Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
perl vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2024-22368
The Spreadsheet::ParseXLSX package prior to 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.
Tozt Spreadsheet
7.8
CVSSv3
CVE-2023-47039
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within...
Perl Perl
7.8
CVSSv3
CVE-2023-7101
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue...
Jmcnamara Spreadsheet
Debian Debian Linux 10.0
Fedoraproject Fedora 38
Fedoraproject Fedora 39
1 Github repository
7.8
CVSSv3
CVE-2023-47038
A vulnerability was found in perl 5.30.0 up to and including 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
Perl Perl 5.34.0
1 Github repository
9.8
CVSSv3
CVE-2023-47100
In Perl prior to 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
Perl Perl
9.8
CVSSv3
CVE-2022-48522
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
Perl Perl 5.34.0
8.1
CVSSv3
CVE-2023-31486
HTTP::Tiny prior to 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
Http Tiny Project
Perl Perl
8.1
CVSSv3
CVE-2023-31484
CPAN.pm prior to 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
Cpanpm Project Cpanpm
Perl Perl
5.9
CVSSv3
CVE-2023-31485
GitLab::API::v4 up to and including 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.
Gitlab Api
8.8
CVSSv3
CVE-2023-26490
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this...
Mailcow Mailcow Dockerized
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »