CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2008-1927 – perl: heap corruption by regular expressions with utf8 characters
https://notcve.org/view.php?id=CVE-2008-1927
23 Apr 2008 — Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems. Vulnerabilidad de doble liberacioón en Perl 5.8.8 permite a los atacantes, dependiendo del contexto, causar una denegación de servicio (corrupción de memoria y caida) a través de expresiones regulares manipuladas conteniendo caracteres UTF8. NOTE: ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 52EXPL: 0CVE-2006-7225 – pcre miscalculation of memory requirements for malformed Posix character class
https://notcve.org/view.php?id=CVE-2006-7225
03 Dec 2007 — Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence. La biblioteca Perl-Compatible Regular Expression (PCRE) versiones anteriores a 6.7 permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio (error o caída) mediante una expresión regular qu... • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-3962
https://notcve.org/view.php?id=CVE-2005-3962
01 Dec 2005 — Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. • ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 1CVE-2005-1349 – Convert-UUlib 1.04/1.05 Perl Module - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-1349
28 Apr 2005 — Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation. • https://www.exploit-db.com/exploits/25547 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0618
https://notcve.org/view.php?id=CVE-2003-0618
25 Mar 2004 — Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions. Múltiples vulnerabilidades en suidperl 5.6.1 y anteriores permiten a un usuario local obtener información sensible sobre ficheros para los que el usuario no tiene permisos adecuados. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203426 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2003-1365
https://notcve.org/view.php?id=CVE-2003-1365
31 Dec 2003 — The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0065.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-2131
https://notcve.org/view.php?id=CVE-2002-2131
31 Dec 2002 — Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows remote attackers to view arbitrary files via a .. (dot dot) in an unknown argument. • http://citrustech.net/~chrisj/perl-httpd/INFO.txt •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2002-1271
https://notcve.org/view.php?id=CVE-2002-1271
12 Nov 2002 — The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx. El módulo Perl Mail:Mailer en el paquete perl-MailTools 1.47 y anteriores usa mailx como el programa de correo por defecto, lo que permite a atacantes remotos ejecutar comandos arbitrarios insertándolos en el cuerpo del correo, que es entonces procesado por mailx • http://marc.info/?l=bugtraq&m=103659723101369&w=2 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-1999-1386
https://notcve.org/view.php?id=CVE-1999-1386
31 Dec 1999 — Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file. • http://marc.info/?l=bugtraq&m=88932165406213&w=2 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •