CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4251 CVE-2000-0227 DoS 2000-03-23 2017-12-19
2.1
None Local Low Not required None None Partial
The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by requesting a large number of sockets.
4252 CVE-2000-0184 2000-03-09 2008-09-10
2.1
None Local Low Not required Partial None None
Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.
4253 CVE-2000-0167 DoS 2000-02-15 2008-09-10
2.1
None Local Low Not required None None Partial
IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.
4254 CVE-2000-0147 2000-02-08 2008-09-05
2.1
None Local Low Not required None Partial None
snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration.
4255 CVE-2000-0139 DoS 1999-12-03 2016-10-17
2.1
None Local Low Not required None None Partial
Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command.
4256 CVE-2000-0132 200 +Info 2000-01-31 2008-09-10
2.6
None Remote High Not required Partial None None
Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function.
4257 CVE-2000-0129 DoS Overflow 2000-02-04 2008-09-10
2.1
None Local Low Not required None None Partial
Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file.
4258 CVE-2000-0124 Bypass 2000-02-03 2008-09-10
2.1
None Local Low Not required Partial None None
surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions.
4259 CVE-2000-0089 2000-02-04 2018-10-12
2.1
None Local Low Not required Partial None None
The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.
4260 CVE-2000-0080 2000-01-10 2016-10-17
2.1
None Local Low Not required None Partial None
AIX techlibss allows local users to overwrite files via a symlink attack.
4261 CVE-2000-0076 1999-12-30 2016-10-17
2.1
None Local Low Not required None Partial None
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.
4262 CVE-2000-0069 2000-01-01 2008-09-10
2.1
None Local Low Not required Partial None None
The recover program in Solstice Backup allows local users to restore sensitive files.
4263 CVE-2000-0067 2000-01-11 2008-09-10
2.1
None Local Low Not required Partial None None
CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack.
4264 CVE-2000-0028 Bypass 1999-12-23 2008-09-10
2.6
None Remote High Not required Partial None None
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
4265 CVE-2000-0019 1999-03-04 2008-09-10
2.1
None Local Low Not required Partial None None
IMail POP3 daemon uses weak encryption, which allows local users to read files.
4266 CVE-2000-0008 1999-12-26 2008-09-10
2.1
None Local Low Not required Partial None None
FTPPro allows local users to read sensitive information, which is stored in plain text.
4267 CVE-2000-0006 1999-12-25 2017-10-09
2.6
None Local High Not required Partial Partial None
strace allows local users to read arbitrary files via memory mapped file names.
4268 CVE-1999-1587 1999-12-31 2018-10-30
2.1
None Local Low Not required Partial None None
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
4269 CVE-1999-1572 1996-07-16 2017-10-18
2.1
None Local Low Not required Partial None None
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
4270 CVE-1999-1564 DoS 1999-09-02 2008-09-05
2.1
None Local Low Not required None None Partial
FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes.
4271 CVE-1999-1554 1990-10-31 2008-09-05
2.1
None Local Low Not required Partial None None
/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users.
4272 CVE-1999-1545 1999-07-14 2016-10-17
2.1
None Local Low Not required Partial None None
Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users.
4273 CVE-1999-1540 1999-10-04 2017-12-18
2.1
None Local Low Not required Partial None None
shell-lock in Cactus Software Shell Lock uses weak encryption (trivial encoding) which allows attackers to easily decrypt and obtain the source code.
4274 CVE-1999-1538 1999-01-14 2016-10-17
2.1
None Local Low Not required Partial None None
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
4275 CVE-1999-1499 1998-04-10 2008-09-05
2.1
None Local Low Not required None Partial None
named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used.
4276 CVE-1999-1496 1999-06-08 2017-12-18
2.1
None Local Low Not required Partial None None
Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.
4277 CVE-1999-1495 1999-02-18 2017-12-18
2.1
None Local Low Not required None None Partial
xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary files via a symlink attack on the pic000.pnm file.
4278 CVE-1999-1494 1994-08-09 2017-10-09
2.1
None Local Low Not required Partial None None
colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument.
4279 CVE-1999-1476 DoS 1999-12-31 2017-10-09
2.1
None Local Low Not required None None Partial
A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem.
4280 CVE-1999-1453 1999-02-02 2016-10-17
2.6
None Remote High Not required Partial None None
Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.
4281 CVE-1999-1452 1999-12-31 2017-10-09
2.1
None Local Low Not required Partial None None
GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.
4282 CVE-1999-1449 DoS 1997-05-19 2008-09-05
2.1
None Local Low Not required None None Partial
SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device.
4283 CVE-1999-1446 1997-08-05 2016-10-17
2.1
None Local Low Not required Partial None None
Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the user browses the folders because of tailored displays.
4284 CVE-1999-1441 DoS 1998-06-30 2016-10-17
2.1
None Local Low Not required None None Partial
Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it.
4285 CVE-1999-1439 1998-01-02 2016-10-17
2.1
None Local Low Not required None Partial None
gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files.
4286 CVE-1999-1430 1999-01-01 2016-10-17
2.1
None Local Low Not required Partial None None
PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as Access.
4287 CVE-1999-1429 1998-01-05 2016-10-17
2.1
None Local Low Not required None Partial None
DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver.
4288 CVE-1999-1423 DoS 1997-06-26 2018-10-30
2.1
None Local Low Not required None None Partial
ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.
4289 CVE-1999-1409 1998-07-03 2016-10-17
2.1
None Local Low Not required Partial None None
The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.
4290 CVE-1999-1408 DoS 1997-03-05 2016-10-17
2.1
None Local Low Not required None None Partial
Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.
4291 CVE-1999-1407 1998-03-09 2016-10-17
2.1
None Local Low Not required None Partial None
ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file.
4292 CVE-1999-1406 DoS 1998-07-29 2016-10-17
2.1
None Local Low Not required None None Partial
dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel.
4293 CVE-1999-1402 1997-05-17 2018-10-30
2.1
None Local Low Not required None Partial None
The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.
4294 CVE-1999-1400 Bypass 1999-06-03 2016-10-17
2.1
None Local Low Not required Partial None None
The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked.
4295 CVE-1999-1394 1999-07-02 2016-10-17
2.1
None Local Low Not required None Partial None
BSD 4.4 based operating systems, when running at security level 1, allow the root user to clear the immutable and append-only flags for files by unmounting the file system and using a file system editor such as fsdb to directly modify the file through a device.
4296 CVE-1999-1386 1999-12-31 2016-10-17
2.1
None Local Low Not required None Partial None
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
4297 CVE-1999-1364 DoS 1999-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.
4298 CVE-1999-1363 DoS 1999-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.
4299 CVE-1999-1362 DoS 1999-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.
4300 CVE-1999-1360 DoS 1999-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.
Total number of vulnerabilities : 4392   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 (This Page)87 88
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.