Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
perl vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2007-3409
Net::DNS prior to 0.60, a Perl module, allows remote malicious users to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.
Net-dns Net\\ \\
Debian Debian Linux 3.1
Debian Debian Linux 4.0
Canonical Ubuntu Linux 6.10
Canonical Ubuntu Linux 6.06
7.3
CVSSv3
CVE-2017-0373
The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) prior to 2.102 has a dangerous "use lib" line, which allows remote malicious users to have an unspecified impact via a crafted Debian package file.
Config-model Project Config-model
7.3
CVSSv3
CVE-2015-8607
The canonpath function in the File::Spec module in PathTools prior to 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent malicious users to bypass the taint protection mechanism via a crafted string.
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 15.10
Perl Pathtools
Debian Debian Linux 8.0
7.3
CVSSv3
CVE-2015-8387
PCRE prior to 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote malicious users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegE...
Pcre Perl Compatible Regular Expression Library
Fedoraproject Fedora 22
Php Php
7.2
CVSSv3
CVE-2022-43660
Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versi...
Sixapart Movable Type
7.2
CVSSv3
CVE-2021-41550
Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code.
Leostream Connection Broker 9.0.40.17
7.2
CVSSv3
CVE-2020-24045
A sandbox escape issue exists in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest vi...
Titanhq Spamtitan 7.07
7.2
CVSSv3
CVE-2018-20911
cPanel prior to 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359).
Cpanel Cpanel
7.1
CVSSv3
CVE-2020-14393
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.
Perl Database Interface
Opensuse Leap 15.2
Debian Debian Linux 9.0
Fedoraproject Fedora 31
7
CVSSv3
CVE-2016-1531
Exim prior to 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
Exim Exim
3 EDB exploits
6 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »