Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    147 vulnerabilities by perl

    CVE-2026-57432 (GCVE-0-2026-57432)

    Vulnerability from nvd – Published: 2026-07-13 15:38 – Updated: 2026-07-14 13:34
    VLAI
    Title
    Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack
    Summary
    Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack. S_measure_struct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the signed SSize_t total negative. The @, X, and x position codes then guard their moves with a signed length comparison that passes when the length is negative, advancing the buffer pointer out of bounds. A template derived from untrusted input can read heap memory past the buffer and return it to the caller.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Vendor Product Version
    SHAY perl Affected: 0 , ≤ 5.43.10 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-13T19:30:46.712Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/13/6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57432",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T13:34:38.894921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T13:34:42.360Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "perl",
              "product": "perl",
              "programFiles": [
                "pp_pack.c"
              ],
              "programRoutines": [
                {
                  "name": "S_measure_struct"
                }
              ],
              "repo": "https://github.com/Perl/perl5",
              "vendor": "SHAY",
              "versions": [
                {
                  "lessThanOrEqual": "5.43.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack.\n\nS_measure_struct adds each item\u0027s size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the signed SSize_t total negative. The @, X, and x position codes then guard their moves with a signed length comparison that passes when the length is negative, advancing the buffer pointer out of bounds.\n\nA template derived from untrusted input can read heap memory past the buffer and return it to the caller."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T15:38:20.728Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Perl/perl5/commit/5f7eb6bbbe0510964e3fb1d6bb691e5445913e55.patch"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Perl/perl5/commit/40754edc72dd3e513d758153c0e2f0215897740e.patch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Apply the upstream patches. The fix is included in the Perl 5.43.11 development release."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-57432",
        "datePublished": "2026-07-13T15:38:20.728Z",
        "dateReserved": "2026-06-24T13:09:26.322Z",
        "dateUpdated": "2026-07-14T13:34:42.360Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13221 (GCVE-0-2026-13221)

    Vulnerability from nvd – Published: 2026-07-13 15:40 – Updated: 2026-07-14 13:33
    VLAI
    Title
    Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk
    Summary
    Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored in a 16-bit field. A branch count above 65535 overflows the field, and the trie's match decision table is truncated with no warning or error. A pattern of this shape produces false positive matches (matching strings it should not) and false negative matches (failing to match strings it should). When such a pattern gates an access or filtering decision, the result is wrong.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Vendor Product Version
    SHAY perl Affected: 0 , ≤ 5.43.9 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-13T19:30:45.640Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/13/5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13221",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T13:33:13.127997Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T13:33:18.189Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "perl",
              "product": "perl",
              "programFiles": [
                "regcomp_study.c"
              ],
              "programRoutines": [
                {
                  "name": "Perl_study_chunk"
                }
              ],
              "repo": "https://github.com/Perl/perl5",
              "vendor": "SHAY",
              "versions": [
                {
                  "lessThanOrEqual": "5.43.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk.\n\nWhen such branches are combined into a trie, the delta between the first branch and the shared tail is stored in a 16-bit field. A branch count above 65535 overflows the field, and the trie\u0027s match decision table is truncated with no warning or error.\n\nA pattern of this shape produces false positive matches (matching strings it should not) and false negative matches (failing to match strings it should). When such a pattern gates an access or filtering decision, the result is wrong."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T15:40:11.035Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Perl/perl5/commit/03f74bbbd3a68350d926ee93d56ee4808c28c4c7.patch"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/Perl/perl5/issues/23388"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Apply the upstream patch. The fix is included in the Perl 5.43.10 development release."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-13221",
        "datePublished": "2026-07-13T15:40:11.035Z",
        "dateReserved": "2026-06-24T15:38:41.010Z",
        "dateUpdated": "2026-07-14T13:33:18.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14740 (GCVE-0-2026-14740)

    Vulnerability from nvd – Published: 2026-07-07 22:05 – Updated: 2026-07-08 13:59
    VLAI
    Title
    DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment
    Summary
    DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    HMBRAND DBI Affected: 0 , < 1.650 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-08T00:28:32.673Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/07/17"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14740",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:58:06.622142Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:59:33.009Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "DBI",
              "product": "DBI",
              "programFiles": [
                "DBI.xs"
              ],
              "programRoutines": [
                {
                  "name": "preparse"
                }
              ],
              "repo": "https://github.com/perl5-dbi/dbi",
              "vendor": "HMBRAND",
              "versions": [
                {
                  "lessThan": "1.650",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment.\n\nThe preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T22:05:45.077Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/perl5-dbi/dbi/commit/fc16f9e8b3dd5c65caf1867781ab2bfe2fadcc01.patch"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/perl5-dbi/dbi/security/advisories/GHSA-35f4-f8m9-w8xg"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/HMBRAND/DBI-1.650/changes"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to DBI version 1.650 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment",
          "workarounds": [
            {
              "lang": "en",
              "value": "Remove initial comments from SQL statements before passing them to DBI."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-14740",
        "datePublished": "2026-07-07T22:05:45.077Z",
        "dateReserved": "2026-07-04T09:43:56.576Z",
        "dateUpdated": "2026-07-08T13:59:33.009Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14739 (GCVE-0-2026-14739)

    Vulnerability from nvd – Published: 2026-07-07 22:05 – Updated: 2026-07-08 13:56
    VLAI
    Title
    DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders
    Summary
    DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    HMBRAND DBI Affected: 0 , < 1.650 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:55:38.504631Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:56:43.597Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "DBI",
              "product": "DBI",
              "programFiles": [
                "DBI.xs"
              ],
              "programRoutines": [
                {
                  "name": "preparse"
                }
              ],
              "repo": "https://github.com/perl5-dbi/dbi",
              "vendor": "HMBRAND",
              "versions": [
                {
                  "lessThan": "1.650",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders.\n\nThe fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders.\n\nDBI version 1.650 sets a hard limit of 99,999 placeholders."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T22:05:18.457Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/perl5-dbi/dbi/commit/2b77c88b655e9539a592c71a61fb965fc0075395.patch"
            },
            {
              "tags": [
                "vendor-advisory",
                "related"
              ],
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-10879"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/HMBRAND/DBI-1.650/changes"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to DBI version 1.650 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-04T00:00:00.000Z",
              "value": "Version 1.648 released with a fix for CVE-2026-10879."
            },
            {
              "lang": "en",
              "time": "2026-07-07T00:00:00.000Z",
              "value": "Version 1.650 released."
            }
          ],
          "title": "DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-14739",
        "datePublished": "2026-07-07T22:05:18.457Z",
        "dateReserved": "2026-07-04T09:24:31.098Z",
        "dateUpdated": "2026-07-08T13:56:43.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14380 (GCVE-0-2026-14380)

    Vulnerability from nvd – Published: 2026-07-07 22:04 – Updated: 2026-07-09 14:41
    VLAI
    Title
    DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile
    Summary
    DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package name. Any caller-influenced value that reaches the Profile attribute is therefore arbitrary Perl code execution, including calls to run system commands. The Profile attribute can be set from three different sources that can carry untrusted data: the DBI_PROFILE environment variable, a direct attribute assignment, and a DSN driver-attribute clause dbi:Driver(Profile=>SPEC):db. An attacker controlling any of those inputs runs arbitrary Perl in the host process. The strongest remote position is a network-exposed DBI::Gofer / DBI::ProxyServer whose per-request DSN reaches the Profile attribute, letting a client execute code on the broker host.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection)
    Assigner
    Impacted products
    Vendor Product Version
    HMBRAND DBI Affected: 0 , < 1.650 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-08T00:28:31.619Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/07/16"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14380",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:51:52.778631Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:41:58.100Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "DBI",
              "product": "DBI",
              "programFiles": [
                "lib/DBI/Profile.pm"
              ],
              "programRoutines": [
                {
                  "name": "DBI::Profile::_auto_new"
                }
              ],
              "repo": "https://github.com/perl5-dbi/dbi",
              "vendor": "HMBRAND",
              "versions": [
                {
                  "lessThan": "1.650",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile.\n\nWhen a string is assigned to a DBI handle\u0027s Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package name.\n\nAny caller-influenced value that reaches the Profile attribute is therefore arbitrary Perl code execution, including calls to run system commands.\n\nThe Profile attribute can be set from three different sources that can carry untrusted data: the DBI_PROFILE environment variable, a direct attribute assignment, and a DSN driver-attribute clause dbi:Driver(Profile=\u003eSPEC):db.\n\nAn attacker controlling any of those inputs runs arbitrary Perl in the host process. The strongest remote position is a network-exposed DBI::Gofer / DBI::ProxyServer whose per-request DSN reaches the Profile attribute, letting a client execute code on the broker host."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-95",
                  "description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T22:04:49.078Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/perl5-dbi/dbi/commit/b73d5d9901767fc1d16b6661ef08fbed4532e259.patch"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/perl5-dbi/dbi/security/advisories/GHSA-ch8w-hxc2-v557"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/HMBRAND/DBI-1.650/changes"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to DBI version 1.650 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-14380",
        "datePublished": "2026-07-07T22:04:49.078Z",
        "dateReserved": "2026-07-01T21:17:54.504Z",
        "dateUpdated": "2026-07-09T14:41:58.100Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9698 (GCVE-0-2026-9698)

    Vulnerability from nvd – Published: 2026-06-09 07:22 – Updated: 2026-07-16 12:04
    VLAI
    Title
    DBI versions before 1.648 for Perl saved errors in a limited-sized buffer
    Summary
    DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a buffer overflow.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-787 - Out-of-bounds Write
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    HMBRAND DBI Affected: 0 , < 1.648 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:1.643-26.el10_2.1 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020260624081239.69ef70f8 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.643-9.el9_8.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-09T11:03:32.648Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/09/9"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9698",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T15:44:04.195929Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T15:44:21.456Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-DBI",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:1.643-26.el10_2.1",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-DBI:1.641",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8100020260624081239.69ef70f8",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-DBI",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:1.643-9.el9_8.1",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unknown",
                "packageName": "perl-DBI",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-DBI",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-DBI",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-09T07:22:25.892Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in DBI, a Perl database interface. This vulnerability allows an attacker to trigger a buffer overflow by manipulating error messages within an application. When specific error handling options are active, an attacker can provide oversized error text, which may lead to arbitrary code execution or a denial of service (DoS)."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T12:04:49.222Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-9698"
              },
              {
                "name": "RHBZ#2486734",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486734"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9698.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:38513"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:38901"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:38512"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:38513: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:38901: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:38512: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-09T08:00:53.401Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-09T07:22:25.892Z",
                "value": "Made public."
              }
            ],
            "title": "DBI: DBI: Buffer overflow in error handling can lead to arbitrary code execution",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Users are advised to identify network-accessible applications which use perl-DBI and ensure that only trusted users have access to those applications."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "DBI",
              "product": "DBI",
              "programFiles": [
                "DBI.xs"
              ],
              "repo": "https://github.com/perl5-dbi/dbi",
              "vendor": "HMBRAND",
              "versions": [
                {
                  "lessThan": "1.648",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DBI versions before 1.648 for Perl saved errors in a limited-sized buffer.\n\nError messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit.\n\nAttackers that can influence the error text in an application can trigger a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T07:22:25.892Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/HMBRAND/DBI-1.648/changes"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/perl5-dbi/dbi/commit/bfe5d73c162d2d1f761a639a0aa33aad6a9eb54e.patch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to DBI 1.648 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-25T00:00:00.000Z",
              "value": "Issue reported to CPANSec."
            },
            {
              "lang": "en",
              "time": "2026-05-27T00:00:00.000Z",
              "value": "Commit fixed the issue in DBI."
            },
            {
              "lang": "en",
              "time": "2026-06-04T00:00:00.000Z",
              "value": "DBI 1.648 released."
            }
          ],
          "title": "DBI versions before 1.648 for Perl saved errors in a limited-sized buffer",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-9698",
        "datePublished": "2026-06-09T07:22:25.892Z",
        "dateReserved": "2026-05-27T12:06:43.461Z",
        "dateUpdated": "2026-07-16T12:04:49.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10879 (GCVE-0-2026-10879)

    Vulnerability from nvd – Published: 2026-06-05 14:30 – Updated: 2026-06-08 16:55
    VLAI
    Title
    DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders
    Summary
    DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require four characters, 100-999 require five characters, et cetera.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    HMBRAND DBI Affected: 0 , < 1.648 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-06T05:18:05.204Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/06/4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10879",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T16:54:58.795048Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T16:55:27.339Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "DBI",
              "product": "DBI",
              "programFiles": [
                "DBI.xs"
              ],
              "repo": "https://github.com/perl5-dbi/dbi",
              "vendor": "HMBRAND",
              "versions": [
                {
                  "lessThan": "1.648",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders.\n\nThe preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer.  Placeholders 10-99 require four characters, 100-999 require five characters, et cetera."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 (Out-of-bounds Write)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T14:30:58.497Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/HMBRAND/DBI-1.648/changes"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/perl5-dbi/dbi/commit/af79036c07aa9a457971c0f4136e37c85dc20978.patch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to DBI 1.648 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-25T00:00:00.000Z",
              "value": "Issue reported to CPANSec."
            },
            {
              "lang": "en",
              "time": "2026-05-28T00:00:00.000Z",
              "value": "Commit fixed the issue in DBI."
            },
            {
              "lang": "en",
              "time": "2026-06-04T00:00:00.000Z",
              "value": "DBI 1.648 released."
            }
          ],
          "title": "DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-10879",
        "datePublished": "2026-06-05T14:30:58.497Z",
        "dateReserved": "2026-06-04T16:34:48.978Z",
        "dateUpdated": "2026-06-08T16:55:27.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8376 (GCVE-0-2026-8376)

    Vulnerability from nvd – Published: 2026-05-25 23:53 – Updated: 2026-05-27 18:04
    VLAI
    Title
    Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds
    Summary
    Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-680 - Integer Overflow to Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    SHAY perl Affected: 0 , ≤ 5.43.10 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-26T03:06:00.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/26/1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8376",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T18:03:45.554441Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T18:04:00.329Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "perl",
              "product": "perl",
              "programFiles": [
                "regcomp_study.c"
              ],
              "programRoutines": [
                {
                  "name": "Perl_study_chunk"
                }
              ],
              "repo": "https://github.com/Perl/perl5",
              "vendor": "SHAY",
              "versions": [
                {
                  "lessThanOrEqual": "5.43.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds.\n\nPerl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer.\n\nA caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-680",
                  "description": "CWE-680 Integer Overflow to Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-25T23:53:27.812Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c.patch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to a future perl release, or apply the upstream patch."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-24T00:00:00.000Z",
              "value": "Issue reported."
            },
            {
              "lang": "en",
              "time": "2026-05-20T00:00:00.000Z",
              "value": "Fix merged to blead."
            }
          ],
          "title": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds",
          "workarounds": [
            {
              "lang": "en",
              "value": "On 32-bit perl builds, avoid compiling regular expressions from untrusted input until a fixed release is installed."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-8376",
        "datePublished": "2026-05-25T23:53:27.812Z",
        "dateReserved": "2026-05-12T08:15:41.456Z",
        "dateUpdated": "2026-05-27T18:04:00.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4176 (GCVE-0-2026-4176)

    Vulnerability from nvd – Published: 2026-03-29 20:50 – Updated: 2026-03-30 15:35
    VLAI
    Title
    Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib
    Summary
    Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1395 - Dependency on Vulnerable Third-Party Component
    Assigner
    Impacted products
    Vendor Product Version
    SHAY perl Affected: 5.9.4 , < 5.40.4-RC1 (custom)
    Affected: 5.41.0 , < 5.42.2-RC1 (custom)
    Affected: 5.43.0 , < 5.43.9 (custom)
    Create a notification for this product.
    Credits
    Bernhard Schmalhofer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-30T04:56:37.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/30/2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-30T15:34:29.395269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1395",
                    "description": "CWE-1395 Dependency on Vulnerable Third-Party Component",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-30T15:35:08.162Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "perl",
              "product": "perl",
              "repo": "https://github.com/Perl/perl5",
              "vendor": "SHAY",
              "versions": [
                {
                  "lessThan": "5.40.4-RC1",
                  "status": "affected",
                  "version": "5.9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.42.2-RC1",
                  "status": "affected",
                  "version": "5.41.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.43.9",
                  "status": "affected",
                  "version": "5.43.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Bernhard Schmalhofer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib.\n\nCompress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1395",
                  "description": "CWE-1395 Dependency on Vulnerable Third-Party Component",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-29T20:50:51.058Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "related",
                "vdb-entry"
              ],
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-3381"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.security.metacpan.org/cve-announce/msg/37638919/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Perl/perl5/commit/c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/SHAY/perl-5.40.4/changes"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/SHAY/perl-5.42.2/changes"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to Perl stable release 5.40.4 or 5.42.2 or later, which include Compress::Raw::Zlib 2.222."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-27T00:00:00.000Z",
              "value": "Compress::Raw::Zlib 2.221 committed to Perl blead."
            },
            {
              "lang": "en",
              "time": "2026-03-07T00:00:00.000Z",
              "value": "CVE-2026-3381 published for Compress::Raw::Zlib."
            },
            {
              "lang": "en",
              "time": "2026-03-14T00:00:00.000Z",
              "value": "CVE-2026-4176 reserved."
            },
            {
              "lang": "en",
              "time": "2026-03-29T00:00:00.000Z",
              "value": "Perl 5.40.4 and 5.42.2 released."
            }
          ],
          "title": "Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib",
          "workarounds": [
            {
              "lang": "en",
              "value": "Install Compress::Raw::Zlib 2.220 or later into your @INC include path, so it takes precedence over the vulnerable core module shipped with Perl.\n\nSome OS distributions patch their perl package to build Compress::Raw::Zlib against the system zlib rather than the vendored copy. Users of these distributions may not be affected if their system zlib has been updated to 1.3.2 or later, or includes backported patches for the relevant vulnerabilities."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-4176",
        "datePublished": "2026-03-29T20:50:51.058Z",
        "dateReserved": "2026-03-14T16:17:19.077Z",
        "dateUpdated": "2026-03-30T15:35:08.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40909 (GCVE-0-2025-40909)

    Vulnerability from nvd – Published: 2025-05-30 12:20 – Updated: 2026-04-18 14:15
    VLAI
    Title
    Perl threads have a working directory race condition where file operations may target unintended paths
    Summary
    Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-689 - Permission Race Condition During Resource Copy
    • CWE-426 - Untrusted Search Path
    Assigner
    Impacted products
    Vendor Product Version
    perl perl Affected: 5.13.6 , < 5.41.13 (custom)
    Create a notification for this product.
    Credits
    Vincent Lefevre
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-18T14:15:40.356Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/05/23/1"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/05/30/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/06/02/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/06/02/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/06/02/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/06/02/7"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/06/03/1"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/55"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/54"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/53"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00018.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40909",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-30T14:05:00.839656Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-30T14:09:50.842Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "perl",
              "product": "perl",
              "programRoutines": [
                {
                  "name": "threads"
                }
              ],
              "repo": "https://github.com/perl/perl5",
              "vendor": "perl",
              "versions": [
                {
                  "lessThan": "5.41.13",
                  "status": "affected",
                  "version": "5.13.6",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Vincent Lefevre"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Perl threads have a working directory race condition where file operations may target unintended paths.\u003cbr\u003e\u003cbr\u003eIf a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone\u0026nbsp;that handle for the new thread, which is visible from any third (or\u0026nbsp;more) thread already running. \u003cbr\u003e\u003cbr\u003eThis may lead to unintended operations\u0026nbsp;such as loading code or accessing files from unexpected locations,\u0026nbsp;which a local attacker may be able to exploit.\u003cbr\u003e\u003cbr\u003eThe bug was introduced in commit\u0026nbsp;11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6"
                }
              ],
              "value": "Perl threads have a working directory race condition where file operations may target unintended paths.\n\nIf a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone\u00a0that handle for the new thread, which is visible from any third (or\u00a0more) thread already running. \n\nThis may lead to unintended operations\u00a0such as loading code or accessing files from unexpected locations,\u00a0which a local attacker may be able to exploit.\n\nThe bug was introduced in commit\u00a011a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-689",
                  "description": "CWE-689 Permission Race Condition During Resource Copy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426 Untrusted Search Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-05T13:24:00.827Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch"
            },
            {
              "tags": [
                "mailing-list",
                "exploit"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2025/05/22/2"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/Perl/perl5/issues/23010"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/Perl/perl5/issues/10387"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update perl to an unaffected version, or apply the patch provided in the references section."
                }
              ],
              "value": "Update perl to an unaffected version, or apply the patch provided in the references section."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Perl threads have a working directory race condition where file operations may target unintended paths",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2025-40909",
        "datePublished": "2025-05-30T12:20:11.237Z",
        "dateReserved": "2025-04-16T09:05:34.360Z",
        "dateUpdated": "2026-04-18T14:15:40.356Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56406 (GCVE-0-2024-56406)

    Vulnerability from nvd – Published: 2025-04-13 13:16 – Updated: 2025-10-16 14:04
    VLAI
    Title
    Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes
    Summary
    A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.    $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'    Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    perl perl Affected: 5.41.0 , ≤ 5.41.10 (custom)
    Affected: 5.39.0 , < 5.40.2-RC1 (custom)
    Affected: 5.33.1 , < 5.38.4-RC1 (custom)
    Create a notification for this product.
    Credits
    Nathan Mills
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-04-13T22:02:35.643Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/13/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/13/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/13/5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56406",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T14:04:16.993103Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-16T14:04:20.393Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "perl",
              "product": "perl",
              "programFiles": [
                "op.c"
              ],
              "programRoutines": [
                {
                  "name": "S_pmtrans"
                },
                {
                  "name": "tr"
                }
              ],
              "repo": "https://github.com/Perl/perl5/",
              "vendor": "perl",
              "versions": [
                {
                  "lessThanOrEqual": "5.41.10",
                  "status": "affected",
                  "version": "5.41.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.40.2-RC1",
                  "status": "affected",
                  "version": "5.39.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.38.4-RC1",
                  "status": "affected",
                  "version": "5.33.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nathan Mills"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A heap buffer overflow vulnerability was discovered in Perl. \u003cbr\u003e\u003cbr\u003eRelease branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.\u003cbr\u003e\u003cbr\u003eWhen there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u0026nbsp; \u0026nbsp;$ perl -e \u0027$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;\u0027 \u003cbr\u003e\u0026nbsp; \u0026nbsp;Segmentation fault (core dumped)\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eIt is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "A heap buffer overflow vulnerability was discovered in Perl. \n\nRelease branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.\n\nWhen there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.\n\n\u00a0 \u00a0$ perl -e \u0027$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;\u0027 \n\u00a0 \u00a0Segmentation fault (core dumped)\n\nIt is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-13T19:29:56.569Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/SHAY/perl-5.38.4/changes"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/SHAY/perl-5.40.2/changes"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Users should update perl to 5.40.2 or 5.38.4, or apply the upstream patch provided in the References section.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Users should update perl to 5.40.2 or 5.38.4, or apply the upstream patch provided in the References section."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2024-56406",
        "datePublished": "2025-04-13T13:16:09.841Z",
        "dateReserved": "2024-12-23T02:07:38.152Z",
        "dateUpdated": "2025-10-16T14:04:20.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1828 (GCVE-0-2025-1828)

    Vulnerability from nvd – Published: 2025-03-10 23:51 – Updated: 2025-09-09 13:56
    VLAI
    Title
    Perl's Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions
    Summary
    Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider. In particular, Windows versions of perl will encounter this issue by default.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
    • CWE-331 - Insufficient Entropy
    Assigner
    Impacted products
    Vendor Product Version
    perl Crypt::Random Affected: 1.05 , < 1.56 (custom)
    Create a notification for this product.
    Credits
    Robert Rothenberg (RRWO)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1828",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T02:20:07.985063Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T13:56:40.704Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Crypt-Random",
              "product": "Crypt::Random",
              "programFiles": [
                "lib/Crypt/Random/Provider/rand.pm"
              ],
              "vendor": "perl",
              "versions": [
                {
                  "lessThan": "1.56",
                  "status": "affected",
                  "version": "1.05",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Robert Rothenberg (RRWO)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Crypt::Random Perl package 1.05 through 1.55 may use rand() function,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhich is not\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;cryptographically strong,\u003c/span\u003e\u0026nbsp;for cryptographic functions.\u003cbr\u003e\u003cbr\u003eIf the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available\u0026nbsp;Crypt::Random will default to use the insecure\u0026nbsp;Crypt::Random::rand provider.\u003cbr\u003e\u003cbr\u003eIn particular, Windows versions of perl will encounter this issue by default.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Crypt::Random Perl package 1.05 through 1.55 may use rand() function,\u00a0which is not\u00a0cryptographically strong,\u00a0for cryptographic functions.\n\nIf the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available\u00a0Crypt::Random will default to use the insecure\u00a0Crypt::Random::rand provider.\n\nIn particular, Windows versions of perl will encounter this issue by default."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-338",
                  "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-331",
                  "description": "CWE-331 Insufficient Entropy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-05T13:19:50.864Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "url": "https://perldoc.perl.org/functions/rand"
            },
            {
              "url": "https://github.com/perl-Crypt-OpenPGP/Crypt-Random/pull/1"
            },
            {
              "url": "https://github.com/perl-Crypt-OpenPGP/Crypt-Random/commit/1f8b29e9e89d8d083fd025152e76ec918136cc05"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to version 1.56 or higher"
                }
              ],
              "value": "Upgrade to version 1.56 or higher"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Perl\u0027s Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2025-1828",
        "datePublished": "2025-03-10T23:51:33.279Z",
        "dateReserved": "2025-03-01T15:39:14.682Z",
        "dateUpdated": "2025-09-09T13:56:40.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-47039 (GCVE-0-2023-47039)

    Vulnerability from nvd – Published: 2024-01-02 05:30 – Updated: 2025-11-20 17:57
    VLAI
    Title
    Perl: perl for windows binary hijacking vulnerability
    Summary
    A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 5.34.3 (semver)
    Affected: 5.36.0 , < 5.36.3 (semver)
    Affected: 5.38.0 , < 5.38.2 (semver)
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2023-11-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:01:22.573Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-47039"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
              },
              {
                "name": "RHBZ#2249525",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249525"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240208-0005/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://perldoc.perl.org/perl5382delta#CVE-2023-47039-Perl-for-Windows-binary-hijacking-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-47039",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-02T20:02:55.618221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T20:29:05.501Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/Perl/perl5",
              "defaultStatus": "unaffected",
              "packageName": "perl",
              "versions": [
                {
                  "lessThan": "5.34.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.36.3",
                  "status": "affected",
                  "version": "5.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.38.2",
                  "status": "affected",
                  "version": "5.38.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "perl",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "perl",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "perl",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "perl:5.30/perl",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "perl:5.32/perl",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "perl",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-11-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T17:57:11.573Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-47039"
            },
            {
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
            },
            {
              "name": "RHBZ#2249525",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249525"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-11-11T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-11-25T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Perl: perl for windows binary hijacking vulnerability",
          "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-47039",
        "datePublished": "2024-01-02T05:30:53.168Z",
        "dateReserved": "2023-10-30T13:58:15.255Z",
        "dateUpdated": "2025-11-20T17:57:11.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13221 (GCVE-0-2026-13221)

    Vulnerability from cvelistv5 – Published: 2026-07-13 15:40 – Updated: 2026-07-14 13:33
    VLAI
    Title
    Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk
    Summary
    Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored in a 16-bit field. A branch count above 65535 overflows the field, and the trie's match decision table is truncated with no warning or error. A pattern of this shape produces false positive matches (matching strings it should not) and false negative matches (failing to match strings it should). When such a pattern gates an access or filtering decision, the result is wrong.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Vendor Product Version
    SHAY perl Affected: 0 , ≤ 5.43.9 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-13T19:30:45.640Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/13/5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13221",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T13:33:13.127997Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T13:33:18.189Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "perl",
              "product": "perl",
              "programFiles": [
                "regcomp_study.c"
              ],
              "programRoutines": [
                {
                  "name": "Perl_study_chunk"
                }
              ],
              "repo": "https://github.com/Perl/perl5",
              "vendor": "SHAY",
              "versions": [
                {
                  "lessThanOrEqual": "5.43.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk.\n\nWhen such branches are combined into a trie, the delta between the first branch and the shared tail is stored in a 16-bit field. A branch count above 65535 overflows the field, and the trie\u0027s match decision table is truncated with no warning or error.\n\nA pattern of this shape produces false positive matches (matching strings it should not) and false negative matches (failing to match strings it should). When such a pattern gates an access or filtering decision, the result is wrong."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T15:40:11.035Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Perl/perl5/commit/03f74bbbd3a68350d926ee93d56ee4808c28c4c7.patch"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/Perl/perl5/issues/23388"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Apply the upstream patch. The fix is included in the Perl 5.43.10 development release."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-13221",
        "datePublished": "2026-07-13T15:40:11.035Z",
        "dateReserved": "2026-06-24T15:38:41.010Z",
        "dateUpdated": "2026-07-14T13:33:18.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57432 (GCVE-0-2026-57432)

    Vulnerability from cvelistv5 – Published: 2026-07-13 15:38 – Updated: 2026-07-14 13:34
    VLAI
    Title
    Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack
    Summary
    Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack. S_measure_struct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the signed SSize_t total negative. The @, X, and x position codes then guard their moves with a signed length comparison that passes when the length is negative, advancing the buffer pointer out of bounds. A template derived from untrusted input can read heap memory past the buffer and return it to the caller.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Vendor Product Version
    SHAY perl Affected: 0 , ≤ 5.43.10 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-13T19:30:46.712Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/13/6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57432",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T13:34:38.894921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T13:34:42.360Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "perl",
              "product": "perl",
              "programFiles": [
                "pp_pack.c"
              ],
              "programRoutines": [
                {
                  "name": "S_measure_struct"
                }
              ],
              "repo": "https://github.com/Perl/perl5",
              "vendor": "SHAY",
              "versions": [
                {
                  "lessThanOrEqual": "5.43.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack.\n\nS_measure_struct adds each item\u0027s size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the signed SSize_t total negative. The @, X, and x position codes then guard their moves with a signed length comparison that passes when the length is negative, advancing the buffer pointer out of bounds.\n\nA template derived from untrusted input can read heap memory past the buffer and return it to the caller."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T15:38:20.728Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Perl/perl5/commit/5f7eb6bbbe0510964e3fb1d6bb691e5445913e55.patch"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Perl/perl5/commit/40754edc72dd3e513d758153c0e2f0215897740e.patch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Apply the upstream patches. The fix is included in the Perl 5.43.11 development release."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-57432",
        "datePublished": "2026-07-13T15:38:20.728Z",
        "dateReserved": "2026-06-24T13:09:26.322Z",
        "dateUpdated": "2026-07-14T13:34:42.360Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14740 (GCVE-0-2026-14740)

    Vulnerability from cvelistv5 – Published: 2026-07-07 22:05 – Updated: 2026-07-08 13:59
    VLAI
    Title
    DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment
    Summary
    DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    HMBRAND DBI Affected: 0 , < 1.650 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-08T00:28:32.673Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/07/17"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14740",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:58:06.622142Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:59:33.009Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "DBI",
              "product": "DBI",
              "programFiles": [
                "DBI.xs"
              ],
              "programRoutines": [
                {
                  "name": "preparse"
                }
              ],
              "repo": "https://github.com/perl5-dbi/dbi",
              "vendor": "HMBRAND",
              "versions": [
                {
                  "lessThan": "1.650",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment.\n\nThe preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T22:05:45.077Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/perl5-dbi/dbi/commit/fc16f9e8b3dd5c65caf1867781ab2bfe2fadcc01.patch"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/perl5-dbi/dbi/security/advisories/GHSA-35f4-f8m9-w8xg"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/HMBRAND/DBI-1.650/changes"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to DBI version 1.650 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment",
          "workarounds": [
            {
              "lang": "en",
              "value": "Remove initial comments from SQL statements before passing them to DBI."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-14740",
        "datePublished": "2026-07-07T22:05:45.077Z",
        "dateReserved": "2026-07-04T09:43:56.576Z",
        "dateUpdated": "2026-07-08T13:59:33.009Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14739 (GCVE-0-2026-14739)

    Vulnerability from cvelistv5 – Published: 2026-07-07 22:05 – Updated: 2026-07-08 13:56
    VLAI
    Title
    DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders
    Summary
    DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    HMBRAND DBI Affected: 0 , < 1.650 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:55:38.504631Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:56:43.597Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "DBI",
              "product": "DBI",
              "programFiles": [
                "DBI.xs"
              ],
              "programRoutines": [
                {
                  "name": "preparse"
                }
              ],
              "repo": "https://github.com/perl5-dbi/dbi",
              "vendor": "HMBRAND",
              "versions": [
                {
                  "lessThan": "1.650",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders.\n\nThe fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders.\n\nDBI version 1.650 sets a hard limit of 99,999 placeholders."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T22:05:18.457Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/perl5-dbi/dbi/commit/2b77c88b655e9539a592c71a61fb965fc0075395.patch"
            },
            {
              "tags": [
                "vendor-advisory",
                "related"
              ],
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-10879"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/HMBRAND/DBI-1.650/changes"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to DBI version 1.650 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-04T00:00:00.000Z",
              "value": "Version 1.648 released with a fix for CVE-2026-10879."
            },
            {
              "lang": "en",
              "time": "2026-07-07T00:00:00.000Z",
              "value": "Version 1.650 released."
            }
          ],
          "title": "DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-14739",
        "datePublished": "2026-07-07T22:05:18.457Z",
        "dateReserved": "2026-07-04T09:24:31.098Z",
        "dateUpdated": "2026-07-08T13:56:43.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14380 (GCVE-0-2026-14380)

    Vulnerability from cvelistv5 – Published: 2026-07-07 22:04 – Updated: 2026-07-09 14:41
    VLAI
    Title
    DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile
    Summary
    DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package name. Any caller-influenced value that reaches the Profile attribute is therefore arbitrary Perl code execution, including calls to run system commands. The Profile attribute can be set from three different sources that can carry untrusted data: the DBI_PROFILE environment variable, a direct attribute assignment, and a DSN driver-attribute clause dbi:Driver(Profile=>SPEC):db. An attacker controlling any of those inputs runs arbitrary Perl in the host process. The strongest remote position is a network-exposed DBI::Gofer / DBI::ProxyServer whose per-request DSN reaches the Profile attribute, letting a client execute code on the broker host.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection)
    Assigner
    Impacted products
    Vendor Product Version
    HMBRAND DBI Affected: 0 , < 1.650 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-08T00:28:31.619Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/07/16"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14380",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:51:52.778631Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:41:58.100Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "DBI",
              "product": "DBI",
              "programFiles": [
                "lib/DBI/Profile.pm"
              ],
              "programRoutines": [
                {
                  "name": "DBI::Profile::_auto_new"
                }
              ],
              "repo": "https://github.com/perl5-dbi/dbi",
              "vendor": "HMBRAND",
              "versions": [
                {
                  "lessThan": "1.650",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile.\n\nWhen a string is assigned to a DBI handle\u0027s Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package name.\n\nAny caller-influenced value that reaches the Profile attribute is therefore arbitrary Perl code execution, including calls to run system commands.\n\nThe Profile attribute can be set from three different sources that can carry untrusted data: the DBI_PROFILE environment variable, a direct attribute assignment, and a DSN driver-attribute clause dbi:Driver(Profile=\u003eSPEC):db.\n\nAn attacker controlling any of those inputs runs arbitrary Perl in the host process. The strongest remote position is a network-exposed DBI::Gofer / DBI::ProxyServer whose per-request DSN reaches the Profile attribute, letting a client execute code on the broker host."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-95",
                  "description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T22:04:49.078Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/perl5-dbi/dbi/commit/b73d5d9901767fc1d16b6661ef08fbed4532e259.patch"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/perl5-dbi/dbi/security/advisories/GHSA-ch8w-hxc2-v557"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/HMBRAND/DBI-1.650/changes"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to DBI version 1.650 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-14380",
        "datePublished": "2026-07-07T22:04:49.078Z",
        "dateReserved": "2026-07-01T21:17:54.504Z",
        "dateUpdated": "2026-07-09T14:41:58.100Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9698 (GCVE-0-2026-9698)

    Vulnerability from cvelistv5 – Published: 2026-06-09 07:22 – Updated: 2026-07-16 12:04
    VLAI
    Title
    DBI versions before 1.648 for Perl saved errors in a limited-sized buffer
    Summary
    DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a buffer overflow.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-787 - Out-of-bounds Write
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    HMBRAND DBI Affected: 0 , < 1.648 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:1.643-26.el10_2.1 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020260624081239.69ef70f8 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.643-9.el9_8.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-09T11:03:32.648Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/09/9"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9698",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T15:44:04.195929Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T15:44:21.456Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-DBI",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:1.643-26.el10_2.1",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-DBI:1.641",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8100020260624081239.69ef70f8",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-DBI",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:1.643-9.el9_8.1",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unknown",
                "packageName": "perl-DBI",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-DBI",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-DBI",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-09T07:22:25.892Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in DBI, a Perl database interface. This vulnerability allows an attacker to trigger a buffer overflow by manipulating error messages within an application. When specific error handling options are active, an attacker can provide oversized error text, which may lead to arbitrary code execution or a denial of service (DoS)."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T12:04:49.222Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-9698"
              },
              {
                "name": "RHBZ#2486734",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486734"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9698.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:38513"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:38901"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:38512"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:38513: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:38901: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:38512: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-09T08:00:53.401Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-09T07:22:25.892Z",
                "value": "Made public."
              }
            ],
            "title": "DBI: DBI: Buffer overflow in error handling can lead to arbitrary code execution",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Users are advised to identify network-accessible applications which use perl-DBI and ensure that only trusted users have access to those applications."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "DBI",
              "product": "DBI",
              "programFiles": [
                "DBI.xs"
              ],
              "repo": "https://github.com/perl5-dbi/dbi",
              "vendor": "HMBRAND",
              "versions": [
                {
                  "lessThan": "1.648",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DBI versions before 1.648 for Perl saved errors in a limited-sized buffer.\n\nError messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit.\n\nAttackers that can influence the error text in an application can trigger a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T07:22:25.892Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/HMBRAND/DBI-1.648/changes"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/perl5-dbi/dbi/commit/bfe5d73c162d2d1f761a639a0aa33aad6a9eb54e.patch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to DBI 1.648 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-25T00:00:00.000Z",
              "value": "Issue reported to CPANSec."
            },
            {
              "lang": "en",
              "time": "2026-05-27T00:00:00.000Z",
              "value": "Commit fixed the issue in DBI."
            },
            {
              "lang": "en",
              "time": "2026-06-04T00:00:00.000Z",
              "value": "DBI 1.648 released."
            }
          ],
          "title": "DBI versions before 1.648 for Perl saved errors in a limited-sized buffer",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-9698",
        "datePublished": "2026-06-09T07:22:25.892Z",
        "dateReserved": "2026-05-27T12:06:43.461Z",
        "dateUpdated": "2026-07-16T12:04:49.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10879 (GCVE-0-2026-10879)

    Vulnerability from cvelistv5 – Published: 2026-06-05 14:30 – Updated: 2026-06-08 16:55
    VLAI
    Title
    DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders
    Summary
    DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require four characters, 100-999 require five characters, et cetera.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    HMBRAND DBI Affected: 0 , < 1.648 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-06T05:18:05.204Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/06/4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10879",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T16:54:58.795048Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T16:55:27.339Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "DBI",
              "product": "DBI",
              "programFiles": [
                "DBI.xs"
              ],
              "repo": "https://github.com/perl5-dbi/dbi",
              "vendor": "HMBRAND",
              "versions": [
                {
                  "lessThan": "1.648",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders.\n\nThe preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer.  Placeholders 10-99 require four characters, 100-999 require five characters, et cetera."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 (Out-of-bounds Write)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T14:30:58.497Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/HMBRAND/DBI-1.648/changes"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/perl5-dbi/dbi/commit/af79036c07aa9a457971c0f4136e37c85dc20978.patch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to DBI 1.648 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-25T00:00:00.000Z",
              "value": "Issue reported to CPANSec."
            },
            {
              "lang": "en",
              "time": "2026-05-28T00:00:00.000Z",
              "value": "Commit fixed the issue in DBI."
            },
            {
              "lang": "en",
              "time": "2026-06-04T00:00:00.000Z",
              "value": "DBI 1.648 released."
            }
          ],
          "title": "DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-10879",
        "datePublished": "2026-06-05T14:30:58.497Z",
        "dateReserved": "2026-06-04T16:34:48.978Z",
        "dateUpdated": "2026-06-08T16:55:27.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8376 (GCVE-0-2026-8376)

    Vulnerability from cvelistv5 – Published: 2026-05-25 23:53 – Updated: 2026-05-27 18:04
    VLAI
    Title
    Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds
    Summary
    Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-680 - Integer Overflow to Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    SHAY perl Affected: 0 , ≤ 5.43.10 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-26T03:06:00.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/26/1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8376",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T18:03:45.554441Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T18:04:00.329Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "perl",
              "product": "perl",
              "programFiles": [
                "regcomp_study.c"
              ],
              "programRoutines": [
                {
                  "name": "Perl_study_chunk"
                }
              ],
              "repo": "https://github.com/Perl/perl5",
              "vendor": "SHAY",
              "versions": [
                {
                  "lessThanOrEqual": "5.43.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds.\n\nPerl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer.\n\nA caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-680",
                  "description": "CWE-680 Integer Overflow to Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-25T23:53:27.812Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c.patch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to a future perl release, or apply the upstream patch."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-24T00:00:00.000Z",
              "value": "Issue reported."
            },
            {
              "lang": "en",
              "time": "2026-05-20T00:00:00.000Z",
              "value": "Fix merged to blead."
            }
          ],
          "title": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds",
          "workarounds": [
            {
              "lang": "en",
              "value": "On 32-bit perl builds, avoid compiling regular expressions from untrusted input until a fixed release is installed."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-8376",
        "datePublished": "2026-05-25T23:53:27.812Z",
        "dateReserved": "2026-05-12T08:15:41.456Z",
        "dateUpdated": "2026-05-27T18:04:00.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4176 (GCVE-0-2026-4176)

    Vulnerability from cvelistv5 – Published: 2026-03-29 20:50 – Updated: 2026-03-30 15:35
    VLAI
    Title
    Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib
    Summary
    Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1395 - Dependency on Vulnerable Third-Party Component
    Assigner
    Impacted products
    Vendor Product Version
    SHAY perl Affected: 5.9.4 , < 5.40.4-RC1 (custom)
    Affected: 5.41.0 , < 5.42.2-RC1 (custom)
    Affected: 5.43.0 , < 5.43.9 (custom)
    Create a notification for this product.
    Credits
    Bernhard Schmalhofer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-30T04:56:37.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/30/2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-30T15:34:29.395269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1395",
                    "description": "CWE-1395 Dependency on Vulnerable Third-Party Component",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-30T15:35:08.162Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "perl",
              "product": "perl",
              "repo": "https://github.com/Perl/perl5",
              "vendor": "SHAY",
              "versions": [
                {
                  "lessThan": "5.40.4-RC1",
                  "status": "affected",
                  "version": "5.9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.42.2-RC1",
                  "status": "affected",
                  "version": "5.41.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.43.9",
                  "status": "affected",
                  "version": "5.43.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Bernhard Schmalhofer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib.\n\nCompress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1395",
                  "description": "CWE-1395 Dependency on Vulnerable Third-Party Component",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-29T20:50:51.058Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "related",
                "vdb-entry"
              ],
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-3381"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.security.metacpan.org/cve-announce/msg/37638919/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Perl/perl5/commit/c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/SHAY/perl-5.40.4/changes"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/SHAY/perl-5.42.2/changes"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to Perl stable release 5.40.4 or 5.42.2 or later, which include Compress::Raw::Zlib 2.222."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-27T00:00:00.000Z",
              "value": "Compress::Raw::Zlib 2.221 committed to Perl blead."
            },
            {
              "lang": "en",
              "time": "2026-03-07T00:00:00.000Z",
              "value": "CVE-2026-3381 published for Compress::Raw::Zlib."
            },
            {
              "lang": "en",
              "time": "2026-03-14T00:00:00.000Z",
              "value": "CVE-2026-4176 reserved."
            },
            {
              "lang": "en",
              "time": "2026-03-29T00:00:00.000Z",
              "value": "Perl 5.40.4 and 5.42.2 released."
            }
          ],
          "title": "Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib",
          "workarounds": [
            {
              "lang": "en",
              "value": "Install Compress::Raw::Zlib 2.220 or later into your @INC include path, so it takes precedence over the vulnerable core module shipped with Perl.\n\nSome OS distributions patch their perl package to build Compress::Raw::Zlib against the system zlib rather than the vendored copy. Users of these distributions may not be affected if their system zlib has been updated to 1.3.2 or later, or includes backported patches for the relevant vulnerabilities."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-4176",
        "datePublished": "2026-03-29T20:50:51.058Z",
        "dateReserved": "2026-03-14T16:17:19.077Z",
        "dateUpdated": "2026-03-30T15:35:08.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40909 (GCVE-0-2025-40909)

    Vulnerability from cvelistv5 – Published: 2025-05-30 12:20 – Updated: 2026-04-18 14:15
    VLAI
    Title
    Perl threads have a working directory race condition where file operations may target unintended paths
    Summary
    Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-689 - Permission Race Condition During Resource Copy
    • CWE-426 - Untrusted Search Path
    Assigner
    Impacted products
    Vendor Product Version
    perl perl Affected: 5.13.6 , < 5.41.13 (custom)
    Create a notification for this product.
    Credits
    Vincent Lefevre
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-18T14:15:40.356Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/05/23/1"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/05/30/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/06/02/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/06/02/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/06/02/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/06/02/7"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/06/03/1"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/55"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/54"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/53"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00018.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40909",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-30T14:05:00.839656Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-30T14:09:50.842Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "perl",
              "product": "perl",
              "programRoutines": [
                {
                  "name": "threads"
                }
              ],
              "repo": "https://github.com/perl/perl5",
              "vendor": "perl",
              "versions": [
                {
                  "lessThan": "5.41.13",
                  "status": "affected",
                  "version": "5.13.6",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Vincent Lefevre"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Perl threads have a working directory race condition where file operations may target unintended paths.\u003cbr\u003e\u003cbr\u003eIf a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone\u0026nbsp;that handle for the new thread, which is visible from any third (or\u0026nbsp;more) thread already running. \u003cbr\u003e\u003cbr\u003eThis may lead to unintended operations\u0026nbsp;such as loading code or accessing files from unexpected locations,\u0026nbsp;which a local attacker may be able to exploit.\u003cbr\u003e\u003cbr\u003eThe bug was introduced in commit\u0026nbsp;11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6"
                }
              ],
              "value": "Perl threads have a working directory race condition where file operations may target unintended paths.\n\nIf a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone\u00a0that handle for the new thread, which is visible from any third (or\u00a0more) thread already running. \n\nThis may lead to unintended operations\u00a0such as loading code or accessing files from unexpected locations,\u00a0which a local attacker may be able to exploit.\n\nThe bug was introduced in commit\u00a011a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-689",
                  "description": "CWE-689 Permission Race Condition During Resource Copy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426 Untrusted Search Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-05T13:24:00.827Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch"
            },
            {
              "tags": [
                "mailing-list",
                "exploit"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2025/05/22/2"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/Perl/perl5/issues/23010"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/Perl/perl5/issues/10387"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update perl to an unaffected version, or apply the patch provided in the references section."
                }
              ],
              "value": "Update perl to an unaffected version, or apply the patch provided in the references section."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Perl threads have a working directory race condition where file operations may target unintended paths",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2025-40909",
        "datePublished": "2025-05-30T12:20:11.237Z",
        "dateReserved": "2025-04-16T09:05:34.360Z",
        "dateUpdated": "2026-04-18T14:15:40.356Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56406 (GCVE-0-2024-56406)

    Vulnerability from cvelistv5 – Published: 2025-04-13 13:16 – Updated: 2025-10-16 14:04
    VLAI
    Title
    Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes
    Summary
    A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.    $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'    Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    perl perl Affected: 5.41.0 , ≤ 5.41.10 (custom)
    Affected: 5.39.0 , < 5.40.2-RC1 (custom)
    Affected: 5.33.1 , < 5.38.4-RC1 (custom)
    Create a notification for this product.
    Credits
    Nathan Mills
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-04-13T22:02:35.643Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/13/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/13/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/13/5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56406",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T14:04:16.993103Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-16T14:04:20.393Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "perl",
              "product": "perl",
              "programFiles": [
                "op.c"
              ],
              "programRoutines": [
                {
                  "name": "S_pmtrans"
                },
                {
                  "name": "tr"
                }
              ],
              "repo": "https://github.com/Perl/perl5/",
              "vendor": "perl",
              "versions": [
                {
                  "lessThanOrEqual": "5.41.10",
                  "status": "affected",
                  "version": "5.41.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.40.2-RC1",
                  "status": "affected",
                  "version": "5.39.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.38.4-RC1",
                  "status": "affected",
                  "version": "5.33.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nathan Mills"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A heap buffer overflow vulnerability was discovered in Perl. \u003cbr\u003e\u003cbr\u003eRelease branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.\u003cbr\u003e\u003cbr\u003eWhen there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u0026nbsp; \u0026nbsp;$ perl -e \u0027$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;\u0027 \u003cbr\u003e\u0026nbsp; \u0026nbsp;Segmentation fault (core dumped)\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eIt is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "A heap buffer overflow vulnerability was discovered in Perl. \n\nRelease branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.\n\nWhen there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.\n\n\u00a0 \u00a0$ perl -e \u0027$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;\u0027 \n\u00a0 \u00a0Segmentation fault (core dumped)\n\nIt is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-13T19:29:56.569Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/SHAY/perl-5.38.4/changes"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/SHAY/perl-5.40.2/changes"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Users should update perl to 5.40.2 or 5.38.4, or apply the upstream patch provided in the References section.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Users should update perl to 5.40.2 or 5.38.4, or apply the upstream patch provided in the References section."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2024-56406",
        "datePublished": "2025-04-13T13:16:09.841Z",
        "dateReserved": "2024-12-23T02:07:38.152Z",
        "dateUpdated": "2025-10-16T14:04:20.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1828 (GCVE-0-2025-1828)

    Vulnerability from cvelistv5 – Published: 2025-03-10 23:51 – Updated: 2025-09-09 13:56
    VLAI
    Title
    Perl's Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions
    Summary
    Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider. In particular, Windows versions of perl will encounter this issue by default.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
    • CWE-331 - Insufficient Entropy
    Assigner
    Impacted products
    Vendor Product Version
    perl Crypt::Random Affected: 1.05 , < 1.56 (custom)
    Create a notification for this product.
    Credits
    Robert Rothenberg (RRWO)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1828",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T02:20:07.985063Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T13:56:40.704Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Crypt-Random",
              "product": "Crypt::Random",
              "programFiles": [
                "lib/Crypt/Random/Provider/rand.pm"
              ],
              "vendor": "perl",
              "versions": [
                {
                  "lessThan": "1.56",
                  "status": "affected",
                  "version": "1.05",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Robert Rothenberg (RRWO)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Crypt::Random Perl package 1.05 through 1.55 may use rand() function,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhich is not\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;cryptographically strong,\u003c/span\u003e\u0026nbsp;for cryptographic functions.\u003cbr\u003e\u003cbr\u003eIf the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available\u0026nbsp;Crypt::Random will default to use the insecure\u0026nbsp;Crypt::Random::rand provider.\u003cbr\u003e\u003cbr\u003eIn particular, Windows versions of perl will encounter this issue by default.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Crypt::Random Perl package 1.05 through 1.55 may use rand() function,\u00a0which is not\u00a0cryptographically strong,\u00a0for cryptographic functions.\n\nIf the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available\u00a0Crypt::Random will default to use the insecure\u00a0Crypt::Random::rand provider.\n\nIn particular, Windows versions of perl will encounter this issue by default."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-338",
                  "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-331",
                  "description": "CWE-331 Insufficient Entropy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-05T13:19:50.864Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "url": "https://perldoc.perl.org/functions/rand"
            },
            {
              "url": "https://github.com/perl-Crypt-OpenPGP/Crypt-Random/pull/1"
            },
            {
              "url": "https://github.com/perl-Crypt-OpenPGP/Crypt-Random/commit/1f8b29e9e89d8d083fd025152e76ec918136cc05"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to version 1.56 or higher"
                }
              ],
              "value": "Upgrade to version 1.56 or higher"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Perl\u0027s Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2025-1828",
        "datePublished": "2025-03-10T23:51:33.279Z",
        "dateReserved": "2025-03-01T15:39:14.682Z",
        "dateUpdated": "2025-09-09T13:56:40.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-202006-1806

    Vulnerability from variot - Updated: 2024-07-23 20:51

    regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. A security vulnerability exists in the regcomp.c file in versions prior to Perl 5.30.3. An attacker could exploit this vulnerability to cause a denial of service or potentially execute code.

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

    Bug fix:

    • RHACM 2.0.8 images (BZ #1915461)

    • Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

    1915461 - RHACM 2.0.8 images 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation

    1. Improved analytics collection to collect the playbook status for all hosts in a playbook run

    2. Description:

    Security Fix(es):

    • Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
    • Upgraded to a more recent version of Django to address CVE-2021-3281.
    • Upgraded to a more recent version of autobahn to address CVE-2020-35678.

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    • Upgraded to the latest oVirt inventory plugin to resolve a number of inventory syncing issues that can occur on RHEL7.
    • Upgraded to the latest theforeman.foreman inventory plugin to resolve a few bugs and performance regressions.
    • Fixed several issues related to how Tower rotates its log files.
    • Fixed a bug which can prevent Tower from installing on RHEL8 with certain non-en_US.UTF-8 locales.
    • Fixed a bug which can cause unanticipated delays in certain playbook output.
    • Fixed a bug which can cause job runs to fail for playbooks that print certain types of raw binary data.
    • Fixed a bug which can cause unnecessary records in the Activity Stream when Automation Analytics data is collected.
    • Fixed a bug which can cause Tower PostgreSQL backups to fail when a non-default PostgreSQL username is specified.
    • Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.
    • Fixed a bug which can cause certain long-running jobs running on isolated nodes to unexpectedly fail. Solution:

    For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract() 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape

    1. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. Bugs fixed (https://bugzilla.redhat.com/):

    1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

    1. 7.4) - noarch, x86_64

    2. 8) - aarch64, noarch, ppc64le, s390x, x86_64

    3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:0883-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0883 Issue date: 2021-03-16 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 ==================================================================== 1. Summary:

    An update for perl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x

    1. Description:

    Perl is a high-level programming language that is commonly used for system administration utilities and web programming.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Package List:

    Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):

    Source: perl-5.16.3-294.el7_6.1.src.rpm

    noarch: perl-CPAN-1.9800-294.el7_6.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm perl-Package-Constants-0.02-294.el7_6.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm

    x86_64: perl-5.16.3-294.el7_6.1.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.x86_64.rpm perl-core-5.16.3-294.el7_6.1.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.1.i686.rpm perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-devel-5.16.3-294.el7_6.1.i686.rpm perl-devel-5.16.3-294.el7_6.1.x86_64.rpm perl-libs-5.16.3-294.el7_6.1.i686.rpm perl-libs-5.16.3-294.el7_6.1.x86_64.rpm perl-macros-5.16.3-294.el7_6.1.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):

    x86_64: perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-tests-5.16.3-294.el7_6.1.x86_64.rpm

    Red Hat Enterprise Linux Server EUS (v. 7.6):

    Source: perl-5.16.3-294.el7_6.1.src.rpm

    noarch: perl-CPAN-1.9800-294.el7_6.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm perl-Package-Constants-0.02-294.el7_6.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm

    ppc64: perl-5.16.3-294.el7_6.1.ppc64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.ppc64.rpm perl-core-5.16.3-294.el7_6.1.ppc64.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc64.rpm perl-devel-5.16.3-294.el7_6.1.ppc.rpm perl-devel-5.16.3-294.el7_6.1.ppc64.rpm perl-libs-5.16.3-294.el7_6.1.ppc.rpm perl-libs-5.16.3-294.el7_6.1.ppc64.rpm perl-macros-5.16.3-294.el7_6.1.ppc64.rpm

    ppc64le: perl-5.16.3-294.el7_6.1.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.1.ppc64le.rpm perl-core-5.16.3-294.el7_6.1.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-devel-5.16.3-294.el7_6.1.ppc64le.rpm perl-libs-5.16.3-294.el7_6.1.ppc64le.rpm perl-macros-5.16.3-294.el7_6.1.ppc64le.rpm

    s390x: perl-5.16.3-294.el7_6.1.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.1.s390x.rpm perl-core-5.16.3-294.el7_6.1.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-devel-5.16.3-294.el7_6.1.s390.rpm perl-devel-5.16.3-294.el7_6.1.s390x.rpm perl-libs-5.16.3-294.el7_6.1.s390.rpm perl-libs-5.16.3-294.el7_6.1.s390x.rpm perl-macros-5.16.3-294.el7_6.1.s390x.rpm

    x86_64: perl-5.16.3-294.el7_6.1.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.x86_64.rpm perl-core-5.16.3-294.el7_6.1.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.1.i686.rpm perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-devel-5.16.3-294.el7_6.1.i686.rpm perl-devel-5.16.3-294.el7_6.1.x86_64.rpm perl-libs-5.16.3-294.el7_6.1.i686.rpm perl-libs-5.16.3-294.el7_6.1.x86_64.rpm perl-macros-5.16.3-294.el7_6.1.x86_64.rpm

    Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

    Source: perl-5.16.3-294.el7_6.1.src.rpm

    aarch64: perl-5.16.3-294.el7_6.1.aarch64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.aarch64.rpm perl-core-5.16.3-294.el7_6.1.aarch64.rpm perl-debuginfo-5.16.3-294.el7_6.1.aarch64.rpm perl-devel-5.16.3-294.el7_6.1.aarch64.rpm perl-libs-5.16.3-294.el7_6.1.aarch64.rpm perl-macros-5.16.3-294.el7_6.1.aarch64.rpm

    noarch: perl-CPAN-1.9800-294.el7_6.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm perl-Package-Constants-0.02-294.el7_6.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm

    ppc64le: perl-5.16.3-294.el7_6.1.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.1.ppc64le.rpm perl-core-5.16.3-294.el7_6.1.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-devel-5.16.3-294.el7_6.1.ppc64le.rpm perl-libs-5.16.3-294.el7_6.1.ppc64le.rpm perl-macros-5.16.3-294.el7_6.1.ppc64le.rpm

    s390x: perl-5.16.3-294.el7_6.1.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.1.s390x.rpm perl-core-5.16.3-294.el7_6.1.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-devel-5.16.3-294.el7_6.1.s390.rpm perl-devel-5.16.3-294.el7_6.1.s390x.rpm perl-libs-5.16.3-294.el7_6.1.s390.rpm perl-libs-5.16.3-294.el7_6.1.s390x.rpm perl-macros-5.16.3-294.el7_6.1.s390x.rpm

    Red Hat Enterprise Linux Server Optional EUS (v. 7.6):

    ppc64: perl-debuginfo-5.16.3-294.el7_6.1.ppc64.rpm perl-tests-5.16.3-294.el7_6.1.ppc64.rpm

    ppc64le: perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-tests-5.16.3-294.el7_6.1.ppc64le.rpm

    s390x: perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-tests-5.16.3-294.el7_6.1.s390x.rpm

    x86_64: perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-tests-5.16.3-294.el7_6.1.x86_64.rpm

    Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

    aarch64: perl-debuginfo-5.16.3-294.el7_6.1.aarch64.rpm perl-tests-5.16.3-294.el7_6.1.aarch64.rpm

    ppc64le: perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-tests-5.16.3-294.el7_6.1.ppc64le.rpm

    s390x: perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-tests-5.16.3-294.el7_6.1.s390x.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYFDHuNzjgjWX9erEAQhhNA/9GQIs+FbNQuFMBT9C+/U2BUo/umK4rSk4 Je72FDg879OTTVSXCEsyWVJc+rgh5tvEMaN/89LXmJdOFngSjN9FBK3LFOMONOgD mhr9atQAGvJyUv9pzuKLAxd4fPab365w5OeID7GFcpWKV+EoutUkr+imnkLk1jQ5 eEzk8RFk0s6ZaAg/bpxWDbeAM1rGk6XQ+eZ0mOZjqiP3qb8nCVhg6kWChcxQMsJs 5MGzXQduqmFViwIgRJ1BiRTjg8iOLQ8kPwh8DRYKKArIkNoFQeMpNGQurYWZ32mg pgLo2/anveDKgr5AhphpNC/UveyFlVc7FrvSyB4pzf11h2EJ1eXcts56fXgmOYRX UOSFI0tzFlM+TrGicY9QpVlWZaO6TFdOAog2eZjUB5iFrK+Zha//vsqXlsceFBjw j/DHO3oeV1RP353Ukg2fi4Jusrw94wfPJd++q5PiS/gI2q5MsvN4gBE7pR/jgI9I 95p20J86uiuvYHp12nMvtOYXaTGB1VZOYjEeofRnWFMR1LstC7z1KKldUS6Mxrxq A1kGH2yGx1qwrVfS9D0NeqrTrO/Tht01K0O5S13iidHm+Jg/Gv7xqvU0Ph3KVFiZ 0LTEUZ09XX5/pCzbawmb0Tyy86M97o7RIvJVdqWQXR1GNP6KrFYjDmMuAVNAc3iZ rPmCgN8s+cI=aYxA -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1806",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "communications billing and revenue management",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0.0.2.0"
          },
          {
            "model": "configuration manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.1.2.0.8"
          },
          {
            "model": "communications performance intelligence center",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.3.0.0.0"
          },
          {
            "model": "communications eagle application processor",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "16.1.0"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.1"
          },
          {
            "model": "communications diameter signaling router",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.0.0"
          },
          {
            "model": "perl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "perl",
            "version": "5.30.3"
          },
          {
            "model": "communications performance intelligence center",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.3.0.2.1"
          },
          {
            "model": "tekelec platform distribution",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "7.7.1"
          },
          {
            "model": "communications performance intelligence center",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.4.0.1.0"
          },
          {
            "model": "tekelec platform distribution",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "7.4.0"
          },
          {
            "model": "oncommand workflow automation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "communications lsms",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.4"
          },
          {
            "model": "sd-wan edge",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "model": "communications eagle application processor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "16.4.0"
          },
          {
            "model": "communications eagle lnp application processor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.1"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "31"
          },
          {
            "model": "communications performance intelligence center",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.4.0.3.1"
          },
          {
            "model": "communications lsms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "model": "communications billing and revenue management",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0.0.3.0"
          },
          {
            "model": "communications eagle lnp application processor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.2"
          },
          {
            "model": "communications offline mediation controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0.0.3.0"
          },
          {
            "model": "communications diameter signaling router",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.5.0"
          },
          {
            "model": "sd-wan edge",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "9.0"
          },
          {
            "model": "enterprise manager base platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.4.0.0"
          },
          {
            "model": "snap creator framework",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "sd-wan edge",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.2"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "the perl",
            "version": "5.30.3"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006179"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12723"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.30.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.5.0",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.7.1",
                    "versionStartIncluding": "7.4.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.4",
                    "versionStartIncluding": "13.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.4.0",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.4.0.3.1",
                    "versionStartIncluding": "10.4.0.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.3.0.2.1",
                    "versionStartIncluding": "10.3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12723"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "161656"
          },
          {
            "db": "PACKETSTORM",
            "id": "161726"
          },
          {
            "db": "PACKETSTORM",
            "id": "161728"
          },
          {
            "db": "PACKETSTORM",
            "id": "162130"
          },
          {
            "db": "PACKETSTORM",
            "id": "162245"
          },
          {
            "db": "PACKETSTORM",
            "id": "161437"
          },
          {
            "db": "PACKETSTORM",
            "id": "161843"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-12723",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006179",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-165430",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12723",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006179",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-12723",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-006179",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "VULHUB",
                "id": "VHN-165430",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-12723",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-165430"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006179"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12723"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. A security vulnerability exists in the regcomp.c file in versions prior to Perl 5.30.3. An attacker could exploit this vulnerability to cause a denial of service or potentially execute code. \n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug fix:\n\n* RHACM 2.0.8 images (BZ #1915461)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1915461 - RHACM 2.0.8 images\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n\n5. \n* Improved analytics collection to collect the playbook status for all\nhosts in a playbook run\n\n3. Description:\n\nSecurity Fix(es):\n\n* Addressed a security issue which can allow a malicious playbook author to\nelevate to the awx user from outside the isolated environment:\nCVE-2021-20253\n* Upgraded to a more recent version of Django to address CVE-2021-3281. \n* Upgraded to a more recent version of autobahn to address CVE-2020-35678. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Upgraded to the latest oVirt inventory plugin to resolve a number of\ninventory syncing issues that can occur on RHEL7. \n* Upgraded to the latest theforeman.foreman inventory plugin to resolve a\nfew bugs and performance regressions. \n* Fixed several issues related to how Tower rotates its log files. \n* Fixed a bug which can prevent Tower from installing on RHEL8 with certain\nnon-en_US.UTF-8 locales. \n* Fixed a bug which can cause unanticipated delays in certain playbook\noutput. \n* Fixed a bug which can cause job runs to fail for playbooks that print\ncertain types of raw binary data. \n* Fixed a bug which can cause unnecessary records in the Activity Stream\nwhen Automation Analytics data is collected. \n* Fixed a bug which can cause Tower PostgreSQL backups to fail when a\nnon-default PostgreSQL username is specified. \n* Fixed a bug which can intermittently cause access to encrypted Tower\nsettings to fail, resulting in failed job launches. \n* Fixed a bug which can cause certain long-running jobs running on isolated\nnodes to unexpectedly fail. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection\n1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract()\n1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape\n\n5. It includes built-in features to\nhelp in building a more successful API program, including access control,\nrate limits, payment gateway integration, and developer experience tools. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n\n5. 7.4) - noarch, x86_64\n\n3. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: perl security update\nAdvisory ID:       RHSA-2021:0883-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:0883\nIssue date:        2021-03-16\nCVE Names:         CVE-2020-10543 CVE-2020-10878 CVE-2020-12723\n====================================================================\n1. Summary:\n\nAn update for perl is now available for Red Hat Enterprise Linux 7.6\nExtended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.6) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nPerl is a high-level programming language that is commonly used for system\nadministration utilities and web programming. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.6):\n\nSource:\nperl-5.16.3-294.el7_6.1.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_6.1.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm\nperl-Package-Constants-0.02-294.el7_6.1.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm\n\nx86_64:\nperl-5.16.3-294.el7_6.1.x86_64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.1.x86_64.rpm\nperl-core-5.16.3-294.el7_6.1.x86_64.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.i686.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm\nperl-devel-5.16.3-294.el7_6.1.i686.rpm\nperl-devel-5.16.3-294.el7_6.1.x86_64.rpm\nperl-libs-5.16.3-294.el7_6.1.i686.rpm\nperl-libs-5.16.3-294.el7_6.1.x86_64.rpm\nperl-macros-5.16.3-294.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):\n\nx86_64:\nperl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm\nperl-tests-5.16.3-294.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nperl-5.16.3-294.el7_6.1.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_6.1.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm\nperl-Package-Constants-0.02-294.el7_6.1.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm\n\nppc64:\nperl-5.16.3-294.el7_6.1.ppc64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.1.ppc64.rpm\nperl-core-5.16.3-294.el7_6.1.ppc64.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.ppc.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.ppc64.rpm\nperl-devel-5.16.3-294.el7_6.1.ppc.rpm\nperl-devel-5.16.3-294.el7_6.1.ppc64.rpm\nperl-libs-5.16.3-294.el7_6.1.ppc.rpm\nperl-libs-5.16.3-294.el7_6.1.ppc64.rpm\nperl-macros-5.16.3-294.el7_6.1.ppc64.rpm\n\nppc64le:\nperl-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-Time-Piece-1.20.1-294.el7_6.1.ppc64le.rpm\nperl-core-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-devel-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-libs-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-macros-5.16.3-294.el7_6.1.ppc64le.rpm\n\ns390x:\nperl-5.16.3-294.el7_6.1.s390x.rpm\nperl-Time-Piece-1.20.1-294.el7_6.1.s390x.rpm\nperl-core-5.16.3-294.el7_6.1.s390x.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.s390.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm\nperl-devel-5.16.3-294.el7_6.1.s390.rpm\nperl-devel-5.16.3-294.el7_6.1.s390x.rpm\nperl-libs-5.16.3-294.el7_6.1.s390.rpm\nperl-libs-5.16.3-294.el7_6.1.s390x.rpm\nperl-macros-5.16.3-294.el7_6.1.s390x.rpm\n\nx86_64:\nperl-5.16.3-294.el7_6.1.x86_64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.1.x86_64.rpm\nperl-core-5.16.3-294.el7_6.1.x86_64.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.i686.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm\nperl-devel-5.16.3-294.el7_6.1.i686.rpm\nperl-devel-5.16.3-294.el7_6.1.x86_64.rpm\nperl-libs-5.16.3-294.el7_6.1.i686.rpm\nperl-libs-5.16.3-294.el7_6.1.x86_64.rpm\nperl-macros-5.16.3-294.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nperl-5.16.3-294.el7_6.1.src.rpm\n\naarch64:\nperl-5.16.3-294.el7_6.1.aarch64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.1.aarch64.rpm\nperl-core-5.16.3-294.el7_6.1.aarch64.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.aarch64.rpm\nperl-devel-5.16.3-294.el7_6.1.aarch64.rpm\nperl-libs-5.16.3-294.el7_6.1.aarch64.rpm\nperl-macros-5.16.3-294.el7_6.1.aarch64.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_6.1.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm\nperl-Package-Constants-0.02-294.el7_6.1.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm\n\nppc64le:\nperl-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-Time-Piece-1.20.1-294.el7_6.1.ppc64le.rpm\nperl-core-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-devel-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-libs-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-macros-5.16.3-294.el7_6.1.ppc64le.rpm\n\ns390x:\nperl-5.16.3-294.el7_6.1.s390x.rpm\nperl-Time-Piece-1.20.1-294.el7_6.1.s390x.rpm\nperl-core-5.16.3-294.el7_6.1.s390x.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.s390.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm\nperl-devel-5.16.3-294.el7_6.1.s390.rpm\nperl-devel-5.16.3-294.el7_6.1.s390x.rpm\nperl-libs-5.16.3-294.el7_6.1.s390.rpm\nperl-libs-5.16.3-294.el7_6.1.s390x.rpm\nperl-macros-5.16.3-294.el7_6.1.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.6):\n\nppc64:\nperl-debuginfo-5.16.3-294.el7_6.1.ppc64.rpm\nperl-tests-5.16.3-294.el7_6.1.ppc64.rpm\n\nppc64le:\nperl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-tests-5.16.3-294.el7_6.1.ppc64le.rpm\n\ns390x:\nperl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm\nperl-tests-5.16.3-294.el7_6.1.s390x.rpm\n\nx86_64:\nperl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm\nperl-tests-5.16.3-294.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nperl-debuginfo-5.16.3-294.el7_6.1.aarch64.rpm\nperl-tests-5.16.3-294.el7_6.1.aarch64.rpm\n\nppc64le:\nperl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-tests-5.16.3-294.el7_6.1.ppc64le.rpm\n\ns390x:\nperl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm\nperl-tests-5.16.3-294.el7_6.1.s390x.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10543\nhttps://access.redhat.com/security/cve/CVE-2020-10878\nhttps://access.redhat.com/security/cve/CVE-2020-12723\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYFDHuNzjgjWX9erEAQhhNA/9GQIs+FbNQuFMBT9C+/U2BUo/umK4rSk4\nJe72FDg879OTTVSXCEsyWVJc+rgh5tvEMaN/89LXmJdOFngSjN9FBK3LFOMONOgD\nmhr9atQAGvJyUv9pzuKLAxd4fPab365w5OeID7GFcpWKV+EoutUkr+imnkLk1jQ5\neEzk8RFk0s6ZaAg/bpxWDbeAM1rGk6XQ+eZ0mOZjqiP3qb8nCVhg6kWChcxQMsJs\n5MGzXQduqmFViwIgRJ1BiRTjg8iOLQ8kPwh8DRYKKArIkNoFQeMpNGQurYWZ32mg\npgLo2/anveDKgr5AhphpNC/UveyFlVc7FrvSyB4pzf11h2EJ1eXcts56fXgmOYRX\nUOSFI0tzFlM+TrGicY9QpVlWZaO6TFdOAog2eZjUB5iFrK+Zha//vsqXlsceFBjw\nj/DHO3oeV1RP353Ukg2fi4Jusrw94wfPJd++q5PiS/gI2q5MsvN4gBE7pR/jgI9I\n95p20J86uiuvYHp12nMvtOYXaTGB1VZOYjEeofRnWFMR1LstC7z1KKldUS6Mxrxq\nA1kGH2yGx1qwrVfS9D0NeqrTrO/Tht01K0O5S13iidHm+Jg/Gv7xqvU0Ph3KVFiZ\n0LTEUZ09XX5/pCzbawmb0Tyy86M97o7RIvJVdqWQXR1GNP6KrFYjDmMuAVNAc3iZ\nrPmCgN8s+cI=aYxA\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006179"
          },
          {
            "db": "VULHUB",
            "id": "VHN-165430"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12723"
          },
          {
            "db": "PACKETSTORM",
            "id": "161656"
          },
          {
            "db": "PACKETSTORM",
            "id": "161726"
          },
          {
            "db": "PACKETSTORM",
            "id": "161728"
          },
          {
            "db": "PACKETSTORM",
            "id": "162130"
          },
          {
            "db": "PACKETSTORM",
            "id": "162245"
          },
          {
            "db": "PACKETSTORM",
            "id": "161437"
          },
          {
            "db": "PACKETSTORM",
            "id": "161843"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12723",
            "trust": 2.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006179",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "161437",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "161728",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "161726",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "162130",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "161656",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "162245",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "161843",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "162915",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "159726",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "162021",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "159707",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161727",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161255",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-37943",
            "trust": 0.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-146",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-165430",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12723",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-165430"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006179"
          },
          {
            "db": "PACKETSTORM",
            "id": "161656"
          },
          {
            "db": "PACKETSTORM",
            "id": "161726"
          },
          {
            "db": "PACKETSTORM",
            "id": "161728"
          },
          {
            "db": "PACKETSTORM",
            "id": "162130"
          },
          {
            "db": "PACKETSTORM",
            "id": "162245"
          },
          {
            "db": "PACKETSTORM",
            "id": "161437"
          },
          {
            "db": "PACKETSTORM",
            "id": "161843"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12723"
          }
        ]
      },
      "id": "VAR-202006-1806",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-165430"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-07-23T20:51:08.679000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "study_chunk: avoid mutating regexp program within GOSUB",
            "trust": 0.8,
            "url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
          },
          {
            "title": "perl5/pod/perl5303delta.pod",
            "trust": 0.8,
            "url": "https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod"
          },
          {
            "title": "Segfault in S_study_chunk (regcomp.c:4870) #16947",
            "trust": 0.8,
            "url": "https://github.com/perl/perl5/issues/16947"
          },
          {
            "title": "study_chunk recursion #17743",
            "trust": 0.8,
            "url": "https://github.com/perl/perl5/issues/17743"
          },
          {
            "title": "Comparing changes",
            "trust": 0.8,
            "url": "https://github.com/perl/perl5/compare/v5.30.2...v5.30.3"
          },
          {
            "title": "editorGambasDelta",
            "trust": 0.2,
            "url": "https://github.com/d5n9smatrix/editorgambasdelta "
          },
          {
            "title": "Red Hat: Moderate: perl security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210557 - security advisory"
          },
          {
            "title": "Red Hat: Moderate: perl security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210343 - security advisory"
          },
          {
            "title": "Debian CVElist Bug Report Logs: perl: regexp security issues: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=babe2a0596ddd17a5ad75cd3c30c45ff"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2021-1610",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1610"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210607 - security advisory"
          },
          {
            "title": "IBM: Security Bulletin: Cloud Pak for Security contains security vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=08f19f0be4d5dcf7486e5abcdb671477"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          },
          {
            "title": "visualGambasDelta",
            "trust": 0.1,
            "url": "https://github.com/d5n9smatrix/visualgambasdelta "
          },
          {
            "title": "perl5283delta",
            "trust": 0.1,
            "url": "https://github.com/d5n9smatrix/perl5283delta "
          },
          {
            "title": "litecoin-automation",
            "trust": 0.1,
            "url": "https://github.com/gzukel/litecoin-automation "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/d5n9smatrix/perltoc "
          },
          {
            "title": "snykout",
            "trust": 0.1,
            "url": "https://github.com/garethr/snykout "
          },
          {
            "title": "myapp-container-jaxrs",
            "trust": 0.1,
            "url": "https://github.com/akiraabe/myapp-container-jaxrs "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-12723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006179"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-165430"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006179"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12723"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/perl/perl5/compare/v5.30.2...v5.30.3"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
          },
          {
            "trust": 1.1,
            "url": "https://security.gentoo.org/glsa/202006-03"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/perl/perl5/issues/16947"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/perl/perl5/issues/17743"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12723"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2020-12723"
          },
          {
            "trust": 0.7,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.6,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2020-10878"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2020-10543"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14351"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25705"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-29661"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-14351"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35678"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20228"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20253"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20178"
          },
          {
            "trust": 0.2,
            "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20191"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20253"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20191"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20180"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20228"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-35678"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20180"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20178"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20230"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29661"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15436"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0719"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3121"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35513"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20230"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25705"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15436"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35513"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0779"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20372"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3281"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3281"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0780"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25211"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:1129"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20907"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25645"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25656"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12749"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12401"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19126"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28374"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-7595"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20265"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17006"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-11719"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-0427"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17023"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19532"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-6829"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14866"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8177"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12403"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20388"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-11756"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-7053"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12243"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12400"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14040"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-11727"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-1971"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-5188"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-15903"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9283"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-5094"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19956"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17498"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-20843"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19532"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12402"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:1266"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0557"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0883"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-165430"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006179"
          },
          {
            "db": "PACKETSTORM",
            "id": "161656"
          },
          {
            "db": "PACKETSTORM",
            "id": "161726"
          },
          {
            "db": "PACKETSTORM",
            "id": "161728"
          },
          {
            "db": "PACKETSTORM",
            "id": "162130"
          },
          {
            "db": "PACKETSTORM",
            "id": "162245"
          },
          {
            "db": "PACKETSTORM",
            "id": "161437"
          },
          {
            "db": "PACKETSTORM",
            "id": "161843"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12723"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-165430"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006179"
          },
          {
            "db": "PACKETSTORM",
            "id": "161656"
          },
          {
            "db": "PACKETSTORM",
            "id": "161726"
          },
          {
            "db": "PACKETSTORM",
            "id": "161728"
          },
          {
            "db": "PACKETSTORM",
            "id": "162130"
          },
          {
            "db": "PACKETSTORM",
            "id": "162245"
          },
          {
            "db": "PACKETSTORM",
            "id": "161437"
          },
          {
            "db": "PACKETSTORM",
            "id": "161843"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12723"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-165430"
          },
          {
            "date": "2020-06-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12723"
          },
          {
            "date": "2020-07-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006179"
          },
          {
            "date": "2021-03-04T15:33:19",
            "db": "PACKETSTORM",
            "id": "161656"
          },
          {
            "date": "2021-03-09T16:23:27",
            "db": "PACKETSTORM",
            "id": "161726"
          },
          {
            "date": "2021-03-09T16:26:05",
            "db": "PACKETSTORM",
            "id": "161728"
          },
          {
            "date": "2021-04-08T14:00:00",
            "db": "PACKETSTORM",
            "id": "162130"
          },
          {
            "date": "2021-04-20T16:17:10",
            "db": "PACKETSTORM",
            "id": "162245"
          },
          {
            "date": "2021-02-16T15:46:29",
            "db": "PACKETSTORM",
            "id": "161437"
          },
          {
            "date": "2021-03-17T14:36:02",
            "db": "PACKETSTORM",
            "id": "161843"
          },
          {
            "date": "2020-06-05T15:15:10.800000",
            "db": "NVD",
            "id": "CVE-2020-12723"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-165430"
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12723"
          },
          {
            "date": "2020-07-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006179"
          },
          {
            "date": "2023-11-07T03:15:43.870000",
            "db": "NVD",
            "id": "CVE-2020-12723"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Perl Classic buffer overflow vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006179"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "overflow",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "162245"
          },
          {
            "db": "PACKETSTORM",
            "id": "161843"
          }
        ],
        "trust": 0.2
      }
    }

    VAR-201812-0271

    Vulnerability from variot - Updated: 2024-07-23 20:38

    Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Perl is prone to the following multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. 1. An integer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code on the affected application. Failed attempts will likely cause a denial-of-service condition. 7) - noarch, x86_64

    The following packages have been upgraded to a later upstream version: rh-perl526-perl (5.26.3), rh-perl526-perl-Module-CoreList (5.20181130).

    For the stable distribution (stretch), these problems have been fixed in version 5.24.1-3+deb9u5.

    We recommend that you upgrade your perl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: perl security update Advisory ID: RHSA-2019:0109-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0109 Issue date: 2019-01-21 CVE Names: CVE-2018-18311 =====================================================================

    1. Summary:

    An update for perl is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x

    1. Description:

    Perl is a high-level programming language that is commonly used for system administration utilities and web programming.

    Security Fix(es):

    • perl: Integer overflow leading to buffer overflow in Perl_my_setenv() (CVE-2018-18311)

    For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

    Red Hat would like to thank the Perl project for reporting this issue. Upstream acknowledges Jayakrishna Menon as the original reporter. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: perl-5.16.3-294.el7_6.src.rpm

    noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm

    x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm

    Red Hat Enterprise Linux Client Optional (v. 7):

    x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: perl-5.16.3-294.el7_6.src.rpm

    noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm

    x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional (v. 7):

    x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: perl-5.16.3-294.el7_6.src.rpm

    noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm

    ppc64: perl-5.16.3-294.el7_6.ppc64.rpm perl-Time-Piece-1.20.1-294.el7_6.ppc64.rpm perl-core-5.16.3-294.el7_6.ppc64.rpm perl-debuginfo-5.16.3-294.el7_6.ppc.rpm perl-debuginfo-5.16.3-294.el7_6.ppc64.rpm perl-devel-5.16.3-294.el7_6.ppc.rpm perl-devel-5.16.3-294.el7_6.ppc64.rpm perl-libs-5.16.3-294.el7_6.ppc.rpm perl-libs-5.16.3-294.el7_6.ppc64.rpm perl-macros-5.16.3-294.el7_6.ppc64.rpm

    ppc64le: perl-5.16.3-294.el7_6.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.ppc64le.rpm perl-core-5.16.3-294.el7_6.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-devel-5.16.3-294.el7_6.ppc64le.rpm perl-libs-5.16.3-294.el7_6.ppc64le.rpm perl-macros-5.16.3-294.el7_6.ppc64le.rpm

    s390x: perl-5.16.3-294.el7_6.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.s390x.rpm perl-core-5.16.3-294.el7_6.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.s390.rpm perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-devel-5.16.3-294.el7_6.s390.rpm perl-devel-5.16.3-294.el7_6.s390x.rpm perl-libs-5.16.3-294.el7_6.s390.rpm perl-libs-5.16.3-294.el7_6.s390x.rpm perl-macros-5.16.3-294.el7_6.s390x.rpm

    x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm

    Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

    Source: perl-5.16.3-294.el7_6.src.rpm

    aarch64: perl-5.16.3-294.el7_6.aarch64.rpm perl-Time-Piece-1.20.1-294.el7_6.aarch64.rpm perl-core-5.16.3-294.el7_6.aarch64.rpm perl-debuginfo-5.16.3-294.el7_6.aarch64.rpm perl-devel-5.16.3-294.el7_6.aarch64.rpm perl-libs-5.16.3-294.el7_6.aarch64.rpm perl-macros-5.16.3-294.el7_6.aarch64.rpm

    noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm

    ppc64le: perl-5.16.3-294.el7_6.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.ppc64le.rpm perl-core-5.16.3-294.el7_6.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-devel-5.16.3-294.el7_6.ppc64le.rpm perl-libs-5.16.3-294.el7_6.ppc64le.rpm perl-macros-5.16.3-294.el7_6.ppc64le.rpm

    s390x: perl-5.16.3-294.el7_6.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.s390x.rpm perl-core-5.16.3-294.el7_6.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.s390.rpm perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-devel-5.16.3-294.el7_6.s390.rpm perl-devel-5.16.3-294.el7_6.s390x.rpm perl-libs-5.16.3-294.el7_6.s390.rpm perl-libs-5.16.3-294.el7_6.s390x.rpm perl-macros-5.16.3-294.el7_6.s390x.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    ppc64: perl-debuginfo-5.16.3-294.el7_6.ppc64.rpm perl-tests-5.16.3-294.el7_6.ppc64.rpm

    ppc64le: perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-tests-5.16.3-294.el7_6.ppc64le.rpm

    s390x: perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-tests-5.16.3-294.el7_6.s390x.rpm

    x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm

    Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

    aarch64: perl-debuginfo-5.16.3-294.el7_6.aarch64.rpm perl-tests-5.16.3-294.el7_6.aarch64.rpm

    ppc64le: perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-tests-5.16.3-294.el7_6.ppc64le.rpm

    s390x: perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-tests-5.16.3-294.el7_6.s390x.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: perl-5.16.3-294.el7_6.src.rpm

    noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm

    x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 7):

    x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2018-18311 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBXEYC0dzjgjWX9erEAQi+cg//SP5ltkBCVsa86sXT7nP94nQepzxwweEj EC1T/sqSYhSYJcftiJdmcxJk9g4wOns39SNJuvsiiajYarJeIFjUq2TpX/lxL3Qe YrrnZ2esaT+kTDPtCpzBoatZ6uSKZmAVBKmu1bQMmquRt6fbk9F3lWWzfUEfspuU RxfJplbKlejPsAAEUA4URdoC8Jey1cbKgrDOxqOGH1ipZyVsW8jvrrCZxCLKkeRR MyfngBxyTGld78ZoDipSMOInjs50Snh3xp+z4ZxPIpltaEiJHK9mbg5Psqvz8hZY S7RMVK4qPPJwFuPLEKBBNtwFneNotq1Hz4Pj1f2YvjsTv56N+IwudLAdHK8bQBA8 mTRgSNbn8T/22U67d6Pa+T1hL/5xstbOM2Jtj5CD++Oqh84mh8ZhWYFafAdCu/RS RRgSZIg3CCjS7C0y+to1BBNARWJm0ymko9NPVGW5anDvqCZfowbUEOe/t1suXbE9 pMJgi+p5JPJwWgA+PkYgeW60edGu1sobtV84QQtgUAjy6wgby2wHYPgJJVNt8TP8 6JkRCmHhbwjsreDy0v65oNWWwTsgUFzjl+KUk5nwh/JST6w+LjY/CCUTgTNyVQR3 ivFL/VNrTip4RQCASlWILYI95U0h+Fb1hL7xbQ5KevVNwS07MZdFhEcZWDTBj3Iw KtRzQvqVeHM= =kPNu -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra

    macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra are now available and addresses the following:

    AppleGraphicsControl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team

    Bom Available for: macOS Mojave 10.14.3 Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved handling of file metadata. CVE-2019-6239: Ian Moorhouse and Michael Trimm

    CFString Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2019-8516: SWIPS Team of Frifee Inc.

    configd Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8552: Mohamed Ghannam (@_simo36)

    Contacts Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-8511: an anonymous researcher

    CoreCrypto Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher

    DiskArbitration Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2019-8522: Colin Meginnis (@falc420)

    FaceTime Available for: macOS Mojave 10.14.3 Impact: A user's video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing Description: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. CVE-2019-8550: Lauren Guzniczak of Keystone Academy

    Feedback Assistant Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs

    Feedback Assistant Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs

    file Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted file might disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6237: an anonymous researcher

    Graphics Drivers Available for: macOS Mojave 10.14.3 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin (@panicaII) and Junzhi Lu of Trend Micro Research working with Trend Micro's Zero Day Initiative

    iAP Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher

    IOGraphics Available for: macOS Mojave 10.14.3 Impact: A Mac may not lock when disconnecting from an external monitor Description: A lock handling issue was addressed with improved lock handling. CVE-2019-8533: an anonymous researcher, James Eagan of Télécom ParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT

    IOHIDFamily Available for: macOS Mojave 10.14.3 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team

    IOKit Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8504: an anonymous researcher

    IOKit SCSI Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro

    Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow was addressed with improved size validation. CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)

    Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8508: Dr. Silvio Cesare of InfoSect

    Kernel Available for: macOS Mojave 10.14.3 Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2019-8514: Samuel Groß of Google Project Zero

    Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team

    Kernel Available for: macOS Mojave 10.14.3 Impact: A local user may be able to read kernel memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-7293: Ned Williamson of Google

    Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) CVE-2019-8510: Stefan Esser of Antid0te UG

    Messages Available for: macOS Mojave 10.14.3 Impact: A local user may be able to view sensitive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8546: ChiYuan Chang

    Notes Available for: macOS Mojave 10.14.3 Impact: A local user may be able to view a user's locked notes Description: An access issue was addressed with improved memory management. CVE-2019-8537: Greg Walker (gregwalker.us)

    PackageKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. CVE-2019-8561: Jaron Bradley of Crowdstrike

    Perl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: Multiple issues in Perl Description: Multiple issues in Perl were addressed in this update. CVE-2018-12015: Jakub Wilk CVE-2018-18311: Jayakrishna Menon CVE-2018-18313: Eiichi Tsukata

    Power Management Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com)

    QuartzCore Available for: macOS Mojave 10.14.3 Impact: Processing malicious data may lead to unexpected application termination Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8507: Kai Lu or Fortinet's FortiGuard Labs

    Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8526: Linus Henze (pinauten.de)

    Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8520: Antonio Groza, The UK's National Cyber Security Centre (NCSC)

    Siri Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to initiate a Dictation request without user authorization Description: An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabaș of University POLITEHNICA of Bucharest, and Răzvan Deaconescu of University POLITEHNICA of Bucharest

    Time Machine Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A local user may be able to execute arbitrary shell commands Description: This issue was addressed with improved checks. CVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs

    TrueTypeScaler Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative

    XPC Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs

    Additional recognition

    Accounts We would like to acknowledge Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt for their assistance.

    Books We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.

    Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.

    Mail We would like to acknowledge Craig Young of Tripwire VERT and Hanno Böck for their assistance.

    Time Machine We would like to acknowledge CodeColorist of Ant-Financial LightYear Labs for their assistance.

    Installation note:

    macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

    Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

    iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9 FvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT vyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D Eqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33 iAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM ucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB sSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p 7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J +9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7 OLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0 zBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS 1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk= =QV0f -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3834-1 December 03, 2018

    perl vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 18.10
    • Ubuntu 18.04 LTS
    • Ubuntu 16.04 LTS
    • Ubuntu 14.04 LTS

    Summary:

    Several security issues were fixed in Perl.

    Software Description: - perl: Practical Extraction and Report Language

    Details:

    Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. (CVE-2018-18311)

    Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18312)

    Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. (CVE-2018-18313)

    Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 18.10: perl 5.26.2-7ubuntu0.1

    Ubuntu 18.04 LTS: perl 5.26.1-6ubuntu0.3

    Ubuntu 16.04 LTS: perl 5.22.1-9ubuntu0.6

    Ubuntu 14.04 LTS: perl 5.18.2-2ubuntu1.7

    In general, a standard system update will make all the necessary changes

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0271",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2"
          },
          {
            "model": "snapcenter",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.5"
          },
          {
            "model": "e-series santricity os controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.0.0"
          },
          {
            "model": "snapdriver",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "model": "openshift container platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "3.11"
          },
          {
            "model": "perl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "perl",
            "version": "5.26.3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2.8"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "12.04"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.1.1"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.04"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "29"
          },
          {
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "model": "perl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "perl",
            "version": "5.28.1"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.4"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "model": "enterprise linux eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "model": "mac os x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.14.4"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "14.04"
          },
          {
            "model": "perl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "perl",
            "version": "5.28.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2"
          },
          {
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "model": "snap creator framework",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.10"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2.21"
          },
          {
            "model": "perl",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "the perl",
            "version": "5.28.x"
          },
          {
            "model": "ubuntu",
            "scope": null,
            "trust": 0.8,
            "vendor": "canonical",
            "version": null
          },
          {
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "the perl",
            "version": "5.28.1"
          },
          {
            "model": "software collections for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "0"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.28"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.26.2"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.26"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.24.3"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.22.1"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.20.2"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.20.1"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.18.2"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.16"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.14"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.12.1"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.12"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.11"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.10"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.9.2"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.8.10"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.8.9"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.8.8"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.8.7"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.8.6"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.8.5"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.8.4"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.8.3"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.8"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.8.2"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.8.1"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.24"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.22"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.20"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.18"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.17.7"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.16.2"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.16.1"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.14.3"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.14.2"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.14.1"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.13.9"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.13.8"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.13.7"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.13.6"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.13.5"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.13.4"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.13.3"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.13.2"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.13.11"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.13.10"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.13.1"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.13.0"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.12.3"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.12.2"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.11.5"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.11.4"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.11.3"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.11.2"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.11.1"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.10.1"
          },
          {
            "model": "perl",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.28.1"
          },
          {
            "model": "perl",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.26.3"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "106145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012765"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18311"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.26.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.28.1",
                    "versionStartIncluding": "5.28.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:snapdriver:-:*:*:*:*:unix:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.14.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.1.1",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.8.2.8",
                    "versionStartIncluding": "7.8.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.7.2.21",
                    "versionStartIncluding": "7.7.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18311"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "151001"
          },
          {
            "db": "PACKETSTORM",
            "id": "153965"
          },
          {
            "db": "PACKETSTORM",
            "id": "151000"
          },
          {
            "db": "PACKETSTORM",
            "id": "151248"
          }
        ],
        "trust": 0.4
      },
      "cve": "CVE-2018-18311",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-18311",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-128858",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-18311",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-18311",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-128858",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128858"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012765"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18311"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Perl is prone to the following multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. \n1. An integer-overflow vulnerability\n2. A heap-based buffer-overflow vulnerability\nAttackers can exploit these issues to execute arbitrary code on the affected application. Failed attempts will likely cause a denial-of-service condition. 7) - noarch, x86_64\n\n3. \n\nThe following packages have been upgraded to a later upstream version:\nrh-perl526-perl (5.26.3), rh-perl526-perl-Module-CoreList (5.20181130). \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 5.24.1-3+deb9u5. \n\nWe recommend that you upgrade your perl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: perl security update\nAdvisory ID:       RHSA-2019:0109-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:0109\nIssue date:        2019-01-21\nCVE Names:         CVE-2018-18311 \n=====================================================================\n\n1. Summary:\n\nAn update for perl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nPerl is a high-level programming language that is commonly used for system\nadministration utilities and web programming. \n\nSecurity Fix(es):\n\n* perl: Integer overflow leading to buffer overflow in Perl_my_setenv()\n(CVE-2018-18311)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank the Perl project for reporting this issue. \nUpstream acknowledges Jayakrishna Menon as the original reporter. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nperl-5.16.3-294.el7_6.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_6.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_6.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_6.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_6.noarch.rpm\nperl-Package-Constants-0.02-294.el7_6.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_6.noarch.rpm\n\nx86_64:\nperl-5.16.3-294.el7_6.x86_64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm\nperl-core-5.16.3-294.el7_6.x86_64.rpm\nperl-debuginfo-5.16.3-294.el7_6.i686.rpm\nperl-debuginfo-5.16.3-294.el7_6.x86_64.rpm\nperl-devel-5.16.3-294.el7_6.i686.rpm\nperl-devel-5.16.3-294.el7_6.x86_64.rpm\nperl-libs-5.16.3-294.el7_6.i686.rpm\nperl-libs-5.16.3-294.el7_6.x86_64.rpm\nperl-macros-5.16.3-294.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-294.el7_6.x86_64.rpm\nperl-tests-5.16.3-294.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nperl-5.16.3-294.el7_6.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_6.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_6.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_6.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_6.noarch.rpm\nperl-Package-Constants-0.02-294.el7_6.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_6.noarch.rpm\n\nx86_64:\nperl-5.16.3-294.el7_6.x86_64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm\nperl-core-5.16.3-294.el7_6.x86_64.rpm\nperl-debuginfo-5.16.3-294.el7_6.i686.rpm\nperl-debuginfo-5.16.3-294.el7_6.x86_64.rpm\nperl-devel-5.16.3-294.el7_6.i686.rpm\nperl-devel-5.16.3-294.el7_6.x86_64.rpm\nperl-libs-5.16.3-294.el7_6.i686.rpm\nperl-libs-5.16.3-294.el7_6.x86_64.rpm\nperl-macros-5.16.3-294.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-294.el7_6.x86_64.rpm\nperl-tests-5.16.3-294.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nperl-5.16.3-294.el7_6.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_6.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_6.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_6.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_6.noarch.rpm\nperl-Package-Constants-0.02-294.el7_6.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_6.noarch.rpm\n\nppc64:\nperl-5.16.3-294.el7_6.ppc64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.ppc64.rpm\nperl-core-5.16.3-294.el7_6.ppc64.rpm\nperl-debuginfo-5.16.3-294.el7_6.ppc.rpm\nperl-debuginfo-5.16.3-294.el7_6.ppc64.rpm\nperl-devel-5.16.3-294.el7_6.ppc.rpm\nperl-devel-5.16.3-294.el7_6.ppc64.rpm\nperl-libs-5.16.3-294.el7_6.ppc.rpm\nperl-libs-5.16.3-294.el7_6.ppc64.rpm\nperl-macros-5.16.3-294.el7_6.ppc64.rpm\n\nppc64le:\nperl-5.16.3-294.el7_6.ppc64le.rpm\nperl-Time-Piece-1.20.1-294.el7_6.ppc64le.rpm\nperl-core-5.16.3-294.el7_6.ppc64le.rpm\nperl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm\nperl-devel-5.16.3-294.el7_6.ppc64le.rpm\nperl-libs-5.16.3-294.el7_6.ppc64le.rpm\nperl-macros-5.16.3-294.el7_6.ppc64le.rpm\n\ns390x:\nperl-5.16.3-294.el7_6.s390x.rpm\nperl-Time-Piece-1.20.1-294.el7_6.s390x.rpm\nperl-core-5.16.3-294.el7_6.s390x.rpm\nperl-debuginfo-5.16.3-294.el7_6.s390.rpm\nperl-debuginfo-5.16.3-294.el7_6.s390x.rpm\nperl-devel-5.16.3-294.el7_6.s390.rpm\nperl-devel-5.16.3-294.el7_6.s390x.rpm\nperl-libs-5.16.3-294.el7_6.s390.rpm\nperl-libs-5.16.3-294.el7_6.s390x.rpm\nperl-macros-5.16.3-294.el7_6.s390x.rpm\n\nx86_64:\nperl-5.16.3-294.el7_6.x86_64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm\nperl-core-5.16.3-294.el7_6.x86_64.rpm\nperl-debuginfo-5.16.3-294.el7_6.i686.rpm\nperl-debuginfo-5.16.3-294.el7_6.x86_64.rpm\nperl-devel-5.16.3-294.el7_6.i686.rpm\nperl-devel-5.16.3-294.el7_6.x86_64.rpm\nperl-libs-5.16.3-294.el7_6.i686.rpm\nperl-libs-5.16.3-294.el7_6.x86_64.rpm\nperl-macros-5.16.3-294.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nperl-5.16.3-294.el7_6.src.rpm\n\naarch64:\nperl-5.16.3-294.el7_6.aarch64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.aarch64.rpm\nperl-core-5.16.3-294.el7_6.aarch64.rpm\nperl-debuginfo-5.16.3-294.el7_6.aarch64.rpm\nperl-devel-5.16.3-294.el7_6.aarch64.rpm\nperl-libs-5.16.3-294.el7_6.aarch64.rpm\nperl-macros-5.16.3-294.el7_6.aarch64.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_6.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_6.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_6.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_6.noarch.rpm\nperl-Package-Constants-0.02-294.el7_6.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_6.noarch.rpm\n\nppc64le:\nperl-5.16.3-294.el7_6.ppc64le.rpm\nperl-Time-Piece-1.20.1-294.el7_6.ppc64le.rpm\nperl-core-5.16.3-294.el7_6.ppc64le.rpm\nperl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm\nperl-devel-5.16.3-294.el7_6.ppc64le.rpm\nperl-libs-5.16.3-294.el7_6.ppc64le.rpm\nperl-macros-5.16.3-294.el7_6.ppc64le.rpm\n\ns390x:\nperl-5.16.3-294.el7_6.s390x.rpm\nperl-Time-Piece-1.20.1-294.el7_6.s390x.rpm\nperl-core-5.16.3-294.el7_6.s390x.rpm\nperl-debuginfo-5.16.3-294.el7_6.s390.rpm\nperl-debuginfo-5.16.3-294.el7_6.s390x.rpm\nperl-devel-5.16.3-294.el7_6.s390.rpm\nperl-devel-5.16.3-294.el7_6.s390x.rpm\nperl-libs-5.16.3-294.el7_6.s390.rpm\nperl-libs-5.16.3-294.el7_6.s390x.rpm\nperl-macros-5.16.3-294.el7_6.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nperl-debuginfo-5.16.3-294.el7_6.ppc64.rpm\nperl-tests-5.16.3-294.el7_6.ppc64.rpm\n\nppc64le:\nperl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm\nperl-tests-5.16.3-294.el7_6.ppc64le.rpm\n\ns390x:\nperl-debuginfo-5.16.3-294.el7_6.s390x.rpm\nperl-tests-5.16.3-294.el7_6.s390x.rpm\n\nx86_64:\nperl-debuginfo-5.16.3-294.el7_6.x86_64.rpm\nperl-tests-5.16.3-294.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nperl-debuginfo-5.16.3-294.el7_6.aarch64.rpm\nperl-tests-5.16.3-294.el7_6.aarch64.rpm\n\nppc64le:\nperl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm\nperl-tests-5.16.3-294.el7_6.ppc64le.rpm\n\ns390x:\nperl-debuginfo-5.16.3-294.el7_6.s390x.rpm\nperl-tests-5.16.3-294.el7_6.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nperl-5.16.3-294.el7_6.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_6.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_6.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_6.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_6.noarch.rpm\nperl-Package-Constants-0.02-294.el7_6.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_6.noarch.rpm\n\nx86_64:\nperl-5.16.3-294.el7_6.x86_64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm\nperl-core-5.16.3-294.el7_6.x86_64.rpm\nperl-debuginfo-5.16.3-294.el7_6.i686.rpm\nperl-debuginfo-5.16.3-294.el7_6.x86_64.rpm\nperl-devel-5.16.3-294.el7_6.i686.rpm\nperl-devel-5.16.3-294.el7_6.x86_64.rpm\nperl-libs-5.16.3-294.el7_6.i686.rpm\nperl-libs-5.16.3-294.el7_6.x86_64.rpm\nperl-macros-5.16.3-294.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-294.el7_6.x86_64.rpm\nperl-tests-5.16.3-294.el7_6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-18311\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXEYC0dzjgjWX9erEAQi+cg//SP5ltkBCVsa86sXT7nP94nQepzxwweEj\nEC1T/sqSYhSYJcftiJdmcxJk9g4wOns39SNJuvsiiajYarJeIFjUq2TpX/lxL3Qe\nYrrnZ2esaT+kTDPtCpzBoatZ6uSKZmAVBKmu1bQMmquRt6fbk9F3lWWzfUEfspuU\nRxfJplbKlejPsAAEUA4URdoC8Jey1cbKgrDOxqOGH1ipZyVsW8jvrrCZxCLKkeRR\nMyfngBxyTGld78ZoDipSMOInjs50Snh3xp+z4ZxPIpltaEiJHK9mbg5Psqvz8hZY\nS7RMVK4qPPJwFuPLEKBBNtwFneNotq1Hz4Pj1f2YvjsTv56N+IwudLAdHK8bQBA8\nmTRgSNbn8T/22U67d6Pa+T1hL/5xstbOM2Jtj5CD++Oqh84mh8ZhWYFafAdCu/RS\nRRgSZIg3CCjS7C0y+to1BBNARWJm0ymko9NPVGW5anDvqCZfowbUEOe/t1suXbE9\npMJgi+p5JPJwWgA+PkYgeW60edGu1sobtV84QQtgUAjy6wgby2wHYPgJJVNt8TP8\n6JkRCmHhbwjsreDy0v65oNWWwTsgUFzjl+KUk5nwh/JST6w+LjY/CCUTgTNyVQR3\nivFL/VNrTip4RQCASlWILYI95U0h+Fb1hL7xbQ5KevVNwS07MZdFhEcZWDTBj3Iw\nKtRzQvqVeHM=\n=kPNu\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update\n2019-002 High Sierra, Security Update 2019-002 Sierra\n\nmacOS Mojave 10.14.4, Security Update 2019-002 High Sierra,\nSecurity Update 2019-002 Sierra are now available and\naddresses the following:\n\nAppleGraphicsControl\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and\nshrek_wzw of Qihoo 360 Nirvan Team\n\nBom\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved handling of file\nmetadata. \nCVE-2019-6239: Ian Moorhouse and Michael Trimm\n\nCFString\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted string may lead to a denial\nof service\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-8516: SWIPS Team of Frifee Inc. \n\nconfigd\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8552: Mohamed Ghannam (@_simo36)\n\nContacts\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2019-8511: an anonymous researcher\n\nCoreCrypto\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8542: an anonymous researcher\n\nDiskArbitration\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: An encrypted volume may be unmounted and remounted by a\ndifferent user without prompting for the password\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8522: Colin Meginnis (@falc420)\n\nFaceTime\nAvailable for: macOS Mojave 10.14.3\nImpact: A user\u0027s video may not be paused in a FaceTime call if they\nexit the FaceTime app while the call is ringing\nDescription: An issue existed in the pausing of FaceTime video. The\nissue was resolved with improved logic. \nCVE-2019-8550: Lauren Guzniczak of Keystone Academy\n\nFeedback Assistant\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to gain root privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs\n\nFeedback Assistant\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: This issue was addressed with improved checks. \nCVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs\n\nfile\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted file might disclose user\ninformation\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-6237: an anonymous researcher\n\nGraphics Drivers\nAvailable for: macOS Mojave 10.14.3\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin\n(@panicaII) and Junzhi Lu of Trend Micro Research working with Trend\nMicro\u0027s Zero Day Initiative\n\niAP\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8542: an anonymous researcher\n\nIOGraphics\nAvailable for: macOS Mojave 10.14.3\nImpact: A Mac may not lock when disconnecting from an external\nmonitor\nDescription: A lock handling issue was addressed with improved lock\nhandling. \nCVE-2019-8533: an anonymous researcher, James Eagan of T\u00e9l\u00e9com\nParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT\n\nIOHIDFamily\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\nIOKit\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3\nImpact: A local user may be able to read kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8504: an anonymous researcher\n\nIOKit SCSI\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: Mounting a maliciously crafted NFS network share may lead to\narbitrary code execution with system privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8508: Dr. Silvio Cesare of InfoSect\n\nKernel\nAvailable for: macOS Mojave 10.14.3\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8514: Samuel Gro\u00df of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360  Nirvan Team\n\nKernel\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to read kernel memory\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-7293: Ned Williamson of Google\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed with improved input\nvalidation. \nCVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)\nCVE-2019-8510: Stefan Esser of Antid0te UG\n\nMessages\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to view sensitive user information\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2019-8546: ChiYuan Chang\n\nNotes\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to view a user\u0027s locked notes\nDescription: An access issue was addressed with improved memory\nmanagement. \nCVE-2019-8537: Greg Walker (gregwalker.us)\n\nPackageKit\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2019-8561: Jaron Bradley of Crowdstrike\n\nPerl\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: Multiple issues in Perl\nDescription: Multiple issues in Perl were addressed in this update. \nCVE-2018-12015: Jakub Wilk\nCVE-2018-18311: Jayakrishna Menon\nCVE-2018-18313: Eiichi Tsukata\n\nPower Management\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: Multiple input validation issues existed in MIG\ngenerated code. These issues were addressed with improved validation. \nCVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure\n(ssd-disclosure.com)\n\nQuartzCore\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing malicious data may lead to unexpected application\ntermination\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8507: Kai Lu or Fortinet\u0027s FortiGuard Labs\n\nSecurity\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-8526: Linus Henze (pinauten.de)\n\nSecurity\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8520: Antonio Groza, The UK\u0027s National Cyber Security Centre\n(NCSC)\n\nSiri\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to initiate a Dictation\nrequest without user authorization\nDescription: An API issue existed in the handling of dictation\nrequests. This issue was addressed with improved validation. \nCVE-2019-8502: Luke Deshotels of North Carolina State University,\nJordan Beichler of North Carolina State University, William Enck of\nNorth Carolina State University, Costin Caraba\u0219 of University\nPOLITEHNICA of Bucharest, and R\u0103zvan Deaconescu of University\nPOLITEHNICA of Bucharest\n\nTime Machine\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A local user may be able to execute arbitrary shell commands\nDescription: This issue was addressed with improved checks. \nCVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs\n\nTrueTypeScaler\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero\nDay Initiative\n\nXPC\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: This issue was addressed with improved checks. \nCVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs\n\nAdditional recognition\n\nAccounts\nWe would like to acknowledge Milan Stute of Secure Mobile Networking\nLab at Technische Universit\u00e4t Darmstadt for their assistance. \n\nBooks\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nMail\nWe would like to acknowledge Craig Young of Tripwire VERT and Hanno\nB\u00f6ck for their assistance. \n\nTime Machine\nWe would like to acknowledge CodeColorist of Ant-Financial LightYear\nLabs for their assistance. \n\nInstallation note:\n\nmacOS Mojave 10.14.4, Security Update 2019-002 High Sierra,\nSecurity Update 2019-002 Sierra may be obtained from the\nMac App Store or Apple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9\nFvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT\nvyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D\nEqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33\niAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM\nucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB\nsSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p\n7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J\n+9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7\nOLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0\nzBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS\n1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk=\n=QV0f\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-3834-1\nDecember 03, 2018\n\nperl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Perl. \n\nSoftware Description:\n- perl: Practical Extraction and Report Language\n\nDetails:\n\nJayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. (CVE-2018-18311)\n\nEiichi Tsukata discovered that Perl incorrectly handled certain regular\nexpressions. This\nissue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. \n(CVE-2018-18312)\n\nEiichi Tsukata discovered that Perl incorrectly handled certain regular\nexpressions. An attacker could use this issue to cause Perl to crash,\nresulting in a denial of service. (CVE-2018-18313)\n\nJakub Wilk discovered that Perl incorrectly handled certain regular\nexpressions. An attacker could use this issue to cause Perl to crash,\nresulting in a denial of service. This issue only affected Ubuntu 16.04\nLTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n  perl                            5.26.2-7ubuntu0.1\n\nUbuntu 18.04 LTS:\n  perl                            5.26.1-6ubuntu0.3\n\nUbuntu 16.04 LTS:\n  perl                            5.22.1-9ubuntu0.6\n\nUbuntu 14.04 LTS:\n  perl                            5.18.2-2ubuntu1.7\n\nIn general, a standard system update will make all the necessary changes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18311"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012765"
          },
          {
            "db": "BID",
            "id": "106145"
          },
          {
            "db": "VULHUB",
            "id": "VHN-128858"
          },
          {
            "db": "PACKETSTORM",
            "id": "151001"
          },
          {
            "db": "PACKETSTORM",
            "id": "153965"
          },
          {
            "db": "PACKETSTORM",
            "id": "151000"
          },
          {
            "db": "PACKETSTORM",
            "id": "150523"
          },
          {
            "db": "PACKETSTORM",
            "id": "151248"
          },
          {
            "db": "PACKETSTORM",
            "id": "152222"
          },
          {
            "db": "PACKETSTORM",
            "id": "150564"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-18311",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "106145",
            "trust": 1.4
          },
          {
            "db": "SECTRACK",
            "id": "1042181",
            "trust": 1.1
          },
          {
            "db": "MCAFEE",
            "id": "SB10278",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012765",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "151001",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "153965",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "150564",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "151248",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "151000",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "150523",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "150565",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "153652",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "153814",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154385",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-128858",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "152222",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128858"
          },
          {
            "db": "BID",
            "id": "106145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012765"
          },
          {
            "db": "PACKETSTORM",
            "id": "151001"
          },
          {
            "db": "PACKETSTORM",
            "id": "153965"
          },
          {
            "db": "PACKETSTORM",
            "id": "151000"
          },
          {
            "db": "PACKETSTORM",
            "id": "150523"
          },
          {
            "db": "PACKETSTORM",
            "id": "151248"
          },
          {
            "db": "PACKETSTORM",
            "id": "152222"
          },
          {
            "db": "PACKETSTORM",
            "id": "150564"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18311"
          }
        ]
      },
      "id": "VAR-201812-0271",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128858"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-07-23T20:38:14.990000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "DSA-4347",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2018/dsa-4347"
          },
          {
            "title": "Perl_my_setenv(); handle integer wrap",
            "trust": 0.8,
            "url": "https://github.com/perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"
          },
          {
            "title": "[SECURITY] Fedora 29 Update: perl-5.28.1-425.fc29",
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rwqgeb543qn7ssbrkyjm6psoc3rlygsm/"
          },
          {
            "title": "USN-3834-1",
            "trust": 0.8,
            "url": "https://usn.ubuntu.com/3834-1/"
          },
          {
            "title": "USN-3834-2",
            "trust": 0.8,
            "url": "https://usn.ubuntu.com/3834-2/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012765"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128858"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012765"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18311"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18311"
          },
          {
            "trust": 1.4,
            "url": "https://github.com/perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"
          },
          {
            "trust": 1.2,
            "url": "https://access.redhat.com/errata/rhsa-2019:0001"
          },
          {
            "trust": 1.2,
            "url": "https://access.redhat.com/errata/rhsa-2019:0010"
          },
          {
            "trust": 1.2,
            "url": "https://access.redhat.com/errata/rhsa-2019:0109"
          },
          {
            "trust": 1.2,
            "url": "https://access.redhat.com/errata/rhsa-2019:2400"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/106145"
          },
          {
            "trust": 1.1,
            "url": "https://seclists.org/bugtraq/2019/mar/42"
          },
          {
            "trust": 1.1,
            "url": "https://metacpan.org/changes/release/shay/perl-5.26.3"
          },
          {
            "trust": 1.1,
            "url": "https://metacpan.org/changes/release/shay/perl-5.28.1"
          },
          {
            "trust": 1.1,
            "url": "https://rt.perl.org/ticket/display.html?id=133204"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht209600"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2018/dsa-4347"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2019/mar/49"
          },
          {
            "trust": 1.1,
            "url": "https://security.gentoo.org/glsa/201909-01"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "trust": 1.1,
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/errata/rhba-2019:0327"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/errata/rhsa-2019:1790"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/errata/rhsa-2019:1942"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1042181"
          },
          {
            "trust": 1.1,
            "url": "https://usn.ubuntu.com/3834-1/"
          },
          {
            "trust": 1.1,
            "url": "https://usn.ubuntu.com/3834-2/"
          },
          {
            "trust": 1.0,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10278"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rwqgeb543qn7ssbrkyjm6psoc3rlygsm/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18311"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2018-18311"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2018-18314"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18313"
          },
          {
            "trust": 0.4,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18312"
          },
          {
            "trust": 0.4,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18314"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646751"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f"
          },
          {
            "trust": 0.3,
            "url": "www.perl.org"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-18313"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-18312"
          },
          {
            "trust": 0.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10278"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rwqgeb543qn7ssbrkyjm6psoc3rlygsm/"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/perl"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8514"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8511"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8519"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8502"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8516"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6239"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8522"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6237"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8540"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8526"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8527"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12015"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8533"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/downloads/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8520"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8517"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8521"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6207"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8504"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8510"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8508"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8530"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8513"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8529"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8537"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8507"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.3"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.6"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/perl/5.18.2-2ubuntu1.7"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/usn/usn-3834-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/perl/5.26.2-7ubuntu0.1"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128858"
          },
          {
            "db": "BID",
            "id": "106145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012765"
          },
          {
            "db": "PACKETSTORM",
            "id": "151001"
          },
          {
            "db": "PACKETSTORM",
            "id": "153965"
          },
          {
            "db": "PACKETSTORM",
            "id": "151000"
          },
          {
            "db": "PACKETSTORM",
            "id": "150523"
          },
          {
            "db": "PACKETSTORM",
            "id": "151248"
          },
          {
            "db": "PACKETSTORM",
            "id": "152222"
          },
          {
            "db": "PACKETSTORM",
            "id": "150564"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18311"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-128858"
          },
          {
            "db": "BID",
            "id": "106145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012765"
          },
          {
            "db": "PACKETSTORM",
            "id": "151001"
          },
          {
            "db": "PACKETSTORM",
            "id": "153965"
          },
          {
            "db": "PACKETSTORM",
            "id": "151000"
          },
          {
            "db": "PACKETSTORM",
            "id": "150523"
          },
          {
            "db": "PACKETSTORM",
            "id": "151248"
          },
          {
            "db": "PACKETSTORM",
            "id": "152222"
          },
          {
            "db": "PACKETSTORM",
            "id": "150564"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18311"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-12-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-128858"
          },
          {
            "date": "2018-11-29T00:00:00",
            "db": "BID",
            "id": "106145"
          },
          {
            "date": "2019-02-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012765"
          },
          {
            "date": "2019-01-03T02:57:52",
            "db": "PACKETSTORM",
            "id": "151001"
          },
          {
            "date": "2019-08-07T20:08:30",
            "db": "PACKETSTORM",
            "id": "153965"
          },
          {
            "date": "2019-01-03T02:57:21",
            "db": "PACKETSTORM",
            "id": "151000"
          },
          {
            "date": "2018-11-30T15:01:16",
            "db": "PACKETSTORM",
            "id": "150523"
          },
          {
            "date": "2019-01-22T16:02:14",
            "db": "PACKETSTORM",
            "id": "151248"
          },
          {
            "date": "2019-03-26T14:40:53",
            "db": "PACKETSTORM",
            "id": "152222"
          },
          {
            "date": "2018-12-03T21:10:16",
            "db": "PACKETSTORM",
            "id": "150564"
          },
          {
            "date": "2018-12-07T21:29:00.407000",
            "db": "NVD",
            "id": "CVE-2018-18311"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-128858"
          },
          {
            "date": "2018-11-29T00:00:00",
            "db": "BID",
            "id": "106145"
          },
          {
            "date": "2019-02-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012765"
          },
          {
            "date": "2023-11-07T02:55:02.103000",
            "db": "NVD",
            "id": "CVE-2018-18311"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "106145"
          }
        ],
        "trust": 0.3
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Perl Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012765"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "overflow",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "151001"
          },
          {
            "db": "PACKETSTORM",
            "id": "153965"
          },
          {
            "db": "PACKETSTORM",
            "id": "151000"
          },
          {
            "db": "PACKETSTORM",
            "id": "151248"
          }
        ],
        "trust": 0.4
      }
    }

    VAR-202006-1838

    Vulnerability from variot - Updated: 2024-07-23 20:25

    Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. An attacker could exploit this vulnerability to cause a denial of service. 8) - aarch64, noarch, ppc64le, s390x, x86_64

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/

    Security fixes:

    • redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)

    • console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)

    • console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)

    Bug fixes:

    • RHACM 2.2.4 images (BZ# 1957254)

    • Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)

    • ACM Operator should support using the default route TLS (BZ# 1955270)

    • The scrolling bar for search filter does not work properly (BZ# 1956852)

    • Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)

    • The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)

    • Unable to make SSH connection to a Bitbucket server (BZ# 1966513)

    • Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)

    • Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

    1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message

    1. Description:

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

    This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release:

    https://access.redhat.com/errata/RHSA-2021:2122

    Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

    https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

    This update fixes the following bug among others:

    • Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238)

    Security Fix(es):

    • gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)

    You may download the oc tool and use it to inspect release image metadata as follows:

    (For x86_64 architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64

    The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4

    (For s390x architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x

    The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd

    (For ppc64le architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le

    The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36

    All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor

    1. Solution:

    For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

    https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

    Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing

    1. ========================================================================= Ubuntu Security Notice USN-4602-2 October 27, 2020

    perl vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 14.04 ESM
    • Ubuntu 12.04 ESM

    Summary:

    Several security issues were fixed in Perl.

    Software Description: - perl: Practical Extraction and Report Language

    Details:

    USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

    Original advisory details:

    ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543)

    Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878)

    Sergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 14.04 ESM: perl 5.18.2-2ubuntu1.7+esm3

    Ubuntu 12.04 ESM: perl 5.14.2-6ubuntu2.11

    In general, a standard system update will make all the necessary changes. Description:

    Security Fix(es):

    • Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
    • Upgraded to a more recent version of Django to address CVE-2021-3281.
    • Upgraded to a more recent version of autobahn to address CVE-2020-35678.

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    • Upgraded to the latest oVirt inventory plugin to resolve a number of inventory syncing issues that can occur on RHEL7.
    • Upgraded to the latest theforeman.foreman inventory plugin to resolve a few bugs and performance regressions.
    • Fixed several issues related to how Tower rotates its log files.
    • Fixed a bug which can prevent Tower from installing on RHEL8 with certain non-en_US.UTF-8 locales.
    • Fixed a bug which can cause unanticipated delays in certain playbook output.
    • Fixed a bug which can cause job runs to fail for playbooks that print certain types of raw binary data.
    • Fixed a bug which can cause unnecessary records in the Activity Stream when Automation Analytics data is collected.
    • Fixed a bug which can cause Tower PostgreSQL backups to fail when a non-default PostgreSQL username is specified.
    • Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.
    • Fixed a bug which can cause certain long-running jobs running on isolated nodes to unexpectedly fail. Solution:

    For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract() 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape

    1. 7.4) - noarch, x86_64

    2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:0343-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0343 Issue date: 2021-02-02 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 ==================================================================== 1. Summary:

    An update for perl is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

    1. Description:

    Perl is a high-level programming language that is commonly used for system administration utilities and web programming.

    Security Fix(es):

    • perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)

    • perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878)

    • perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: perl-5.16.3-299.el7_9.src.rpm

    noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm

    x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Client Optional (v. 7):

    x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: perl-5.16.3-299.el7_9.src.rpm

    noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm

    x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional (v. 7):

    x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: perl-5.16.3-299.el7_9.src.rpm

    noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm

    ppc64: perl-5.16.3-299.el7_9.ppc64.rpm perl-Time-Piece-1.20.1-299.el7_9.ppc64.rpm perl-core-5.16.3-299.el7_9.ppc64.rpm perl-debuginfo-5.16.3-299.el7_9.ppc.rpm perl-debuginfo-5.16.3-299.el7_9.ppc64.rpm perl-devel-5.16.3-299.el7_9.ppc.rpm perl-devel-5.16.3-299.el7_9.ppc64.rpm perl-libs-5.16.3-299.el7_9.ppc.rpm perl-libs-5.16.3-299.el7_9.ppc64.rpm perl-macros-5.16.3-299.el7_9.ppc64.rpm

    ppc64le: perl-5.16.3-299.el7_9.ppc64le.rpm perl-Time-Piece-1.20.1-299.el7_9.ppc64le.rpm perl-core-5.16.3-299.el7_9.ppc64le.rpm perl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm perl-devel-5.16.3-299.el7_9.ppc64le.rpm perl-libs-5.16.3-299.el7_9.ppc64le.rpm perl-macros-5.16.3-299.el7_9.ppc64le.rpm

    s390x: perl-5.16.3-299.el7_9.s390x.rpm perl-Time-Piece-1.20.1-299.el7_9.s390x.rpm perl-core-5.16.3-299.el7_9.s390x.rpm perl-debuginfo-5.16.3-299.el7_9.s390.rpm perl-debuginfo-5.16.3-299.el7_9.s390x.rpm perl-devel-5.16.3-299.el7_9.s390.rpm perl-devel-5.16.3-299.el7_9.s390x.rpm perl-libs-5.16.3-299.el7_9.s390.rpm perl-libs-5.16.3-299.el7_9.s390x.rpm perl-macros-5.16.3-299.el7_9.s390x.rpm

    x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    ppc64: perl-debuginfo-5.16.3-299.el7_9.ppc64.rpm perl-tests-5.16.3-299.el7_9.ppc64.rpm

    ppc64le: perl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm perl-tests-5.16.3-299.el7_9.ppc64le.rpm

    s390x: perl-debuginfo-5.16.3-299.el7_9.s390x.rpm perl-tests-5.16.3-299.el7_9.s390x.rpm

    x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: perl-5.16.3-299.el7_9.src.rpm

    noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm

    x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 7):

    x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYBlBRdzjgjWX9erEAQgfWQ/+Pzq//upZZVPBq5+myRLRJCef7277Y+9k 54oh8wOTwtwEMs9ye5Y1FDmAxVd4fWX3JgAss1KE86Hhm5OoCX/FJ0/RGguMR1l2 qwmWtfGuZjrn1SmjdHlf8B/bC0f20IadUUbY/8clpFiMxe5V1g8s9ZgbHv/MBWnm Awac/6LPc7Eb24OnIuTKLYEcQRxuBG1KdikM1NN1uJU5WHkbhZfKWFMnjKihsPGp 42vnomd0P7RdXNc4FbuNlkm2iw04woJyz1AYPdScswWJqawQSbre6+3wpnHlWs4K RerhKZiJLJsC0XmSpma62I4kYbVlniYPcbrF4Zfo1j1vIIvjmOL26B/3JsUVtwfm AKVuAu8DbNIkdSo2CS2gauLWsykukprPx16X8n8Xlb9Kr9iL/r2/sI/jUGce+50S aoe2Hb40VIX6sHPLiEmWP0ufuoDxJZ2mY9mhqAMGt/xCPrZ/Pst0y4hewJVo2AIf /LG758/KJWYBx2ILfBwA07O829irVDnbw5blT47fS3qiqAzXRTp56xkCCnLQ0BGQ Ip3DFIwNVxznKYOgubXJBGl3xYHI+P/bu8tcCAYMaN4hAHdFrqJbPMNLLGf37L73 N83csDc07k/WsKua5atl3suUuYRWxSq6CnV9KNU4aUaKEmu+de+D2k34vn2+le0S HB63T1smQXA=Oj1P -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1838",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "communications billing and revenue management",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0.0.2.0"
          },
          {
            "model": "configuration manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.1.2.0.8"
          },
          {
            "model": "communications performance intelligence center",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.3.0.0.0"
          },
          {
            "model": "communications eagle application processor",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "16.1.0"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.1"
          },
          {
            "model": "communications diameter signaling router",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.0.0"
          },
          {
            "model": "perl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "perl",
            "version": "5.30.3"
          },
          {
            "model": "communications performance intelligence center",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.3.0.2.1"
          },
          {
            "model": "tekelec platform distribution",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "7.7.1"
          },
          {
            "model": "communications performance intelligence center",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.4.0.1.0"
          },
          {
            "model": "tekelec platform distribution",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "7.4.0"
          },
          {
            "model": "communications lsms",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.4"
          },
          {
            "model": "communications eagle lnp application processor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "46.7"
          },
          {
            "model": "sd-wan edge",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "model": "communications eagle application processor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "16.4.0"
          },
          {
            "model": "communications eagle lnp application processor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.1"
          },
          {
            "model": "communications eagle lnp application processor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "46.8"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "31"
          },
          {
            "model": "communications performance intelligence center",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.4.0.3.1"
          },
          {
            "model": "communications lsms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "model": "communications billing and revenue management",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0.0.3.0"
          },
          {
            "model": "communications eagle lnp application processor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.2"
          },
          {
            "model": "communications pricing design center",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0.0.3.0"
          },
          {
            "model": "communications offline mediation controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0.0.3.0"
          },
          {
            "model": "communications diameter signaling router",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.5.0"
          },
          {
            "model": "communications eagle lnp application processor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "46.9"
          },
          {
            "model": "sd-wan edge",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "9.0"
          },
          {
            "model": "enterprise manager base platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.4.0.0"
          },
          {
            "model": "sd-wan edge",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.2"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10543"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:x86:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.30.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.5.0",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.7.1",
                    "versionStartIncluding": "7.4.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.4",
                    "versionStartIncluding": "13.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.4.0",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.4.0.3.1",
                    "versionStartIncluding": "10.4.0.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.3.0.2.1",
                    "versionStartIncluding": "10.3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10543"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "162650"
          },
          {
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "db": "PACKETSTORM",
            "id": "162877"
          },
          {
            "db": "PACKETSTORM",
            "id": "161728"
          },
          {
            "db": "PACKETSTORM",
            "id": "162245"
          },
          {
            "db": "PACKETSTORM",
            "id": "161255"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-145"
          }
        ],
        "trust": 1.2
      },
      "cve": "CVE-2020-10543",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-163032",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-10543",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-10543",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-145",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-163032",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-10543",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-163032"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10543"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-145"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10543"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. An attacker could exploit this vulnerability to cause a denial of service. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it\u0027s difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.13. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:2122\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nThis update fixes the following bug among others:\n\n* Previously, resources for the ClusterOperator were being created early in\nthe update process, which led to update failures when the ClusterOperator\nhad no status condition while Operators were updating. This bug fix changes\nthe timing of when these resources are created. As a result, updates can\ntake place without errors. (BZ#1959238)\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-x86_64\n\nThe image digest is\nsha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-s390x\n\nThe image digest is\nsha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le\n\nThe image digest is\nsha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923268 - [Assisted-4.7] [Staging] Using two both spelling \"canceled\"  \"cancelled\"\n1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go\n1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list\n1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits\n1959238 - CVO creating cloud-controller-manager too early causing upgrade failures\n1960103 - SR-IOV obliviously reboot the node\n1961941 - Local Storage Operator using LocalVolume CR fails to create PV\u0027s when backend storage failure is simulated\n1962302 - packageserver clusteroperator does not set reason or message for Available condition\n1962312 - Deployment considered unhealthy despite being available and at latest generation\n1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone\n1963115 - Test verify /run filesystem contents failing\n\n5. =========================================================================\nUbuntu Security Notice USN-4602-2\nOctober 27, 2020\n\nperl vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Perl. \n\nSoftware Description:\n- perl: Practical Extraction and Report Language\n\nDetails:\n\nUSN-4602-1 fixed several vulnerabilities in Perl. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\n\nOriginal advisory details:\n\n ManhND discovered that Perl incorrectly handled certain regular\n expressions. In environments where untrusted regular expressions are\n evaluated, a remote attacker could possibly use this issue to cause Perl to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2020-10543)\n\n Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly\n handled certain regular expressions. In environments where untrusted\n regular expressions are evaluated, a remote attacker could possibly use\n this issue to cause Perl to crash, resulting in a denial of service, or\n possibly execute arbitrary code. (CVE-2020-10878)\n\n Sergey Aleynikov discovered that Perl incorrectly handled certain regular\n expressions. In environments where untrusted regular expressions are\n evaluated, a remote attacker could possibly use this issue to cause Perl to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2020-12723)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n  perl                            5.18.2-2ubuntu1.7+esm3\n\nUbuntu 12.04 ESM:\n  perl                            5.14.2-6ubuntu2.11\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nSecurity Fix(es):\n\n* Addressed a security issue which can allow a malicious playbook author to\nelevate to the awx user from outside the isolated environment:\nCVE-2021-20253\n* Upgraded to a more recent version of Django to address CVE-2021-3281. \n* Upgraded to a more recent version of autobahn to address CVE-2020-35678. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Upgraded to the latest oVirt inventory plugin to resolve a number of\ninventory syncing issues that can occur on RHEL7. \n* Upgraded to the latest theforeman.foreman inventory plugin to resolve a\nfew bugs and performance regressions. \n* Fixed several issues related to how Tower rotates its log files. \n* Fixed a bug which can prevent Tower from installing on RHEL8 with certain\nnon-en_US.UTF-8 locales. \n* Fixed a bug which can cause unanticipated delays in certain playbook\noutput. \n* Fixed a bug which can cause job runs to fail for playbooks that print\ncertain types of raw binary data. \n* Fixed a bug which can cause unnecessary records in the Activity Stream\nwhen Automation Analytics data is collected. \n* Fixed a bug which can cause Tower PostgreSQL backups to fail when a\nnon-default PostgreSQL username is specified. \n* Fixed a bug which can intermittently cause access to encrypted Tower\nsettings to fail, resulting in failed job launches. \n* Fixed a bug which can cause certain long-running jobs running on isolated\nnodes to unexpectedly fail. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection\n1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract()\n1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape\n\n5. 7.4) - noarch, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: perl security update\nAdvisory ID:       RHSA-2021:0343-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:0343\nIssue date:        2021-02-02\nCVE Names:         CVE-2020-10543 CVE-2020-10878 CVE-2020-12723\n====================================================================\n1. Summary:\n\nAn update for perl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPerl is a high-level programming language that is commonly used for system\nadministration utilities and web programming. \n\nSecurity Fix(es):\n\n* perl: heap-based buffer overflow in regular expression compiler leads to\nDoS (CVE-2020-10543)\n\n* perl: corruption of intermediate language state of compiled regular\nexpression due to integer overflow leads to DoS (CVE-2020-10878)\n\n* perl: corruption of intermediate language state of compiled regular\nexpression due to recursive S_study_chunk() calls leads to DoS\n(CVE-2020-12723)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nppc64:\nperl-5.16.3-299.el7_9.ppc64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.ppc64.rpm\nperl-core-5.16.3-299.el7_9.ppc64.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc64.rpm\nperl-devel-5.16.3-299.el7_9.ppc.rpm\nperl-devel-5.16.3-299.el7_9.ppc64.rpm\nperl-libs-5.16.3-299.el7_9.ppc.rpm\nperl-libs-5.16.3-299.el7_9.ppc64.rpm\nperl-macros-5.16.3-299.el7_9.ppc64.rpm\n\nppc64le:\nperl-5.16.3-299.el7_9.ppc64le.rpm\nperl-Time-Piece-1.20.1-299.el7_9.ppc64le.rpm\nperl-core-5.16.3-299.el7_9.ppc64le.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm\nperl-devel-5.16.3-299.el7_9.ppc64le.rpm\nperl-libs-5.16.3-299.el7_9.ppc64le.rpm\nperl-macros-5.16.3-299.el7_9.ppc64le.rpm\n\ns390x:\nperl-5.16.3-299.el7_9.s390x.rpm\nperl-Time-Piece-1.20.1-299.el7_9.s390x.rpm\nperl-core-5.16.3-299.el7_9.s390x.rpm\nperl-debuginfo-5.16.3-299.el7_9.s390.rpm\nperl-debuginfo-5.16.3-299.el7_9.s390x.rpm\nperl-devel-5.16.3-299.el7_9.s390.rpm\nperl-devel-5.16.3-299.el7_9.s390x.rpm\nperl-libs-5.16.3-299.el7_9.s390.rpm\nperl-libs-5.16.3-299.el7_9.s390x.rpm\nperl-macros-5.16.3-299.el7_9.s390x.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nperl-debuginfo-5.16.3-299.el7_9.ppc64.rpm\nperl-tests-5.16.3-299.el7_9.ppc64.rpm\n\nppc64le:\nperl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm\nperl-tests-5.16.3-299.el7_9.ppc64le.rpm\n\ns390x:\nperl-debuginfo-5.16.3-299.el7_9.s390x.rpm\nperl-tests-5.16.3-299.el7_9.s390x.rpm\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10543\nhttps://access.redhat.com/security/cve/CVE-2020-10878\nhttps://access.redhat.com/security/cve/CVE-2020-12723\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYBlBRdzjgjWX9erEAQgfWQ/+Pzq//upZZVPBq5+myRLRJCef7277Y+9k\n54oh8wOTwtwEMs9ye5Y1FDmAxVd4fWX3JgAss1KE86Hhm5OoCX/FJ0/RGguMR1l2\nqwmWtfGuZjrn1SmjdHlf8B/bC0f20IadUUbY/8clpFiMxe5V1g8s9ZgbHv/MBWnm\nAwac/6LPc7Eb24OnIuTKLYEcQRxuBG1KdikM1NN1uJU5WHkbhZfKWFMnjKihsPGp\n42vnomd0P7RdXNc4FbuNlkm2iw04woJyz1AYPdScswWJqawQSbre6+3wpnHlWs4K\nRerhKZiJLJsC0XmSpma62I4kYbVlniYPcbrF4Zfo1j1vIIvjmOL26B/3JsUVtwfm\nAKVuAu8DbNIkdSo2CS2gauLWsykukprPx16X8n8Xlb9Kr9iL/r2/sI/jUGce+50S\naoe2Hb40VIX6sHPLiEmWP0ufuoDxJZ2mY9mhqAMGt/xCPrZ/Pst0y4hewJVo2AIf\n/LG758/KJWYBx2ILfBwA07O829irVDnbw5blT47fS3qiqAzXRTp56xkCCnLQ0BGQ\nIp3DFIwNVxznKYOgubXJBGl3xYHI+P/bu8tcCAYMaN4hAHdFrqJbPMNLLGf37L73\nN83csDc07k/WsKua5atl3suUuYRWxSq6CnV9KNU4aUaKEmu+de+D2k34vn2+le0S\nHB63T1smQXA=Oj1P\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10543"
          },
          {
            "db": "VULHUB",
            "id": "VHN-163032"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10543"
          },
          {
            "db": "PACKETSTORM",
            "id": "162650"
          },
          {
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "db": "PACKETSTORM",
            "id": "162877"
          },
          {
            "db": "PACKETSTORM",
            "id": "159726"
          },
          {
            "db": "PACKETSTORM",
            "id": "161728"
          },
          {
            "db": "PACKETSTORM",
            "id": "162245"
          },
          {
            "db": "PACKETSTORM",
            "id": "161255"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-10543",
            "trust": 2.5
          },
          {
            "db": "PACKETSTORM",
            "id": "159726",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "162650",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "162877",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "161728",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "161255",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "162245",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "163188",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "162021",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "158058",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "159707",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "162837",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "161656",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "161843",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-145",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2021042131",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021052031",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072136",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021092220",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072268",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "163586",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1338",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0791",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2604",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2781",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0925",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1725",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0371",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1096",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2180",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0845",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1820",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1866",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2469",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "161727",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161726",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-37944",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-163032",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10543",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-163032"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10543"
          },
          {
            "db": "PACKETSTORM",
            "id": "162650"
          },
          {
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "db": "PACKETSTORM",
            "id": "162877"
          },
          {
            "db": "PACKETSTORM",
            "id": "159726"
          },
          {
            "db": "PACKETSTORM",
            "id": "161728"
          },
          {
            "db": "PACKETSTORM",
            "id": "162245"
          },
          {
            "db": "PACKETSTORM",
            "id": "161255"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-145"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10543"
          }
        ]
      },
      "id": "VAR-202006-1838",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-163032"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-07-23T20:25:57.515000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Perl Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122040"
          },
          {
            "title": "editorGambasDelta",
            "trust": 0.2,
            "url": "https://github.com/d5n9smatrix/editorgambasdelta "
          },
          {
            "title": "Red Hat: Moderate: perl security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210343 - security advisory"
          },
          {
            "title": "Debian CVElist Bug Report Logs: perl: regexp security issues: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=babe2a0596ddd17a5ad75cd3c30c45ff"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2021-1610",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1610"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210607 - security advisory"
          },
          {
            "title": "IBM: Security Bulletin: Cloud Pak for Security contains security vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=08f19f0be4d5dcf7486e5abcdb671477"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          },
          {
            "title": "visualGambasDelta",
            "trust": 0.1,
            "url": "https://github.com/d5n9smatrix/visualgambasdelta "
          },
          {
            "title": "perl5283delta",
            "trust": 0.1,
            "url": "https://github.com/d5n9smatrix/perl5283delta "
          },
          {
            "title": "CICD_CloudBuild_01",
            "trust": 0.1,
            "url": "https://github.com/pbavinck/cicd_cloudbuild_01 "
          },
          {
            "title": "gcr-kritis-signer",
            "trust": 0.1,
            "url": "https://github.com/binxio/gcr-kritis-signer "
          },
          {
            "title": "gcp-kritis-signer",
            "trust": 0.1,
            "url": "https://github.com/binxio/gcp-kritis-signer "
          },
          {
            "title": "litecoin-automation",
            "trust": 0.1,
            "url": "https://github.com/gzukel/litecoin-automation "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/d5n9smatrix/perltoc "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
          },
          {
            "title": "snykout",
            "trust": 0.1,
            "url": "https://github.com/garethr/snykout "
          },
          {
            "title": "myapp-container-jaxrs",
            "trust": 0.1,
            "url": "https://github.com/akiraabe/myapp-container-jaxrs "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-10543"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-145"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-163032"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10543"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/perl/perl5/compare/v5.30.2...v5.30.3"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/202006-03"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
          },
          {
            "trust": 1.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-10543"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-10878"
          },
          {
            "trust": 0.6,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162650/red-hat-security-advisory-2021-1678-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/161255/red-hat-security-advisory-2021-0343-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-contains-security-vulnerabilities/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1866"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1820"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072268"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1725"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021052031"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0371/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2781"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1096"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021042131"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2180"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/161656/red-hat-security-advisory-2021-0719-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-perl-affect-aix-cve-2020-10543-cve-2020-10878-and-cve-2020-12723/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163188/red-hat-security-advisory-2021-2461-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/161728/red-hat-security-advisory-2021-0780-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0925"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/158058/gentoo-linux-security-advisory-202006-03.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/161843/red-hat-security-advisory-2021-0883-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/159707/ubuntu-security-notice-usn-4602-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1338"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021092220"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072136"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2469"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162021/red-hat-security-advisory-2021-1032-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162245/red-hat-security-advisory-2021-1266-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0845"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0791"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162837/red-hat-security-advisory-2021-2136-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162877/red-hat-security-advisory-2021-2121-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163586/red-hat-security-advisory-2021-2792-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/159726/ubuntu-security-notice-usn-4602-2.html"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/perl-core-buffer-overflow-via-nested-regular-expression-quantifiers-32365"
          },
          {
            "trust": 0.5,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-12723"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8286"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-28196"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-15358"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-13434"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25037"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-3842"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-13776"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-24977"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8231"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-29362"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-28935"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25034"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8285"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25035"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-9169"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-14866"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-26116"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25038"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-26137"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-29361"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-24330"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25042"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-12362"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25032"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25041"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25036"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-27619"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-25215"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3177"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-24331"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3326"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25013"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-2708"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-23336"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8927"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-29363"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-24332"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25039"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25040"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2016-10228"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8284"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-27618"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:1678"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21639"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28165"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28092"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12363"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27219"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28163"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-14502"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21309"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21640"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28918"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3543"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3501"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25648"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8648"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27170"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25692"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2433"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3347"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3114"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28362"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12364"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2461"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14347"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36322"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12114"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25712"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15586"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12114"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13543"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27835"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9951"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25704"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36242"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3121"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19528"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9948"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13012"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0431"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16845"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14363"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13584"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14360"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21645"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27783"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19528"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12464"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14314"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25659"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14356"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21643"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27786"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25643"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9983"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24394"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-0431"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-0342"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30465"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14345"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14344"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19523"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14362"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21644"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14361"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25285"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35508"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25212"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19523"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28974"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2121"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15437"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25284"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14346"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2122"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11608"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21642"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12464"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4602-1"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4602-2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35678"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20228"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3281"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20253"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20178"
          },
          {
            "trust": 0.1,
            "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20191"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3281"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20253"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20191"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20180"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20228"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0780"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35678"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20180"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20178"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:1266"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0343"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-163032"
          },
          {
            "db": "PACKETSTORM",
            "id": "162650"
          },
          {
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "db": "PACKETSTORM",
            "id": "162877"
          },
          {
            "db": "PACKETSTORM",
            "id": "159726"
          },
          {
            "db": "PACKETSTORM",
            "id": "161728"
          },
          {
            "db": "PACKETSTORM",
            "id": "162245"
          },
          {
            "db": "PACKETSTORM",
            "id": "161255"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-145"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10543"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-163032"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10543"
          },
          {
            "db": "PACKETSTORM",
            "id": "162650"
          },
          {
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "db": "PACKETSTORM",
            "id": "162877"
          },
          {
            "db": "PACKETSTORM",
            "id": "159726"
          },
          {
            "db": "PACKETSTORM",
            "id": "161728"
          },
          {
            "db": "PACKETSTORM",
            "id": "162245"
          },
          {
            "db": "PACKETSTORM",
            "id": "161255"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-145"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10543"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-163032"
          },
          {
            "date": "2020-06-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-10543"
          },
          {
            "date": "2021-05-19T14:04:40",
            "db": "PACKETSTORM",
            "id": "162650"
          },
          {
            "date": "2021-06-17T17:53:22",
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "date": "2021-06-01T14:45:29",
            "db": "PACKETSTORM",
            "id": "162877"
          },
          {
            "date": "2020-10-27T16:58:55",
            "db": "PACKETSTORM",
            "id": "159726"
          },
          {
            "date": "2021-03-09T16:26:05",
            "db": "PACKETSTORM",
            "id": "161728"
          },
          {
            "date": "2021-04-20T16:17:10",
            "db": "PACKETSTORM",
            "id": "162245"
          },
          {
            "date": "2021-02-02T16:12:23",
            "db": "PACKETSTORM",
            "id": "161255"
          },
          {
            "date": "2020-06-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-145"
          },
          {
            "date": "2020-06-05T14:15:10.467000",
            "db": "NVD",
            "id": "CVE-2020-10543"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-163032"
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-10543"
          },
          {
            "date": "2022-04-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-145"
          },
          {
            "date": "2023-11-07T03:14:10.297000",
            "db": "NVD",
            "id": "CVE-2020-10543"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "159726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-145"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Perl Input validation error vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-145"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-145"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-1807

    Vulnerability from variot - Updated: 2024-07-23 20:23

    Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. Perl Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An input validation error vulnerability exists in Perl versions prior to 5.30.3. The vulnerability is caused by the program's incorrect handling of the \"PL_regkind[OP(n)] == NOTHING\" case. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:1032-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1032 Issue date: 2021-03-30 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 =====================================================================

    1. Summary:

    An update for perl is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64

    1. Description:

    Perl is a high-level programming language that is commonly used for system administration utilities and web programming.

    Security Fix(es):

    • perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)

    • perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878)

    • perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1837975 - CVE-2020-10543 perl: heap-based buffer overflow in regular expression compiler leads to DoS 1837988 - CVE-2020-10878 perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS 1838000 - CVE-2020-12723 perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS 1930185 - perl FTBFS: ../cpan/Time-Local/t/Local.t test fails in year 2020 [rhel-7.7.z]

    1. Package List:

    Red Hat Enterprise Linux ComputeNode EUS (v. 7.7):

    Source: perl-5.16.3-294.el7_7.1.src.rpm

    noarch: perl-CPAN-1.9800-294.el7_7.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_7.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_7.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_7.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_7.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_7.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_7.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_7.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_7.1.noarch.rpm perl-Package-Constants-0.02-294.el7_7.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_7.1.noarch.rpm

    x86_64: perl-5.16.3-294.el7_7.1.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_7.1.x86_64.rpm perl-core-5.16.3-294.el7_7.1.x86_64.rpm perl-debuginfo-5.16.3-294.el7_7.1.i686.rpm perl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm perl-devel-5.16.3-294.el7_7.1.i686.rpm perl-devel-5.16.3-294.el7_7.1.x86_64.rpm perl-libs-5.16.3-294.el7_7.1.i686.rpm perl-libs-5.16.3-294.el7_7.1.x86_64.rpm perl-macros-5.16.3-294.el7_7.1.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7):

    x86_64: perl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm perl-tests-5.16.3-294.el7_7.1.x86_64.rpm

    Red Hat Enterprise Linux Server EUS (v. 7.7):

    Source: perl-5.16.3-294.el7_7.1.src.rpm

    noarch: perl-CPAN-1.9800-294.el7_7.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_7.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_7.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_7.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_7.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_7.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_7.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_7.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_7.1.noarch.rpm perl-Package-Constants-0.02-294.el7_7.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_7.1.noarch.rpm

    ppc64: perl-5.16.3-294.el7_7.1.ppc64.rpm perl-Time-Piece-1.20.1-294.el7_7.1.ppc64.rpm perl-core-5.16.3-294.el7_7.1.ppc64.rpm perl-debuginfo-5.16.3-294.el7_7.1.ppc.rpm perl-debuginfo-5.16.3-294.el7_7.1.ppc64.rpm perl-devel-5.16.3-294.el7_7.1.ppc.rpm perl-devel-5.16.3-294.el7_7.1.ppc64.rpm perl-libs-5.16.3-294.el7_7.1.ppc.rpm perl-libs-5.16.3-294.el7_7.1.ppc64.rpm perl-macros-5.16.3-294.el7_7.1.ppc64.rpm

    ppc64le: perl-5.16.3-294.el7_7.1.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_7.1.ppc64le.rpm perl-core-5.16.3-294.el7_7.1.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_7.1.ppc64le.rpm perl-devel-5.16.3-294.el7_7.1.ppc64le.rpm perl-libs-5.16.3-294.el7_7.1.ppc64le.rpm perl-macros-5.16.3-294.el7_7.1.ppc64le.rpm

    s390x: perl-5.16.3-294.el7_7.1.s390x.rpm perl-Time-Piece-1.20.1-294.el7_7.1.s390x.rpm perl-core-5.16.3-294.el7_7.1.s390x.rpm perl-debuginfo-5.16.3-294.el7_7.1.s390.rpm perl-debuginfo-5.16.3-294.el7_7.1.s390x.rpm perl-devel-5.16.3-294.el7_7.1.s390.rpm perl-devel-5.16.3-294.el7_7.1.s390x.rpm perl-libs-5.16.3-294.el7_7.1.s390.rpm perl-libs-5.16.3-294.el7_7.1.s390x.rpm perl-macros-5.16.3-294.el7_7.1.s390x.rpm

    x86_64: perl-5.16.3-294.el7_7.1.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_7.1.x86_64.rpm perl-core-5.16.3-294.el7_7.1.x86_64.rpm perl-debuginfo-5.16.3-294.el7_7.1.i686.rpm perl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm perl-devel-5.16.3-294.el7_7.1.i686.rpm perl-devel-5.16.3-294.el7_7.1.x86_64.rpm perl-libs-5.16.3-294.el7_7.1.i686.rpm perl-libs-5.16.3-294.el7_7.1.x86_64.rpm perl-macros-5.16.3-294.el7_7.1.x86_64.rpm

    Red Hat Enterprise Linux Server Optional EUS (v. 7.7):

    ppc64: perl-debuginfo-5.16.3-294.el7_7.1.ppc64.rpm perl-tests-5.16.3-294.el7_7.1.ppc64.rpm

    ppc64le: perl-debuginfo-5.16.3-294.el7_7.1.ppc64le.rpm perl-tests-5.16.3-294.el7_7.1.ppc64le.rpm

    s390x: perl-debuginfo-5.16.3-294.el7_7.1.s390x.rpm perl-tests-5.16.3-294.el7_7.1.s390x.rpm

    x86_64: perl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm perl-tests-5.16.3-294.el7_7.1.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYGLwtdzjgjWX9erEAQh/SA/9GENjf1AD4oPsRe6GzOIPR5HIuRSixHcc RUyMNqGsQ+piL824iq37aGqtl96Dvp67BpbeHEzAWTg3bPmrsaM1eXOR5awF9wuc f99kmE2UCTzdhtp4MDBrzRFidpi1FEwqNhOa9pSZH1My6+3PDhV4XtXysgQ7SDlw HJqf3mvfPrZdGcqNoOHWWjRyoH0OodJkPFn1ZoKAXn70HCVuTa0wcng18cWd8zs1 v210iFTCFWaDZpWc69HSV56+crM3alWfW8myDBdaVq9g4iWmK51pbA9Yp4AS4Hjy 09DzL8MJ3QEJjUYoo+siaaNz8bQGyCckhbrSDOgjUjU/QXxRouN5YyjIOnO8DOBc g7Qp2fceXmt8q7dn1YOgIFXGHbjwbMYiDhs39Fn6MuT3r1+ofbj/KMWa2icL5Nje ZetQ5eI+3A+irpef4wS0xMgEgr3PkGKmuxxauoq+y7BgbqD1EDs/ItHVzQKfPdPF m7uQ2mmqdO4rasKRGB0d4pO4yFCqyf6lBqxAEjexY0hyp1JPyJolGmWpYJP6LtJ4 7eKIPjnQgxCWOySa//2xxMSDVLj088zvLGf8eq2xmwV1+cyUXWQ9dkxdyImTO9IZ W6xporFLVbxX+fajaoZQQdHj7UxGpJY3rKofgFQQleRz22JSbvKhqydR36QFBRsR WUNYnqDSxIM= =ci9w -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .

    Bug fix:

    • RHACM 2.0.8 images (BZ #1915461)

    • Bugs fixed (https://bugzilla.redhat.com/):

    1915461 - RHACM 2.0.8 images 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation

    1. Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/

    Security fixes:

    • redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)

    • console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)

    • console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)

    Bug fixes:

    • RHACM 2.2.4 images (BZ# 1957254)

    • Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)

    • ACM Operator should support using the default route TLS (BZ# 1955270)

    • The scrolling bar for search filter does not work properly (BZ# 1956852)

    • Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)

    • The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)

    • Unable to make SSH connection to a Bitbucket server (BZ# 1966513)

    • Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)

    • Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

    1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message

    1. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64

    Bug Fix(es):

    • [perl-net-ping] wrong return value on failing DNS name lookup (BZ#1973177)

    • Description:

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release:

    https://access.redhat.com/errata/RHSA-2021:2122

    Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

    https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

    This update fixes the following bug among others:

    • Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238)

    Security Fix(es):

    • gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)

    You may download the oc tool and use it to inspect release image metadata as follows:

    (For x86_64 architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64

    The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4

    (For s390x architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x

    The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd

    (For ppc64le architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le

    The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36

    All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor

    1. Solution:

    For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

    https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

    Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing

    1. Description:

    Security Fix(es):

    • Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
    • Upgraded to a more recent version of autobahn to address CVE-2020-35678.
    • Upgraded to a more recent version of nginx to address CVE-2019-20372.

    Bug Fix(es):

    • Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.
    • Improved analytics collection to collect the playbook status for all hosts in a playbook run

    • Solution:

    For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape

    1. ========================================================================== Ubuntu Security Notice USN-4602-1 October 26, 2020

    perl vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 20.04 LTS
    • Ubuntu 18.04 LTS
    • Ubuntu 16.04 LTS

    Summary:

    Several security issues were fixed in Perl.

    Software Description: - perl: Practical Extraction and Report Language

    Details:

    ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543)

    Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878)

    Sergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 20.04 LTS: perl 5.30.0-9ubuntu0.2

    Ubuntu 18.04 LTS: perl 5.26.1-6ubuntu0.5

    Ubuntu 16.04 LTS: perl 5.22.1-9ubuntu0.9

    In general, a standard system update will make all the necessary changes

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1807",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "communications billing and revenue management",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0.0.2.0"
          },
          {
            "model": "configuration manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.1.2.0.8"
          },
          {
            "model": "communications performance intelligence center",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.3.0.0.0"
          },
          {
            "model": "communications eagle application processor",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "16.1.0"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.1"
          },
          {
            "model": "communications diameter signaling router",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.0.0"
          },
          {
            "model": "perl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "perl",
            "version": "5.30.3"
          },
          {
            "model": "communications performance intelligence center",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.3.0.2.1"
          },
          {
            "model": "tekelec platform distribution",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "7.7.1"
          },
          {
            "model": "communications performance intelligence center",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.4.0.1.0"
          },
          {
            "model": "tekelec platform distribution",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "7.4.0"
          },
          {
            "model": "oncommand workflow automation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "communications lsms",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.4"
          },
          {
            "model": "sd-wan aware",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "9.0"
          },
          {
            "model": "communications eagle lnp application processor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "46.7"
          },
          {
            "model": "communications eagle application processor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "16.4.0"
          },
          {
            "model": "communications eagle lnp application processor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.1"
          },
          {
            "model": "communications eagle lnp application processor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "46.8"
          },
          {
            "model": "sd-wan aware",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.2"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "31"
          },
          {
            "model": "communications performance intelligence center",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.4.0.3.1"
          },
          {
            "model": "communications lsms",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "model": "communications billing and revenue management",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0.0.3.0"
          },
          {
            "model": "communications eagle lnp application processor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.2"
          },
          {
            "model": "communications pricing design center",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0.0.3.0"
          },
          {
            "model": "communications offline mediation controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0.0.3.0"
          },
          {
            "model": "communications diameter signaling router",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.5.0"
          },
          {
            "model": "communications eagle lnp application processor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "46.9"
          },
          {
            "model": "enterprise manager base platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.4.0.0"
          },
          {
            "model": "snap creator framework",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "sd-wan aware",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "model": "fedora",
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "the perl",
            "version": "5.30.3"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006178"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10878"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.30.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.5.0",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.7.1",
                    "versionStartIncluding": "7.4.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.4",
                    "versionStartIncluding": "13.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.4.0",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_aware:9.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_aware:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.4.0.3.1",
                    "versionStartIncluding": "10.4.0.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.3.0.2.1",
                    "versionStartIncluding": "10.3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10878"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "162021"
          },
          {
            "db": "PACKETSTORM",
            "id": "161656"
          },
          {
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "db": "PACKETSTORM",
            "id": "163586"
          },
          {
            "db": "PACKETSTORM",
            "id": "162877"
          },
          {
            "db": "PACKETSTORM",
            "id": "161726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-148"
          }
        ],
        "trust": 1.2
      },
      "cve": "CVE-2020-10878",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006178",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-163400",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "impactScore": 4.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.6,
                "baseSeverity": "High",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006178",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-10878",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-006178",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-148",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-163400",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-163400"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006178"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-148"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10878"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. Perl Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An input validation error vulnerability exists in Perl versions prior to 5.30.3. The vulnerability is caused by the program\u0027s incorrect handling of the \\\"PL_regkind[OP(n)] == NOTHING\\\" case. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: perl security update\nAdvisory ID:       RHSA-2021:1032-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:1032\nIssue date:        2021-03-30\nCVE Names:         CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 \n=====================================================================\n\n1. Summary:\n\nAn update for perl is now available for Red Hat Enterprise Linux 7.7\nExtended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. Description:\n\nPerl is a high-level programming language that is commonly used for system\nadministration utilities and web programming. \n\nSecurity Fix(es):\n\n* perl: heap-based buffer overflow in regular expression compiler leads to\nDoS (CVE-2020-10543)\n\n* perl: corruption of intermediate language state of compiled regular\nexpression due to integer overflow leads to DoS (CVE-2020-10878)\n\n* perl: corruption of intermediate language state of compiled regular\nexpression due to recursive S_study_chunk() calls leads to DoS\n(CVE-2020-12723)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1837975 - CVE-2020-10543 perl: heap-based buffer overflow in regular expression compiler leads to DoS\n1837988 - CVE-2020-10878 perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS\n1838000 - CVE-2020-12723 perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS\n1930185 - perl FTBFS: ../cpan/Time-Local/t/Local.t test fails in year 2020 [rhel-7.7.z]\n\n6. Package List:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.7):\n\nSource:\nperl-5.16.3-294.el7_7.1.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_7.1.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_7.1.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_7.1.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_7.1.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_7.1.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_7.1.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_7.1.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_7.1.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_7.1.noarch.rpm\nperl-Package-Constants-0.02-294.el7_7.1.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_7.1.noarch.rpm\n\nx86_64:\nperl-5.16.3-294.el7_7.1.x86_64.rpm\nperl-Time-Piece-1.20.1-294.el7_7.1.x86_64.rpm\nperl-core-5.16.3-294.el7_7.1.x86_64.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.i686.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm\nperl-devel-5.16.3-294.el7_7.1.i686.rpm\nperl-devel-5.16.3-294.el7_7.1.x86_64.rpm\nperl-libs-5.16.3-294.el7_7.1.i686.rpm\nperl-libs-5.16.3-294.el7_7.1.x86_64.rpm\nperl-macros-5.16.3-294.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7):\n\nx86_64:\nperl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm\nperl-tests-5.16.3-294.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nperl-5.16.3-294.el7_7.1.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_7.1.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_7.1.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_7.1.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_7.1.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_7.1.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_7.1.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_7.1.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_7.1.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_7.1.noarch.rpm\nperl-Package-Constants-0.02-294.el7_7.1.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_7.1.noarch.rpm\n\nppc64:\nperl-5.16.3-294.el7_7.1.ppc64.rpm\nperl-Time-Piece-1.20.1-294.el7_7.1.ppc64.rpm\nperl-core-5.16.3-294.el7_7.1.ppc64.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.ppc.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.ppc64.rpm\nperl-devel-5.16.3-294.el7_7.1.ppc.rpm\nperl-devel-5.16.3-294.el7_7.1.ppc64.rpm\nperl-libs-5.16.3-294.el7_7.1.ppc.rpm\nperl-libs-5.16.3-294.el7_7.1.ppc64.rpm\nperl-macros-5.16.3-294.el7_7.1.ppc64.rpm\n\nppc64le:\nperl-5.16.3-294.el7_7.1.ppc64le.rpm\nperl-Time-Piece-1.20.1-294.el7_7.1.ppc64le.rpm\nperl-core-5.16.3-294.el7_7.1.ppc64le.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.ppc64le.rpm\nperl-devel-5.16.3-294.el7_7.1.ppc64le.rpm\nperl-libs-5.16.3-294.el7_7.1.ppc64le.rpm\nperl-macros-5.16.3-294.el7_7.1.ppc64le.rpm\n\ns390x:\nperl-5.16.3-294.el7_7.1.s390x.rpm\nperl-Time-Piece-1.20.1-294.el7_7.1.s390x.rpm\nperl-core-5.16.3-294.el7_7.1.s390x.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.s390.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.s390x.rpm\nperl-devel-5.16.3-294.el7_7.1.s390.rpm\nperl-devel-5.16.3-294.el7_7.1.s390x.rpm\nperl-libs-5.16.3-294.el7_7.1.s390.rpm\nperl-libs-5.16.3-294.el7_7.1.s390x.rpm\nperl-macros-5.16.3-294.el7_7.1.s390x.rpm\n\nx86_64:\nperl-5.16.3-294.el7_7.1.x86_64.rpm\nperl-Time-Piece-1.20.1-294.el7_7.1.x86_64.rpm\nperl-core-5.16.3-294.el7_7.1.x86_64.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.i686.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm\nperl-devel-5.16.3-294.el7_7.1.i686.rpm\nperl-devel-5.16.3-294.el7_7.1.x86_64.rpm\nperl-libs-5.16.3-294.el7_7.1.i686.rpm\nperl-libs-5.16.3-294.el7_7.1.x86_64.rpm\nperl-macros-5.16.3-294.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.7):\n\nppc64:\nperl-debuginfo-5.16.3-294.el7_7.1.ppc64.rpm\nperl-tests-5.16.3-294.el7_7.1.ppc64.rpm\n\nppc64le:\nperl-debuginfo-5.16.3-294.el7_7.1.ppc64le.rpm\nperl-tests-5.16.3-294.el7_7.1.ppc64le.rpm\n\ns390x:\nperl-debuginfo-5.16.3-294.el7_7.1.s390x.rpm\nperl-tests-5.16.3-294.el7_7.1.s390x.rpm\n\nx86_64:\nperl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm\nperl-tests-5.16.3-294.el7_7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10543\nhttps://access.redhat.com/security/cve/CVE-2020-10878\nhttps://access.redhat.com/security/cve/CVE-2020-12723\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYGLwtdzjgjWX9erEAQh/SA/9GENjf1AD4oPsRe6GzOIPR5HIuRSixHcc\nRUyMNqGsQ+piL824iq37aGqtl96Dvp67BpbeHEzAWTg3bPmrsaM1eXOR5awF9wuc\nf99kmE2UCTzdhtp4MDBrzRFidpi1FEwqNhOa9pSZH1My6+3PDhV4XtXysgQ7SDlw\nHJqf3mvfPrZdGcqNoOHWWjRyoH0OodJkPFn1ZoKAXn70HCVuTa0wcng18cWd8zs1\nv210iFTCFWaDZpWc69HSV56+crM3alWfW8myDBdaVq9g4iWmK51pbA9Yp4AS4Hjy\n09DzL8MJ3QEJjUYoo+siaaNz8bQGyCckhbrSDOgjUjU/QXxRouN5YyjIOnO8DOBc\ng7Qp2fceXmt8q7dn1YOgIFXGHbjwbMYiDhs39Fn6MuT3r1+ofbj/KMWa2icL5Nje\nZetQ5eI+3A+irpef4wS0xMgEgr3PkGKmuxxauoq+y7BgbqD1EDs/ItHVzQKfPdPF\nm7uQ2mmqdO4rasKRGB0d4pO4yFCqyf6lBqxAEjexY0hyp1JPyJolGmWpYJP6LtJ4\n7eKIPjnQgxCWOySa//2xxMSDVLj088zvLGf8eq2xmwV1+cyUXWQ9dkxdyImTO9IZ\nW6xporFLVbxX+fajaoZQQdHj7UxGpJY3rKofgFQQleRz22JSbvKhqydR36QFBRsR\nWUNYnqDSxIM=\n=ci9w\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nBug fix:\n\n* RHACM 2.0.8 images (BZ #1915461)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1915461 - RHACM 2.0.8 images\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it\u0027s difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nBug Fix(es):\n\n* [perl-net-ping] wrong return value on failing DNS name lookup\n(BZ#1973177)\n\n4. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.13. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:2122\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nThis update fixes the following bug among others:\n\n* Previously, resources for the ClusterOperator were being created early in\nthe update process, which led to update failures when the ClusterOperator\nhad no status condition while Operators were updating. This bug fix changes\nthe timing of when these resources are created. As a result, updates can\ntake place without errors. (BZ#1959238)\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-x86_64\n\nThe image digest is\nsha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-s390x\n\nThe image digest is\nsha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le\n\nThe image digest is\nsha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923268 - [Assisted-4.7] [Staging] Using two both spelling \"canceled\"  \"cancelled\"\n1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go\n1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list\n1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits\n1959238 - CVO creating cloud-controller-manager too early causing upgrade failures\n1960103 - SR-IOV obliviously reboot the node\n1961941 - Local Storage Operator using LocalVolume CR fails to create PV\u0027s when backend storage failure is simulated\n1962302 - packageserver clusteroperator does not set reason or message for Available condition\n1962312 - Deployment considered unhealthy despite being available and at latest generation\n1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone\n1963115 - Test verify /run filesystem contents failing\n\n5. Description:\n\nSecurity Fix(es):\n\n* Addressed a security issue which can allow a malicious playbook author to\nelevate to the awx user from outside the isolated environment:\nCVE-2021-20253\n* Upgraded to a more recent version of autobahn to address CVE-2020-35678. \n* Upgraded to a more recent version of nginx to address CVE-2019-20372. \n\nBug Fix(es):\n\n* Fixed a bug which can intermittently cause access to encrypted Tower\nsettings to fail, resulting in failed job launches. \n* Improved analytics collection to collect the playbook status for all\nhosts in a playbook run\n\n3. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page\n1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection\n1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape\n\n5. ==========================================================================\nUbuntu Security Notice USN-4602-1\nOctober 26, 2020\n\nperl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Perl. \n\nSoftware Description:\n- perl: Practical Extraction and Report Language\n\nDetails:\n\nManhND discovered that Perl incorrectly handled certain regular\nexpressions. In environments where untrusted regular expressions are\nevaluated, a remote attacker could possibly use this issue to cause Perl to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2020-10543)\n\nHugo van der Sanden and Slaven Rezic discovered that Perl incorrectly\nhandled certain regular expressions. In environments where untrusted\nregular expressions are evaluated, a remote attacker could possibly use\nthis issue to cause Perl to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2020-10878)\n\nSergey Aleynikov discovered that Perl incorrectly handled certain regular\nexpressions. In environments where untrusted regular expressions are\nevaluated, a remote attacker could possibly use this issue to cause Perl to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2020-12723)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n  perl                            5.30.0-9ubuntu0.2\n\nUbuntu 18.04 LTS:\n  perl                            5.26.1-6ubuntu0.5\n\nUbuntu 16.04 LTS:\n  perl                            5.22.1-9ubuntu0.9\n\nIn general, a standard system update will make all the necessary changes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006178"
          },
          {
            "db": "VULHUB",
            "id": "VHN-163400"
          },
          {
            "db": "PACKETSTORM",
            "id": "162021"
          },
          {
            "db": "PACKETSTORM",
            "id": "161656"
          },
          {
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "db": "PACKETSTORM",
            "id": "163586"
          },
          {
            "db": "PACKETSTORM",
            "id": "162877"
          },
          {
            "db": "PACKETSTORM",
            "id": "161726"
          },
          {
            "db": "PACKETSTORM",
            "id": "159707"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-10878",
            "trust": 3.2
          },
          {
            "db": "PACKETSTORM",
            "id": "162021",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "162877",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "159707",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "161656",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "163188",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006178",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "159726",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "162650",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "161728",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "161255",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "162837",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "162245",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "161843",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-148",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "163586",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2021042131",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021042519",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072164",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021052031",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021092220",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012754",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072268",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "158058",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1338",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0791",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2604",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2781",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0925",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1725",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0371",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1096",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0499",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2180",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0845",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1820",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1866",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2469",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "161726",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "161727",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-53545",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-163400",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-163400"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006178"
          },
          {
            "db": "PACKETSTORM",
            "id": "162021"
          },
          {
            "db": "PACKETSTORM",
            "id": "161656"
          },
          {
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "db": "PACKETSTORM",
            "id": "163586"
          },
          {
            "db": "PACKETSTORM",
            "id": "162877"
          },
          {
            "db": "PACKETSTORM",
            "id": "161726"
          },
          {
            "db": "PACKETSTORM",
            "id": "159707"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-148"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10878"
          }
        ]
      },
      "id": "VAR-202006-1807",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-163400"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-07-23T20:23:24.085000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "FEDORA-2020-fd73c08076",
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
          },
          {
            "title": "study_chunk: extract rck_elide_nothing",
            "trust": 0.8,
            "url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
          },
          {
            "title": "regcomp: use long jumps if there is any possibility of overflow",
            "trust": 0.8,
            "url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
          },
          {
            "title": "perl5/pod/perl5303delta.pod",
            "trust": 0.8,
            "url": "https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod"
          },
          {
            "title": "Comparing changes",
            "trust": 0.8,
            "url": "https://github.com/perl/perl5/compare/v5.30.2...v5.30.3"
          },
          {
            "title": "Perl Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122041"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006178"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-148"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-163400"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006178"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10878"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
          },
          {
            "trust": 2.3,
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "trust": 2.3,
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "trust": 2.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/perl/perl5/compare/v5.30.2...v5.30.3"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/202006-03"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10878"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-10878"
          },
          {
            "trust": 0.6,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.6,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-10543"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162650/red-hat-security-advisory-2021-1678-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/161255/red-hat-security-advisory-2021-0343-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072164"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/perl-core-integer-overflow-via-regular-expression-malformed-bytecode-32366"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-contains-security-vulnerabilities/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1866"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht211289"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1820"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072268"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1725"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021052031"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0371/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2781"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012754"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1096"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021042131"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2180"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/161656/red-hat-security-advisory-2021-0719-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-perl-affect-aix-cve-2020-10543-cve-2020-10878-and-cve-2020-12723/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163188/red-hat-security-advisory-2021-2461-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0499"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/161728/red-hat-security-advisory-2021-0780-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0925"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/158058/gentoo-linux-security-advisory-202006-03.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/161843/red-hat-security-advisory-2021-0883-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/159707/ubuntu-security-notice-usn-4602-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1338"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021092220"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2469"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162021/red-hat-security-advisory-2021-1032-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162245/red-hat-security-advisory-2021-1266-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021042519"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0845"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0791"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162837/red-hat-security-advisory-2021-2136-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162877/red-hat-security-advisory-2021-2121-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163586/red-hat-security-advisory-2021-2792-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/159726/ubuntu-security-notice-usn-4602-2.html"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-12723"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3121"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8286"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-28196"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-15358"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-13434"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25037"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-3842"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-13776"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-24977"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8231"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-29362"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-28935"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25034"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8285"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25035"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-9169"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-14866"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-26116"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25038"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-26137"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-29361"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-24330"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25042"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-12362"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25032"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25041"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25036"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-27619"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-25215"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3177"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-24331"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3326"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25013"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-2708"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-23336"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8927"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-29363"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-24332"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25039"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-25040"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2016-10228"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8284"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-27618"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:1032"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20230"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29661"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15436"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14351"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25705"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0719"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-29661"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35513"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14351"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20230"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25705"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15436"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35513"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21639"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28165"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28092"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12363"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27219"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28163"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-14502"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21309"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21640"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28918"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3543"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3501"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25648"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8648"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27170"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25692"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2433"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3347"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3114"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28362"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12364"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2461"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2792"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14347"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36322"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12114"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25712"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15586"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12114"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13543"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27835"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9951"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25704"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36242"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19528"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9948"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13012"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0431"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16845"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14363"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13584"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14360"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21645"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27783"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19528"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12464"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14314"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25659"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14356"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21643"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27786"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25643"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9983"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24394"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-0431"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-0342"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30465"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14345"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14344"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19523"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14362"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21644"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14361"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25285"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35508"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25212"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19523"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28974"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2121"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15437"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25284"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14346"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2122"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11608"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21642"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12464"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0779"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35678"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20228"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20253"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20178"
          },
          {
            "trust": 0.1,
            "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20191"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20253"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20191"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20180"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20228"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35678"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20372"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20180"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20178"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/perl/5.30.0-9ubuntu0.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.9"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4602-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.5"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-163400"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006178"
          },
          {
            "db": "PACKETSTORM",
            "id": "162021"
          },
          {
            "db": "PACKETSTORM",
            "id": "161656"
          },
          {
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "db": "PACKETSTORM",
            "id": "163586"
          },
          {
            "db": "PACKETSTORM",
            "id": "162877"
          },
          {
            "db": "PACKETSTORM",
            "id": "161726"
          },
          {
            "db": "PACKETSTORM",
            "id": "159707"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-148"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10878"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-163400"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006178"
          },
          {
            "db": "PACKETSTORM",
            "id": "162021"
          },
          {
            "db": "PACKETSTORM",
            "id": "161656"
          },
          {
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "db": "PACKETSTORM",
            "id": "163586"
          },
          {
            "db": "PACKETSTORM",
            "id": "162877"
          },
          {
            "db": "PACKETSTORM",
            "id": "161726"
          },
          {
            "db": "PACKETSTORM",
            "id": "159707"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-148"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10878"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-163400"
          },
          {
            "date": "2020-07-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006178"
          },
          {
            "date": "2021-03-30T14:26:55",
            "db": "PACKETSTORM",
            "id": "162021"
          },
          {
            "date": "2021-03-04T15:33:19",
            "db": "PACKETSTORM",
            "id": "161656"
          },
          {
            "date": "2021-06-17T17:53:22",
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "date": "2021-07-21T16:03:08",
            "db": "PACKETSTORM",
            "id": "163586"
          },
          {
            "date": "2021-06-01T14:45:29",
            "db": "PACKETSTORM",
            "id": "162877"
          },
          {
            "date": "2021-03-09T16:23:27",
            "db": "PACKETSTORM",
            "id": "161726"
          },
          {
            "date": "2020-10-26T16:43:39",
            "db": "PACKETSTORM",
            "id": "159707"
          },
          {
            "date": "2020-06-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-148"
          },
          {
            "date": "2020-06-05T14:15:10.527000",
            "db": "NVD",
            "id": "CVE-2020-10878"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-163400"
          },
          {
            "date": "2020-07-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006178"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-148"
          },
          {
            "date": "2023-11-07T03:14:25.100000",
            "db": "NVD",
            "id": "CVE-2020-10878"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "159707"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-148"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Perl Integer overflow vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006178"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-148"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201812-0273

    Vulnerability from variot - Updated: 2024-07-23 20:09

    Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. Perl Contains an out-of-bounds vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Perl is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. Attackers can exploit these issues to execute arbitrary code on the affected application. Failed attempts will likely cause a denial-of-service condition. Perl versions 5.22 through 5.26 are vulnerable. Perl is a free and powerful cross-platform programming language developed by American programmer Larry Wall. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: rh-perl524-perl security update Advisory ID: RHSA-2019:0010-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:0010 Issue date: 2019-01-02 CVE Names: CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 ==================================================================== 1. Summary:

    An update for rh-perl524-perl is now available for Red Hat Software Collections.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

    1. Description:

    Perl is a high-level programming language that is commonly used for system administration utilities and web programming.

    Security Fix(es):

    • perl: Integer overflow leading to buffer overflow in Perl_my_setenv() (CVE-2018-18311)

    • perl: Heap-based buffer overflow in S_handle_regex_sets() (CVE-2018-18312)

    • perl: Heap-based buffer overflow in S_regatom() (CVE-2018-18314)

    • perl: Heap-based buffer read overflow in S_grok_bslash_N() (CVE-2018-18313)

    For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

    Red Hat would like to thank the Perl project for reporting these issues. Upstream acknowledges Jayakrishna Menon as the original reporter of CVE-2018-18311; Eiichi Tsukata as the original reporter of CVE-2018-18312 and CVE-2018-18313; and Jakub Wilk as the original reporter of CVE-2018-18314.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1646730 - CVE-2018-18311 perl: Integer overflow leading to buffer overflow in Perl_my_setenv() 1646734 - CVE-2018-18312 perl: Heap-based buffer overflow in S_handle_regex_sets() 1646738 - CVE-2018-18313 perl: Heap-based buffer read overflow in S_grok_bslash_N() 1646751 - CVE-2018-18314 perl: Heap-based buffer overflow in S_regatom()

    1. Package List:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

    Source: rh-perl524-perl-5.24.0-381.el6.src.rpm

    noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el6.noarch.rpm

    x86_64: rh-perl524-perl-tests-5.24.0-381.el6.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

    Source: rh-perl524-perl-5.24.0-381.el6.src.rpm

    noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el6.noarch.rpm

    x86_64: rh-perl524-perl-tests-5.24.0-381.el6.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

    Source: rh-perl524-perl-5.24.0-381.el7.src.rpm

    noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm

    x86_64: rh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):

    Source: rh-perl524-perl-5.24.0-381.el7.src.rpm

    noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm

    x86_64: rh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

    Source: rh-perl524-perl-5.24.0-381.el7.src.rpm

    noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm

    x86_64: rh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

    Source: rh-perl524-perl-5.24.0-381.el7.src.rpm

    noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm

    x86_64: rh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

    Source: rh-perl524-perl-5.24.0-381.el7.src.rpm

    noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm

    x86_64: rh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2018-18311 https://access.redhat.com/security/cve/CVE-2018-18312 https://access.redhat.com/security/cve/CVE-2018-18313 https://access.redhat.com/security/cve/CVE-2018-18314 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBXCzjWdzjgjWX9erEAQgGbxAAjUats4SSpuFti8OldbpStTe7erlyVhih Gh5YONFxhYXSTeCv064Qbm+3m6gxbHBuQtsydMtXYGuMhA6ire2vQkJGT4/IAE1y 55aL3GLosOiqdu/yrydYnnSfxVBitY5dxN4sUBSeh54HOHzPx247zVMzMD2AwPQy DpdQ639qseh+Aq79z0ZOqofH9PHX3XDm2kypR7mhohxkORJ0rkoHAKgIfn5y7Y79 w8vTRn+S6C4goJUCMOUYU4eSuFx2PV6abOTvodGfPO2PPwivkVDIqr2UxMEZV4nA wh13K9FteozKWQApxVIkR3ipg55SHC9xHd1vpsnZRnGrnG4bO0EOTcsQ/9N2FztR soBINhCU0ycU9/Fal1Ul4COp6F2vpDsMveeMXcnmNX+f8H8UOtd8VoR5sJ6fhApC Lb+20d2AWuClUtqBghcRMTlXxYOu7KWYGVbamfDeIOH6p/p4XA8iDUeUFB5B4v4s eAnD0bqK1RRFpuOPO2Fi5F/LZ18olTA7TuTWDmBwj27nYxaLunZtctaLg6p/QgYS T5mPOFl6CGnafhZgy0iihwCCEjIcz34vPUe9kmK7ywBoJ3GIfNnGJmOs+FC7ntzQ L9YCjVEk5e8hTDGq6HohPF73gxAwdQVNYxzLoh7XmAvcBefL/eAK+YhDhCtc0ZUb ul+etyPMblM=Fj2Q -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

    The following packages have been upgraded to a later upstream version: rh-perl526-perl (5.26.3), rh-perl526-perl-Module-CoreList (5.20181130). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201909-01


                                           https://security.gentoo.org/
    

    Severity: Normal Title: Perl: Multiple vulnerabilities Date: September 06, 2019 Bugs: #653432, #670190 ID: 201909-01


    Synopsis

    Multiple vulnerabilities have been found in Perl, the worst of which could result in the arbitrary execution of code.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 dev-lang/perl < 5.28.2 >= 5.28.2

    Description

    Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Perl users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.28.2"

    References

    [ 1 ] CVE-2018-18311 https://nvd.nist.gov/vuln/detail/CVE-2018-18311 [ 2 ] CVE-2018-18312 https://nvd.nist.gov/vuln/detail/CVE-2018-18312 [ 3 ] CVE-2018-18313 https://nvd.nist.gov/vuln/detail/CVE-2018-18313 [ 4 ] CVE-2018-18314 https://nvd.nist.gov/vuln/detail/CVE-2018-18314 [ 5 ] CVE-2018-6797 https://nvd.nist.gov/vuln/detail/CVE-2018-6797 [ 6 ] CVE-2018-6798 https://nvd.nist.gov/vuln/detail/CVE-2018-6798 [ 7 ] CVE-2018-6913 https://nvd.nist.gov/vuln/detail/CVE-2018-6913

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/201909-01

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra

    macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra are now available and addresses the following:

    AppleGraphicsControl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team

    Bom Available for: macOS Mojave 10.14.3 Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved handling of file metadata. CVE-2019-6239: Ian Moorhouse and Michael Trimm

    CFString Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2019-8516: SWIPS Team of Frifee Inc.

    configd Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8552: Mohamed Ghannam (@_simo36)

    Contacts Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-8511: an anonymous researcher

    CoreCrypto Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher

    DiskArbitration Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2019-8522: Colin Meginnis (@falc420)

    FaceTime Available for: macOS Mojave 10.14.3 Impact: A user's video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing Description: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. CVE-2019-8550: Lauren Guzniczak of Keystone Academy

    Feedback Assistant Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs

    Feedback Assistant Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs

    file Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted file might disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6237: an anonymous researcher

    Graphics Drivers Available for: macOS Mojave 10.14.3 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin (@panicaII) and Junzhi Lu of Trend Micro Research working with Trend Micro's Zero Day Initiative

    iAP Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher

    IOGraphics Available for: macOS Mojave 10.14.3 Impact: A Mac may not lock when disconnecting from an external monitor Description: A lock handling issue was addressed with improved lock handling. CVE-2019-8533: an anonymous researcher, James Eagan of Télécom ParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT

    IOHIDFamily Available for: macOS Mojave 10.14.3 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team

    IOKit Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8504: an anonymous researcher

    IOKit SCSI Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro

    Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow was addressed with improved size validation. CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)

    Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8508: Dr. Silvio Cesare of InfoSect

    Kernel Available for: macOS Mojave 10.14.3 Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2019-8514: Samuel Groß of Google Project Zero

    Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team

    Kernel Available for: macOS Mojave 10.14.3 Impact: A local user may be able to read kernel memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-7293: Ned Williamson of Google

    Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) CVE-2019-8510: Stefan Esser of Antid0te UG

    Messages Available for: macOS Mojave 10.14.3 Impact: A local user may be able to view sensitive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8546: ChiYuan Chang

    Notes Available for: macOS Mojave 10.14.3 Impact: A local user may be able to view a user's locked notes Description: An access issue was addressed with improved memory management. CVE-2019-8537: Greg Walker (gregwalker.us)

    PackageKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. CVE-2019-8561: Jaron Bradley of Crowdstrike

    Perl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: Multiple issues in Perl Description: Multiple issues in Perl were addressed in this update. CVE-2018-12015: Jakub Wilk CVE-2018-18311: Jayakrishna Menon CVE-2018-18313: Eiichi Tsukata

    Power Management Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com)

    QuartzCore Available for: macOS Mojave 10.14.3 Impact: Processing malicious data may lead to unexpected application termination Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8507: Kai Lu or Fortinet's FortiGuard Labs

    Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8526: Linus Henze (pinauten.de)

    Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8520: Antonio Groza, The UK's National Cyber Security Centre (NCSC)

    Siri Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to initiate a Dictation request without user authorization Description: An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabaș of University POLITEHNICA of Bucharest, and Răzvan Deaconescu of University POLITEHNICA of Bucharest

    Time Machine Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A local user may be able to execute arbitrary shell commands Description: This issue was addressed with improved checks. CVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs

    TrueTypeScaler Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative

    XPC Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs

    Additional recognition

    Accounts We would like to acknowledge Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt for their assistance.

    Books We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.

    Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.

    Mail We would like to acknowledge Craig Young of Tripwire VERT and Hanno Böck for their assistance.

    Time Machine We would like to acknowledge CodeColorist of Ant-Financial LightYear Labs for their assistance.

    Installation note:

    macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

    Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

    iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9 FvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT vyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D Eqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33 iAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM ucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB sSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p 7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J +9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7 OLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0 zBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS 1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk= =QV0f -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3834-1 December 03, 2018

    perl vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 18.10
    • Ubuntu 18.04 LTS
    • Ubuntu 16.04 LTS
    • Ubuntu 14.04 LTS

    Summary:

    Several security issues were fixed in Perl.

    Software Description: - perl: Practical Extraction and Report Language

    Details:

    Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. (CVE-2018-18311)

    Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18312)

    Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. (CVE-2018-18313)

    Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 18.10: perl 5.26.2-7ubuntu0.1

    Ubuntu 18.04 LTS: perl 5.26.1-6ubuntu0.3

    Ubuntu 16.04 LTS: perl 5.22.1-9ubuntu0.6

    Ubuntu 14.04 LTS: perl 5.18.2-2ubuntu1.7

    In general, a standard system update will make all the necessary changes. This update provides the corresponding update for Ubuntu 12.04 ESM

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0273",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.04"
          },
          {
            "model": "e-series santricity os controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netapp",
            "version": "11.40"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.5"
          },
          {
            "model": "snapcenter",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "snapdrive",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.4"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "model": "e-series santricity os controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "netapp",
            "version": "11.0"
          },
          {
            "model": "perl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "perl",
            "version": "5.26.3"
          },
          {
            "model": "mac os x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.14.4"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "14.04"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "model": "snap creator framework",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.10"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "12.04"
          },
          {
            "model": "ubuntu",
            "scope": null,
            "trust": 0.8,
            "vendor": "canonical",
            "version": null
          },
          {
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "model": "perl",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "the perl",
            "version": "5.26.3"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "perl",
            "version": "5.12.1"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "perl",
            "version": "5.12.2"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "perl",
            "version": "5.12.0"
          },
          {
            "model": "software collections for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "0"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.26"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.24"
          },
          {
            "model": "perl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.22"
          },
          {
            "model": "perl",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.28.1"
          },
          {
            "model": "perl",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "perl",
            "version": "5.26.3"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "106072"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012766"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-926"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18313"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.26.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "11.40",
                    "versionStartIncluding": "11.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.14.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18313"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Apple,Gentoo",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-926"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2018-18313",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 4.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-18313",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-128860",
                "impactScore": 4.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.2,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.1,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-18313",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-18313",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-926",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-128860",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-18313",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128860"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-18313"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012766"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-926"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18313"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. Perl Contains an out-of-bounds vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Perl is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. \nAttackers can exploit these issues to execute arbitrary code on the affected application. Failed attempts will likely cause a denial-of-service condition. \nPerl versions 5.22 through 5.26 are vulnerable. Perl is a free and powerful cross-platform programming language developed by American programmer Larry Wall. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: rh-perl524-perl security update\nAdvisory ID:       RHSA-2019:0010-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:0010\nIssue date:        2019-01-02\nCVE Names:         CVE-2018-18311 CVE-2018-18312 CVE-2018-18313\n                   CVE-2018-18314\n====================================================================\n1. Summary:\n\nAn update for rh-perl524-perl is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nPerl is a high-level programming language that is commonly used for system\nadministration utilities and web programming. \n\nSecurity Fix(es):\n\n* perl: Integer overflow leading to buffer overflow in Perl_my_setenv()\n(CVE-2018-18311)\n\n* perl: Heap-based buffer overflow in S_handle_regex_sets()\n(CVE-2018-18312)\n\n* perl: Heap-based buffer overflow in S_regatom() (CVE-2018-18314)\n\n* perl: Heap-based buffer read overflow in S_grok_bslash_N()\n(CVE-2018-18313)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank the Perl project for reporting these issues. \nUpstream acknowledges Jayakrishna Menon as the original reporter of\nCVE-2018-18311; Eiichi Tsukata as the original reporter of CVE-2018-18312\nand CVE-2018-18313; and Jakub Wilk as the original reporter of\nCVE-2018-18314. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1646730 - CVE-2018-18311 perl: Integer overflow leading to buffer overflow in Perl_my_setenv()\n1646734 - CVE-2018-18312 perl: Heap-based buffer overflow in S_handle_regex_sets()\n1646738 - CVE-2018-18313 perl: Heap-based buffer read overflow in S_grok_bslash_N()\n1646751 - CVE-2018-18314 perl: Heap-based buffer overflow in S_regatom()\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-perl524-perl-5.24.0-381.el6.src.rpm\n\nnoarch:\nrh-perl524-perl-Locale-Maketext-Simple-0.21-381.el6.noarch.rpm\n\nx86_64:\nrh-perl524-perl-tests-5.24.0-381.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-perl524-perl-5.24.0-381.el6.src.rpm\n\nnoarch:\nrh-perl524-perl-Locale-Maketext-Simple-0.21-381.el6.noarch.rpm\n\nx86_64:\nrh-perl524-perl-tests-5.24.0-381.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-perl524-perl-5.24.0-381.el7.src.rpm\n\nnoarch:\nrh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm\n\nx86_64:\nrh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-perl524-perl-5.24.0-381.el7.src.rpm\n\nnoarch:\nrh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm\n\nx86_64:\nrh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-perl524-perl-5.24.0-381.el7.src.rpm\n\nnoarch:\nrh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm\n\nx86_64:\nrh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-perl524-perl-5.24.0-381.el7.src.rpm\n\nnoarch:\nrh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm\n\nx86_64:\nrh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-perl524-perl-5.24.0-381.el7.src.rpm\n\nnoarch:\nrh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm\n\nx86_64:\nrh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-18311\nhttps://access.redhat.com/security/cve/CVE-2018-18312\nhttps://access.redhat.com/security/cve/CVE-2018-18313\nhttps://access.redhat.com/security/cve/CVE-2018-18314\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXCzjWdzjgjWX9erEAQgGbxAAjUats4SSpuFti8OldbpStTe7erlyVhih\nGh5YONFxhYXSTeCv064Qbm+3m6gxbHBuQtsydMtXYGuMhA6ire2vQkJGT4/IAE1y\n55aL3GLosOiqdu/yrydYnnSfxVBitY5dxN4sUBSeh54HOHzPx247zVMzMD2AwPQy\nDpdQ639qseh+Aq79z0ZOqofH9PHX3XDm2kypR7mhohxkORJ0rkoHAKgIfn5y7Y79\nw8vTRn+S6C4goJUCMOUYU4eSuFx2PV6abOTvodGfPO2PPwivkVDIqr2UxMEZV4nA\nwh13K9FteozKWQApxVIkR3ipg55SHC9xHd1vpsnZRnGrnG4bO0EOTcsQ/9N2FztR\nsoBINhCU0ycU9/Fal1Ul4COp6F2vpDsMveeMXcnmNX+f8H8UOtd8VoR5sJ6fhApC\nLb+20d2AWuClUtqBghcRMTlXxYOu7KWYGVbamfDeIOH6p/p4XA8iDUeUFB5B4v4s\neAnD0bqK1RRFpuOPO2Fi5F/LZ18olTA7TuTWDmBwj27nYxaLunZtctaLg6p/QgYS\nT5mPOFl6CGnafhZgy0iihwCCEjIcz34vPUe9kmK7ywBoJ3GIfNnGJmOs+FC7ntzQ\nL9YCjVEk5e8hTDGq6HohPF73gxAwdQVNYxzLoh7XmAvcBefL/eAK+YhDhCtc0ZUb\nul+etyPMblM=Fj2Q\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe following packages have been upgraded to a later upstream version:\nrh-perl526-perl (5.26.3), rh-perl526-perl-Module-CoreList (5.20181130). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201909-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Perl: Multiple vulnerabilities\n     Date: September 06, 2019\n     Bugs: #653432, #670190\n       ID: 201909-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Perl, the worst of which\ncould result in the arbitrary execution of code. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-lang/perl                \u003c 5.28.2                  \u003e= 5.28.2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Perl. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Perl users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/perl-5.28.2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-18311\n      https://nvd.nist.gov/vuln/detail/CVE-2018-18311\n[ 2 ] CVE-2018-18312\n      https://nvd.nist.gov/vuln/detail/CVE-2018-18312\n[ 3 ] CVE-2018-18313\n      https://nvd.nist.gov/vuln/detail/CVE-2018-18313\n[ 4 ] CVE-2018-18314\n      https://nvd.nist.gov/vuln/detail/CVE-2018-18314\n[ 5 ] CVE-2018-6797\n      https://nvd.nist.gov/vuln/detail/CVE-2018-6797\n[ 6 ] CVE-2018-6798\n      https://nvd.nist.gov/vuln/detail/CVE-2018-6798\n[ 7 ] CVE-2018-6913\n      https://nvd.nist.gov/vuln/detail/CVE-2018-6913\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201909-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2019 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update\n2019-002 High Sierra, Security Update 2019-002 Sierra\n\nmacOS Mojave 10.14.4, Security Update 2019-002 High Sierra,\nSecurity Update 2019-002 Sierra are now available and\naddresses the following:\n\nAppleGraphicsControl\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and\nshrek_wzw of Qihoo 360 Nirvan Team\n\nBom\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved handling of file\nmetadata. \nCVE-2019-6239: Ian Moorhouse and Michael Trimm\n\nCFString\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted string may lead to a denial\nof service\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-8516: SWIPS Team of Frifee Inc. \n\nconfigd\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8552: Mohamed Ghannam (@_simo36)\n\nContacts\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2019-8511: an anonymous researcher\n\nCoreCrypto\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8542: an anonymous researcher\n\nDiskArbitration\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: An encrypted volume may be unmounted and remounted by a\ndifferent user without prompting for the password\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8522: Colin Meginnis (@falc420)\n\nFaceTime\nAvailable for: macOS Mojave 10.14.3\nImpact: A user\u0027s video may not be paused in a FaceTime call if they\nexit the FaceTime app while the call is ringing\nDescription: An issue existed in the pausing of FaceTime video. The\nissue was resolved with improved logic. \nCVE-2019-8550: Lauren Guzniczak of Keystone Academy\n\nFeedback Assistant\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to gain root privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs\n\nFeedback Assistant\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: This issue was addressed with improved checks. \nCVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs\n\nfile\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted file might disclose user\ninformation\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-6237: an anonymous researcher\n\nGraphics Drivers\nAvailable for: macOS Mojave 10.14.3\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin\n(@panicaII) and Junzhi Lu of Trend Micro Research working with Trend\nMicro\u0027s Zero Day Initiative\n\niAP\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8542: an anonymous researcher\n\nIOGraphics\nAvailable for: macOS Mojave 10.14.3\nImpact: A Mac may not lock when disconnecting from an external\nmonitor\nDescription: A lock handling issue was addressed with improved lock\nhandling. \nCVE-2019-8533: an anonymous researcher, James Eagan of T\u00e9l\u00e9com\nParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT\n\nIOHIDFamily\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\nIOKit\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3\nImpact: A local user may be able to read kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8504: an anonymous researcher\n\nIOKit SCSI\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: Mounting a maliciously crafted NFS network share may lead to\narbitrary code execution with system privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8508: Dr. Silvio Cesare of InfoSect\n\nKernel\nAvailable for: macOS Mojave 10.14.3\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8514: Samuel Gro\u00df of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360  Nirvan Team\n\nKernel\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to read kernel memory\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-7293: Ned Williamson of Google\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed with improved input\nvalidation. \nCVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)\nCVE-2019-8510: Stefan Esser of Antid0te UG\n\nMessages\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to view sensitive user information\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2019-8546: ChiYuan Chang\n\nNotes\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to view a user\u0027s locked notes\nDescription: An access issue was addressed with improved memory\nmanagement. \nCVE-2019-8537: Greg Walker (gregwalker.us)\n\nPackageKit\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2019-8561: Jaron Bradley of Crowdstrike\n\nPerl\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: Multiple issues in Perl\nDescription: Multiple issues in Perl were addressed in this update. \nCVE-2018-12015: Jakub Wilk\nCVE-2018-18311: Jayakrishna Menon\nCVE-2018-18313: Eiichi Tsukata\n\nPower Management\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: Multiple input validation issues existed in MIG\ngenerated code. These issues were addressed with improved validation. \nCVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure\n(ssd-disclosure.com)\n\nQuartzCore\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing malicious data may lead to unexpected application\ntermination\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8507: Kai Lu or Fortinet\u0027s FortiGuard Labs\n\nSecurity\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-8526: Linus Henze (pinauten.de)\n\nSecurity\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8520: Antonio Groza, The UK\u0027s National Cyber Security Centre\n(NCSC)\n\nSiri\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to initiate a Dictation\nrequest without user authorization\nDescription: An API issue existed in the handling of dictation\nrequests. This issue was addressed with improved validation. \nCVE-2019-8502: Luke Deshotels of North Carolina State University,\nJordan Beichler of North Carolina State University, William Enck of\nNorth Carolina State University, Costin Caraba\u0219 of University\nPOLITEHNICA of Bucharest, and R\u0103zvan Deaconescu of University\nPOLITEHNICA of Bucharest\n\nTime Machine\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A local user may be able to execute arbitrary shell commands\nDescription: This issue was addressed with improved checks. \nCVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs\n\nTrueTypeScaler\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero\nDay Initiative\n\nXPC\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: This issue was addressed with improved checks. \nCVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs\n\nAdditional recognition\n\nAccounts\nWe would like to acknowledge Milan Stute of Secure Mobile Networking\nLab at Technische Universit\u00e4t Darmstadt for their assistance. \n\nBooks\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nMail\nWe would like to acknowledge Craig Young of Tripwire VERT and Hanno\nB\u00f6ck for their assistance. \n\nTime Machine\nWe would like to acknowledge CodeColorist of Ant-Financial LightYear\nLabs for their assistance. \n\nInstallation note:\n\nmacOS Mojave 10.14.4, Security Update 2019-002 High Sierra,\nSecurity Update 2019-002 Sierra may be obtained from the\nMac App Store or Apple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9\nFvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT\nvyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D\nEqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33\niAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM\nucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB\nsSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p\n7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J\n+9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7\nOLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0\nzBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS\n1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk=\n=QV0f\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-3834-1\nDecember 03, 2018\n\nperl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Perl. \n\nSoftware Description:\n- perl: Practical Extraction and Report Language\n\nDetails:\n\nJayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. (CVE-2018-18311)\n\nEiichi Tsukata discovered that Perl incorrectly handled certain regular\nexpressions. This\nissue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. \n(CVE-2018-18312)\n\nEiichi Tsukata discovered that Perl incorrectly handled certain regular\nexpressions. An attacker could use this issue to cause Perl to crash,\nresulting in a denial of service. (CVE-2018-18313)\n\nJakub Wilk discovered that Perl incorrectly handled certain regular\nexpressions. An attacker could use this issue to cause Perl to crash,\nresulting in a denial of service. This issue only affected Ubuntu 16.04\nLTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n  perl                            5.26.2-7ubuntu0.1\n\nUbuntu 18.04 LTS:\n  perl                            5.26.1-6ubuntu0.3\n\nUbuntu 16.04 LTS:\n  perl                            5.22.1-9ubuntu0.6\n\nUbuntu 14.04 LTS:\n  perl                            5.18.2-2ubuntu1.7\n\nIn general, a standard system update will make all the necessary changes. This update provides\nthe corresponding update for Ubuntu 12.04 ESM",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18313"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012766"
          },
          {
            "db": "BID",
            "id": "106072"
          },
          {
            "db": "VULHUB",
            "id": "VHN-128860"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-18313"
          },
          {
            "db": "PACKETSTORM",
            "id": "151001"
          },
          {
            "db": "PACKETSTORM",
            "id": "151000"
          },
          {
            "db": "PACKETSTORM",
            "id": "154385"
          },
          {
            "db": "PACKETSTORM",
            "id": "152222"
          },
          {
            "db": "PACKETSTORM",
            "id": "150564"
          },
          {
            "db": "PACKETSTORM",
            "id": "150565"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-18313",
            "trust": 3.5
          },
          {
            "db": "SECTRACK",
            "id": "1042181",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012766",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-926",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "154385",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "152222",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.0990",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "106072",
            "trust": 0.3
          },
          {
            "db": "VULHUB",
            "id": "VHN-128860",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-18313",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "151001",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "151000",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "150564",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "150565",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128860"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-18313"
          },
          {
            "db": "BID",
            "id": "106072"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012766"
          },
          {
            "db": "PACKETSTORM",
            "id": "151001"
          },
          {
            "db": "PACKETSTORM",
            "id": "151000"
          },
          {
            "db": "PACKETSTORM",
            "id": "154385"
          },
          {
            "db": "PACKETSTORM",
            "id": "152222"
          },
          {
            "db": "PACKETSTORM",
            "id": "150564"
          },
          {
            "db": "PACKETSTORM",
            "id": "150565"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-926"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18313"
          }
        ]
      },
      "id": "VAR-201812-0273",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128860"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-07-23T20:09:48.925000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "DSA-4347",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2018/dsa-4347"
          },
          {
            "title": "regcomp.c: Convert some strchr to memchr",
            "trust": 0.8,
            "url": "https://github.com/perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62"
          },
          {
            "title": "USN-3834-1",
            "trust": 0.8,
            "url": "https://usn.ubuntu.com/3834-1/"
          },
          {
            "title": "USN-3834-2",
            "trust": 0.8,
            "url": "https://usn.ubuntu.com/3834-2/"
          },
          {
            "title": "Perl Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87327"
          },
          {
            "title": "Red Hat: Important: rh-perl526-perl security and enhancement update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190001 - security advisory"
          },
          {
            "title": "Red Hat: Important: rh-perl524-perl security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190010 - security advisory"
          },
          {
            "title": "Ubuntu Security Notice: perl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3834-2"
          },
          {
            "title": "Red Hat: CVE-2018-18313",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-18313"
          },
          {
            "title": "Ubuntu Security Notice: perl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3834-1"
          },
          {
            "title": "Debian Security Advisories: DSA-4347-1 perl -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9d703224274c60e23b97462e56895757"
          },
          {
            "title": "IBM: IBM Security Bulletin: IBM MQ Cloud Paks are vulnerable to multiple vulnerabilities in Perl (CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2018-18311)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=48c2d25ee84d3c5c67f054df5e25d685"
          },
          {
            "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=4ee609eeae78bbbd0d0c827f33a7f87f"
          },
          {
            "title": "IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal\u2019s dependencies \u2013 Cumulative list from June 28, 2018 to December 13, 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=43da2cd72c1e378d8d94ecec029fcc61"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/d5n9smatrix/perltoc "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-18313"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012766"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-926"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128860"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012766"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18313"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646738"
          },
          {
            "trust": 2.1,
            "url": "https://github.com/perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62"
          },
          {
            "trust": 2.0,
            "url": "https://access.redhat.com/errata/rhsa-2019:0001"
          },
          {
            "trust": 1.9,
            "url": "https://security.gentoo.org/glsa/201909-01"
          },
          {
            "trust": 1.9,
            "url": "https://access.redhat.com/errata/rhsa-2019:0010"
          },
          {
            "trust": 1.9,
            "url": "https://usn.ubuntu.com/3834-2/"
          },
          {
            "trust": 1.8,
            "url": "https://seclists.org/bugtraq/2019/mar/42"
          },
          {
            "trust": 1.8,
            "url": "https://metacpan.org/changes/release/shay/perl-5.26.3"
          },
          {
            "trust": 1.8,
            "url": "https://rt.perl.org/ticket/display.html?id=133192"
          },
          {
            "trust": 1.8,
            "url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
          },
          {
            "trust": 1.8,
            "url": "https://support.apple.com/kb/ht209600"
          },
          {
            "trust": 1.8,
            "url": "https://www.debian.org/security/2018/dsa-4347"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2019/mar/49"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "trust": 1.8,
            "url": "http://www.securitytracker.com/id/1042181"
          },
          {
            "trust": 1.8,
            "url": "https://usn.ubuntu.com/3834-1/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18313"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rwqgeb543qn7ssbrkyjm6psoc3rlygsm/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18313"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rwqgeb543qn7ssbrkyjm6psoc3rlygsm/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18311"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-au/ht209600"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/77806"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht209600"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/152222/apple-security-advisory-2019-3-25-2.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/154385/gentoo-linux-security-advisory-201909-01.html"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2018-18313"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18312"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18314"
          },
          {
            "trust": 0.3,
            "url": "www.perl.org"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-18311"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-18312"
          },
          {
            "trust": 0.2,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-18314"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://usn.ubuntu.com/usn/usn-3834-1"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/125.html"
          },
          {
            "trust": 0.1,
            "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59234"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-6913"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-6797"
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-6798"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8514"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8511"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8519"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8502"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8516"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6239"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8522"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6237"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8540"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8526"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8527"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12015"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8533"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/downloads/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8520"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8517"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8521"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6207"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8504"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8510"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8508"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8530"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8513"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8529"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8537"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8507"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.3"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.6"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/perl/5.18.2-2ubuntu1.7"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/perl/5.26.2-7ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/usn/usn-3834-2"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128860"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-18313"
          },
          {
            "db": "BID",
            "id": "106072"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012766"
          },
          {
            "db": "PACKETSTORM",
            "id": "151001"
          },
          {
            "db": "PACKETSTORM",
            "id": "151000"
          },
          {
            "db": "PACKETSTORM",
            "id": "154385"
          },
          {
            "db": "PACKETSTORM",
            "id": "152222"
          },
          {
            "db": "PACKETSTORM",
            "id": "150564"
          },
          {
            "db": "PACKETSTORM",
            "id": "150565"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-926"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18313"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-128860"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-18313"
          },
          {
            "db": "BID",
            "id": "106072"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012766"
          },
          {
            "db": "PACKETSTORM",
            "id": "151001"
          },
          {
            "db": "PACKETSTORM",
            "id": "151000"
          },
          {
            "db": "PACKETSTORM",
            "id": "154385"
          },
          {
            "db": "PACKETSTORM",
            "id": "152222"
          },
          {
            "db": "PACKETSTORM",
            "id": "150564"
          },
          {
            "db": "PACKETSTORM",
            "id": "150565"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-926"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18313"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-12-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-128860"
          },
          {
            "date": "2018-12-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-18313"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "BID",
            "id": "106072"
          },
          {
            "date": "2019-02-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012766"
          },
          {
            "date": "2019-01-03T02:57:52",
            "db": "PACKETSTORM",
            "id": "151001"
          },
          {
            "date": "2019-01-03T02:57:21",
            "db": "PACKETSTORM",
            "id": "151000"
          },
          {
            "date": "2019-09-06T22:21:33",
            "db": "PACKETSTORM",
            "id": "154385"
          },
          {
            "date": "2019-03-26T14:40:53",
            "db": "PACKETSTORM",
            "id": "152222"
          },
          {
            "date": "2018-12-03T21:10:16",
            "db": "PACKETSTORM",
            "id": "150564"
          },
          {
            "date": "2018-12-03T21:10:24",
            "db": "PACKETSTORM",
            "id": "150565"
          },
          {
            "date": "2018-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-926"
          },
          {
            "date": "2018-12-07T21:29:00.717000",
            "db": "NVD",
            "id": "CVE-2018-18313"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-128860"
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-18313"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "BID",
            "id": "106072"
          },
          {
            "date": "2019-02-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012766"
          },
          {
            "date": "2021-10-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-926"
          },
          {
            "date": "2023-11-07T02:55:02.317000",
            "db": "NVD",
            "id": "CVE-2018-18313"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-926"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Perl Vulnerable to out-of-bounds reading",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012766"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-926"
          }
        ],
        "trust": 0.6
      }
    }