CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1CVE-2016-6185 – Ubuntu Security Notice USN-3625-1.tt
https://notcve.org/view.php?id=CVE-2016-6185
25 Jul 2016 — The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. El método XSLoader::load en XSLoader en Perl no localiza adecuadamente archivos .so cuando se le llama en una cadena eval, lo que podría permitir a usuarios locales ejecutar código arbitrario a través de una librería Troyano bajo el directorio de trabajo actual. It was discovered ... • http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 •
CVSS: 7.8EPSS: 0%CPEs: 253EXPL: 0CVE-2016-1238 – Gentoo Linux Security Advisory 201812-07
https://notcve.org/view.php?id=CVE-2016-1238
25 Jul 2016 — (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Modul... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 10%CPEs: 2EXPL: 0CVE-2015-8853 – Ubuntu Security Notice USN-3625-1.tt
https://notcve.org/view.php?id=CVE-2015-8853
25 May 2016 — The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80." Las funciones (1) S_reghop3, (2) S_reghop4 y (3) S_reghopmaybe3 en regexec.c en Perl en versiones anteriores a 5.24.0 permiten a atacantes dependientes del contexto provocar una denegación de servicio (bucle infinito) a través de datos utf-8 manipulados, según lo demostrado por ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2015-8608 – Perl 5.22 VDir::MapPathA/W Out-Of-Bounds Reads / Buffer Over-Reads
https://notcve.org/view.php?id=CVE-2015-8608
11 Apr 2016 — The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument. Las funciones VDir::MapPathA y VDir::MapPathW en Perl 5.22 permiten a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) y posiblemente ejecutar código arbitrario a través de un argumento (1) letra de unidad o (2) pInName manipulados. • https://packetstorm.news/files/id/136649 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 12%CPEs: 19EXPL: 0CVE-2016-2381 – Gentoo Linux Security Advisory 201701-75
https://notcve.org/view.php?id=CVE-2016-2381
02 Mar 2016 — Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. Perl podría permitir a atacantes dependientes de contexto eludir los mecanismos de protección taint en un proceso hijo a través de variables de entorno duplicadas en envp. Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears... • http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 0CVE-2015-8607 – Gentoo Linux Security Advisory 201701-75
https://notcve.org/view.php?id=CVE-2015-8607
11 Jan 2016 — The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. La función canonpath en el módulo File::Spec en PathTools en versiones anteriores a 3.62, tal como se utiliza en Perl, no mantiene adecuadamente el atributo taint de los datos, lo que podría permitir a atacantes dependientes de contexto eludir los mecanism... • http://cpansearch.perl.org/src/RJBS/PathTools-3.62/Changes • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-7422 – Gentoo Linux Security Advisory 201507-11
https://notcve.org/view.php?id=CVE-2013-7422
10 Jul 2015 — Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. Desbordamiento inferior de enteros en regcomp.c en Perl en versiones anteriores a 5.20, tal como se utiliza en Apple OS X en versiones anteriores a 10.10.5 y otros productos, permite a atacantes depe... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7329
https://notcve.org/view.php?id=CVE-2013-7329
06 Oct 2014 — The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function. El módulo CGI::Application, en versiones anteriores a la 4.50_50 y 4.50_51 para Perl, cuando no se especifican los modos de ejecución, permite que atacantes remotos obtengan información sensible (consultas web y detalles del entorno) mediante vectores relacionados con la ... • http://lists.fedoraproject.org/pipermail/package-announce/2014-March/129436.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 5CVE-2014-4330 – Mandriva Linux Security Advisory 2014-199
https://notcve.org/view.php?id=CVE-2014-4330
25 Sep 2014 — The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. El método Dumper en Data::Dumper anterior a 2.154, utilizado en Perl 5.20.1 y anteriores, permite a atacantes dependientes de contexto causar una denegación de servicio (consumo de la pila y caída) a tr... • https://packetstorm.news/files/id/128422 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 3EXPL: 1CVE-2010-4777 – Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-4777
10 Feb 2014 — The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash. La función Perl_reg_numbered_buff_fetch en Perl 5.10.0, 5.12.0, 5.14.0 y otras versiones, cuando funciona con debugging ac... • https://www.exploit-db.com/exploits/35489 • CWE-20: Improper Input Validation •