VYPR
Vendor

Perl Foundation

The Perl and Raku Foundation (TPRF), also known as Yet Another Society, is a non-profit, 501(c)(3) organization based in Holland, Michigan. It is dedicated to the advancement of the Perl and Raku programming languages through open discussion, collaboration, design, and code. The Perl Foundation fulfills a range of activities which includes, "the collection and distribution of development grants, sponsorship and organization of community-led local and international Perl conferences, and support for community web sites and user groups."

Products
64
CVEs
128
Across products
111
Status
Private

Products

64
View all 64 products →

Recent CVEs

128
View all 128 CVEs →
  • CVE-2018-6913CriApr 17, 2018
    risk 0.65cvss 9.8epss 0.11

    Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

  • CVE-2024-55564CriDec 9, 2024
    risk 0.64cvss 9.8epss 0.00

    The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow.

  • CVE-2018-6797CriApr 17, 2018
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

  • CVE-2008-7319CriNov 7, 2017
    risk 0.64cvss 9.8epss 0.06

    The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input…

  • CVE-2017-12814CriSep 28, 2017
    risk 0.64cvss 9.8epss 0.07

    Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.

  • CVE-2017-10788CriJul 1, 2017
    risk 0.64cvss 9.8epss 0.05

    The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection…

  • CVE-2017-10672CriJun 29, 2017
    risk 0.64cvss 9.8epss 0.08

    Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.

  • CVE-2015-8608CriFeb 7, 2017
    risk 0.64cvss 9.8epss 0.05

    The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

  • CVE-2017-12883CriSep 19, 2017
    risk 0.60cvss 9.1epss 0.06

    Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid…

  • CVE-2026-50638CriJun 10, 2026
    risk 0.59cvss 9.1epss 0.00

    Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends…

  • CVE-2021-47155CriMar 18, 2024
    risk 0.59cvss 9.1epss 0.01

    The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

  • CVE-2016-9180CriDec 22, 2016
    risk 0.59cvss 9.1epss 0.04

    perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.

  • CVE-2026-9698CriJun 9, 2026
    risk 0.57cvss 9.8epss 0.00

    DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an…

  • CVE-2026-10879CriJun 5, 2026
    risk 0.57cvss 9.8epss 0.00

    DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. …

  • CVE-2026-8376CriMay 26, 2026
    risk 0.57cvss 9.8epss 0.00

    Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified…

  • CVE-2026-4176CriMar 29, 2026
    risk 0.57cvss 9.8epss 0.01

    Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a…

  • CVE-2015-8949CriAug 19, 2016
    risk 0.57cvss 9.8epss 0.04

    Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.

  • CVE-2014-9906CriAug 19, 2016
    risk 0.57cvss 9.8epss 0.06

    Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.

  • CVE-2026-12087CriJun 15, 2026
    risk 0.52cvss 9.1epss 0.00

    Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both…

  • CVE-2016-6185HigAug 2, 2016
    risk 0.51cvss 7.8epss 0.01

    The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.