Lucene search
+L

10 matches found

CVE
CVE
added 2020/09/16 3:55 p.m.312 views

CVE-2014-10402

CVE-2014-10402 affects the Perl DBI module (DBD::File drivers) up to version 1.643. The flaw allows opening files from folders outside the DSN-specified f_dir attribute in the data source name, due to an incomplete fix for CVE-2014-10401. This can lead to information disclosure. A patch exists; D...

6.1CVSS6.3AI score0.00488EPSS
CVE
CVE
added 2020/09/17 5:35 p.m.228 views

CVE-2019-20919

CVE-2019-20919 is related to the Perl DBI module. The issue affects Perl-DBI before version 1.643, where hv_fetch() checks for NULL but then calls SvOK(profile), causing a NULL pointer dereference. Several advisories (EulerOS, Red Hat, OpenVAS prompts) reference this CVE alongside CVE-2014-10401 ...

4.7CVSS5.5AI score0.00505EPSS
CVE
CVE
added 2020/09/11 6:37 p.m.227 views

CVE-2014-10401

CVE-2014-10401 affects the Perl DBI module (DBD::File) where files can be opened from folders outside the DSN‑specified f_dir, due to an incomplete fix. Affected versions include DBI prior to 1.632; some advisories note ongoing risk or incomplete fixes (e.g., Debian DLA-3035 and Astra Linux note)...

6.1CVSS6.1AI score0.0044EPSS
CVE
CVE
added 2020/09/11 6:37 p.m.80 views

CVE-2013-7490

Summary: CVE-2013-7490 affects the Perl DBI module prior to 1.632, where using many arguments to Callback methods may cause memory corruption. This issue is repeatedly reflected across multiple advisories (including SUSE/Red Hat/Nessus entries) and is acknowledged as a memory corruption bug in DB...

5.3CVSS5.2AI score0.02738EPSS
CVE
CVE
added 2026/06/05 2:30 p.m.78 views

CVE-2026-10879

CVE-2026-10879 affects DBI for Perl, pre-1.648. A heap overflow occurs during preparsing SQL with more than 9 binders; the preparse method expands placeholders to :pN but only allocates 3 characters per binder, causing overflow as placeholders 10–99 need 4 chars, 100–999 need 5, etc. The issue is...

9.8CVSS5.7AI score0.00413EPSS
CVE
CVE
added 2020/09/11 6:37 p.m.61 views

CVE-2013-7491

CVE-2013-7491 affects the Perl DBI module prior to 1.628. The issue is a stack corruption that occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack is reallocated. Impact is described as potential memory corruption related to stack handling; exploitation ...

5.3CVSS5.4AI score0.02656EPSS
CVE
CVE
added 2026/06/09 7:22 a.m.45 views

CVE-2026-9698

CVE-2026-9698 affects the Perl DBI module. Versions before 1.648 save error messages in a 200-byte buffer without length control, allowing an attacker who can influence error text to trigger a buffer overflow. Connected sources confirm the issue in DBI for Perl and identify the vulnerable compone...

9.8CVSS5.9AI score0.00452EPSS
CVE
CVE
added 2026/07/07 10:5 p.m.40 views

CVE-2026-14739

CVE-2026-14739 affects DBI for Perl; versions before 1.650 are vulnerable to a heap overflow during preparsing of SQL statements with an extremely large number of placeholders. The fix in DBI 1.650 introduces a hard limit of 99,999 placeholders, addressing the prior memory allocation issue that c...

9.8CVSS6.1AI score0.00396EPSS
CVE
CVE
added 2026/07/07 10:5 p.m.20 views

CVE-2026-14740

DBI for Perl before 1.650 is affected by CVE-2026-14740. The vulnerability is rooted in the preparse() function, where deleting an initial SQL comment during SQL normalization causes an out-of-bounds read by one byte. Impact is a fault on memory-hardened builds and nondeterministic newline retent...

9.1CVSS6AI score0.00407EPSS
CVE
CVE
added 2026/07/07 10:4 p.m.19 views

CVE-2026-14380

CVE-2026-14380 affects DBI for Perl when using versions before 1.650. A string assigned to the Profile attribute of a DBI handle is split into path, package and arguments, and the package name is interpolated in an unvalidated string eval, allowing arbitrary Perl code execution if untrusted data ...

8.8CVSS6.3AI score0.00498EPSS