Skip to content

Commit 37df045

Browse files
author
cvelistV5 Github Action
committed
9 changes (4 new | 5 updated):
 - 4 new CVEs: CVE-2017-20230, CVE-2025-15638, CVE-2026-37748, CVE-2026-40565 - 5 updated CVEs: CVE-2026-2100, CVE-2026-2271, CVE-2026-31018, CVE-2026-32640, CVE-2026-5588
1 parent 226b9df commit 37df045

11 files changed

Lines changed: 607 additions & 73 deletions

File tree

cves/2017/20xxx/CVE-2017-20230.json

Lines changed: 130 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,130 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"dataVersion": "5.2",
4+
"cveMetadata": {
5+
"cveId": "CVE-2017-20230",
6+
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
7+
"state": "PUBLISHED",
8+
"assignerShortName": "CPANSec",
9+
"dateReserved": "2026-03-28T19:24:26.125Z",
10+
"datePublished": "2026-04-21T15:26:18.216Z",
11+
"dateUpdated": "2026-04-21T15:30:39.000Z"
12+
},
13+
"containers": {
14+
"cna": {
15+
"affected": [
16+
{
17+
"collectionURL": "https://cpan.org/modules",
18+
"defaultStatus": "unaffected",
19+
"packageName": "Storable",
20+
"product": "Storable",
21+
"repo": "https://github.com/Perl/perl5/",
22+
"vendor": "NWCLARK",
23+
"versions": [
24+
{
25+
"lessThan": "3.05",
26+
"status": "affected",
27+
"version": "0",
28+
"versionType": "custom"
29+
}
30+
]
31+
}
32+
],
33+
"descriptions": [
34+
{
35+
"lang": "en",
36+
"value": "Storable versions before 3.05 for Perl has a stack overflow.\n\nThe retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow."
37+
}
38+
],
39+
"problemTypes": [
40+
{
41+
"descriptions": [
42+
{
43+
"cweId": "CWE-121",
44+
"description": "CWE-121 Stack-based Buffer Overflow",
45+
"lang": "en",
46+
"type": "CWE"
47+
}
48+
]
49+
}
50+
],
51+
"providerMetadata": {
52+
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
53+
"shortName": "CPANSec",
54+
"dateUpdated": "2026-04-21T15:30:39.000Z"
55+
},
56+
"references": [
57+
{
58+
"tags": [
59+
"issue-tracking"
60+
],
61+
"url": "https://github.com/Perl/perl5/issues/15831"
62+
},
63+
{
64+
"tags": [
65+
"patch"
66+
],
67+
"url": "https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd216.patch"
68+
},
69+
{
70+
"tags": [
71+
"release-notes"
72+
],
73+
"url": "https://metacpan.org/release/RURBAN/Storable-3.05/changes"
74+
},
75+
{
76+
"tags": [
77+
"mailing-list"
78+
],
79+
"url": "https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242533.html"
80+
},
81+
{
82+
"tags": [
83+
"mailing-list"
84+
],
85+
"url": "https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242703.html"
86+
}
87+
],
88+
"solutions": [
89+
{
90+
"lang": "en",
91+
"value": "Upgrade to Storable version 3.05 or newer."
92+
}
93+
],
94+
"source": {
95+
"discovery": "UNKNOWN"
96+
},
97+
"timeline": [
98+
{
99+
"lang": "en",
100+
"time": "2017-01-24T00:00:00.000Z",
101+
"value": "Perl bug RT1 30635 reported."
102+
},
103+
{
104+
"lang": "en",
105+
"time": "2017-01-25T00:00:00.000Z",
106+
"value": "Patch committed."
107+
},
108+
{
109+
"lang": "en",
110+
"time": "2017-01-29T00:00:00.000Z",
111+
"value": "Storable version 3.05 released."
112+
},
113+
{
114+
"lang": "en",
115+
"time": "2018-02-20T00:00:00.000Z",
116+
"value": "Perl v5.27.9 released with Storable 3.06."
117+
},
118+
{
119+
"lang": "en",
120+
"time": "2018-10-06T00:00:00.000Z",
121+
"value": "issue assigned CPANSA-Storable-2017-01 in the CPANSA distribution."
122+
}
123+
],
124+
"title": "Storable versions before 3.05 for Perl has a stack overflow",
125+
"x_generator": {
126+
"engine": "cpansec-cna-tool 0.1"
127+
}
128+
}
129+
}
130+
}

cves/2025/15xxx/CVE-2025-15638.json

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"dataVersion": "5.2",
4+
"cveMetadata": {
5+
"cveId": "CVE-2025-15638",
6+
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
7+
"state": "PUBLISHED",
8+
"assignerShortName": "CPANSec",
9+
"dateReserved": "2026-04-20T12:20:50.153Z",
10+
"datePublished": "2026-04-21T15:34:18.988Z",
11+
"dateUpdated": "2026-04-21T15:34:18.988Z"
12+
},
13+
"containers": {
14+
"cna": {
15+
"affected": [
16+
{
17+
"collectionURL": "https://cpan.org/modules",
18+
"defaultStatus": "unaffected",
19+
"packageName": "Net-Dropbear",
20+
"product": "Net::Dropbear",
21+
"repo": "https://github.com/atrodo/Net-Dropbear",
22+
"vendor": "ATRODO",
23+
"versions": [
24+
{
25+
"lessThan": "0.14",
26+
"status": "affected",
27+
"version": "0",
28+
"versionType": "custom"
29+
}
30+
]
31+
}
32+
],
33+
"descriptions": [
34+
{
35+
"lang": "en",
36+
"value": "Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt.\n\nNet::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437."
37+
}
38+
],
39+
"problemTypes": [
40+
{
41+
"descriptions": [
42+
{
43+
"cweId": "CWE-1395",
44+
"description": "CWE-1395 Dependency on Vulnerable Third-Party Component",
45+
"lang": "en",
46+
"type": "CWE"
47+
}
48+
]
49+
}
50+
],
51+
"providerMetadata": {
52+
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
53+
"shortName": "CPANSec",
54+
"dateUpdated": "2026-04-21T15:34:18.988Z"
55+
},
56+
"references": [
57+
{
58+
"tags": [
59+
"vendor-advisory"
60+
],
61+
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6129"
62+
},
63+
{
64+
"tags": [
65+
"vendor-advisory"
66+
],
67+
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12437"
68+
},
69+
{
70+
"tags": [
71+
"release-notes"
72+
],
73+
"url": "https://metacpan.org/release/ATRODO/Net-Dropbear-0.14/source/dropbear/libtomcrypt/changes"
74+
}
75+
],
76+
"source": {
77+
"discovery": "UNKNOWN"
78+
},
79+
"title": "Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt",
80+
"x_generator": {
81+
"engine": "cpansec-cna-tool 0.1"
82+
}
83+
}
84+
}
85+
}

cves/2026/2xxx/CVE-2026-2100.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
"assignerShortName": "redhat",
99
"dateReserved": "2026-02-06T12:05:50.501Z",
1010
"datePublished": "2026-03-26T20:01:46.174Z",
11-
"dateUpdated": "2026-04-09T18:07:28.125Z"
11+
"dateUpdated": "2026-04-21T15:33:37.011Z"
1212
},
1313
"containers": {
1414
"cna": {
@@ -180,7 +180,7 @@
180180
"providerMetadata": {
181181
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
182182
"shortName": "redhat",
183-
"dateUpdated": "2026-04-09T18:07:28.125Z"
183+
"dateUpdated": "2026-04-21T15:33:37.011Z"
184184
},
185185
"x_generator": {
186186
"engine": "cvelib 1.8.0"

cves/2026/2xxx/CVE-2026-2271.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
"assignerShortName": "redhat",
99
"dateReserved": "2026-02-10T09:32:16.763Z",
1010
"datePublished": "2026-03-26T20:00:09.397Z",
11-
"dateUpdated": "2026-03-27T20:01:56.045Z"
11+
"dateUpdated": "2026-04-21T15:33:40.712Z"
1212
},
1313
"containers": {
1414
"cna": {
@@ -150,7 +150,7 @@
150150
"providerMetadata": {
151151
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
152152
"shortName": "redhat",
153-
"dateUpdated": "2026-03-26T21:09:05.364Z"
153+
"dateUpdated": "2026-04-21T15:33:40.712Z"
154154
},
155155
"x_generator": {
156156
"engine": "cvelib 1.8.0"

cves/2026/31xxx/CVE-2026-31018.json

Lines changed: 74 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
"cveId": "CVE-2026-31018",
66
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
77
"assignerShortName": "mitre",
8-
"dateUpdated": "2026-04-21T14:12:36.903Z",
8+
"dateUpdated": "2026-04-21T15:31:23.441Z",
99
"dateReserved": "2026-03-09T00:00:00.000Z",
1010
"datePublished": "2026-04-21T00:00:00.000Z"
1111
},
@@ -53,7 +53,79 @@
5353
]
5454
}
5555
]
56-
}
56+
},
57+
"adp": [
58+
{
59+
"problemTypes": [
60+
{
61+
"descriptions": [
62+
{
63+
"type": "CWE",
64+
"cweId": "CWE-284",
65+
"lang": "en",
66+
"description": "CWE-284 Improper Access Control"
67+
}
68+
]
69+
},
70+
{
71+
"descriptions": [
72+
{
73+
"type": "CWE",
74+
"cweId": "CWE-94",
75+
"lang": "en",
76+
"description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"
77+
}
78+
]
79+
}
80+
],
81+
"metrics": [
82+
{
83+
"cvssV3_1": {
84+
"scope": "UNCHANGED",
85+
"version": "3.1",
86+
"baseScore": 8.8,
87+
"attackVector": "NETWORK",
88+
"baseSeverity": "HIGH",
89+
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
90+
"integrityImpact": "HIGH",
91+
"userInteraction": "NONE",
92+
"attackComplexity": "LOW",
93+
"availabilityImpact": "HIGH",
94+
"privilegesRequired": "LOW",
95+
"confidentialityImpact": "HIGH"
96+
}
97+
},
98+
{
99+
"other": {
100+
"type": "ssvc",
101+
"content": {
102+
"timestamp": "2026-04-21T15:30:39.381217Z",
103+
"id": "CVE-2026-31018",
104+
"options": [
105+
{
106+
"Exploitation": "none"
107+
},
108+
{
109+
"Automatable": "no"
110+
},
111+
{
112+
"Technical Impact": "total"
113+
}
114+
],
115+
"role": "CISA Coordinator",
116+
"version": "2.0.3"
117+
}
118+
}
119+
}
120+
],
121+
"title": "CISA ADP Vulnrichment",
122+
"providerMetadata": {
123+
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
124+
"shortName": "CISA-ADP",
125+
"dateUpdated": "2026-04-21T15:31:23.441Z"
126+
}
127+
}
128+
]
57129
},
58130
"dataVersion": "5.2"
59131
}

cves/2026/32xxx/CVE-2026-32640.json

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
"assignerShortName": "GitHub_M",
99
"dateReserved": "2026-03-12T15:29:36.560Z",
1010
"datePublished": "2026-03-13T21:03:53.435Z",
11-
"dateUpdated": "2026-03-16T16:48:21.852Z"
11+
"dateUpdated": "2026-04-21T15:29:09.693Z"
1212
},
1313
"containers": {
1414
"cna": {
@@ -125,6 +125,19 @@
125125
"shortName": "CISA-ADP",
126126
"dateUpdated": "2026-03-16T16:48:21.852Z"
127127
}
128+
},
129+
{
130+
"title": "CVE Program Container",
131+
"references": [
132+
{
133+
"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00023.html"
134+
}
135+
],
136+
"providerMetadata": {
137+
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
138+
"shortName": "CVE",
139+
"dateUpdated": "2026-04-21T15:29:09.693Z"
140+
}
128141
}
129142
]
130143
}

0 commit comments

Comments
 (0)