Perl

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-18313 6Apple CanonicalDebian+3 more 9Debian Linux E Series Santricity Os ControllerEnterprise Linux+6 more Nov 21, 2024 Dec 7, 2018 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
CVE-2018-18311 8Apple CanonicalDebian+5 more 18Debian Linux E Series Santricity Os ControllerEnterprise Linux+15 more Nov 21, 2024 Dec 7, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-18312 5Canonical DebianNetapp+2 more 8Debian Linux E Series Santricity Os ControllerEnterprise Linux+5 more Nov 21, 2024 Dec 5, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-12015 6Apple Archive\Canonical+3 more 9\ Data Ontap EdgeDebian Linux+6 more Nov 21, 2024 Jun 7, 2018 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file wit...Show more In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.Show less
CVE-2018-6913 3Canonical DebianPerl 3Debian Linux PerlUbuntu Linux Nov 21, 2024 Apr 17, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
CVE-2018-6798 4Canonical DebianPerl+1 more 5Debian Linux Enterprise Linux ServerEnterprise Linux Workstation+2 more Nov 21, 2024 Apr 17, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
CVE-2018-6797 4Canonical DebianPerl+1 more 5Debian Linux Enterprise Linux ServerEnterprise Linux Workstation+2 more Nov 21, 2024 Apr 17, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
CVE-2017-12814 1Perl 1Perl May 13, 2026 Sep 28, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
CVE-2017-12883 1Perl 1Perl May 13, 2026 Sep 19, 2017 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application cr...Show more Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.Show less
CVE-2017-12837 1Perl 1Perl May 13, 2026 Sep 19, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expressi...Show more Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.Show less
CVE-2015-8608 1Perl 1Perl May 13, 2026 Feb 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argu...Show more The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.Show less
CVE-2016-6185 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraPerl+2 more May 6, 2026 Aug 2, 2016 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working...Show more The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.Show less
CVE-2016-1238 5Apache DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more May 6, 2026 Aug 2, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) c...Show more (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.Show less
CVE-2015-8853 2Fedoraproject Perl 2Fedora Perl May 6, 2026 May 25, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated...Show more The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."Show less
CVE-2016-2381 5Canonical DebianOpensuse+2 more 10Communications Billing And Revenue Management Configuration ManagerDatabase Server+7 more May 6, 2026 Apr 8, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
CVE-2015-8607 3Canonical DebianPerl 3Debian Linux PathtoolsUbuntu Linux May 6, 2026 Jan 13, 2016 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protect...Show more The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.Show less
CVE-2013-7422 2Apple Perl 2Mac Os X Perl May 6, 2026 Aug 16, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) v...Show more Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.Show less
CVE-2013-7329 1Perl 1Cgi Application Module May 6, 2026 Oct 6, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the...Show more The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.Show less
CVE-2014-4330 2Data Dumper Project Perl 2Data Dumper Perl May 6, 2026 Sep 30, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Ar...Show more The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.Show less
CVE-2010-4777 1Perl 1Perl Apr 29, 2026 Feb 10, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and ap...Show more The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.Show less

Previous 123 Next