Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
perl vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-47039
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within...
Perl Perl
NA
CVE-2023-7101
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue...
Jmcnamara Spreadsheet\\ \\
Debian Debian Linux 10.0
Fedoraproject Fedora 38
Fedoraproject Fedora 39
1 Github repository
NA
CVE-2023-47038
A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
Perl Perl 5.34.0
1 Github repository
NA
CVE-2023-47100
In Perl prior to 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
Perl Perl
NA
CVE-2022-48522
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
Perl Perl 5.34.0
NA
CVE-2023-31484
CPAN.pm prior to 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
Cpanpm Project Cpanpm
Perl Perl
NA
CVE-2023-31485
GitLab::API::v4 up to and including 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.
Gitlab\\ \\ Api\\
NA
CVE-2023-31486
HTTP::Tiny prior to 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
Http\\ \\ Tiny Project
Perl Perl
NA
CVE-2023-26490
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this...
Mailcow Mailcow\\ Dockerized
NA
CVE-2020-36658
In Apache::Session::LDAP prior to 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the C...
Lemonldap-ng Apache\\ \\
Debian Debian Linux 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »