Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:perl:perl:5.27.4:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-47039 |
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations. Published: January 02, 2024; 1:15:13 AM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-31486 |
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. Published: April 28, 2023; 8:15:09 PM -0400 |
V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2023-31484 |
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Published: April 28, 2023; 8:15:09 PM -0400 |
V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2021-36770 |
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value. Published: August 11, 2021; 7:15:07 PM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-12723 |
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. Published: June 05, 2020; 11:15:10 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-10878 |
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. Published: June 05, 2020; 10:15:10 AM -0400 |
V3.1: 8.6 HIGH V2.0: 7.5 HIGH |
CVE-2020-10543 |
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Published: June 05, 2020; 10:15:10 AM -0400 |
V3.1: 8.2 HIGH V2.0: 6.4 MEDIUM |