An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gisle_aas | digest-md5 | 2.18 |
| gisle_aas | digest-md5 | 2.17 |
| gisle_aas | digest-md5 | 2.16 |
| gisle_aas | digest-md5 | 2.19 |
lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gisle_aas | libwww-perl | 5.44 |
| gisle_aas | libwww-perl | 5.821 |
| gisle_aas | libwww-perl | 5.10 |
| gisle_aas | libwww-perl | 5.53_92 |
| gisle_aas | libwww-perl | 5.51 |
| gisle_aas | libwww-perl | 5.21 |
| gisle_aas | libwww-perl | 0.03 |
| gisle_aas | libwww-perl | 5.807 |
| gisle_aas | libwww-perl | 5b9 |
| gisle_aas | libwww-perl | 5.14 |
| gisle_aas | libwww-perl | 5.53_95 |
| gisle_aas | libwww-perl | 5.18_05 |
| gisle_aas | libwww-perl | 5.45 |
| gisle_aas | libwww-perl | 5.817 |
| gisle_aas | libwww-perl | 5.53_93 |
| gisle_aas | libwww-perl | 5.17 |
| gisle_aas | libwww-perl | 5.63 |
| gisle_aas | libwww-perl | 5.50 |
| gisle_aas | libwww-perl | 5.828 |
| gisle_aas | libwww-perl | 5.66 |
| gisle_aas | libwww-perl | 5.822 |
| gisle_aas | libwww-perl | 5.34 |
| gisle_aas | libwww-perl | 5.814 |
| gisle_aas | libwww-perl | 5.53 |
| gisle_aas | libwww-perl | 5.78 |
| gisle_aas | libwww-perl | 0.04 |
| gisle_aas | libwww-perl | 5.826 |
| gisle_aas | libwww-perl | 5.805 |
| gisle_aas | libwww-perl | 5.816 |
| gisle_aas | libwww-perl | 5.831 |
| gisle_aas | libwww-perl | 5b7 |
| gisle_aas | libwww-perl | 5.61 |
| gisle_aas | libwww-perl | 5.18_03 |
| gisle_aas | libwww-perl | 5.41 |
| gisle_aas | libwww-perl | 5.46 |
| gisle_aas | libwww-perl | 5.53_91 |
| gisle_aas | libwww-perl | 5.73 |
| gisle_aas | libwww-perl | 5.815 |
| gisle_aas | libwww-perl | 5.830 |
| gisle_aas | libwww-perl | 5.12 |
| gisle_aas | libwww-perl | 5.62 |
| gisle_aas | libwww-perl | 5.31 |
| gisle_aas | libwww-perl | 5.75 |
| gisle_aas | libwww-perl | 5.18 |
| gisle_aas | libwww-perl | 5.07 |
| gisle_aas | libwww-perl | 5.33 |
| gisle_aas | libwww-perl | 5.819 |
| gisle_aas | libwww-perl | 5.08 |
| gisle_aas | libwww-perl | 5.76 |
| gisle_aas | libwww-perl | 5.67 |
| gisle_aas | libwww-perl | 5b11 |
| gisle_aas | libwww-perl | 5.05 |
| gisle_aas | libwww-perl | 5.832 |
| gisle_aas | libwww-perl | 5.47 |
| gisle_aas | libwww-perl | 5.811 |
| search.cpan | libwww-perl | * |
| gisle_aas | libwww-perl | 5.53_90 |
| gisle_aas | libwww-perl | 5.15 |
| gisle_aas | libwww-perl | 5.01 |
| gisle_aas | libwww-perl | 5.802 |
| gisle_aas | libwww-perl | 5.829 |
| gisle_aas | libwww-perl | 5b10 |
| gisle_aas | libwww-perl | 5.823 |
| search.cpan | libwww-perl | 5.40_01 |
| gisle_aas | libwww-perl | 5.60 |
| gisle_aas | libwww-perl | 5.09 |
| gisle_aas | libwww-perl | 5.03 |
| gisle_aas | libwww-perl | 5b8 |
| gisle_aas | libwww-perl | 5.69 |
| gisle_aas | libwww-perl | 5.808 |
| gisle_aas | libwww-perl | 5.20 |
| gisle_aas | libwww-perl | 5.49 |
| gisle_aas | libwww-perl | 5.52 |
| gisle_aas | libwww-perl | 5.30 |
| gisle_aas | libwww-perl | 5.801 |
| gisle_aas | libwww-perl | 5.22 |
| gisle_aas | libwww-perl | 5.32 |
| gisle_aas | libwww-perl | 5.71 |
| gisle_aas | libwww-perl | 5.818 |
| gisle_aas | libwww-perl | 5.48 |
| gisle_aas | libwww-perl | 5.18_04 |
| gisle_aas | libwww-perl | 5.77 |
| gisle_aas | libwww-perl | 5.825 |
| gisle_aas | libwww-perl | 5.806 |
| gisle_aas | libwww-perl | 5.813 |
| gisle_aas | libwww-perl | 5.00 |
| gisle_aas | libwww-perl | 5.36 |
| gisle_aas | libwww-perl | 5.65 |
| gisle_aas | libwww-perl | 5.800 |
| gisle_aas | libwww-perl | 5.06 |
| gisle_aas | libwww-perl | 5.19 |
| gisle_aas | libwww-perl | 5.68 |
| gisle_aas | libwww-perl | 5.803 |
| gisle_aas | libwww-perl | 5.810 |
| gisle_aas | libwww-perl | 5b5 |
| gisle_aas | libwww-perl | 5.824 |
| gisle_aas | libwww-perl | 5.35 |
| gisle_aas | libwww-perl | 5.70 |
| gisle_aas | libwww-perl | 5.13 |
| gisle_aas | libwww-perl | 5.43 |
| gisle_aas | libwww-perl | 5b12 |
| gisle_aas | libwww-perl | 0.01 |
| gisle_aas | libwww-perl | 5.16 |
| gisle_aas | libwww-perl | 5.53_96 |
| gisle_aas | libwww-perl | 5.74 |
| gisle_aas | libwww-perl | 5.804 |
| gisle_aas | libwww-perl | 5.72 |
| gisle_aas | libwww-perl | 5.02 |
| gisle_aas | libwww-perl | 5.11 |
| gisle_aas | libwww-perl | 5.833 |
| gisle_aas | libwww-perl | 0.02 |
| gisle_aas | libwww-perl | 5.04 |
| gisle_aas | libwww-perl | 5b6 |
| gisle_aas | libwww-perl | 5b13 |
| gisle_aas | libwww-perl | 5.64 |
| gisle_aas | libwww-perl | 5.42 |
| gisle_aas | libwww-perl | 5.827 |
| gisle_aas | libwww-perl | 5.53_94 |
| gisle_aas | libwww-perl | 5.53_97 |
| gisle_aas | libwww-perl | 5.820 |
| gisle_aas | libwww-perl | 5.79 |
| gisle_aas | libwww-perl | 5.812 |
The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated. NOTE: it could be argued that this is a design limitation of the Net::HTTPS API, and separate implementations should be independently assigned CVE identifiers for not working around this limitation. However, because this API was modified within LWP, a single CVE identifier has been assigned.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gisle_aas | libwww-perl | 5.44 |
| gisle_aas | libwww-perl | 5.821 |
| gisle_aas | libwww-perl | 5.10 |
| gisle_aas | libwww-perl | 5.53_92 |
| gisle_aas | libwww-perl | 5.51 |
| gisle_aas | libwww-perl | 5.21 |
| gisle_aas | libwww-perl | 0.03 |
| gisle_aas | libwww-perl | 5.807 |
| gisle_aas | libwww-perl | 5b9 |
| gisle_aas | libwww-perl | 5.14 |
| gisle_aas | libwww-perl | 5.53_95 |
| gisle_aas | libwww-perl | 5.18_05 |
| gisle_aas | libwww-perl | 5.45 |
| gisle_aas | libwww-perl | 5.817 |
| gisle_aas | libwww-perl | 5.53_93 |
| gisle_aas | libwww-perl | 5.17 |
| gisle_aas | libwww-perl | 5.63 |
| gisle_aas | libwww-perl | 5.50 |
| gisle_aas | libwww-perl | 5.828 |
| gisle_aas | libwww-perl | 5.66 |
| gisle_aas | libwww-perl | 5.822 |
| gisle_aas | libwww-perl | 5.34 |
| gisle_aas | libwww-perl | 5.814 |
| gisle_aas | libwww-perl | 5.53 |
| gisle_aas | libwww-perl | 5.78 |
| gisle_aas | libwww-perl | 0.04 |
| gisle_aas | libwww-perl | 5.826 |
| gisle_aas | libwww-perl | 5.805 |
| gisle_aas | libwww-perl | 5.816 |
| gisle_aas | libwww-perl | 5.831 |
| gisle_aas | libwww-perl | 5b7 |
| gisle_aas | libwww-perl | 5.61 |
| gisle_aas | libwww-perl | 5.18_03 |
| gisle_aas | libwww-perl | 5.41 |
| gisle_aas | libwww-perl | 5.46 |
| gisle_aas | libwww-perl | 5.53_91 |
| gisle_aas | libwww-perl | 5.73 |
| gisle_aas | libwww-perl | 5.815 |
| gisle_aas | libwww-perl | 5.830 |
| gisle_aas | libwww-perl | 5.12 |
| gisle_aas | libwww-perl | 5.62 |
| gisle_aas | libwww-perl | 5.31 |
| gisle_aas | libwww-perl | 5.75 |
| gisle_aas | libwww-perl | 5.18 |
| gisle_aas | libwww-perl | 5.07 |
| gisle_aas | libwww-perl | 5.33 |
| gisle_aas | libwww-perl | 5.819 |
| gisle_aas | libwww-perl | 5.08 |
| gisle_aas | libwww-perl | 5.76 |
| gisle_aas | libwww-perl | 5.67 |
| gisle_aas | libwww-perl | 5b11 |
| gisle_aas | libwww-perl | 5.05 |
| gisle_aas | libwww-perl | 5.832 |
| gisle_aas | libwww-perl | 5.47 |
| gisle_aas | libwww-perl | 5.811 |
| search.cpan | libwww-perl | * |
| gisle_aas | libwww-perl | 5.53_90 |
| gisle_aas | libwww-perl | 5.15 |
| gisle_aas | libwww-perl | 5.01 |
| gisle_aas | libwww-perl | 5.802 |
| gisle_aas | libwww-perl | 5.829 |
| gisle_aas | libwww-perl | 5b10 |
| gisle_aas | libwww-perl | 5.823 |
| search.cpan | libwww-perl | 5.40_01 |
| gisle_aas | libwww-perl | 5.60 |
| gisle_aas | libwww-perl | 5.09 |
| gisle_aas | libwww-perl | 5.836 |
| gisle_aas | libwww-perl | 5.03 |
| gisle_aas | libwww-perl | 5b8 |
| gisle_aas | libwww-perl | 5.69 |
| gisle_aas | libwww-perl | 5.808 |
| gisle_aas | libwww-perl | 5.20 |
| gisle_aas | libwww-perl | 5.49 |
| gisle_aas | libwww-perl | 5.52 |
| gisle_aas | libwww-perl | 5.30 |
| gisle_aas | libwww-perl | 5.801 |
| gisle_aas | libwww-perl | 5.22 |
| gisle_aas | libwww-perl | 5.32 |
| gisle_aas | libwww-perl | 5.71 |
| gisle_aas | libwww-perl | 5.818 |
| gisle_aas | libwww-perl | 5.48 |
| gisle_aas | libwww-perl | 5.18_04 |
| gisle_aas | libwww-perl | 5.77 |
| gisle_aas | libwww-perl | 5.825 |
| gisle_aas | libwww-perl | 5.806 |
| gisle_aas | libwww-perl | 5.813 |
| gisle_aas | libwww-perl | 5.00 |
| gisle_aas | libwww-perl | 5.36 |
| gisle_aas | libwww-perl | 5.65 |
| gisle_aas | libwww-perl | 5.800 |
| gisle_aas | libwww-perl | 5.06 |
| gisle_aas | libwww-perl | 5.19 |
| gisle_aas | libwww-perl | 5.68 |
| gisle_aas | libwww-perl | 5.803 |
| gisle_aas | libwww-perl | 5.810 |
| gisle_aas | libwww-perl | 5b5 |
| gisle_aas | libwww-perl | 5.824 |
| gisle_aas | libwww-perl | 5.35 |
| gisle_aas | libwww-perl | 5.834 |
| gisle_aas | libwww-perl | 5.70 |
| gisle_aas | libwww-perl | 5.13 |
| gisle_aas | libwww-perl | 5.43 |
| gisle_aas | libwww-perl | 5b12 |
| gisle_aas | libwww-perl | 0.01 |
| gisle_aas | libwww-perl | 5.16 |
| gisle_aas | libwww-perl | 5.53_96 |
| gisle_aas | libwww-perl | 5.74 |
| gisle_aas | libwww-perl | 5.804 |
| gisle_aas | libwww-perl | 5.72 |
| gisle_aas | libwww-perl | 5.02 |
| gisle_aas | libwww-perl | 5.11 |
| gisle_aas | libwww-perl | 5.833 |
| gisle_aas | libwww-perl | 0.02 |
| gisle_aas | libwww-perl | 5.04 |
| gisle_aas | libwww-perl | 5b6 |
| gisle_aas | libwww-perl | 5b13 |
| gisle_aas | libwww-perl | 5.64 |
| gisle_aas | libwww-perl | 5.42 |
| gisle_aas | libwww-perl | 5.827 |
| gisle_aas | libwww-perl | 5.53_94 |
| gisle_aas | libwww-perl | 5.53_97 |
| gisle_aas | libwww-perl | 5.820 |
| gisle_aas | libwww-perl | 5.79 |
| gisle_aas | libwww-perl | 5.812 |
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gisle_aas | digest | 1.09 |
| gisle_aas | digest | 1.04 |
| gisle_aas | digest | 1.10 |
| gisle_aas | digest | 1.11 |
| gisle_aas | digest | 1.07 |
| gisle_aas | digest | 1.02 |
| gisle_aas | digest | 1.03 |
| gisle_aas | digest | 1.00 |
| gisle_aas | digest | 1.15 |
| gisle_aas | digest | 1.12 |
| gisle_aas | digest | 1.06 |
| gisle_aas | digest | 1.01 |
| gisle_aas | digest | 1.16 |
| gisle_aas | digest | 1.13 |
| gisle_aas | digest | 1.08 |
| gisle_aas | digest | 1.14 |
| gisle_aas | digest | 1.05 |