CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-1246 – Gentoo Linux Security Advisory 201701-51
https://notcve.org/view.php?id=CVE-2016-1246
03 Oct 2016 — Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message. Desbordamiento de búfer en el módulo DBD::mysql en versiones anteriores a 4.037 para Perl permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) a través de vectores relacionados con un mensaje de error. It was discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacke... • http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 253EXPL: 0CVE-2016-1238 – Gentoo Linux Security Advisory 201812-07
https://notcve.org/view.php?id=CVE-2016-1238
25 Jul 2016 — (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Modul... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1CVE-2016-6185 – Ubuntu Security Notice USN-3625-1.tt
https://notcve.org/view.php?id=CVE-2016-6185
25 Jul 2016 — The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. El método XSLoader::load en XSLoader en Perl no localiza adecuadamente archivos .so cuando se le llama en una cadena eval, lo que podría permitir a usuarios locales ejecutar código arbitrario a través de una librería Troyano bajo el directorio de trabajo actual. It was discovered ... • http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 •
CVSS: 7.5EPSS: 10%CPEs: 2EXPL: 0CVE-2015-8853 – Ubuntu Security Notice USN-3625-1.tt
https://notcve.org/view.php?id=CVE-2015-8853
25 May 2016 — The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80." Las funciones (1) S_reghop3, (2) S_reghop4 y (3) S_reghopmaybe3 en regexec.c en Perl en versiones anteriores a 5.24.0 permiten a atacantes dependientes del contexto provocar una denegación de servicio (bucle infinito) a través de datos utf-8 manipulados, según lo demostrado por ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2015-8608 – Perl 5.22 VDir::MapPathA/W Out-Of-Bounds Reads / Buffer Over-Reads
https://notcve.org/view.php?id=CVE-2015-8608
11 Apr 2016 — The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument. Las funciones VDir::MapPathA y VDir::MapPathW en Perl 5.22 permiten a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) y posiblemente ejecutar código arbitrario a través de un argumento (1) letra de unidad o (2) pInName manipulados. • https://packetstorm.news/files/id/136649 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 30%CPEs: 19EXPL: 0CVE-2016-2381 – Gentoo Linux Security Advisory 201701-75
https://notcve.org/view.php?id=CVE-2016-2381
02 Mar 2016 — Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. Perl podría permitir a atacantes dependientes de contexto eludir los mecanismos de protección taint en un proceso hijo a través de variables de entorno duplicadas en envp. Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears... • http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 0CVE-2015-8607 – Gentoo Linux Security Advisory 201701-75
https://notcve.org/view.php?id=CVE-2015-8607
11 Jan 2016 — The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. La función canonpath en el módulo File::Spec en PathTools en versiones anteriores a 3.62, tal como se utiliza en Perl, no mantiene adecuadamente el atributo taint de los datos, lo que podría permitir a atacantes dependientes de contexto eludir los mecanism... • http://cpansearch.perl.org/src/RJBS/PathTools-3.62/Changes • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-7422 – Gentoo Linux Security Advisory 201507-11
https://notcve.org/view.php?id=CVE-2013-7422
10 Jul 2015 — Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. Desbordamiento inferior de enteros en regcomp.c en Perl en versiones anteriores a 5.20, tal como se utiliza en Apple OS X en versiones anteriores a 10.10.5 y otros productos, permite a atacantes depe... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7329
https://notcve.org/view.php?id=CVE-2013-7329
06 Oct 2014 — The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function. El módulo CGI::Application, en versiones anteriores a la 4.50_50 y 4.50_51 para Perl, cuando no se especifican los modos de ejecución, permite que atacantes remotos obtengan información sensible (consultas web y detalles del entorno) mediante vectores relacionados con la ... • http://lists.fedoraproject.org/pipermail/package-announce/2014-March/129436.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 5CVE-2014-4330 – Mandriva Linux Security Advisory 2014-199
https://notcve.org/view.php?id=CVE-2014-4330
25 Sep 2014 — The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. El método Dumper en Data::Dumper anterior a 2.154, utilizado en Perl 5.20.1 y anteriores, permite a atacantes dependientes de contexto causar una denegación de servicio (consumo de la pila y caída) a tr... • https://packetstorm.news/files/id/128422 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •