Vulnerabilities > Perl > Perl > 2.6.6

DATE CVE VULNERABILITY TITLE RISK
2018-04-17 CVE-2018-6913 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
network
low complexity
debian perl canonical CWE-787
critical
 9.8
9.8
2017-09-28 CVE-2017-12814 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Perl
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
network
low complexity
perl CWE-119
critical
 9.8
9.8
2017-09-19 CVE-2017-12883 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Perl
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.
network
low complexity
perl CWE-119
critical
 9.1
9.1
2017-09-19 CVE-2017-12837 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Perl
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
network
low complexity
perl CWE-119
7.5
7.5
2016-05-25 CVE-2015-8853 Improper Input Validation vulnerability in multiple products
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."
network
low complexity
fedoraproject perl CWE-20
7.5
7.5
2016-04-08 CVE-2016-2381 Improper Input Validation vulnerability in multiple products
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
network
low complexity
perl debian oracle opensuse canonical CWE-20
7.5
7.5
1999-12-31 CVE-1999-1386 Link Following vulnerability in Perl
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
local
low complexity
perl CWE-59
5.5
5.5