5.10.0 : Security Vulnerabilities

Cpe Name:cpe:/a:perl:perl:5.10.0

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2018-18314	119	Overflow	2018-12-07	2019-01-03	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
2	CVE-2018-18313	125		2018-12-07	2019-01-03	6.4	None	Remote	Low	Not required	Partial	None	Partial
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
3	CVE-2018-18312	119	Overflow	2018-12-05	2019-01-03	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
4	CVE-2018-18311	119	Overflow	2018-12-07	2019-01-22	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
5	CVE-2018-6913	119	Exec Code Overflow	2018-04-17	2019-01-17	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
6	CVE-2016-1238	264	+Priv	2016-08-02	2018-12-16	7.2	None	Local	Low	Not required	Complete	Complete	Complete
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.
7	CVE-2013-1667	399	DoS	2013-03-13	2017-09-18	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
8	CVE-2012-6329	94	Exec Code	2013-01-04	2016-12-07	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
9	CVE-2011-2939	189	DoS Overflow Mem. Corr.	2012-01-13	2018-08-13	5.1	None	Remote	High	Not required	Partial	Partial	Partial
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.
10	CVE-2011-2728		DoS	2012-12-21	2013-01-29	4.3	None	Remote	Medium	Not required	None	None	Partial
The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.
11	CVE-2011-1487	264	Bypass	2011-04-11	2017-08-16	5.0	None	Remote	Low	Not required	None	Partial	None
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
12	CVE-2011-0761		DoS	2011-05-13	2018-10-09	5.0	None	Remote	Low	Not required	None	None	Partial
Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.

Total number of vulnerabilities : 12 Page : 1 (This Page)