The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Perl Module ~ not comprehensive

vulnerability bulletin 27183

Perl Crypt-JWT: privilege escalation via jwk Header

Synthesis of the vulnerability

An attacker can bypass restrictions via "jwk" Header of Perl Crypt::JWT, in order to escalate his privileges.
Impacted products: Perl Module ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 10/09/2018.
Identifiers: VIGILANCE-VUL-27183.

Description of the vulnerability

An attacker can bypass restrictions via "jwk" Header of Perl Crypt::JWT, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-10860

Perl Archive-Zip: directory traversal via Symlink

Synthesis of the vulnerability

An attacker can traverse directories via Symlink of Perl Archive::Zip, in order to create a file outside the service root path.
Impacted products: Debian, Fedora, openSUSE Leap, Perl Module ~ not comprehensive, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: document.
Creation date: 05/07/2018.
Identifiers: CVE-2018-10860, DLA-1440-1, DSA-4300-1, FEDORA-2018-6abfa0012f, FEDORA-2018-ebebe9abe2, openSUSE-SU-2018:2438-1, SUSE-SU-2018:2385-1, SUSE-SU-2018:2386-1, SUSE-SU-2018:2388-1, USN-3703-1, USN-3703-2, VIGILANCE-VUL-26625.

Description of the vulnerability

An attacker can traverse directories via Symlink of Perl Archive::Zip, in order to create a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-12558

Perl Email-Address: denial of service via Regular Expression

Synthesis of the vulnerability

An attacker can generate a fatal error via Regular Expression of Perl Email::Address, in order to trigger a denial of service.
Impacted products: Fedora, openSUSE Leap, Perl Module ~ not comprehensive, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/06/2018.
Identifiers: CVE-2018-12558, FEDORA-2019-026d5ab23d, FEDORA-2019-8deebad756, openSUSE-SU-2019:1114-1, VIGILANCE-VUL-26458.

Description of the vulnerability

An attacker can generate a fatal error via Regular Expression of Perl Email::Address, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-9246

Perl PGObject-Util-DBAdmin: code execution via Variable Injection

Synthesis of the vulnerability

An attacker can use a vulnerability via Variable Injection of Perl PGObject::Util::DBAdmin, in order to run code.
Impacted products: Perl Module ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 08/06/2018.
Identifiers: CVE-2018-9246, VIGILANCE-VUL-26355.

Description of the vulnerability

An attacker can use a vulnerability via Variable Injection of Perl PGObject::Util::DBAdmin, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-12015

Perl Archive-Tar: directory traversal via Symlink

Synthesis of the vulnerability

An attacker can traverse directories via Symlink of Perl Archive::Tar, in order to create a file outside the service root path.
Impacted products: Mac OS X, Debian, Fedora, Data ONTAP 7-Mode, OpenBSD, openSUSE Leap, Solaris, Perl Module ~ not comprehensive, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: document.
Creation date: 08/06/2018.
Identifiers: 125523, bulletinjan2019, CVE-2018-12015, DSA-4226-1, FEDORA-2018-10ae521efa, FEDORA-2018-4e088b6d7c, HT209600, NTAP-20180926-0001, NTAP-20180926-0002, NTAP-20180926-0003, NTAP-20180926-0004, NTAP-20180926-0005, NTAP-20180927-0001, openSUSE-SU-2018:2010-1, openSUSE-SU-2018:2011-1, RHSA-2019:2097-01, SUSE-SU-2018:1972-1, SUSE-SU-2018:1977-1, SUSE-SU-2018:1992-1, USN-3684-1, USN-3684-2, VIGILANCE-VUL-26351.

Description of the vulnerability

An attacker can traverse directories via Symlink of Perl Archive::Tar, in order to create a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 26102

Perl Dancer2: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Perl Dancer2.
Impacted products: Fedora, Perl Module ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 11/05/2018.
Identifiers: FEDORA-2018-59eb033684, FEDORA-2018-ded377a782, VIGILANCE-VUL-26102.

Description of the vulnerability

An attacker can use several vulnerabilities of Perl Dancer2.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2008-7319

Perl Net-Ping-External: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Perl Net::Ping::External, in order to run code.
Impacted products: Fedora, Perl Module ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 08/11/2017.
Identifiers: CVE-2008-7319, FEDORA-2017-5adf087854, FEDORA-2017-69e06543c1, FEDORA-2017-c7514691cb, VIGILANCE-VUL-24374.

Description of the vulnerability

An attacker can use a vulnerability of Perl Net::Ping::External, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-10788 CVE-2017-10789

Perl DBD-mysql: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Perl DBD-mysql.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Perl Module ~ not comprehensive, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: client access/rights, data reading, data creation/edition, denial of service on client.
Provenance: intranet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 03/07/2017.
Identifiers: bulletinjul2018, bulletinoct2018, CVE-2017-10788, CVE-2017-10789, DLA-1079-1, FEDORA-2017-42e41e9d25, FEDORA-2017-486371ff24, FEDORA-2017-874bd165c0, openSUSE-SU-2018:1463-1, SUSE-SU-2018:1449-1, SUSE-SU-2018:1450-1, VIGILANCE-VUL-23116.

Description of the vulnerability

Several vulnerabilities were announced in Perl DBD-mysql.

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-10788]

The module may not use TLS without failure notification even when requested by the application. [severity:1/4; CVE-2017-10789]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-10672

Perl XML-LibXML: use after free via Node-replaceChild

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Node-replaceChild of Perl XML-LibXML, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VNX Operating Environment, VNX Series, Fedora, openSUSE Leap, Perl Module ~ not comprehensive, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/06/2017.
Identifiers: 122246, CVE-2017-10672, DLA-1171-1, DSA-2019-131, DSA-4042-1, FEDORA-2017-3d5354d30f, FEDORA-2017-534f300508, FEDORA-2017-790ff602a6, openSUSE-SU-2018:0153-1, SUSE-SU-2018:0170-1, USN-3494-1, VIGILANCE-VUL-23109.

Description of the vulnerability

An attacker can force the usage of a freed memory area via Node-replaceChild of Perl XML-LibXML, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-1251

Perl DBD-mysql: use after free via Prepared Statements

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Prepared Statements of Perl DBD::mysql, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE, openSUSE Leap, Solaris, Perl Module ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 29/11/2016.
Identifiers: bulletinjul2018, CVE-2016-1251, FEDORA-2016-302f840ecf, FEDORA-2016-673cbb6bb4, FEDORA-2016-bf6c3ea62c, openSUSE-SU-2016:3090-1, openSUSE-SU-2017:0252-1, VIGILANCE-VUL-21222.

Description of the vulnerability

An attacker can force the usage of a freed memory area via Prepared Statements of Perl DBD::mysql, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Perl Module ~ not comprehensive: