Page 8 of 39 results (0.045 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers. • https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711 •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 4

suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence. • https://www.exploit-db.com/exploits/20141 https://www.exploit-db.com/exploits/20142 http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt http://www.novell.com/linux/security/advisories/suse_security_announce •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file. • http://marc.info/?l=bugtraq&m=88932165406213&w=2 http://www.iss.net/security_center/static/7243.php http://www.redhat.com/support/errata/rh50-errata-general.html#perl • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 4

Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. • https://www.exploit-db.com/exploits/200 https://www.exploit-db.com/exploits/320 https://www.exploit-db.com/exploits/19546 https://www.exploit-db.com/exploits/19547 https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0034 •