Quantcast
Channel: Latest security vulnerabilities Perl products
Browsing latest articles
Browse All 54 View Live
↧

CVE-2013-7329

:0
:0
October 6, 2014, 12:00 am

The CGI::Application module 4.50 and earlier for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors...

View Article
Search

CVE-2013-7422

:0
:0
August 16, 2015, 12:00 am

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service...

View Article

CVE-2014-4330

:0
:0
September 30, 2014, 12:00 am

The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference...

View Article

CVE-2015-8607

:0
:0
January 13, 2016, 12:00 am

The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to...

View Article

CVE-2015-8853

:0
:0
May 25, 2016, 12:00 am

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8...

View Article

CVE-2016-2381

:0
:0
April 8, 2016, 12:00 am

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. (CVSS:5.0) (Last Update:2016-04-25)

View Article

CVE-2016-1238

:0
:0
August 2, 2016, 12:00 am

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7)...

View Article

CVE-2016-6185

:0
:0
August 2, 2016, 12:00 am

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under...

View Article
Search

CVE-2015-8608

:0
:0
February 7, 2017, 12:00 am

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter...

View Article

CVE-2017-12837

:0
:0
September 19, 2017, 12:00 am

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via...

View Article

CVE-2017-12883

:0
:0
September 19, 2017, 12:00 am

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of...

View Article

CVE-2018-6797

:0
:0
April 17, 2018, 12:00 am

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written. (CVSS:7.5) (Last Update:2018-05-21)

View Article

CVE-2018-6798

:0
:0
April 17, 2018, 12:00 am

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. (CVSS:5.0)...

View Article

CVE-2018-6913

:0
:0
April 17, 2018, 12:00 am

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. (CVSS:7.5) (Last Update:2018-05-22)

View Article

CVE-2018-12015

:0
:0
June 7, 2018, 12:00 am

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and...

View Article
Search

CVE-2018-18311

:0
:0
December 7, 2018, 12:00 am

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. (CVSS:7.5) (Last Update:2019-01-22)

View Article

CVE-2018-18312

:0
:0
December 5, 2018, 12:00 am

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. (CVSS:7.5) (Last Update:2019-01-03)

View Article

CVE-2018-18313

:0
:0
December 7, 2018, 12:00 am

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. (CVSS:6.4) (Last Update:2019-01-03)

View Article

CVE-2018-18314

:0
:0
December 7, 2018, 12:00 am

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. (CVSS:7.5) (Last Update:2019-01-03)

View Article

CVE-2013-7490

:0
:0
September 11, 2020, 12:00 am

An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. (CVSS:5.0) (Last Update:2020-09-18)

View Article

CVE-2013-7491

:0
:0
September 11, 2020, 12:00 am

An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated....

View Article

CVE-2014-10401

:0
:0
September 11, 2020, 12:00 am

An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute. (CVSS:3.6) (Last...

View Article
Search

CVE-2014-10402

:0
:0
September 16, 2020, 12:00 am

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name...

View Article

CVE-2019-20919

:0
:0
September 17, 2020, 12:00 am

An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing...

View Article

CVE-2020-10543

:0
:0
June 5, 2020, 12:00 am

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. (CVSS:6.4) (Last Update:2021-07-21)

View Article

CVE-2020-10878

:0
:0
June 5, 2020, 12:00 am

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of...

View Article

CVE-2020-12723

:0
:0
June 5, 2020, 12:00 am

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. (CVSS:5.0) (Last Update:2021-07-20)

View Article

CVE-2020-14392

:0
:0
September 16, 2020, 12:00 am

An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's...

View Article

CVE-2020-14393

:0
:0
September 16, 2020, 12:00 am

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability...

View Article
Search

CVE-2020-16156

:0
:0
December 13, 2021, 12:00 am

CPAN 2.28 allows Signature Verification Bypass. (CVSS:6.8) (Last Update:2021-12-17)

View Article
Browsing latest articles
Browse All 54 View Live
Search