenHook
Critical
almost 9 years ago

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user co... CPANSA-Alien-SVN-2017-9800-svn

cpan Alien-SVN
Critical
over 8 years ago

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expre... CPANSA-perl-2017-12883

cpan perl
Critical
over 8 years ago

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable. CPANSA-perl-2017-12814

cpan perl
Critical
over 8 years ago

UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands. CPANSA-UI-Dialog-2008-7315

cpan UI-Dialog
Critical
over 8 years ago

The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command ex... CPANSA-Net-Ping-External-2008-7319

cpan Net-Ping-External
Critical
over 8 years ago

HTTP::Session2 1.09 does not validate session id, this causes RCE depending on the session store you use. CPANSA-HTTP-Session2-2018-01

cpan HTTP-Session2
Critical
over 8 years ago

There is a potential RCE with regards to Storable. We have added session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE. CPANSA-Dancer2-2018-01

cpan Dancer2
Critical
about 8 years ago

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. CPANSA-perl-2018-6913

cpan perl
Critical
about 8 years ago

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written. CPANSA-perl-2018-6797

cpan perl
Critical
about 8 years ago

GET requests with embedded backslashes can be used to access local files on Windows hosts CPANSA-Mojolicious-2018-02

cpan Mojolicious
Critical
almost 8 years ago

This release reverts the addition of stream classes (added in 7.83), which have unfortunately resulted in many Mojolicious applications becoming unstable. While there are no known exploits yet, we've chosen to err on the side of cautiousness and will c... CPANSA-Mojolicious-2018-04

cpan Mojolicious
Critical
almost 8 years ago

mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of... CPANSA-mod_perl-2011-2767

cpan mod_perl
Critical
over 7 years ago

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. CPANSA-perl-2018-18312

cpan perl
Critical
over 7 years ago

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. CPANSA-perl-2018-18314

cpan perl
Critical
over 7 years ago

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. CPANSA-perl-2018-18313

cpan perl
Critical
over 7 years ago

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. CPANSA-perl-2018-18311

cpan perl
Critical
about 7 years ago

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. CPANSA-DBD-SQLite-2019-8457

cpan DBD-SQLite
Critical
almost 7 years ago

libpng before 1.6.32 does not properly check the length of chunks against the user limit. CPANSA-Tk-2017-12652-libpng

cpan Tk
Critical
almost 7 years ago

libpng before 1.6.32 does not properly check the length of chunks against the user limit. CPANSA-Prima-codecs-win64-2017-12652-libpng

cpan Prima-codecs-win64
Critical
almost 7 years ago

libpng before 1.6.32 does not properly check the length of chunks against the user limit. CPANSA-Prima-codecs-win32-2017-12652-libpng

cpan Prima-codecs-win32
Critical
over 6 years ago

In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and cras... CPANSA-Net-Dropbear-2019-17362

cpan Net-Dropbear
Critical
over 6 years ago

In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and cras... CPANSA-Net-Dropbear-2019-17362-libtomcrypt

cpan Net-Dropbear
Critical
over 6 years ago

libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as \"some text\\rQUIT\" to the 'privmsg' handler, which would cause the client to dis... CPANSA-Poe-Component-IRC-2010-3438

cpan POE-Component-IRC
Critical
over 6 years ago

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. CPANSA-DBD-SQLite-2019-19317

cpan DBD-SQLite
Critical
over 6 years ago

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. CPANSA-DBD-SQLite-2019-19646

cpan DBD-SQLite
Critical
over 6 years ago

Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. CPANSA-Module-Metadata-2013-1437

cpan Module-Metadata
Critical
over 6 years ago

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all vers... CPANSA-Git-Raw-2014-9390-libgit2

cpan Git-Raw
Critical
over 6 years ago

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all vers... CPANSA-Git-XS-2014-9390-libgit2

cpan Git-XS
Critical
about 6 years ago

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. CPANSA-DBD-SQLite-2020-11656-sqlite

cpan DBD-SQLite
Critical
about 6 years ago

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. CPANSA-DBD-SQLite-2020-11656

cpan DBD-SQLite
Critical
almost 5 years ago

This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge() CPANSA-Perldoc-Server-2021-23432-mootools

cpan Perldoc-Server
Critical
over 4 years ago

Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanc... CPANSA-MT-2021-20837

cpan MT
Critical
over 4 years ago

lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection. CPANSA-Image-ExifTool-2022-23935

cpan Image-ExifTool
Critical
about 4 years ago

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that inc... CPANSA-Dpkg-2022-1664

cpan Dpkg
Critical
almost 4 years ago

Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be e... CPANSA-MT-2022-38078

cpan MT
Critical
almost 4 years ago

An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-characters" (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 a... CPANSA-DBD-SQLite-2021-20223-sqlite

cpan DBD-SQLite
Critical
about 1 year ago

BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. CPANSA-BSON-XS-2025-40906

cpan BSON-XS
Critical
about 1 year ago

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified CPANSA-YAML-LibYAML-2025-001

cpan YAML-LibYAML
High
about 24 years ago

Allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to trigger. CPANSA-SOAP-Lite-2002-01

cpan SOAP-Lite
High
over 18 years ago

A tainted cookie could be sent by a malicious user and it would be used in an SQL query without protection against SQL injection. CPANSA-Apache-AuthCAS-2007-01

cpan Apache-AuthCAS
High
over 15 years ago

SQL injection when passing special column names. CPANSA-DBIx-Custom-2011-01

cpan DBIx-Custom
High
over 15 years ago

Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CPANSA-Mojolicious-2011-01

cpan Mojolicious
High
over 14 years ago

SQL injection. CPANSA-DBD-mysqlPP-2011-01

cpan DBD-mysqlPP
High
over 13 years ago

Incorrect password check binds to the unauthenticated user. CPANSA-Catalyst-Authentication-Store-LDAP-2012-01

cpan Catalyst-Authentication-Store-LDAP
High
over 11 years ago

Context sensitivity of method param could lead to parameter injection attacks. CPANSA-Mojolicious-2014-01

cpan Mojolicious
High
over 11 years ago

DBD::File drivers open files from folders other than specifically passed using the f_dir attribute. CPANSA-DBI-2014-01

cpan DBI
High
over 10 years ago

Digest::SHA before 5.96 with perls earlier than v5.26 included the current working directory in the module search path, which could lead to the inadvernant loading of unexpected versions of a module. The current directory was removed from the default m... CPANSA-Digest-SHA-2016-1238

cpan Digest-SHA
High
over 10 years ago

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. CPANSA-Nginx-Engine-2016-0742-nginx

cpan Nginx-Engine
High
over 10 years ago

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. CPANSA-Nginx-Perl-2016-0742-nginx

cpan Nginx-Perl
High
about 10 years ago

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. CPANSA-perl-2016-2381

cpan perl
High
about 10 years ago

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80." CPANSA-perl-2015-8853

cpan perl
High
almost 10 years ago

Optional modules loaded from loading optional modules from "." CPANSA-Sys-Syslog-2016-1238

cpan Sys-Syslog
High
almost 10 years ago

Loading optional modules from . (current directory). CPANSA-Encode-2016-01

cpan Encode
High
almost 10 years ago

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/... CPANSA-Dpkg-2016-1238

cpan Dpkg
High
almost 10 years ago

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/... CPANSA-App-japerl-2016-1238

cpan App-japerl
High
almost 10 years ago

Does not remove . from @INC, which might allow local users to gain privileges via a Trojan horse module under the current working directory. CPANSA-Locale-Maketext-2016-1238

cpan Locale-Maketext
High
almost 10 years ago

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/... CPANSA-Pod-Perldoc-2016-1238

cpan Pod-Perldoc
High
almost 10 years ago

Imager would search the default current directory entry in @INC when searching for file format support modules. CPANSA-Imager-2016-1238

cpan Imager
High
almost 10 years ago

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/... CPANSA-IPC-Cmd-2016-1238

cpan IPC-Cmd
High
almost 10 years ago

'(1) cpan/Win32-File-Summary/bin/ptar, (2) cpan/Win32-File-Summary/bin/ptardiff, (3) cpan/Win32-File-Summary/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode... CPANSA-Win32-File-Summary-2016-1238

cpan Win32-File-Summary
High
almost 10 years ago

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/... CPANSA-ExtUtils-ParseXS-2016-1238

cpan ExtUtils-ParseXS
High
almost 10 years ago

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. CPANSA-perl-2016-6185

cpan perl
High
almost 10 years ago

Includes . in @INC which might allow local users to gain privileges via a Trojan horse module under the current working directory. CPANSA-Digest-2016-1238

cpan Digest
High
almost 10 years ago

'(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan... CPANSA-Archive-Tar-2016-1238

cpan Archive-Tar
High
almost 10 years ago

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/... CPANSA-Module-Provision-2016-1238

cpan Module-Provision
High
almost 10 years ago

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/... CPANSA-Module-Load-Conditional-2016-1238

cpan Module-Load-Conditional
High
almost 10 years ago

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/... CPANSA-IO-Compress-2016-1238

cpan IO-Compress
High
almost 10 years ago

Loading modules from . (current directory). CPANSA-ExtUtils-MakeMaker-2016-01

cpan ExtUtils-MakeMaker
High
over 9 years ago

The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures... CPANSA-Net-Dropbear-2016-6129-libtomcrypt

cpan Net-Dropbear
High
about 9 years ago

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line. CPANSA-Git-Raw-2016-10129-libgit2

cpan Git-Raw
High
over 8 years ago

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\\N{}' escape and the... CPANSA-perl-2017-12837

cpan perl
High
about 8 years ago

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. CPANSA-DBD-SQLite-2018-8740-sqlite

cpan DBD-SQLite
High
about 8 years ago

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. CPANSA-DBD-SQLite-2018-8740

cpan DBD-SQLite
High
about 8 years ago

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. CPANSA-perl-2018-6798

cpan perl
High
about 8 years ago

Mojo::UserAgent was not checking peer SSL certificates by default. CPANSA-Mojolicious-2018-03

cpan Mojolicious
High
almost 8 years ago

In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero. CPANSA-Sereal-Encoder-2018-12913-miniz

cpan Sereal-Encoder
High
almost 8 years ago

In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero. CPANSA-Sereal-Decoder-2018-12913-miniz

cpan Sereal-Decoder
High
over 7 years ago

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite databas... CPANSA-DBD-SQLite-2018-3906-sqlite

cpan DBD-SQLite
High
over 7 years ago

Denial of Service with large HTTP headers by using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap alloca... CPANSA-Git-XS-2018-12121-http-parser

cpan Git-XS
High
over 7 years ago

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by lev... CPANSA-DBD-SQLite-2018-20346

cpan DBD-SQLite
High
over 7 years ago

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can... CPANSA-GD-2019-6977

cpan GD
High
about 7 years ago

Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac(). The component is: JWT.pm, line 614. The attack vector is: network connectivit... CPANSA-Crypt-JWT-2019-01

cpan Crypt-JWT
High
about 7 years ago

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execu... CPANSA-DBD-SQLite-2018-20506

cpan DBD-SQLite
High
about 7 years ago

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). CPANSA-DBD-SQLite-2018-20505

cpan DBD-SQLite
High
about 7 years ago

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a ... CPANSA-DBD-SQLite-2019-5018

cpan DBD-SQLite
High
over 6 years ago

sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. CPANSA-DBD-SQLite-2019-19244

cpan DBD-SQLite
High
over 6 years ago

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. CPANSA-DBD-SQLite-2019-19603

cpan DBD-SQLite
High
over 6 years ago

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. CPANSA-DBD-SQLite-2019-19880

cpan DBD-SQLite
High
over 6 years ago

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. CPANSA-DBD-SQLite-2019-19926

cpan DBD-SQLite

Filter by Severity

Moderate 210 High 101 Critical 49 Low 6

Filter by Package

perl 45 DBD-SQLite 42 MT 37 Mojolicious 18 Dpkg 14 Yukki 14 MySQL-Admin 13 Kossy 11 Zonemaster-GUI 11 YATT-Lite 10 Ukigumo-Server 10 DBI 10 Yancy 10 SockJS 10 Zabbix-Reporter 10 UR 10 App-Netdisco 10 Plack-Debugger 9 Stardust 9 JS-jQuery 9 Resource-Pack-jQuery 9 Yote 9 Sidef 9 Squatting 9 Imager 7 Net-Dropbear 7 DBD-mysql 7 Archive-Tar 6 Cpanel-JSON-XS 6 CGI 6 File-Path 6 libwww-perl 6 Git-Raw 5 Net-CIDR-Lite 5 Win32-File-Summary 5 IO-Compress 5 CryptX 5 ActivePerl 5 Sereal-Decoder 5 YAML-LibYAML 4 Compress-Raw-Zlib 4 Jifty 4 Archive-Unzip-Burst 4 Lemonldap-NG-Portal 4 Net-CIDR-Set 4 Plack 4 CGI-Simple 4 HTTP-Tiny 4 Sereal-Encoder 4 Tk 4 Alien-SVN 4 Git-XS 4 Encode 3 YAML-Syck 3 Apache-Session 3 Net-SNMP 3 XML-LibXML 3 Crypt-CBC 3 Safe 3 Crypt-Sodium-XS 3 Lemonldap-NG-Handler 3 Config-Model 3 mod_perl 3 DBD-Pg 3 SOAP-Lite 3 Dancer 3 DBD-MariaDB 3 Plack-Middleware-Session 3 UI-Dialog 3 Image-ExifTool 3 Lemonldap-NG-Common 3 Crypt-DSA 3 Net-DNS 3 CPAN 3 GBrowse 3 Lemonldap-NG-Manager 3 Perl6-Pugs 3 HTML-Parser 2 HTTP-Session2 2 Boost-Graph 2 Zonemaster-Backend 2 DBIx-Class-EncodedColumn 2 XML-Parser 2 Crypt-OpenSSL-PKCS12 2 Email-Address 2 Mozilla-CA 2 FCGI 2 cppAdaptive1 2 Catalyst-Runtime 2 Perl-Tidy 2 BSON-XS 2 Compress-Raw-Bzip2 2 PathTools 2 Alien-FreeImage 2 HarfBuzz-Shaper 2 MHonArc 2 Spreadsheet-ParseXLSX 2 Digest 2 Archive-Zip 2 Crypt-SaltedHash 2 Apache-Session-Browseable 2 YAML 2 Crypt-Random 2 EasyTCP 2 Locale-Maketext 2 Storable 2 Tcl 2 App-cpanminus 2 Win32-Printer 2 App-revealup 2 POSIX-2008 2 Net-OpenID-Consumer 2 Crypt-NaCl-Sodium 2 IO-Socket-SSL 2 Net-Statsd-Lite 2 HTTP-Daemon 2 cppAdaptive2 2 CGI-Session 2 PAR 2 Crypt-Perl 2 DataDog-DogStatsd 2 Plack-Middleware-Statsd 2 Module-Metadata 1 CBOR-XS 1 Catalyst-Action-REST 1 Crypt-ScryptKDF 1 Amon2-Auth-Site-LINE 1 XML-Atom 1 Net-Xero 1 JavaScript-Duktape 1 IPC-Run 1 CPAN-Checksums 1 JSON-XS 1 Unicode-LineBreak 1 Starman 1 CGI-Application-Plugin-AutoRunmode 1 WWW-UsePerl-Server 1 Apache-Wyrd 1 Net-IP-LPM 1 Net-IPv4Addr 1 Imager-File-GIF 1 Plack-Middleware-XSRFBlock 1 Gazelle 1 Amon2 1 Amon2-Plugin-Web-CSRFDefender 1 RPC-XML 1 eperl 1 Crypt-RandomEncryption 1 Mojo-DOM-Role-Analyzer 1 Mail-Audit 1 Graphics-ColorNames 1 Dancer2 1 Catalyst-Controller-Combine 1 PAR-Packer 1 Devel-StackTrace 1 ExtUtils-MakeMaker 1 Sub-HandlesVia 1 Crypt-SysRandom-XS 1 SVG-Sparkline 1 Apache2-API 1 App-Github-Email 1 XML-Simple 1 Cmd-Dwarf 1 Protocol-HTTP2 1 Search-OpenSearch-Server 1 WWW-Mechanize-Cached 1 Image-Info 1 MARC-File-XML 1 Term-ReadLine-Gnu 1 Otogiri 1 File-Temp 1 Pinto 1 LWP-Protocol-Net-Curl 1 Crypt-Primes 1 String-Compare-ConstantTime 1 Catalyst-Plugin-Session 1 Crypt-OpenSSL-RSA 1 Alien-PCRE2 1 Data-FormValidator 1 Clipboard 1 XML-Twig 1 Text-CSV_XS 1 Redis-Fast 1 Crypt-OpenSSL-DSA 1 Authen-SASL 1 Catalyst-Plugin-Authentication 1 Apache-AuthCAS 1 perl-ldap 1 Apache-SessionX 1 Amazon-Credentials 1 Crypt-PasswdMD5 1 Mojolicious-Plugin-OAuth2 1 Filesys-SmbClientParser 1 WWW-Mechanize 1 Template-Toolkit 1 Web-Passwd 1 PApp 1 CGI-Application-Dispatch 1 Crypt-Random-Source 1 Apache2-AuthAny 1

Filter by Repository

https://github.com/jquery/jquery 108 https://github.com/Perl/perl5 22 https://github.com/sqlite/sqlite 15 https://github.com/mojolicious/mojo 12 https://github.com/twbs/bootstrap 9 https://github.com/perl5-dbi/DBD-mysql 7 https://github.com/rurban/Cpanel-JSON-XS 6 https://github.com/briandfoy/cpan-security-advisory 6 https://github.com/glennrp/libpng 6 https://sourceforge.net/projects/sourceforge.net 6 https://github.com/madler/zlib 6 https://github.com/stigtsp/Net-CIDR-Lite 5 https://github.com/jib/archive-tar-new 5 https://github.com/perl5-dbi/dbi 5 https://github.com/pmqs/IO-Compress 4 https://github.com/facebook/zstd 4 https://github.com/kmx/alien-freeimage 3 https://github.com/cpan-authors/YAML-Syck 3 https://github.com/tonycoz/imager 3 https://github.com/DCIT/perl-CryptX 3 https://github.com/dod38fr/config-model 3 https://github.com/redis/hiredis 3 https://github.com/jquery/jquery-ui 3 https://github.com/libgit2/security 3 https://github.com/libtom/libtomcrypt 3 https://github.com/PerlDancer/Dancer 2 https://github.com/LemonLDAPNG/Apache-Session-Browseable 2 https://github.com/zonemaster/zonemaster-backend 2 https://github.com/ingydotnet/yaml-libyaml-pm 2 https://github.com/miyagawa/cpanminus 2 https://github.com/libwww-perl/HTTP-Daemon 2 https://github.com/svaarala/duktape 2 https://github.com/chartjs/Chart.js 2 https://github.com/robrwo/Plack-Middleware-Statsd 2 https://github.com/libwww-perl/libwww-perl 2 https://github.com/ingydotnet/yaml-pm 2 https://github.com/FGasper/p5-Crypt-Perl 2 https://github.com/cpan-authors/XML-Parser 2 https://github.com/chansen/p5-http-tiny 2 https://github.com/robrwo/perl-Crypt-SaltedHash 2 https://github.com/andk/cpanpm 2 https://github.com/cpan-authors/crypt-nacl-sodium 2 https://github.com/richgel999/miniz 2 https://github.com/tokuhirom/HTTP-Session2 2 https://github.com/hashcat/hashcat 2 https://github.com/AndyA/CGI--Simple 2 https://github.com/libtom/libtommath 2 https://github.com/mitmproxy/pdoc 2 https://github.com/jedisct1/libsodium 2 https://github.com/exiftool/exiftool 2 https://github.com/blog/1938-git-client-vulnerability-announced 2 https://github.com/hatukanezumi/Unicode-LineBreak 1 https://github.com/gitpan/PerlSpeak 1 https://github.com/perl-net-saml2/perl-XML-Sig 1 https://sourceforge.net/projects/net-snmp 1 https://github.com/perl-catalyst/Catalyst-Plugin-Authentication 1 https://github.com/plack/Plack-Middleware-Session 1 https://github.com/robrwo/perl-Mojolicious-Plugin-Statsd 1 https://github.com/cosimo/perl5-net-statsd 1 https://github.com/josdejong/jsoneditor 1 https://github.com/libwww-perl/HTML-Parser 1 https://github.com/houseabsolute/Data-Validate-IP 1 https://github.com/dagolden/Capture-Tiny 1 https://github.com/dajobe/raptor 1 https://github.com/toddr/Crypt-OpenSSL-RSA 1 https://github.com/robrwo/CatalystX-Statsd 1 https://github.com/redhotpenguin/perl-soaplite 1 https://github.com/miyagawa/Starman 1 https://github.com/dankogai/p5-encode 1 https://github.com/wrog/Net-OpenID-Consumer 1 https://github.com/ytnobody/Otogiri 1 https://github.com/cromedome/cgi-application-plugin-captcha 1 https://github.com/preaction/Log-Any 1 https://github.com/richardc/perl-file-find-rule 1 https://github.com/mtrmac/IPTables-Parse 1 https://github.com/hakimel/reveal.js 1 https://github.com/atoomic/Crypt-Random 1 https://github.com/libwww-perl/lwp-protocol-https 1 https://github.com/cpan-authors/XML-LibXML 1 https://github.com/cpan-authors/Text-CSV_XS 1 https://github.com/amaltsev/XAO-Web 1 https://github.com/xsawyerx/app-genpass 1 https://github.com/bluefeet/GitLab-API-v4 1 https://github.com/gbarr/perl-authen-sasl 1 https://github.com/FastCGI-Archives/fcgi2 1 https://github.com/LemonLDAPNG/Apache-Session-LDAP 1 https://github.com/rjbs/Email-MIME 1 https://github.com/dsully/perl-crypt-openssl-pkcs12 1 https://github.com/zhuowei/worthdoingbadly.com 1 https://github.com/kazeburo/Kossy 1 https://github.com/sgnix/kelp 1 https://github.com/certifi/python-certifi 1 https://github.com/kberov/Ado 1 https://github.com/ycdxsb/WindowsPrivilegeEscalation 1 https://github.com/gray/compress-lz4 1 https://github.com/kraih/mojo 1 https://github.com/redhotpenguin/perl-Archive-Zip 1 https://github.com/perl-catalyst/FCGI 1 https://github.com/svarshavchik/Net-CIDR 1 https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker 1 https://github.com/harfbuzz/harfbuzz 1 https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP 1 https://github.com/Leont/crypt-argon2 1 https://github.com/jberger/Galileo 1 https://github.com/pjuhasz/JSON-SIMD 1 https://github.com/faraco/App-Github-Email 1 https://github.com/plack/Plack 1 https://github.com/moment/moment 1 https://github.com/moxiecode/plupload 1 https://github.com/jkeenan/File-Path 1 https://github.com/abw/Template2 1 https://github.com/marcusramberg/Mojolicious-Plugin-OAuth2 1 https://github.com/atrodo/Net-Dropbear 1 https://github.com/Perl-Toolchain-Gang/HTTP-Tiny 1 https://github.com/snapappointments/bootstrap-select 1 https://github.com/robrwo/Net-Statsd-Lite 1 https://github.com/perltidy/perltidy 1 https://github.com/robrwo/Text-Minify-XS 1 https://github.com/markstos/CGI.pm 1 https://github.com/perl-catalyst/Catalyst-Plugin-Session 1 https://github.com/rjbs/Email-Address 1 https://github.com/clintongormley/perl-html-stripscripts 1 https://github.com/robrwo/Net-Statsd-Tiny 1 https://github.com/mkj/dropbear 1 https://github.com/Perl-Toolchain-Gang/File-Temp 1 https://github.com/Dual-Life/Devel-PPPort 1 https://github.com/kazuho/Starlet 1 https://bitbucket.org/shlomif/perl-config-inifiles 1 https://bitbucket.org/xi/libyaml 1 https://github.com/bwva/Concierge-Sessions 1 https://github.com/google/brotli 1 https://github.com/haile01/perl_spreadsheet_excel_rce_poc 1 https://github.com/karpet/Dezi 1 https://github.com/bluefeet/Starch 1 https://github.com/gisle/html-parser 1 https://github.com/angular/angular.js 1 https://github.com/DCIT/perl-Crypt-JWT 1 https://github.com/jmcnamara/spreadsheet-parseexcel 1 https://github.com/perl-Crypt-OpenPGP/Crypt-Random 1 https://github.com/thaljef/Pinto 1 https://github.com/karenetheridge/Crypt-Random-Source 1 https://github.com/tchatzi/Authen-TOTP 1 https://github.com/gbarr/perl-Convert-ASN1 1 https://github.com/Sereal/Sereal 1 https://github.com/seagirl/dwarf 1 https://github.com/creaktive/LWP-Protocol-Net-Curl 1 https://github.com/yuki-kimoto/DBIx-Custom 1 https://github.com/robrwo/perl-Net-CIDR-Set 1 https://github.com/markstos/CGI--Application 1 https://github.com/mojomojo/mojomojo 1 https://github.com/tokuhirom/Amon 1 https://github.com/libwww-perl/WWW-Mechanize-Cached 1 https://github.com/lstein/Lib-Crypt-CBC 1 https://github.com/rschupp/Module-ScanDeps 1 https://github.com/PerlDancer/Dancer2 1 https://github.com/grantm/xml-simple 1 https://github.com/kazeburo/Plack-Middleware-Session-Simple 1 https://github.com/karpet/search-opensearch-server 1 https://github.com/gwadej/svg-sparkline 1 https://github.com/gnustavo/SVN-Look 1 https://github.com/atoomic/Crypt-Primes 1