Vendor CVEs
Perl Foundation
All CVEs
128 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-1349 | 0.04 | — | 0.13 | May 2, 2005 | Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation. | |||
| CVE-2004-1096 | 0.04 | — | 0.17 | Jan 10, 2005 | Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on… | |||
| CVE-2010-4777 | 0.03 | — | 0.06 | Feb 10, 2014 | The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly… | |||
| CVE-2008-2827 | 0.03 | — | 0.01 | Jun 23, 2008 | The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452. | |||
| CVE-2005-0155 | 0.03 | — | 0.01 | May 2, 2005 | The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable. | |||
| CVE-2005-0156 | 0.03 | — | 0.01 | Feb 7, 2005 | Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. | |||
| CVE-2000-0703 | 0.03 | — | 0.01 | Oct 20, 2000 | suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape… | |||
| CVE-1999-0034 | 0.03 | — | 0.01 | May 29, 1997 | Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. | |||
| CVE-2022-48522 | 0.01 | — | 0.02 | Aug 22, 2023 | In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. | |||
| CVE-2020-10543 | 0.01 | — | 0.11 | Jun 5, 2020 | Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. | |||
| CVE-2018-18313 | 0.01 | — | 0.09 | Dec 7, 2018 | Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. | |||
| CVE-2018-18311 | 0.01 | — | 0.12 | Dec 7, 2018 | Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||
| CVE-2018-18312 | 0.01 | — | 0.12 | Dec 5, 2018 | Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||
| CVE-2012-6329 | 0.01 | — | 0.62 | Jan 4, 2013 | The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands… | |||
| CVE-2004-0377 | 0.01 | — | 0.07 | May 4, 2004 | Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character. | |||
| CVE-2026-56018 | 0.00 | — | — | Jun 30, 2026 | JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(), allowing unbounded memory growth. In JsMinify (XS.xs) the cleanup frees only the NodeSet structures and never the per-token contents buffers allocated in JsSetNodeContents;… | |||
| CVE-2026-13593 | 0.00 | — | — | Jun 30, 2026 | CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when processing a document containing only characters to be removed, such as comments and whitespace. | |||
| CVE-2026-11625 | 0.00 | — | 0.00 | Jun 27, 2026 | Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random… | |||
| CVE-2026-2474 | 0.00 | — | 0.00 | Feb 16, 2026 | Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom(). The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression… | |||
| CVE-2024-56406 | 0.00 | — | 0.00 | Apr 13, 2025 | A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can… | |||
| CVE-2025-1828 | 0.00 | — | 0.00 | Mar 10, 2025 | Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will… | |||
| CVE-2024-45321 | 0.00 | — | 0.01 | Aug 27, 2024 | The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. | |||
| CVE-2023-47039 | 0.00 | — | 0.00 | Jan 2, 2024 | A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe`… | |||
| CVE-2023-47038 | 0.00 | — | 0.01 | Dec 18, 2023 | A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. | |||
| CVE-2021-36770 | 0.00 | — | 0.01 | Aug 11, 2021 | Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021… | |||
| CVE-2021-29424 | 0.00 | — | 0.02 | Mar 29, 2021 | The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. | |||
| CVE-2019-20919 | 0.00 | — | 0.01 | Sep 17, 2020 | An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. | |||
| CVE-2014-10402 | 0.00 | — | 0.00 | Sep 16, 2020 | An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. | |||
| CVE-2020-14393 | 0.00 | — | 0.01 | Sep 16, 2020 | A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. | |||
| CVE-2020-14392 | 0.00 | — | 0.01 | Sep 16, 2020 | An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. | |||
| CVE-2014-10401 | 0.00 | — | 0.00 | Sep 11, 2020 | An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute. | |||
| CVE-2013-7490 | 0.00 | — | 0.03 | Sep 11, 2020 | An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. | |||
| CVE-2013-7491 | 0.00 | — | 0.03 | Sep 11, 2020 | An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated. | |||
| CVE-2020-12723 | 0.00 | — | 0.06 | Jun 5, 2020 | regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. | |||
| CVE-2020-10878 | 0.00 | — | 0.05 | Jun 5, 2020 | Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. | |||
| CVE-2011-4117 | 0.00 | — | 0.01 | Jan 31, 2020 | The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files. | |||
| CVE-2011-1933 | 0.00 | — | 0.02 | Nov 26, 2019 | SQL injection vulnerability in Jifty::DBI before 0.68. | |||
| CVE-2018-18314 | 0.00 | — | 0.06 | Dec 7, 2018 | Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||
| CVE-2015-7686 | 0.00 | — | 0.03 | Oct 6, 2015 | Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters… | |||
| CVE-2013-7422 | 0.00 | — | 0.03 | Aug 16, 2015 | Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid… | |||
| CVE-2015-3408 | 0.00 | — | 0.06 | May 19, 2015 | Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest. | |||
| CVE-2013-7329 | 0.00 | — | 0.02 | Oct 6, 2014 | The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function. | |||
| CVE-2014-4330 | 0.00 | — | 0.01 | Sep 30, 2014 | The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive… | |||
| CVE-2012-6143 | 0.00 | — | 0.03 | Jun 4, 2014 | Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized. | |||
| CVE-2013-7135 | 0.00 | — | 0.00 | Jan 28, 2014 | The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file. | |||
| CVE-2013-1667 | 0.00 | — | 0.04 | Mar 14, 2013 | The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. | |||
| CVE-2011-2728 | 0.00 | — | 0.01 | Dec 21, 2012 | The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference. | |||
| CVE-2012-5195 | 0.00 | — | 0.05 | Dec 18, 2012 | Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via… | |||
| CVE-2012-5526 | 0.00 | — | 0.03 | Nov 21, 2012 | CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. | |||
| CVE-2012-1152 | 0.00 | — | 0.02 | Sep 9, 2012 | Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to… |
- CVE-2005-1349May 2, 2005risk 0.04cvss —epss 0.13
Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.
- CVE-2004-1096Jan 10, 2005risk 0.04cvss —epss 0.17
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on…
- CVE-2010-4777Feb 10, 2014risk 0.03cvss —epss 0.06
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly…
- CVE-2008-2827Jun 23, 2008risk 0.03cvss —epss 0.01
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.
- CVE-2005-0155May 2, 2005risk 0.03cvss —epss 0.01
The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.
- CVE-2005-0156Feb 7, 2005risk 0.03cvss —epss 0.01
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
- CVE-2000-0703Oct 20, 2000risk 0.03cvss —epss 0.01
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape…
- CVE-1999-0034May 29, 1997risk 0.03cvss —epss 0.01
Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.
- CVE-2022-48522Aug 22, 2023risk 0.01cvss —epss 0.02
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
- CVE-2020-10543Jun 5, 2020risk 0.01cvss —epss 0.11
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
- CVE-2018-18313Dec 7, 2018risk 0.01cvss —epss 0.09
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
- CVE-2018-18311Dec 7, 2018risk 0.01cvss —epss 0.12
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
- CVE-2018-18312Dec 5, 2018risk 0.01cvss —epss 0.12
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
- CVE-2012-6329Jan 4, 2013risk 0.01cvss —epss 0.62
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands…
- CVE-2004-0377May 4, 2004risk 0.01cvss —epss 0.07
Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.
- CVE-2026-56018Jun 30, 2026risk 0.00cvss —epss —
JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(), allowing unbounded memory growth. In JsMinify (XS.xs) the cleanup frees only the NodeSet structures and never the per-token contents buffers allocated in JsSetNodeContents;…
- CVE-2026-13593Jun 30, 2026risk 0.00cvss —epss —
CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when processing a document containing only characters to be removed, such as comments and whitespace.
- CVE-2026-11625Jun 27, 2026risk 0.00cvss —epss 0.00
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random…
- CVE-2026-2474Feb 16, 2026risk 0.00cvss —epss 0.00
Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom(). The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression…
- CVE-2024-56406Apr 13, 2025risk 0.00cvss —epss 0.00
A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can…
- CVE-2025-1828Mar 10, 2025risk 0.00cvss —epss 0.00
Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will…
- CVE-2024-45321Aug 27, 2024risk 0.00cvss —epss 0.01
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.
- CVE-2023-47039Jan 2, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe`…
- CVE-2023-47038Dec 18, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
- CVE-2021-36770Aug 11, 2021risk 0.00cvss —epss 0.01
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021…
- CVE-2021-29424Mar 29, 2021risk 0.00cvss —epss 0.02
The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
- CVE-2019-20919Sep 17, 2020risk 0.00cvss —epss 0.01
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
- CVE-2014-10402Sep 16, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.
- CVE-2020-14393Sep 16, 2020risk 0.00cvss —epss 0.01
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.
- CVE-2020-14392Sep 16, 2020risk 0.00cvss —epss 0.01
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.
- CVE-2014-10401Sep 11, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.
- CVE-2013-7490Sep 11, 2020risk 0.00cvss —epss 0.03
An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.
- CVE-2013-7491Sep 11, 2020risk 0.00cvss —epss 0.03
An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.
- CVE-2020-12723Jun 5, 2020risk 0.00cvss —epss 0.06
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
- CVE-2020-10878Jun 5, 2020risk 0.00cvss —epss 0.05
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
- CVE-2011-4117Jan 31, 2020risk 0.00cvss —epss 0.01
The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files.
- CVE-2011-1933Nov 26, 2019risk 0.00cvss —epss 0.02
SQL injection vulnerability in Jifty::DBI before 0.68.
- CVE-2018-18314Dec 7, 2018risk 0.00cvss —epss 0.06
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
- CVE-2015-7686Oct 6, 2015risk 0.00cvss —epss 0.03
Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters…
- CVE-2013-7422Aug 16, 2015risk 0.00cvss —epss 0.03
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid…
- CVE-2015-3408May 19, 2015risk 0.00cvss —epss 0.06
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.
- CVE-2013-7329Oct 6, 2014risk 0.00cvss —epss 0.02
The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.
- CVE-2014-4330Sep 30, 2014risk 0.00cvss —epss 0.01
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive…
- CVE-2012-6143Jun 4, 2014risk 0.00cvss —epss 0.03
Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.
- CVE-2013-7135Jan 28, 2014risk 0.00cvss —epss 0.00
The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.
- CVE-2013-1667Mar 14, 2013risk 0.00cvss —epss 0.04
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
- CVE-2011-2728Dec 21, 2012risk 0.00cvss —epss 0.01
The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.
- CVE-2012-5195Dec 18, 2012risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via…
- CVE-2012-5526Nov 21, 2012risk 0.00cvss —epss 0.03
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
- CVE-2012-1152Sep 9, 2012risk 0.00cvss —epss 0.02
Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to…
Page 2 of 3