Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1125 | 1 Freebsd | 1 Freebsd | 2016-10-17 | 2.1 LOW | N/A |
| FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory. | |||||
| CVE-2002-1052 | 1 W3c | 1 Jigsaw | 2016-10-17 | 5.0 MEDIUM | N/A |
| Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device. | |||||
| CVE-2002-0816 | 1 Compaq | 1 Tru64 | 2016-10-17 | 7.2 HIGH | N/A |
| Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument. | |||||
| CVE-2002-0818 | 1 Wwwoffle | 1 Wwwoffle | 2016-10-17 | 7.5 HIGH | N/A |
| wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length value. | |||||
| CVE-2002-0820 | 1 Freebsd | 1 Freebsd | 2016-10-17 | 7.2 HIGH | N/A |
| FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges. | |||||
| CVE-2002-0819 | 1 Artsd | 1 Artsd | 2016-10-17 | 7.2 HIGH | N/A |
| Format string vulnerability in artsd, when called by artswrapper, allows local users to gain privileges via format strings in the -a argument, which results in an error message that is not properly handled in a call to the arts_fatal function. | |||||
| CVE-2002-0833 | 1 Qualcomm | 1 Eudora | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string. | |||||
| CVE-2002-0831 | 1 Freebsd | 1 Freebsd | 2016-10-17 | 2.1 LOW | N/A |
| The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end. | |||||
| CVE-2002-0846 | 1 Macromedia | 1 Shockwave Flash | 2016-10-17 | 7.5 HIGH | N/A |
| The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length. | |||||
| CVE-2002-0845 | 1 Iplanet | 1 Iplanet Web Server | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding. | |||||
| CVE-2002-0849 | 1 Cisco | 1 Iscsi Driver | 2016-10-17 | 4.6 MEDIUM | N/A |
| Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by reading the cleartext CHAP password. | |||||
| CVE-2002-0858 | 1 Oracle | 2 Oracle8i, Oracle9i | 2016-10-17 | 7.5 HIGH | N/A |
| catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges. | |||||
| CVE-2002-0857 | 1 Oracle | 2 Database Server, Oracle8i | 2016-10-17 | 7.5 HIGH | N/A |
| Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file. | |||||
| CVE-2002-0889 | 1 Qualcomm | 1 Qpopper | 2016-10-17 | 4.6 MEDIUM | N/A |
| Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a long bulldir argument in the user's .qpopper-options configuration file. | |||||
| CVE-2002-0836 | 3 Hp, Mandrakesoft, Redhat | 3 Secure Os, Mandrake Linux, Linux | 2016-10-17 | 7.5 HIGH | N/A |
| dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. | |||||
| CVE-2002-0887 | 1 Caldera | 1 Openserver | 2016-10-17 | 2.1 LOW | N/A |
| scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files. | |||||
| CVE-2002-0817 | 1 William Deich | 1 Super | 2016-10-17 | 7.2 HIGH | N/A |
| Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument. | |||||
| CVE-2002-0904 | 1 Kismet | 1 Kismet | 2016-10-17 | 7.5 HIGH | N/A |
| SayText function in Kismet 2.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters (backtick or pipe) in the essid argument. | |||||
| CVE-2002-0909 | 1 Matsushita Research | 1 Mnews | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote NNTP server to execute arbitrary code via long responses, or local users can gain privileges via long command line arguments (2) -f, (3) -n, (4) -D, (5) -M, or (6) -P, or via long environment variables (7) JNAMES or (8) MAILSERVER. | |||||
| CVE-2002-0837 | 1 Wordtrans | 1 Wordtrans-web | 2016-10-17 | 7.5 HIGH | N/A |
| wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remote attackers to (1) execute arbitrary code or (2) conduct cross-site scripting attacks via certain parameters (possibly "dict") to the wordtrans.php script. | |||||