Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1231 | 1 Caldera | 2 Openunix, Unixware | 2008-09-10 | 2.1 LOW | N/A |
| SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc. | |||||
| CVE-2002-1261 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1292. Reason: This candidate is a reservation duplicate of CVE-2002-1292. Notes: All CVE users should reference CVE-2002-1292 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-1259 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1286. Reason: This candidate is a reservation duplicate of CVE-2002-1286. Notes: All CVE users should reference CVE-2002-1286 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-1234 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0180. Reason: This candidate is a an out-of-band assignment duplicate of CVE-2002-0180. Notes: All CVE users should reference CVE-2002-0180 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-1379 | 1 Openldap | 1 Openldap | 2008-09-10 | 7.5 HIGH | N/A |
| OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges. | |||||
| CVE-2002-1212 | 1 Radiobird Software | 1 Webserver 4 All | 2008-09-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | |||||
| CVE-2002-1194 | 1 Netbsd | 1 Netbsd | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other operating systems, may allow remote attackers to execute arbitrary code via a long inbound message. | |||||
| CVE-2002-1252 | 1 Peoplesoft | 1 Peopletools | 2008-09-10 | 5.0 MEDIUM | N/A |
| The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler. | |||||
| CVE-2002-1250 | 1 Abuse | 1 Abuse | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument. | |||||
| CVE-2002-1516 | 1 Sgi | 1 Irix | 2008-09-10 | 4.6 MEDIUM | N/A |
| rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2002-1215 | 1 Linux-ha | 1 Heartbeat | 2008-09-10 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources). | |||||
| CVE-2002-1278 | 1 Jacques Gelinas | 1 Linuxconf | 2008-09-10 | 7.5 HIGH | N/A |
| The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email. | |||||
| CVE-2002-1279 | 1 Masqmail | 1 Masqmail | 2008-09-10 | 7.2 HIGH | N/A |
| Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, and 0.2.x before 0.2.15, allow local users to gain privileges via certain entries in the configuration file (-C option). | |||||
| CVE-2002-1508 | 1 Openldap | 1 Openldap | 2008-09-10 | 1.2 LOW | N/A |
| slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests. | |||||
| CVE-2002-1509 | 1 Redhat | 1 Linux | 2008-09-10 | 3.6 LOW | N/A |
| A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email. | |||||
| CVE-2002-1280 | 1 Iss | 1 Realsecure Event Collector | 2008-09-10 | 5.0 MEDIUM | N/A |
| Memory leak in RealSecure Event Collector 6.5 allows attackers to cause a denial of service (memory consumption and crash). | |||||
| CVE-2002-1213 | 1 Radiobird Software | 1 Webserver 4 All | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to read arbitrary files via an HTTP request with ".." (dot-dot) sequences containing URL-encoded forward slash ("%2F") characters. | |||||
| CVE-2002-1352 | 1 Per Magne Knutsen | 1 Cartman | 2008-09-10 | 5.0 MEDIUM | N/A |
| Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter. | |||||
| CVE-2002-1222 | 1 Cisco | 1 Catos | 2008-09-10 | 7.1 HIGH | N/A |
| Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request. | |||||
| CVE-2002-0924 | 1 Cgiscript.net | 1 Csnews | 2008-09-10 | 7.5 HIGH | N/A |
| CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability. | |||||
| CVE-2002-0984 | 1 Light | 1 Light | 2008-09-10 | 7.5 HIGH | N/A |
| The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x before 2.8pre10, running EPIC allows remote attackers to execute arbitrary code if the user joins a channel whose topic includes EPIC4 code. | |||||
| CVE-2002-0987 | 1 Caldera | 2 Openunix, Unixware | 2008-09-10 | 7.2 HIGH | N/A |
| X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges. | |||||
| CVE-2002-1146 | 1 Gnu | 1 Glibc | 2008-09-10 | 5.0 MEDIUM | N/A |
| The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). | |||||
| CVE-2002-0856 | 1 Oracle | 2 Database Server, Oracle9i | 2008-09-10 | 5.0 MEDIUM | N/A |
| SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. | |||||
| CVE-2002-0853 | 1 Cisco | 1 Vpn Client | 2008-09-10 | 5.0 MEDIUM | N/A |
| Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. | |||||
| CVE-2002-0981 | 1 Caldera | 2 Openunix, Unixware | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to execute arbitrary code via a long command line. | |||||
| CVE-2002-1122 | 1 Iss | 1 Internet Scanner | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response. | |||||
| CVE-2002-0875 | 2 Debian, Sgi | 3 Debian Linux, Fam, Irix | 2008-09-10 | 2.1 LOW | N/A |
| Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group. | |||||
| CVE-2002-0874 | 1 Redhat | 1 Interchange | 2008-09-10 | 5.0 MEDIUM | N/A |
| Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files. | |||||
| CVE-2002-1161 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1380. Reason: This candidate is a reservation duplicate of CVE-2002-1380. Notes: none. | |||||
| CVE-2002-0873 | 1 L2tpd | 1 L2tpd | 2008-09-10 | 5.0 MEDIUM | N/A |
| Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow. | |||||
| CVE-2002-0872 | 1 L2tpd | 1 L2tpd | 2008-09-10 | 7.5 HIGH | N/A |
| l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions. | |||||
| CVE-2002-0977 | 1 Microsoft | 1 File Transfer Manager | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to execute arbitrary code via a long TS value. | |||||
| CVE-2002-0978 | 1 Microsoft | 1 File Transfer Manager | 2008-09-10 | 5.0 MEDIUM | N/A |
| Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT and TGN parameters in a call to the "Persist" function. | |||||
| CVE-2002-1128 | 1 Digital | 2 Osf 1, Ultrix | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable. | |||||
| CVE-2002-0841 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0842. Reason: This candidate is a duplicate of CVE-2002-0842. The duplicate assignment was made before public disclosure. Notes: none. | |||||
| CVE-2002-0939 | 1 Ncipher | 1 Mscapi Csp | 2008-09-10 | 4.6 MEDIUM | N/A |
| The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only). | |||||
| CVE-2002-0852 | 1 Cisco | 1 Vpn Client | 2008-09-10 | 5.0 MEDIUM | N/A |
| Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads. | |||||
| CVE-2002-0988 | 1 Caldera | 2 Openunix, Unixware | 2008-09-10 | 10.0 HIGH | N/A |
| Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities. | |||||
| CVE-2002-1168 | 1 Ibm | 1 Websphere Caching Proxy Server | 2008-09-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response. | |||||
| CVE-2002-1167 | 1 Ibm | 1 Websphere Caching Proxy Server | 2008-09-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request. | |||||
| CVE-2002-0948 | 1 Scripts For Educators | 1 Makebook | 2008-09-10 | 7.5 HIGH | N/A |
| Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered. | |||||
| CVE-2002-0940 | 1 Ncipher | 1 Mscapi Csp | 2008-09-10 | 4.6 MEDIUM | N/A |
| domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only). | |||||
| CVE-2002-0920 | 1 Cgiscript.net | 1 Cspassword | 2008-09-10 | 5.1 MEDIUM | N/A |
| CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed. | |||||
| CVE-2002-0632 | 1 Sgi | 1 Irix | 2008-09-10 | 5.0 MEDIUM | N/A |
| Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier allows clients to read arbitrary files on a BDS server. | |||||
| CVE-2002-0666 | 6 Apple, Freebsd, Frees Wan and 3 more | 12 Mac Os X, Mac Os X Server, Freebsd and 9 more | 2008-09-10 | 5.0 MEDIUM | N/A |
| IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors. | |||||
| CVE-2002-0766 | 1 Openbsd | 1 Openbsd | 2008-09-10 | 7.2 HIGH | N/A |
| OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor. | |||||
| CVE-2002-0663 | 1 Symantec | 2 Norton Internet Security, Norton Personal Firewall | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request. | |||||
| CVE-2002-0790 | 1 Ibm | 1 Aix | 2008-09-10 | 2.1 LOW | N/A |
| clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges. | |||||
| CVE-2002-0765 | 1 Openbsd | 2 Openbsd, Openssh | 2008-09-10 | 7.5 HIGH | N/A |
| sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password. | |||||