CVSS: 9.8EPSS: 5%CPEs: 40EXPL: 6CVE-2011-1487 – Perl 5.x - 'lc()' / 'uc()' TAINT Mode Protection Security Bypass
https://notcve.org/view.php?id=CVE-2011-1487
11 Apr 2011 — The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. Las funciones (1) lc, (2) lcfirst, (3) uc, y (4) ucfirst en Perl v5.10.x, v5.11.x, y v5.12.x hasta v5.12.3, y v5.13.x hasta v5.13.11, no aplica el atributo taint para devolver el va... • https://www.exploit-db.com/exploits/35554 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 3%CPEs: 16EXPL: 0CVE-2010-1168 – Safe: Intended restriction bypass via object references
https://notcve.org/view.php?id=CVE-2010-1168
21 Jun 2010 — The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods." El módulo Safe (Safe.pm) en versiones anteriores a la v2.25 de Perl permite a atacantes, dependiendo del contexto, evitar las restricciones ... • http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2010-1158 – Gentoo Linux Security Advisory 201311-17
https://notcve.org/view.php?id=CVE-2010-1158
20 Apr 2010 — Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string. Desbordamiento de entero en el motor de expresiones regulares de Perl v5.8.x permite a atacantes dependiendo del contexto provocar una denegación de servicio (consumo de la pila y caída de la aplicación) cotejando una expresión regular modificada contra una cadena de texto exte... • http://bugs.gentoo.org/show_bug.cgi?id=313565 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2009-3626
https://notcve.org/view.php?id=CVE-2009-3626
29 Oct 2009 — Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match. Perl v5.10.1 permite a atacantes dependientes de contexto producir una denegación de servicio (caida de aplicación) a través de un carácter UTF-8 con un codepoint largo invalido, lo que no es adecuadamente gestionado cuando se produce una coincidencia de expresiones regulares. • http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4 •
CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 0CVE-2009-1884
https://notcve.org/view.php?id=CVE-2009-1884
19 Aug 2009 — Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391. Error de superación de límite (Off-by-one) en la función bzinflate en Bzip2.xs en el módulo Compress-Raw-Bzip2 anterior a v2.018 para Perl permite a atacantes dependientes de contexto producir una denegaci... • http://secunia.com/advisories/36386 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2009-0663 – perl-DBD-Pg: pg_getline buffer overflow
https://notcve.org/view.php?id=CVE-2009-0663
30 Apr 2009 — Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. Desbordamiento de búfer basado en pila en el módulo DBD::Pg (alias DBD-Pg o libdbd-pg-perl) v1.49 para Perl podría permitir a atacantes, dependiendo del contexto, ejecutar código arbitrario a través de una entrada sin especificar a una aplica... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2009-0129
https://notcve.org/view.php?id=CVE-2009-0129
15 Jan 2009 — libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. libcrypt-openssl-dsa-perl no comprueba adecuadamente el valor de retorno de las funciones OpenSSL_DSA_verify y DSA_do_verify, lo que permitiria a atacantes remotos evitar la validacion de la cadena de certificados a traves de una ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 3CVE-2008-5302 – perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
https://notcve.org/view.php?id=CVE-2008-5302
01 Dec 2008 — Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions. Condición de carrera en la función rmtree de File::Path 1.08 y 2.07 (lib/File/Path.pm) en Perl 5.8.8 y 5.10.0 permite a usuar... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2008-5303 – perl: File:: Path rmtree race condition (CVE-2004-0452) reintroduced after upstream rebase to 5.8.8-1
https://notcve.org/view.php?id=CVE-2008-5303
01 Dec 2008 — Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions. Condición de carrera en la función rmtree en File::Path 1.08 (lib/File/Path.pm) en Perl 5.8.8 permite a usuarios locales borrar archivos arbitrarios a t... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2008-2827 – Perl - 'rmtree()' Function Local Insecure Permissions
https://notcve.org/view.php?id=CVE-2008-2827
23 Jun 2008 — The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452. La función rmtree en lib/File/Path.pm de Perl 5.10 no comprueba correctamente los permisos antes de realizar chmod, lo que permite a usuarios locales modificar los permisos de archivos de su elección mediante un ataque de enlaces simbólicos... • https://www.exploit-db.com/exploits/31959 • CWE-264: Permissions, Privileges, and Access Controls •