CVSS: 10.0EPSS: 1%CPEs: 61EXPL: 0CVE-2013-1667 – perl: DoS in rehashing code
https://notcve.org/view.php?id=CVE-2013-1667
12 Mar 2013 — The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. El mecanismo de rehash en Perl v5.8.2 a través v5.16.x permite a atacantes dependientes de contexto provocar una denegación de servicio (consumo de memoria y caída) mediante una tecla de almohadilla diseñada. Multiple vulnerabilities have been found in Perl and Locale::Maketext Perl module, the worst of which could allow a context-dependent ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 58%CPEs: 51EXPL: 2CVE-2012-6329 – Foswiki MAKETEXT - Remote Command Execution
https://notcve.org/view.php?id=CVE-2012-6329
04 Jan 2013 — The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6. La función _compile en ... • https://www.exploit-db.com/exploits/23580 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 141EXPL: 0CVE-2011-2728 – Gentoo Linux Security Advisory 201401-11
https://notcve.org/view.php?id=CVE-2011-2728
21 Dec 2012 — The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference. La función bsd_glob en el módulo de archivo ::Glob para Perl antes de v5.14.2 permite a atacantes dependientes de contexto provocar una denegación de servicio (caída) a través de una expresión regular dada con la bandera GLOB_ALTDIRFUNC, lo que desencadena una des... • http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod •
CVSS: 9.8EPSS: 2%CPEs: 176EXPL: 1CVE-2011-2939 – Perl decode_xs heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2011-2939
13 Jan 2012 — Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow. Error "Off-by-one" en la función decode_xs en Unicode/Unicode.xs en el módulo Encode anterior a v2.44, utilizado en Perl anterior a v5.15.6 , podría permitir a atacantes dependientes de contexto causar una denegación d... • http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 3CVE-2008-5302 – perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
https://notcve.org/view.php?id=CVE-2008-5302
01 Dec 2008 — Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions. Condición de carrera en la función rmtree de File::Path 1.08 y 2.07 (lib/File/Path.pm) en Perl 5.8.8 y 5.10.0 permite a usuar... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-3962
https://notcve.org/view.php?id=CVE-2005-3962
01 Dec 2005 — Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. • ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch • CWE-189: Numeric Errors •