Re: Is perl still the No.1 language for sysadmin?
Jeffrey Walton <noloader@gmail.com> wrote:
> On Tue, Apr 4, 2023 at 9:46 AM Stefan Monnier
> <monnier@iro.umontreal.ca> wrote:
> >
> > > Here are three more data points.
> > >
> > > * Emacs - 41 CVEs since 2000 [1]
> > > * Vi - 61 CVEs since 1999 [2]
> > > * Vim - 656 CVEs since 2001 [3]
> > >
> > > I'm not sure how many CVEs overlap for Vim due to Vi.
> >
> > I don't know what the number of CVEs tells us about a project...
>
> I'm a big fan of, past performance is an indicator of future
> expectations. Whatever is happening, it is probably going to continue
> to happen, and more frequently to Vim.
But cropping and ignoring the actual point of Stefan's mail rather
misses the point and insults him. For example, three CVEs chosen at
random from the 'vim' list:
CVE-2010-3481 Multiple SQL injection vulnerabilities in
login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is
disabled, allow remote attackers to execute arbitrary SQL commands via
the (1) user_name and (2) password variables, possibly related to
include/classes/Login.php. NOTE: some of these details are obtained
from third party information. NOTE: the password vector might not be
vulnerable.
CVE-2010-2704 Buffer overflow in HP OpenView
Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to
execute arbitrary code via a long HTTP request to nnmrptconfig.exe.
CVE-2010-2703 Stack-based buffer overflow in the execvp_nc
function in the ov.dll module in HP OpenView Network Node Manager (OV
NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to
execute arbitrary code via a long HTTP request to webappmon.exe.
FWIW, the word SQL appears 127 times in the 'vim' CVEs, and the word
'vim' doesn't appear in most so I'm not sure how helpful these numbers
actually are.
> Jeff
Reply to: