Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
perl perl vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-6078
An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution.
3ds Biovia Materials Studio
9.8
CVSSv3
CVE-2023-47100
In Perl prior to 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
Perl Perl
9.8
CVSSv3
CVE-2022-48522
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
Perl Perl 5.34.0
9.8
CVSSv3
CVE-2022-4170
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.
Rxvt-unicode Project Rxvt-unicode 9.25
Rxvt-unicode Project Rxvt-unicode 9.26
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 37
9.8
CVSSv3
CVE-2022-44542
lesspipe prior to 2.06 allows malicious users to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash.
Lesspipe Project Lesspipe
9.8
CVSSv3
CVE-2022-33941
PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products...
Alfasado Powercms
9.8
CVSSv3
CVE-2022-38078
Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected...
Sixapart Movable Type
9.8
CVSSv3
CVE-2020-1946
In Apache SpamAssassin prior to 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use...
Apache Spamassassin
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
9.8
CVSSv3
CVE-2020-10674
PerlSpeak up to and including 2.01 allows malicious users to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open.
Perlspeak Project Perlspeak
9.8
CVSSv3
CVE-2013-1437
Eval injection vulnerability in the Module-Metadata module prior to 1.000015 for Perl allows remote malicious users to execute arbitrary Perl code via the $Version value.
Module-metadata Project Module-metadata
Fedoraproject Fedora 18
Fedoraproject Fedora 19
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »