CVE Daily
← All tags

Tag: Perl

All CVEs associated with "Perl". Page 5/5 • 496 CVEs.

Subscribe CVEs: RSS for “Perl”  ·  RSS (High+Critical only)

About “Perl”

A curated feed of “Perl”-related CVEs appears below. We currently track 496 CVEs for this tag (all time). In the last 365 days, 141 were published. Average CVSS is 7.0 (all time; 7.9 over 365d), and 57% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), CWE-122 - Heap-based Buffer Overflow, CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2002-08-12
Critical

CVE-2002-0495

csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file th…

CVSS: 10.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2002-07-26
High

CVE-2002-0703

An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the d…

CVSS: 7.5 CWE: N/A View on NVD
2002-05-31
High

CVE-2002-0307

Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the sy…

CVSS: 7.5 CWE: N/A View on NVD
2002-05-29
High

CVE-2002-0245

Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks…

CVSS: 7.5 CWE: N/A View on NVD
2001-10-18
High

CVE-2001-0733

The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a #inclu…

CVSS: 7.5 CWE: N/A View on NVD
2001-07-02
High

CVE-2001-0436

dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.

CVSS: 7.5 CWE: N/A View on NVD
2001-06-28
Medium

CVE-2001-1290

admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the table…

CVSS: 5.0 CWE: N/A View on NVD
2001-06-27
Medium

CVE-2001-0462

Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

CVSS: 5.0 CWE: N/A View on NVD
2001-03-12
Critical

CVE-2001-0113

statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter, whose value is used as part of a generated Perl script.

CVSS: 10.0 CWE: N/A View on NVD
2000-11-14
Medium

CVE-2000-0883

The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that…

CVSS: 5.0 CWE: N/A View on NVD
1999-12-31
Medium

CVE-1999-1386

Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
1999-03-17
High

CVE-1999-0462

suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy…

CVSS: 7.2 CWE: N/A View on NVD
1999-01-26
High

CVE-1999-0450

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).

CVSS: 7.5 CWE: N/A View on NVD
1997-07-01
High

CVE-1999-0150

The Perl fingerd program allows arbitrary command execution from remote users.

CVSS: 7.5 CWE: N/A View on NVD
1997-05-29
High

CVE-1999-0034

Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.

CVSS: 7.2 CWE: N/A View on NVD
1996-05-29
Critical

CVE-1999-0509

Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands.

CVSS: 10.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD