Filtered by vendor Perl
Subscriptions
Total
68 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-55564 | 1 Perl | 1 Posix 2028 | 2024-12-09 | 9.8 Critical |
The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow. | ||||
CVE-2024-45321 | 3 App\, Perl, Redhat | 3 \, Cpanminus, Enterprise Linux | 2024-12-05 | 9.8 Critical |
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. | ||||
CVE-2023-31486 | 3 Http\, Perl, Redhat | 4 \, Perl, Enterprise Linux and 1 more | 2024-11-29 | 8.1 High |
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. | ||||
CVE-2023-47038 | 2 Perl, Redhat | 2 Perl, Enterprise Linux | 2024-11-27 | 7 High |
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. | ||||
CVE-2023-47100 | 1 Perl | 1 Perl | 2024-11-21 | 9.8 Critical |
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. | ||||
CVE-2023-47039 | 3 Microsoft, Perl, Redhat | 3 Windows, Perl, Enterprise Linux | 2024-11-21 | 7.8 High |
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations. | ||||
CVE-2023-31484 | 3 Cpanpm Project, Perl, Redhat | 3 Cpanpm, Perl, Enterprise Linux | 2024-11-21 | 8.1 High |
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. | ||||
CVE-2022-48522 | 1 Perl | 1 Perl | 2024-11-21 | 9.8 Critical |
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. | ||||
CVE-2021-36770 | 3 Fedoraproject, P5-encode Project, Perl | 3 Fedora, P5-encode, Perl | 2024-11-21 | 7.8 High |
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value. | ||||
CVE-2020-16156 | 2 Fedoraproject, Perl | 2 Fedora, Comprehensive Perl Archive Network | 2024-11-21 | 7.8 High |
CPAN 2.28 allows Signature Verification Bypass. | ||||
CVE-2020-14393 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 7.1 High |
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. | ||||
CVE-2020-14392 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.5 Medium |
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. | ||||
CVE-2020-12723 | 6 Fedoraproject, Netapp, Opensuse and 3 more | 21 Fedora, Oncommand Workflow Automation, Snap Creator Framework and 18 more | 2024-11-21 | 7.5 High |
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. | ||||
CVE-2020-10878 | 6 Fedoraproject, Netapp, Opensuse and 3 more | 22 Fedora, Oncommand Workflow Automation, Snap Creator Framework and 19 more | 2024-11-21 | 8.6 High |
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. | ||||
CVE-2020-10543 | 5 Fedoraproject, Opensuse, Oracle and 2 more | 20 Fedora, Leap, Communications Billing And Revenue Management and 17 more | 2024-11-21 | 8.2 High |
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. | ||||
CVE-2019-20919 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 4.7 Medium |
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. | ||||
CVE-2018-6913 | 3 Canonical, Debian, Perl | 3 Ubuntu Linux, Debian Linux, Perl | 2024-11-21 | N/A |
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. | ||||
CVE-2018-6798 | 4 Canonical, Debian, Perl and 1 more | 6 Ubuntu Linux, Debian Linux, Perl and 3 more | 2024-11-21 | N/A |
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. | ||||
CVE-2018-6797 | 4 Canonical, Debian, Perl and 1 more | 6 Ubuntu Linux, Debian Linux, Perl and 3 more | 2024-11-21 | N/A |
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written. | ||||
CVE-2018-18314 | 5 Canonical, Debian, Netapp and 2 more | 9 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 6 more | 2024-11-21 | N/A |
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. |