CRITICAL10.0CVE-2017-20230Storable versions before 3.05 for Perl has a stack overflow. from 0, < 5.28.0-3
CRITICAL9.8CVE-2026-8376Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. from 0
CRITICAL9.8Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compre…
from 0, < 5.10.0-21
CRITICAL9.8In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escala…
from 0, < 5.36.0-4
CRITICAL9.8Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code…
from 0, < 5.18.1-2
CRITICAL9.8Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
from 0, < 5.28.0-3
CRITICAL9.8perl - security update
from 0, < 5.28.1-1
CRITICAL9.8perl - security update
from 0, < 5.20.2-3+deb8u12
CRITICAL9.8perl - security update
from 0, < 5.24.1-3+deb9u5
CRITICAL9.8Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
from 0, < 5.28.1-1
CRITICAL9.8perl - security update
from 0, < 5.26.1-6
CRITICAL9.8perl - security update
from 0, < 5.20.2-3+deb8u10
CRITICAL9.8perl - security update
from 0, < 5.14.2-21+deb7u6
CRITICAL9.8An issue was discovered in Perl 5.18 through 5.26.
from 0, < 5.26.1-6
CRITICAL9.1Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory.
from 0
CRITICAL9.1Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process m…
from 0, < 5.28.0-3
CRITICAL9.1Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attacke…
from 0, < 5.26.0-8
HIGH8.6Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation.
from 0, < 5.30.3-1
HIGH8.4perl - security update
from 0, < 5.36.0-7+deb12u2
HIGH8.4perl - security update
from 0, < 5.36.0-7+deb12u2
HIGH8.2Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer ov…
from 0, < 5.30.3-1
HIGH8.1HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where…
from 0
HIGH8.1CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
from 0, < 5.32.1-4+deb11u4
HIGH7.8A vulnerability was found in perl 5.30.0 through 5.38.0.
from 0, < 5.32.1-4+deb11u3
HIGH7.8perl - security update
from 0, < 5.32.1-4+deb11u4
HIGH7.8perl - security update
from 0, < 5.32.1-4+deb11u4
HIGH7.8Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in…
from 0, < 5.32.1-4+deb11u1
HIGH7.8The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local user…
from 0, < 5.22.2-2
HIGH7.8perl - security update
from 0, < 5.14.2-21+deb7u4
HIGH7.8perl - security update
from 0, < 5.22.2-3
HIGH7.8perl - security update
from 0, < 5.20.2-3+deb8u6
HIGH7.5IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward.
from 0
HIGH7.5Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header.
from 0
HIGH7.5Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory.
from 0
HIGH7.5regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
from 0, < 5.30.3-1
HIGH7.5perl - security update
from 0, < 5.20.2-3+deb8u11
HIGH7.5perl - security update
from 0, < 5.26.2-6
HIGH7.5An issue was discovered in Perl 5.22 through 5.26.
from 0, < 5.26.1-6
HIGH7.5perl - security update
from 0, < 5.20.2-3+deb8u9
HIGH7.5perl - security update
from 0, < 5.26.0-8
HIGH7.5The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to…
from 0, < 5.22.1-1
HIGH7.5perl - security update
from 0, < 5.22.1-8
HIGH7.5perl - security update
from 0, < 5.14.2-21+deb7u3
HIGH7.3IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob.
from 0
HIGH7.3IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix E…
from 0
HIGH7.3perl - security update
from 0, < 5.20.2-3+deb8u2
HIGH7.3perl - security update
from 0, < 5.22.1-4
MEDIUM6.5HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values.
from 0
MEDIUM5.9Perl threads have a working directory race condition where file operations may target unintended paths.
from 0, < 5.32.1-4+deb11u5
MEDIUM5.9perl - security update
from 0, < 5.20.2-3+deb8u7
MEDIUM5.9perl - security update
from 0, < 5.24.1-3
MEDIUM5.9perl - security update
from 0, < 5.14.2-21+deb7u5
MEDIUM5.5IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date.
from 0
LOW3.3_is_safe in the File::Temp module for Perl does not properly handle symlinks.
from 0
—Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attac…
from 0, < 5.20.0-1
—The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of…
from 0, < 5.20.1-1
—The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows c…
from 0, < 5.20.1-1
—perl - rehashing flaw
from 0, < 5.10.1-17squeeze6
—perl - rehashing flaw
from 0, < 5.14.2-19
—The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and…
from 0, < 5.14.2-16
—The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (cras…
from 0, < 5.14.2-1
—perl - several
from 0, < 5.10.1-17squeeze4
—perl - several
from 0, < 5.14.2-14
—libcgi-pm-perl - HTTP header injection
from 0, < 5.14.2-16
—Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via…
from 0, < 5.12.4-6
—Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might all…
from 0, < 5.12.4-4
—Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging…
from 0, < 5.12.0-1
—perl - missing taint check
from 0, < 5.10.1-20
—perl - missing taint check
from 0, < 5.10.0-19lenny4
—Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response spl…
from 0, < 5.10.1-17
—CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows rem…
from 0, < 5.10.1-17
—The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME…
from 0, < 5.10.1-17
—The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo…
from 0, < 5.10.1-13
—perl - restriction bypass
from 0, < 5.10.0-19lenny5
—perl - restriction bypass
from 0, < 5.12.3-1
—Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid…
from 0, < 5.10.1-6
—Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and p…
from 0, < 5.10.0-23
—Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files v…
from 0, < 5.10.0-18
—Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create…
from 0, < 5.10.0-18
—perl - information disclosure / permission bypass
from 0, < 5.10.0-10+lenny1
—perl - information disclosure / permission bypass
from 0, < 5.10.0-11
—perl - denial of service
from 0, < 5.10.0-1
—perl - denial of service
from 0, < 5.8.8-7etch3
—perl - arbitrary code execution
from 0, < 5.8.4-8sarge6
—perl - arbitrary code execution
from 0, < 5.8.8-12
—perl - arbitrary code execution
from 0, < 5.8.8-11.1+lenny1
—Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbit…
from 0, < 5.10.0-19
—perl - integer overflow
from 0, < 5.8.7-9
—perl - integer overflow
from 0, < 5.8.4-8sarge3
—The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the P…
from 0, < 5.8.4-6
—perl - design flaw
from 0, < 5.8.4-7
—perl - design flaw
from 0, < 5.6.1-8.9
—Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite fi…
from 0, < 5.8.4-4
—Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbit…
from 0, < 5.8.4-6
—perl - insecure temporary files / directories
from 0, < 5.6.1-8.8
—perl - insecure temporary files / directories
from 0, < 5.8.8-7etch5
—perl - insecure temporary files / directories
from 0, < 5.8.4-5
—perl - information leak
from 0, < 5.6.1-8.6
—perl - information leak
from 0, < 5.8.3-3
—Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to pre…
from 0, < 5.8.2