Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1229 | 1 Avaya | 5 Cajun P550, Cajun P550r, Cajun P580 and 2 more | 2016-10-17 | 7.5 HIGH | N/A |
| Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges. | |||||
| CVE-2002-1225 | 1 Kth | 1 Heimdal | 2016-10-17 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access. | |||||
| CVE-2002-1226 | 1 Kth | 1 Heimdal | 2016-10-17 | 10.0 HIGH | N/A |
| Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225). | |||||
| CVE-2002-1178 | 1 Jetty | 1 Jetty Http Server | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory. | |||||
| CVE-2002-1197 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 7.5 HIGH | N/A |
| bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail. | |||||
| CVE-2002-1196 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 7.5 HIGH | N/A |
| editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits. | |||||
| CVE-2002-1198 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 7.5 HIGH | N/A |
| Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack. | |||||
| CVE-2002-1195 | 1 Gabriele Bartolini | 1 Ht Check | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page. | |||||
| CVE-2002-1201 | 1 Ibm | 1 Aix | 2016-10-17 | 5.0 MEDIUM | N/A |
| IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing the associated memory buffers. | |||||
| CVE-2002-0973 | 1 Freebsd | 1 Freebsd | 2016-10-17 | 4.6 MEDIUM | N/A |
| Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl. | |||||
| CVE-2002-0979 | 1 Microsoft | 1 Virtual Machine | 2016-10-17 | 7.5 HIGH | N/A |
| The Java logging feature for the Java Virtual Machine in Internet Explorer writes output from functions such as System.out.println to a known pathname, which can be used to execute arbitrary code. | |||||
| CVE-2002-0954 | 1 Cisco | 1 Pix Firewall | 2016-10-17 | 7.5 HIGH | N/A |
| The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques. | |||||
| CVE-2002-0975 | 1 Microsoft | 1 Directx Files Viewer Control | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter. | |||||
| CVE-2002-1018 | 1 Adobe | 1 Adobe Content Server | 2016-10-17 | 5.0 MEDIUM | N/A |
| The library feature for Adobe Content Server 3.0 does not verify if a customer has already checked out an eBook, which allows remote attackers to cause a denial of service (resource exhaustion) by checking out the same book multiple times. | |||||
| CVE-2002-1019 | 1 Adobe | 1 Adobe Content Server | 2016-10-17 | 5.0 MEDIUM | N/A |
| The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp. | |||||
| CVE-2002-1020 | 1 Adobe | 1 Adobe Content Server | 2016-10-17 | 5.0 MEDIUM | N/A |
| The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook even when the maximum number of loans is exceeded by accessing the "Add to bookbag" feature when the server reports that no more copies are available. | |||||
| CVE-2002-0968 | 1 Analogx | 1 Simpleserver Www | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows remote attackers to cause a denial of service (crash) and execute code via a long HTTP request method name. | |||||
| CVE-2002-0971 | 3 Att, Tightvnc, Tridia | 3 Winvnc Server, Tightvnc, Tridiavnc | 2016-10-17 | 4.6 MEDIUM | N/A |
| Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box. | |||||
| CVE-2002-0972 | 1 Postgresql | 1 Postgresql | 2016-10-17 | 4.6 MEDIUM | N/A |
| Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad. | |||||
| CVE-2002-0990 | 1 Symantec | 4 Enterprise Firewall, Gateway Security, Raptor Firewall and 1 more | 2016-10-17 | 5.0 MEDIUM | N/A |
| The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout. | |||||