Vulnerabilities > Perl
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-12-18 | CVE-2012-5195 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Perl Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator. | 7.5 |
| 2012-10-07 | CVE-2011-4363 | Link Following vulnerability in Frii Proc::Processtable 0.45 ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS. | 2.6 |
| 2012-09-09 | CVE-2012-1151 | USE of Externally-Controlled Format String vulnerability in Perl Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function. | 5.0 |
| 2011-10-10 | CVE-2011-3599 | Cryptographic Issues vulnerability in Adam Kennedy Crypt-Dsa The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack. | 5.8 |
| 2011-09-14 | CVE-2011-2201 | Permissions, Privileges, and Access Controls vulnerability in Mark Stosberg Data::Formvalidator The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input. | 4.3 |
| 2011-05-13 | CVE-2011-0761 | NULL Pointer Dereference Denial Of Service vulnerability in Perl 5.10.0/5.10.1 Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call. | 5.0 |
| 2011-04-11 | CVE-2011-1487 | Permissions, Privileges, and Access Controls vulnerability in Perl The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. | 5.0 |
| 2010-06-21 | CVE-2010-1168 | Permissions, Privileges, and Access Controls vulnerability in Rafael Garcia-Suarez Safe The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods." | 7.5 |
| 2010-04-20 | CVE-2010-1158 | Numeric Errors vulnerability in Perl Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string. | 5.0 |
| 2009-10-29 | CVE-2009-3626 | Remote Denial of Service vulnerability in Perl 5.10.1 Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match. | 5.0 |