CVSS: 7.5EPSS: 7%CPEs: 2EXPL: 0CVE-2015-8853 – Ubuntu Security Notice USN-3625-1.tt
https://notcve.org/view.php?id=CVE-2015-8853
25 May 2016 — The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80." Las funciones (1) S_reghop3, (2) S_reghop4 y (3) S_reghopmaybe3 en regexec.c en Perl en versiones anteriores a 5.24.0 permiten a atacantes dependientes del contexto provocar una denegación de servicio (bucle infinito) a través de datos utf-8 manipulados, según lo demostrado por ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2015-8608 – Perl 5.22 VDir::MapPathA/W Out-Of-Bounds Reads / Buffer Over-Reads
https://notcve.org/view.php?id=CVE-2015-8608
11 Apr 2016 — The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument. Las funciones VDir::MapPathA y VDir::MapPathW en Perl 5.22 permiten a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) y posiblemente ejecutar código arbitrario a través de un argumento (1) letra de unidad o (2) pInName manipulados. • https://packetstorm.news/files/id/136649 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 18%CPEs: 19EXPL: 0CVE-2016-2381 – Gentoo Linux Security Advisory 201701-75
https://notcve.org/view.php?id=CVE-2016-2381
02 Mar 2016 — Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. Perl podría permitir a atacantes dependientes de contexto eludir los mecanismos de protección taint en un proceso hijo a través de variables de entorno duplicadas en envp. Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears... • http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html • CWE-20: Improper Input Validation •