CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4351 CVE-2002-1687 Overflow 2002-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable.
4352 CVE-2002-1682 2002-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts.
4353 CVE-2002-1676 2002-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
BindView NetInventory 1.0, when used with NetRC 1.0, allows local users to read sensitive information (passwords) by deleting the HOSTCFG._NI file and forcing an audit, which rewrites the HOSTCFG._NI to HOSTCFG.INI and stores the passwords in cleartext until the audit is complete.
4354 CVE-2002-1672 2002-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials.
4355 CVE-2002-1669 2002-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation.
4356 CVE-2002-1668 DoS 2002-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
HP-UX 11.11 and earlier allows local users to cause a denial of service (kernel deadlock), due to a "file system weakness" that is possibly via an mmap() system call and performing an I/O operation using data from the mapped buffer on the file descriptor for the mapped file.
4357 CVE-2002-1667 DoS 2002-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags.
4358 CVE-2002-1610 DoS 2002-08-30 2017-07-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to cause a denial of service.
4359 CVE-2002-1589 DoS 2002-10-24 2018-10-30
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic).
4360 CVE-2002-1587 DoS 2002-12-04 2018-10-30
2.1
None Local Low Not required None None Partial
The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.
4361 CVE-2002-1586 DoS 2002-12-03 2018-10-30
2.1
None Local Low Not required None None Partial
Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.
4362 CVE-2002-1571 +Info 2002-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.
4363 CVE-2002-1521 +Priv 2003-04-02 2008-09-05
2.1
None Local Low Not required Partial None None
Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges.
4364 CVE-2002-1502 2003-04-02 2008-09-05
2.1
None Local Low Not required None Partial None
Symbolic link vulnerability in xbreaky before 0.5.5 allows local users to overwrite arbitrary files via a symlink from the user's .breakyhighscores file to the target file.
4365 CVE-2002-1490 DoS Overflow 2003-04-02 2008-09-05
2.1
None Local Low Not required None None Partial
NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes.
4366 CVE-2002-1470 2003-04-22 2008-09-05
2.1
None Local Low Not required Partial None None
SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file.
4367 CVE-2002-1444 DoS 2002-08-15 2008-09-05
2.6
None Remote High Not required None None Partial
The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function.
4368 CVE-2002-1409 DoS 2003-04-11 2017-10-10
2.1
None Local Low Not required None None Partial
ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state."
4369 CVE-2002-1395 2003-01-17 2008-09-10
2.1
None Local Low Not required None Partial None
Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz.
4370 CVE-2002-1392 2003-01-17 2017-10-09
2.1
None Local Low Not required None Partial None
faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges.
4371 CVE-2002-1380 DoS 2002-12-23 2018-05-02
2.1
None Local Low Not required None None Partial
Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.
4372 CVE-2002-1319 DoS 2002-12-11 2017-10-09
2.1
None Local Low Not required None None Partial
The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.
4373 CVE-2002-1313 DoS 2002-11-29 2017-10-09
2.1
None Local Low Not required None None Partial
nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users.
4374 CVE-2002-1270 2002-12-11 2017-10-09
2.1
None Local Low Not required Partial None None
Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call.
4375 CVE-2002-1233 2002-11-04 2016-10-17
2.6
None Local High Not required Partial Partial None
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
4376 CVE-2002-1231 DoS 2002-11-04 2008-09-10
2.1
None Local Low Not required None None Partial
SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.
4377 CVE-2002-1193 2002-10-28 2008-09-10
2.1
None Local Low Not required None Partial None
tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files.
4378 CVE-2002-1126 2002-09-24 2016-10-17
2.6
None Remote High Not required Partial None None
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.
4379 CVE-2002-1125 2002-09-24 2016-10-17
2.1
None Local Low Not required Partial None None
FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory.
4380 CVE-2002-1109 DoS 2002-10-04 2016-10-17
2.1
None Local Low Not required None None Partial
securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter.
4381 CVE-2002-1030 DoS 2002-10-04 2008-09-05
2.6
None Remote High Not required None None Partial
Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.
4382 CVE-2002-1017 2002-10-04 2008-09-05
2.1
None Local Low Not required None Partial None
Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other systems by using the backup feature, capturing the encryption Challenge, and using the appropriate hash function to generate the activation code.
4383 CVE-2002-0992 DoS 2002-10-04 2008-09-05
2.1
None Local Low Not required None None Partial
Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced or (2) rpcd on HP-UX 11.11 allows attackers to cause a denial of service (crash) via an attack that modifies internal data.
4384 CVE-2002-0915 2002-10-04 2008-09-05
2.1
None Local Low Not required Partial None None
autorun in Xandros based Linux distributions allows local users to read the first line of arbitrary files via the -c parameter, which causes autorun to print the first line of the file.
4385 CVE-2002-0887 2002-10-04 2016-10-17
2.1
None Local Low Not required None Partial None
scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files.
4386 CVE-2002-0881 2002-10-04 2018-10-30
2.1
None Local Low Not required None Partial None
Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default administrative password, which allows attackers with physical access to the phone to modify the configuration settings.
4387 CVE-2002-0875 2002-09-05 2008-09-10
2.1
None Local Low Not required Partial None None
Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.
4388 CVE-2002-0871 DoS 2002-09-05 2016-12-07
2.1
None Local Low Not required None None Partial
xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe.
4389 CVE-2002-0831 DoS 2002-08-12 2016-10-17
2.1
None Local Low Not required None None Partial
The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end.
4390 CVE-2002-0806 2002-08-12 2008-09-05
2.1
None Local Low Not required None Partial None
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.
4391 CVE-2002-0798 DoS 2002-08-12 2017-10-10
2.1
None Local Low Not required Partial None None
Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directly read by the user, which reportedly can be used to cause a denial of service.
4392 CVE-2002-0795 2002-08-12 2008-09-05
2.1
None Local Low Not required None Partial None
The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files.
4393 CVE-2002-0790 +Priv 2002-08-12 2008-09-10
2.1
None Local Low Not required Partial None None
clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges.
4394 CVE-2002-0788 +Info 2002-08-12 2013-08-03
2.1
None Local Low Not required Partial None None
An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information.
4395 CVE-2002-0761 2002-08-12 2008-09-05
2.1
None Local Low Not required Partial None None
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.
4396 CVE-2002-0712 2004-02-03 2017-07-10
2.1
None Local Low Not required None None Partial
Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations.
4397 CVE-2002-0701 +Info 2002-07-23 2016-10-17
2.1
None Local Low Not required Partial None None
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.
4398 CVE-2002-0662 2002-10-04 2016-10-17
2.1
None Local Low Not required None Partial None
scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users to create and overwrite files via a symlink attack on the scrollkeeper-tempfile.x temporary files.
4399 CVE-2002-0577 DoS 2002-06-18 2017-10-10
2.1
None Local Low Not required None None Partial
Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users to corrupt the password file and cause a denial of service.
4400 CVE-2002-0570 2002-07-03 2017-12-18
2.1
None Local Low Not required None Partial None
The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key.
Total number of vulnerabilities : 4765   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 (This Page)89 90 91 92 93 94 95 96
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.