VYPR

Vendor CVEs

Perl Foundation

All CVEs

128 total · sorted by risk
  • CVE-2012-1151Sep 9, 2012
    risk 0.00cvss epss 0.03

    Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the…

  • CVE-2011-5060Jan 13, 2012
    risk 0.00cvss epss 0.00

    The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed…

  • CVE-2011-2939Jan 13, 2012
    risk 0.00cvss epss 0.03

    Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based…

  • CVE-2011-4616Jan 6, 2012
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters.

  • CVE-2011-0633May 13, 2011
    risk 0.00cvss epss 0.04

    The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote…

  • CVE-2010-4334Jan 14, 2011
    risk 0.00cvss epss 0.02

    The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.

  • CVE-2010-4410Dec 6, 2010
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters…

  • CVE-2010-2761Dec 6, 2010
    risk 0.00cvss epss 0.03

    The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP…

  • CVE-2010-1168Jun 21, 2010
    risk 0.00cvss epss 0.04

    The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects,…

  • CVE-2010-1447May 19, 2010
    risk 0.00cvss epss 0.03

    The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers…

  • CVE-2010-1158Apr 20, 2010
    risk 0.00cvss epss 0.02

    Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.

  • CVE-2009-3626Oct 29, 2009
    risk 0.00cvss epss 0.02

    Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.

  • CVE-2009-1884Aug 19, 2009
    risk 0.00cvss epss 0.02

    Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a…

  • CVE-2009-0663Apr 30, 2009
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.

  • CVE-2008-5303Dec 1, 2008
    risk 0.00cvss epss 0.00

    Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error…

  • CVE-2008-5302Dec 1, 2008
    risk 0.00cvss epss 0.00

    Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this…

  • CVE-2008-1927Apr 24, 2008
    risk 0.00cvss epss 0.03

    Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.

  • CVE-2006-7225Dec 3, 2007
    risk 0.00cvss epss 0.02

    Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence.

  • CVE-2007-5116Nov 7, 2007
    risk 0.00cvss epss 0.05

    Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

  • CVE-2005-4278Dec 16, 2005
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.

  • CVE-2005-3962Dec 1, 2005
    risk 0.00cvss epss 0.01

    Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a…

  • CVE-2005-0448May 2, 2005
    risk 0.00cvss epss 0.00

    Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.

  • CVE-2005-0077May 2, 2005
    risk 0.00cvss epss 0.00

    The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

  • CVE-2004-0452Dec 21, 2004
    risk 0.00cvss epss 0.00

    Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.

  • CVE-2003-0618May 4, 2004
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions.

  • CVE-2003-0900Dec 31, 2003
    risk 0.00cvss epss 0.01

    Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.

  • CVE-2003-1365Dec 31, 2003
    risk 0.00cvss epss 0.02

    The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write…

  • CVE-1999-0150Jul 1, 1997
    risk 0.00cvss epss 0.04

    The Perl fingerd program allows arbitrary command execution from remote users.

Page 3 of 3