Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-3183 | 5.0 |
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large c
|
14-12-2023 - 14:06 | 20-07-2015 - 23:59 | |
CVE-2008-5303 | 6.9 |
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this
|
11-10-2018 - 20:54 | 01-12-2008 - 17:30 | |
CVE-2008-5302 | 6.9 |
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, an
|
11-10-2018 - 20:54 | 01-12-2008 - 17:30 | |
CVE-2010-0212 | 5.0 |
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5St
|
10-10-2018 - 19:51 | 28-07-2010 - 12:48 | |
CVE-2013-1667 | 7.5 |
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
|
19-09-2017 - 01:36 | 14-03-2013 - 03:13 | |
CVE-2011-3597 | 7.5 |
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
|
19-09-2017 - 01:34 | 13-01-2012 - 18:55 | |
CVE-2010-1168 | 7.5 |
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and
|
19-09-2017 - 01:30 | 21-06-2010 - 16:30 | |
CVE-2012-5526 | 5.0 |
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
|
29-08-2017 - 01:32 | 21-11-2012 - 23:55 | |
CVE-2011-1024 | 4.6 |
chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program aut
|
07-01-2017 - 02:59 | 20-03-2011 - 02:00 | |
CVE-2013-4449 | 4.3 |
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to f
|
08-12-2016 - 03:03 | 05-02-2014 - 18:55 | |
CVE-2012-6329 | 7.5 |
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers t
|
08-12-2016 - 03:02 | 04-01-2013 - 21:55 | |
CVE-2012-5195 | 7.5 |
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possib
|
08-12-2016 - 03:02 | 18-12-2012 - 00:55 | |
CVE-2010-4410 | 4.3 |
CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related
|
08-12-2016 - 03:01 | 06-12-2010 - 20:13 | |
CVE-2010-2761 | 4.3 |
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP h
|
08-12-2016 - 03:01 | 06-12-2010 - 20:12 |