Page 10 of 61 results (0.010 seconds)

CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 4

CVE-2011-0761 – Perl 5.10 - Multiple Null Pointer Dereference Denial of Service Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-0761

Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call. Perl v5.10.x permite a atacantes dependientes de contexto provocar una denegación del servicio (desreferencia a un puntero NULL y bloqueo de la aplicación) elevando una habilidad para inyectar argumentos en una llamada a la función (1) "getpeername", (2) "readdir", (3) "closedir", (4) "getsockname", (5) "rewinddir", (6) "tell", o (7) "telldir". • https://www.exploit-db.com/exploits/35725 http://securityreason.com/securityalert/8248 http://securitytracker.com/id?1025507 http://www.securityfocus.com/archive/1/517916/100/0/threaded http://www.securityfocus.com/bid/47766 http://www.toucan-system.com/advisories/tssa-2011-03.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/67355 •

CVSS: 5.0EPSS: 1%CPEs: 40EXPL: 6

CVE-2011-1487 – Perl 5.x - 'lc()' / 'uc()' TAINT Mode Protection Security Bypass

https://notcve.org/view.php?id=CVE-2011-1487

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. Las funciones (1) lc, (2) lcfirst, (3) uc, y (4) ucfirst en Perl v5.10.x, v5.11.x, y v5.12.x hasta v5.12.3, y v5.13.x hasta v5.13.11, no aplica el atributo taint para devolver el valor sobre el proceso de entrada tainted, lo que puede permitir a atacantes dependientes del contexto evitar el mecanismo de protección de taint a través de una cadena manipulada. • https://www.exploit-db.com/exploits/35554 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://openwall.com/lists/oss-security/2011/04/01/3 http://openwall.com/lists/oss-security/2011/04/04/35 http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99 http://rt.perl.org/rt3/Publ • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 0

CVE-2010-1168 – Safe: Intended restriction bypass via object references

https://notcve.org/view.php?id=CVE-2010-1168

The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods." El módulo Safe (Safe.pm) en versiones anteriores a la v2.25 de Perl permite a atacantes, dependiendo del contexto, evitar las restricciones de acceso previstas (1) Safe::reval y (2) Safe::rdo, e inyectar y ejecutar código de su elección, a través de vectores de ataque que involucran métodos llamados implícitamente y objetos implícitamente "blessed", como se ha demostrado por los métodos (a) DESTROY y (b) AUTOLOAD. Relacionado con los "automagic methods". • http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 http://secunia.com/advisories/40049 http://secunia.com/advisories/40052 http://secunia.com/advisories/42402 http://securitytracker.com/id? • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 1

CVE-2010-1158

https://notcve.org/view.php?id=CVE-2010-1158

Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string. Desbordamiento de entero en el motor de expresiones regulares de Perl v5.8.x permite a atacantes dependiendo del contexto provocar una denegación de servicio (consumo de la pila y caída de la aplicación) cotejando una expresión regular modificada contra una cadena de texto extensa. • http://bugs.gentoo.org/show_bug.cgi?id=313565 http://perldoc.perl.org/perl5100delta.html http://secunia.com/advisories/55314 http://www.openwall.com/lists/oss-security/2010/04/08/9 http://www.openwall.com/lists/oss-security/2010/04/14/3 https://bugzilla.redhat.com/show_bug.cgi?id=580605 • CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

CVE-2009-3626

https://notcve.org/view.php?id=CVE-2009-3626

Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match. Perl v5.10.1 permite a atacantes dependientes de contexto producir una denegación de servicio (caida de aplicación) a través de un carácter UTF-8 con un codepoint largo invalido, lo que no es adecuadamente gestionado cuando se produce una coincidencia de expresiones regulares. • http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4 http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973 http://rt.perl.org/rt3/Ticket/Attachment/617489/295383 http://secunia.com/advisories/37144 http://securitytracker.com/id?1023077 http://www.openwall.com/lists/oss-security/2009/10/23/8 http://www.osvdb.org/59283 http://www.securityfocus.com/bid/36812 http://www.vupen.com/english/advisories/2009/3023 https://exchange.xforce.ibmcloud.com •