Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0440 | 1 Trend Micro | 1 Interscan Viruswall | 2008-09-10 | 7.5 HIGH | N/A |
Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP clients. | |||||
CVE-2002-0450 | 1 Talentsoft | 1 Web\+ Server | 2008-09-10 | 10.0 HIGH | N/A |
Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe. | |||||
CVE-2002-0530 | 1 Novell | 1 Web Search | 2008-09-10 | 5.1 MEDIUM | N/A |
Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter. | |||||
CVE-2002-0600 | 2 Kth, Luke Mewburn | 2 Kth Kerberos, Lukemftp | 2008-09-10 | 7.5 HIGH | N/A |
Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote malicious servers to execute arbitrary code on the client via a long response to a passive (PASV) mode request. | |||||
CVE-2002-0631 | 1 Sgi | 1 Irix | 2008-09-10 | 7.2 HIGH | N/A |
Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users to write arbitrary files and gain root privileges. | |||||
CVE-2002-0632 | 1 Sgi | 1 Irix | 2008-09-10 | 5.0 MEDIUM | N/A |
Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier allows clients to read arbitrary files on a BDS server. | |||||
CVE-2002-0646 | 2008-09-10 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0371. Reason: This candidate is a reservation duplicate of CVE-2002-0371. Notes: CVE-2002-0371 should be used instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2002-0655 | 3 Apple, Openssl, Oracle | 5 Mac Os X, Openssl, Application Server and 2 more | 2008-09-10 | 7.5 HIGH | N/A |
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. | |||||
CVE-2002-0656 | 3 Apple, Openssl, Oracle | 5 Mac Os X, Openssl, Application Server and 2 more | 2008-09-10 | 7.5 HIGH | N/A |
Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. | |||||
CVE-2002-0657 | 1 Openssl | 1 Openssl | 2008-09-10 | 7.5 HIGH | N/A |
Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key. | |||||
CVE-2002-0659 | 3 Apple, Openssl, Oracle | 5 Mac Os X, Openssl, Application Server and 2 more | 2008-09-10 | 5.0 MEDIUM | N/A |
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. | |||||
CVE-2002-0663 | 1 Symantec | 2 Norton Internet Security, Norton Personal Firewall | 2008-09-10 | 7.5 HIGH | N/A |
Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request. | |||||
CVE-2002-0666 | 6 Apple, Freebsd, Frees Wan and 3 more | 12 Mac Os X, Mac Os X Server, Freebsd and 9 more | 2008-09-10 | 5.0 MEDIUM | N/A |
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors. | |||||
CVE-2002-0667 | 1 Pingtel | 1 Xpressa | 2008-09-10 | 10.0 HIGH | N/A |
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone. | |||||
CVE-2002-0671 | 1 Pingtel | 1 Xpressa | 2008-09-10 | 7.5 HIGH | N/A |
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing. | |||||
CVE-2002-0675 | 1 Pingtel | 1 Xpressa | 2008-09-10 | 4.6 MEDIUM | N/A |
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone. | |||||
CVE-2002-0758 | 1 Suse | 1 Suse Linux | 2008-09-10 | 7.5 HIGH | N/A |
ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote attackers to execute arbitrary commands via spoofed DHCP responses, which are stored and executed in a file. | |||||
CVE-2002-0762 | 1 Suse | 1 Suse Linux | 2008-09-10 | 7.2 HIGH | N/A |
shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some users by changing filesize limits before calling programs that modify the files. | |||||
CVE-2002-0765 | 1 Openbsd | 2 Openbsd, Openssh | 2008-09-10 | 7.5 HIGH | N/A |
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password. | |||||
CVE-2002-0766 | 1 Openbsd | 1 Openbsd | 2008-09-10 | 7.2 HIGH | N/A |
OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor. |