Lincoln D. Stein: Security Vulnerabilities
Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.
CVSS Score
2.6
EPSS Score
0.011
Published
2006-02-25
Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation.
CVSS Score
5.0
EPSS Score
0.01
Published
1999-12-31