Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
perl perl vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2007-3409
Net::DNS prior to 0.60, a Perl module, allows remote malicious users to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.
Net-dns Net\\ \\
Debian Debian Linux 3.1
Debian Debian Linux 4.0
Canonical Ubuntu Linux 6.10
Canonical Ubuntu Linux 6.06
7.3
CVSSv3
CVE-2017-0373
The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) prior to 2.102 has a dangerous "use lib" line, which allows remote malicious users to have an unspecified impact via a crafted Debian package file.
Config-model Project Config-model
7.3
CVSSv3
CVE-2015-8607
The canonpath function in the File::Spec module in PathTools prior to 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent malicious users to bypass the taint protection mechanism via a crafted string.
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 15.10
Perl Pathtools
Debian Debian Linux 8.0
7.3
CVSSv3
CVE-2015-8387
PCRE prior to 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote malicious users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegE...
Pcre Perl Compatible Regular Expression Library
Fedoraproject Fedora 22
Php Php
7.2
CVSSv3
CVE-2022-43660
Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versi...
Sixapart Movable Type
7.2
CVSSv3
CVE-2021-41550
Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code.
Leostream Connection Broker 9.0.40.17
7.2
CVSSv3
CVE-2020-24045
A sandbox escape issue exists in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest vi...
Titanhq Spamtitan 7.07
7.2
CVSSv3
CVE-2018-20911
cPanel prior to 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359).
Cpanel Cpanel
7.1
CVSSv3
CVE-2020-14393
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.
Perl Database Interface
Opensuse Leap 15.2
Debian Debian Linux 9.0
Fedoraproject Fedora 31
7
CVSSv3
CVE-2016-1531
Exim prior to 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
Exim Exim
3 EDB exploits
6 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »