CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2016-2381
https://notcve.org/view.php?id=CVE-2016-2381
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. Perl podría permitir a atacantes dependientes de contexto eludir los mecanismos de protección taint en un proceso hijo a través de variables de entorno duplicadas en envp. • http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076 http://www.debian.org/security/2016/dsa-3501 http://www.gossamer-threads.com/lists/perl/porters/326387 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/b • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-8607
https://notcve.org/view.php?id=CVE-2015-8607
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. La función canonpath en el módulo File::Spec en PathTools en versiones anteriores a 3.62, tal como se utiliza en Perl, no mantiene adecuadamente el atributo taint de los datos, lo que podría permitir a atacantes dependientes de contexto eludir los mecanismos de protección taint a través de una cadena manipulada. • http://cpansearch.perl.org/src/RJBS/PathTools-3.62/Changes http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175494.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176228.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html http://www.debian.org/security/2016/dsa-3441 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.securityfocus.com/bid/80504 http://www.securitytracker.com/id/1034772 http:/ • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-7422
https://notcve.org/view.php?id=CVE-2013-7422
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. Desbordamiento inferior de enteros en regcomp.c en Perl en versiones anteriores a 5.20, tal como se utiliza en Apple OS X en versiones anteriores a 10.10.5 y otros productos, permite a atacantes dependientes del contexto ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una cadena larga de dígitos asociados con una referencia inversa no válida dentro de una expresión regular. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06 http://www.securityfocus.com/bid/75704 http://www.ubuntu.com/usn/USN-2916-1 https://security.gentoo.org/glsa/201507-11 https://support.apple.com/kb/HT205031 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7329
https://notcve.org/view.php?id=CVE-2013-7329
The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function. El módulo CGI::Application, en versiones anteriores a la 4.50_50 y 4.50_51 para Perl, cuando no se especifican los modos de ejecución, permite que atacantes remotos obtengan información sensible (consultas web y detalles del entorno) mediante vectores relacionados con la función dump_html. • http://lists.fedoraproject.org/pipermail/package-announce/2014-March/129436.html http://lists.fedoraproject.org/pipermail/package-announce/2014-March/129444.html http://openwall.com/lists/oss-security/2014/02/19/11 http://www.securityfocus.com/bid/65687 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739505 https://bugzilla.redhat.com/show_bug.cgi?id=1067180 https://exchange.xforce.ibmcloud.com/vulnerabilities/91735 https://github.com/markstos/CGI--Application/pull/15 https://rt. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 4CVE-2014-4330 – Perl 5.20.1 Deep Recursion Stack Overflow
https://notcve.org/view.php?id=CVE-2014-4330
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. El método Dumper en Data::Dumper anterior a 2.154, utilizado en Perl 5.20.1 y anteriores, permite a atacantes dependientes de contexto causar una denegación de servicio (consumo de la pila y caída) a través de una referencia de array con muchas referencias de array anidadas, lo que provoca un número grande de llamadas recursivas a la función DD_dump. A stack overflow was discovered when serializing data via the Data::Dumper extension which is part of Perl-Core. By using the "Dumper" method on a large Array-Reference which recursively contains other Array-References, it is possible to cause many recursive calls to the DD_dump native function and ultimately exhaust all available stack memory. • http://advisories.mageia.org/MGASA-2014-0406.html http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html http://seclists.org/fulldisclosure/2014/Sep/84 http://seclists.org/oss-sec/2014/q3/692 http://secunia.com/advisories/61441 http://secunia.com/advisories/61961 http://www.mandriva.com/security/advisories?name=MDVSA-2015:136 http://www.nntp.perl.org/group/perl.p • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •