CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4451 CVE-1999-1572 1996-07-16 2017-10-18
2.1
None Local Low Not required Partial None None
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
4452 CVE-1999-1564 DoS 1999-09-02 2008-09-05
2.1
None Local Low Not required None None Partial
FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes.
4453 CVE-1999-1554 1990-10-31 2008-09-05
2.1
None Local Low Not required Partial None None
/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users.
4454 CVE-1999-1545 1999-07-14 2016-10-17
2.1
None Local Low Not required Partial None None
Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users.
4455 CVE-1999-1540 1999-10-04 2017-12-18
2.1
None Local Low Not required Partial None None
shell-lock in Cactus Software Shell Lock uses weak encryption (trivial encoding) which allows attackers to easily decrypt and obtain the source code.
4456 CVE-1999-1538 1999-01-14 2016-10-17
2.1
None Local Low Not required Partial None None
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
4457 CVE-1999-1499 1998-04-10 2008-09-05
2.1
None Local Low Not required None Partial None
named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used.
4458 CVE-1999-1496 1999-06-08 2017-12-18
2.1
None Local Low Not required Partial None None
Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.
4459 CVE-1999-1495 1999-02-18 2017-12-18
2.1
None Local Low Not required None None Partial
xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary files via a symlink attack on the pic000.pnm file.
4460 CVE-1999-1494 1994-08-09 2017-10-09
2.1
None Local Low Not required Partial None None
colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument.
4461 CVE-1999-1476 DoS 1999-12-31 2017-10-09
2.1
None Local Low Not required None None Partial
A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem.
4462 CVE-1999-1453 1999-02-02 2016-10-17
2.6
None Remote High Not required Partial None None
Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.
4463 CVE-1999-1452 1999-12-31 2017-10-09
2.1
None Local Low Not required Partial None None
GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.
4464 CVE-1999-1449 DoS 1997-05-19 2008-09-05
2.1
None Local Low Not required None None Partial
SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device.
4465 CVE-1999-1446 1997-08-05 2016-10-17
2.1
None Local Low Not required Partial None None
Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the user browses the folders because of tailored displays.
4466 CVE-1999-1441 DoS 1998-06-30 2016-10-17
2.1
None Local Low Not required None None Partial
Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it.
4467 CVE-1999-1439 1998-01-02 2016-10-17
2.1
None Local Low Not required None Partial None
gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files.
4468 CVE-1999-1430 1999-01-01 2016-10-17
2.1
None Local Low Not required Partial None None
PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as Access.
4469 CVE-1999-1429 1998-01-05 2016-10-17
2.1
None Local Low Not required None Partial None
DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver.
4470 CVE-1999-1423 DoS 1997-06-26 2018-10-30
2.1
None Local Low Not required None None Partial
ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.
4471 CVE-1999-1409 1998-07-03 2016-10-17
2.1
None Local Low Not required Partial None None
The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.
4472 CVE-1999-1408 DoS 1997-03-05 2016-10-17
2.1
None Local Low Not required None None Partial
Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.
4473 CVE-1999-1407 1998-03-09 2016-10-17
2.1
None Local Low Not required None Partial None
ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file.
4474 CVE-1999-1406 DoS 1998-07-29 2016-10-17
2.1
None Local Low Not required None None Partial
dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel.
4475 CVE-1999-1402 1997-05-17 2018-10-30
2.1
None Local Low Not required None Partial None
The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.
4476 CVE-1999-1400 Bypass 1999-06-03 2016-10-17
2.1
None Local Low Not required Partial None None
The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked.
4477 CVE-1999-1394 1999-07-02 2016-10-17
2.1
None Local Low Not required None Partial None
BSD 4.4 based operating systems, when running at security level 1, allow the root user to clear the immutable and append-only flags for files by unmounting the file system and using a file system editor such as fsdb to directly modify the file through a device.
4478 CVE-1999-1386 1999-12-31 2016-10-17
2.1
None Local Low Not required None Partial None
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
4479 CVE-1999-1364 DoS 1999-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.
4480 CVE-1999-1363 DoS 1999-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.
4481 CVE-1999-1362 DoS 1999-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.
4482 CVE-1999-1360 DoS 1999-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.
4483 CVE-1999-1348 DoS 1999-06-30 2016-10-17
2.1
None Local Low Not required None None Partial
Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable PAM-based access to the shutdown command, which could allow local users to cause a denial of service.
4484 CVE-1999-1332 1999-12-31 2016-10-17
2.1
None Local Low Not required None Partial None
gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.
4485 CVE-1999-1331 DoS 1999-12-31 2008-09-10
2.1
None Local Low Not required None None Partial
netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface.
4486 CVE-1999-1314 DoS 1996-05-17 2008-09-10
2.1
None Local Low Not required None None Partial
Vulnerability in union file system in FreeBSD 2.2 and earlier, and possibly other operating systems, allows local users to cause a denial of service (system reload) via a series of certain mount_union commands.
4487 CVE-1999-1297 1998-07-15 2018-10-30
2.1
None Local Low Not required Partial None None
cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.
4488 CVE-1999-1294 1999-12-31 2017-10-09
2.1
None Local Low Not required Partial None None
Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission.
4489 CVE-1999-1285 DoS 1998-12-27 2017-12-18
2.1
None Local Low Not required None None Partial
Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.
4490 CVE-1999-1271 1998-06-11 2017-12-18
2.1
None Local Low Not required Partial None None
Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users.
4491 CVE-1999-1269 1998-02-06 2017-12-18
2.1
None Local Low Not required None Partial None
Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file.
4492 CVE-1999-1263 2003-08-15 2017-10-09
2.6
None Remote High Not required None Partial None
Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file.
4493 CVE-1999-1259 +Info 1999-12-31 2017-10-09
2.1
None Local Low Not required Partial None None
Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.
4494 CVE-1999-1251 1 DoS 1996-12-24 2017-12-18
2.1
None Local Low Not required None None Partial
Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service.
4495 CVE-1999-1229 1998-02-25 2017-12-18
2.1
None Local Low Not required Partial None None
Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.
4496 CVE-1999-1226 DoS Exec Code 1999-10-28 2017-10-09
2.6
None Remote High Not required None None Partial
Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.
4497 CVE-1999-1221 1996-11-17 2017-12-18
2.1
None Local Low Not required None Partial None
dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify arbitrary files via a symlink attack on the dxchpwd.log file.
4498 CVE-1999-1218 1993-02-18 2017-12-18
2.1
None Local Low Not required Partial None None
Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier allows local users to read arbitrary files.
4499 CVE-1999-1214 255 DoS 1997-09-15 2017-10-09
2.1
None Local Low Not required None None Partial
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
4500 CVE-1999-1205 1 DoS 1996-06-07 2018-05-02
2.1
None Local Low Not required None None Partial
nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information.
Total number of vulnerabilities : 4561   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 (This Page)91 92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.