Search CVE reports


Toggle filters

11 – 20 of 338 results


CVE-2026-14570

Medium priority
Needs evaluation

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to...

1 affected package

libcrypt-dsa-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libcrypt-dsa-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-15646

Medium priority
Needs evaluation

HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion. Support for the <template> element was added to libgumbo 0.10.0 in 2015, but the walk_tree function in lib/HTML/Gumbo.xs was not updated to...

1 affected package

libhtml-gumbo-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libhtml-gumbo-perl Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-56016

Medium priority
Needs evaluation

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generate_id method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in...

1 affected package

libcgi-session-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libcgi-session-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-13758

Medium priority
Needs evaluation

CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time in the streaming decrypt_done path. The decrypt_done($tag) form compares it against the computed tag with memNE (memcmp() != 0), which...

1 affected package

libcryptx-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libcryptx-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-56018

Medium priority
Needs evaluation

JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(), allowing unbounded memory growth. In JsMinify (XS.xs) the cleanup frees only the NodeSet structures and never the per-token contents...

1 affected package

libjavascript-minifier-xs-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libjavascript-minifier-xs-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-56017

Medium priority
Needs evaluation

JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer dereference when the first meaningful token of the input is a slash. The regexp versus division disambiguator in JsTokenizeString (XS.xs) inspects...

1 affected package

libjavascript-minifier-xs-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libjavascript-minifier-xs-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-13593

Medium priority
Needs evaluation

CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when processing a document containing only characters to be removed, such as...

1 affected package

libcss-minifier-xs-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libcss-minifier-xs-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-11625

Medium priority
Needs evaluation

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is...

1 affected package

libbytes-random-secure-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libbytes-random-secure-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-12844

Medium priority
Needs evaluation

List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer...

1 affected package

liblist-someutils-xs-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
liblist-someutils-xs-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-9265

Medium priority
Needs evaluation

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length...

1 affected package

libcrypt-openssl-pkcs12-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libcrypt-openssl-pkcs12-perl Needs evaluation Needs evaluation Not in release Needs evaluation Needs evaluation
Show less packages