CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4651 CVE-2000-0080 2000-01-10 2016-10-17
2.1
None Local Low Not required None Partial None
AIX techlibss allows local users to overwrite files via a symlink attack.
4652 CVE-2000-0076 1999-12-30 2016-10-17
2.1
None Local Low Not required None Partial None
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.
4653 CVE-2000-0069 2000-01-01 2008-09-10
2.1
None Local Low Not required Partial None None
The recover program in Solstice Backup allows local users to restore sensitive files.
4654 CVE-2000-0067 2000-01-11 2008-09-10
2.1
None Local Low Not required Partial None None
CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack.
4655 CVE-2000-0028 Bypass 1999-12-23 2008-09-10
2.6
None Remote High Not required Partial None None
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
4656 CVE-2000-0019 1999-03-04 2008-09-10
2.1
None Local Low Not required Partial None None
IMail POP3 daemon uses weak encryption, which allows local users to read files.
4657 CVE-2000-0008 1999-12-26 2008-09-10
2.1
None Local Low Not required Partial None None
FTPPro allows local users to read sensitive information, which is stored in plain text.
4658 CVE-2000-0006 1999-12-25 2017-10-09
2.6
None Local High Not required Partial Partial None
strace allows local users to read arbitrary files via memory mapped file names.
4659 CVE-1999-1587 1999-12-31 2018-10-30
2.1
None Local Low Not required Partial None None
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
4660 CVE-1999-1572 1996-07-16 2017-10-18
2.1
None Local Low Not required Partial None None
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
4661 CVE-1999-1564 DoS 1999-09-02 2008-09-05
2.1
None Local Low Not required None None Partial
FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes.
4662 CVE-1999-1554 1990-10-31 2008-09-05
2.1
None Local Low Not required Partial None None
/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users.
4663 CVE-1999-1545 1999-07-14 2016-10-17
2.1
None Local Low Not required Partial None None
Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users.
4664 CVE-1999-1540 1999-10-04 2017-12-18
2.1
None Local Low Not required Partial None None
shell-lock in Cactus Software Shell Lock uses weak encryption (trivial encoding) which allows attackers to easily decrypt and obtain the source code.
4665 CVE-1999-1538 1999-01-14 2016-10-17
2.1
None Local Low Not required Partial None None
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
4666 CVE-1999-1499 1998-04-10 2008-09-05
2.1
None Local Low Not required None Partial None
named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used.
4667 CVE-1999-1496 1999-06-08 2017-12-18
2.1
None Local Low Not required Partial None None
Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.
4668 CVE-1999-1495 1999-02-18 2017-12-18
2.1
None Local Low Not required None None Partial
xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary files via a symlink attack on the pic000.pnm file.
4669 CVE-1999-1494 1994-08-09 2017-10-09
2.1
None Local Low Not required Partial None None
colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument.
4670 CVE-1999-1476 DoS 1999-12-31 2017-10-09
2.1
None Local Low Not required None None Partial
A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem.
4671 CVE-1999-1453 1999-02-02 2016-10-17
2.6
None Remote High Not required Partial None None
Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.
4672 CVE-1999-1452 1999-12-31 2017-10-09
2.1
None Local Low Not required Partial None None
GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.
4673 CVE-1999-1449 DoS 1997-05-19 2008-09-05
2.1
None Local Low Not required None None Partial
SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device.
4674 CVE-1999-1446 1997-08-05 2016-10-17
2.1
None Local Low Not required Partial None None
Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the user browses the folders because of tailored displays.
4675 CVE-1999-1441 DoS 1998-06-30 2016-10-17
2.1
None Local Low Not required None None Partial
Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it.
4676 CVE-1999-1439 1998-01-02 2016-10-17
2.1
None Local Low Not required None Partial None
gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files.
4677 CVE-1999-1430 1999-01-01 2016-10-17
2.1
None Local Low Not required Partial None None
PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as Access.
4678 CVE-1999-1429 1998-01-05 2016-10-17
2.1
None Local Low Not required None Partial None
DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver.
4679 CVE-1999-1423 DoS 1997-06-26 2018-10-30
2.1
None Local Low Not required None None Partial
ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.
4680 CVE-1999-1409 1998-07-03 2016-10-17
2.1
None Local Low Not required Partial None None
The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.
4681 CVE-1999-1408 DoS 1997-03-05 2016-10-17
2.1
None Local Low Not required None None Partial
Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.
4682 CVE-1999-1407 1998-03-09 2016-10-17
2.1
None Local Low Not required None Partial None
ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file.
4683 CVE-1999-1406 DoS 1998-07-29 2016-10-17
2.1
None Local Low Not required None None Partial
dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel.
4684 CVE-1999-1402 1997-05-17 2018-10-30
2.1
None Local Low Not required None Partial None
The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.
4685 CVE-1999-1400 Bypass 1999-06-03 2016-10-17
2.1
None Local Low Not required Partial None None
The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked.
4686 CVE-1999-1394 1999-07-02 2016-10-17
2.1
None Local Low Not required None Partial None
BSD 4.4 based operating systems, when running at security level 1, allow the root user to clear the immutable and append-only flags for files by unmounting the file system and using a file system editor such as fsdb to directly modify the file through a device.
4687 CVE-1999-1386 1999-12-31 2016-10-17
2.1
None Local Low Not required None Partial None
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
4688 CVE-1999-1364 DoS 1999-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.
4689 CVE-1999-1363 DoS 1999-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.
4690 CVE-1999-1362 DoS 1999-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.
4691 CVE-1999-1360 DoS 1999-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.
4692 CVE-1999-1348 DoS 1999-06-30 2016-10-17
2.1
None Local Low Not required None None Partial
Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable PAM-based access to the shutdown command, which could allow local users to cause a denial of service.
4693 CVE-1999-1332 1999-12-31 2016-10-17
2.1
None Local Low Not required None Partial None
gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.
4694 CVE-1999-1331 DoS 1999-12-31 2008-09-10
2.1
None Local Low Not required None None Partial
netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface.
4695 CVE-1999-1314 DoS 1996-05-17 2008-09-10
2.1
None Local Low Not required None None Partial
Vulnerability in union file system in FreeBSD 2.2 and earlier, and possibly other operating systems, allows local users to cause a denial of service (system reload) via a series of certain mount_union commands.
4696 CVE-1999-1297 1998-07-15 2018-10-30
2.1
None Local Low Not required Partial None None
cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.
4697 CVE-1999-1294 1999-12-31 2017-10-09
2.1
None Local Low Not required Partial None None
Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission.
4698 CVE-1999-1285 DoS 1998-12-27 2017-12-18
2.1
None Local Low Not required None None Partial
Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.
4699 CVE-1999-1271 1998-06-11 2017-12-18
2.1
None Local Low Not required Partial None None
Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users.
4700 CVE-1999-1269 1998-02-06 2017-12-18
2.1
None Local Low Not required None Partial None
Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file.
Total number of vulnerabilities : 4765   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 (This Page)95 96
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.