CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4251 CVE-1999-1499 1998-04-10 2008-09-05
2.1
None Local Low Not required None Partial None
named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used.
4252 CVE-1999-1496 1999-06-08 2017-12-18
2.1
None Local Low Not required Partial None None
Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.
4253 CVE-1999-1495 1999-02-18 2017-12-18
2.1
None Local Low Not required None None Partial
xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary files via a symlink attack on the pic000.pnm file.
4254 CVE-1999-1494 1994-08-09 2017-10-09
2.1
None Local Low Not required Partial None None
colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument.
4255 CVE-1999-1476 DoS 1999-12-31 2017-10-09
2.1
None Local Low Not required None None Partial
A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem.
4256 CVE-1999-1453 1999-02-02 2016-10-17
2.6
None Remote High Not required Partial None None
Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.
4257 CVE-1999-1452 1999-12-31 2017-10-09
2.1
None Local Low Not required Partial None None
GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.
4258 CVE-1999-1449 DoS 1997-05-19 2008-09-05
2.1
None Local Low Not required None None Partial
SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device.
4259 CVE-1999-1446 1997-08-05 2016-10-17
2.1
None Local Low Not required Partial None None
Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the user browses the folders because of tailored displays.
4260 CVE-1999-1441 DoS 1998-06-30 2016-10-17
2.1
None Local Low Not required None None Partial
Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it.
4261 CVE-1999-1439 1998-01-02 2016-10-17
2.1
None Local Low Not required None Partial None
gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files.
4262 CVE-1999-1430 1999-01-01 2016-10-17
2.1
None Local Low Not required Partial None None
PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as Access.
4263 CVE-1999-1429 1998-01-05 2016-10-17
2.1
None Local Low Not required None Partial None
DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver.
4264 CVE-1999-1423 DoS 1997-06-26 2018-10-30
2.1
None Local Low Not required None None Partial
ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.
4265 CVE-1999-1409 1998-07-03 2016-10-17
2.1
None Local Low Not required Partial None None
The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.
4266 CVE-1999-1408 DoS 1997-03-05 2016-10-17
2.1
None Local Low Not required None None Partial
Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.
4267 CVE-1999-1407 1998-03-09 2016-10-17
2.1
None Local Low Not required None Partial None
ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file.
4268 CVE-1999-1406 DoS 1998-07-29 2016-10-17
2.1
None Local Low Not required None None Partial
dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel.
4269 CVE-1999-1402 1997-05-17 2018-10-30
2.1
None Local Low Not required None Partial None
The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.
4270 CVE-1999-1400 Bypass 1999-06-03 2016-10-17
2.1
None Local Low Not required Partial None None
The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked.
4271 CVE-1999-1394 1999-07-02 2016-10-17
2.1
None Local Low Not required None Partial None
BSD 4.4 based operating systems, when running at security level 1, allow the root user to clear the immutable and append-only flags for files by unmounting the file system and using a file system editor such as fsdb to directly modify the file through a device.
4272 CVE-1999-1386 1999-12-31 2016-10-17
2.1
None Local Low Not required None Partial None
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
4273 CVE-1999-1364 DoS 1999-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.
4274 CVE-1999-1363 DoS 1999-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.
4275 CVE-1999-1362 DoS 1999-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.
4276 CVE-1999-1360 DoS 1999-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.
4277 CVE-1999-1348 DoS 1999-06-30 2016-10-17
2.1
None Local Low Not required None None Partial
Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable PAM-based access to the shutdown command, which could allow local users to cause a denial of service.
4278 CVE-1999-1332 1999-12-31 2016-10-17
2.1
None Local Low Not required None Partial None
gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.
4279 CVE-1999-1331 DoS 1999-12-31 2008-09-10
2.1
None Local Low Not required None None Partial
netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface.
4280 CVE-1999-1314 DoS 1996-05-17 2008-09-10
2.1
None Local Low Not required None None Partial
Vulnerability in union file system in FreeBSD 2.2 and earlier, and possibly other operating systems, allows local users to cause a denial of service (system reload) via a series of certain mount_union commands.
4281 CVE-1999-1297 1998-07-15 2018-10-30
2.1
None Local Low Not required Partial None None
cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.
4282 CVE-1999-1294 1999-12-31 2017-10-09
2.1
None Local Low Not required Partial None None
Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission.
4283 CVE-1999-1285 DoS 1998-12-27 2017-12-18
2.1
None Local Low Not required None None Partial
Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.
4284 CVE-1999-1271 1998-06-11 2017-12-18
2.1
None Local Low Not required Partial None None
Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users.
4285 CVE-1999-1269 1998-02-06 2017-12-18
2.1
None Local Low Not required None Partial None
Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file.
4286 CVE-1999-1263 2003-08-15 2017-10-09
2.6
None Remote High Not required None Partial None
Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file.
4287 CVE-1999-1259 +Info 1999-12-31 2017-10-09
2.1
None Local Low Not required Partial None None
Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.
4288 CVE-1999-1251 1 DoS 1996-12-24 2017-12-18
2.1
None Local Low Not required None None Partial
Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service.
4289 CVE-1999-1229 1998-02-25 2017-12-18
2.1
None Local Low Not required Partial None None
Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.
4290 CVE-1999-1226 DoS Exec Code 1999-10-28 2017-10-09
2.6
None Remote High Not required None None Partial
Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.
4291 CVE-1999-1221 1996-11-17 2017-12-18
2.1
None Local Low Not required None Partial None
dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify arbitrary files via a symlink attack on the dxchpwd.log file.
4292 CVE-1999-1218 1993-02-18 2017-12-18
2.1
None Local Low Not required Partial None None
Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier allows local users to read arbitrary files.
4293 CVE-1999-1214 255 DoS 1997-09-15 2017-10-09
2.1
None Local Low Not required None None Partial
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
4294 CVE-1999-1205 1 DoS 1996-06-07 2018-05-02
2.1
None Local Low Not required None None Partial
nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information.
4295 CVE-1999-1173 1998-12-18 2016-10-17
2.1
None Local Low Not required None Partial None
Corel Word Perfect 8 for Linux creates a temporary working directory with world-writable permissions, which allows local users to (1) modify Word Perfect behavior by modifying files in the working directory, or (2) modify files of other users via a symlink attack.
4296 CVE-1999-1137 1993-10-01 2018-10-30
2.1
None Local Low Not required Partial None None
The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.
4297 CVE-1999-1126 +Info 1999-12-31 2017-12-18
2.1
None Local Low Not required Partial None None
Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_".
4298 CVE-1999-1118 DoS 1998-03-11 2017-10-09
2.1
None Local Low Not required None None Partial
ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.
4299 CVE-1999-1117 1999-12-31 2017-10-09
2.1
None Local Low Not required Partial None None
lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.
4300 CVE-1999-1102 1999-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
Total number of vulnerabilities : 4356   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 (This Page)87 88
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.