CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2001-1529 Overflow 2001-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is not clear if this is the same issue as CVE-2001-0779.
602 CVE-2001-1531 DoS Exec Code Overflow 2001-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an email attachment with a long filename.
603 CVE-2001-1538 2001-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SpeedXess HA-120 DSL router has a default administrative password of "speedxess", which allows remote attackers to gain access.
604 CVE-2001-1542 Exec Code Bypass 2001-12-31 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments.
605 CVE-2001-1543 2001-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.
606 CVE-2001-1547 Exec Code 2001-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code.
607 CVE-2001-1557 Overflow +Priv 2001-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gain privileges.
608 CVE-2001-1563 2001-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.
609 CVE-2001-1566 Exec Code 2001-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in libvanessa_logger 0.0.1 in Perdition 0.1.8 allows remote attackers to execute arbitrary code via format string specifiers in the __vanessa_logger_log function.
610 CVE-2001-1572 Bypass 2001-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets.
611 CVE-2001-1577 +Priv 2001-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 allows an xterm session to gain privileges when the session is reused.
612 CVE-2001-1581 Bypass 2001-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows remote attackers to bypass e-mail attachment filtering policies via a modified name in a Content-Type header.
613 CVE-2001-1584 20 Exec Code 2001-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
CardBoard 2.4 greeting card CGI by Michael Barretto allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient field.
614 CVE-2004-1776 2001-02-28 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard.
615 CVE-2000-0312 +Priv 2001-03-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.
616 CVE-2000-1095 Exec Code 2001-01-09 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
617 CVE-2000-1103 +Priv 2001-01-09 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line.
618 CVE-2000-1120 Exec Code Overflow 2001-01-09 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.
619 CVE-2000-1121 Exec Code Overflow 2001-01-09 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument.
620 CVE-2000-1122 Exec Code Overflow 2001-01-09 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument.
621 CVE-2000-1123 Exec Code Overflow 2001-01-09 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands.
622 CVE-2000-1124 Overflow +Priv 2001-01-09 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.
623 CVE-2000-1125 2001-01-09 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
624 CVE-2000-1134 2001-01-09 2017-10-19
7.2
None Local Low Not required Complete Complete Complete
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
625 CVE-2000-1175 Exec Code Overflow 2001-01-09 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Koules 1.4 allows local users to execute arbitrary commands via a long command line argument.
626 CVE-2000-1183 Exec Code Overflow 2001-01-09 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long connection request.
627 CVE-2000-1189 Overflow +Priv 2001-01-09 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges.
628 CVE-2000-1202 Exec Code 2001-08-31 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class.
629 CVE-2001-0015 +Priv 2001-03-12 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process.
630 CVE-2001-0016 2001-03-12 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access.
631 CVE-2001-0030 Bypass 2001-02-16 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
FoolProof 3.9 allows local users to bypass program execution restrictions by downloading the restricted executables from another source and renaming them.
632 CVE-2001-0033 +Priv 2001-02-16 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges.
633 CVE-2001-0034 +Priv 2001-02-16 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges.
634 CVE-2001-0035 DoS Exec Code Overflow 2001-02-16 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long authentication request.
635 CVE-2001-0044 Overflow +Priv 2001-02-16 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in Lexmark MarkVision printer driver programs allows local users to gain privileges via long arguments to the cat_network, cat_paraller, and cat_serial commands.
636 CVE-2001-0048 2001-02-12 2019-04-30
7.2
None Local Low Not required Complete Complete Complete
The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
637 CVE-2001-0061 +Priv 2001-02-12 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child's address space.
638 CVE-2001-0063 +Priv Bypass 2001-02-12 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
procfs in FreeBSD and possibly other operating systems allows local users to bypass access control restrictions for a jail environment and gain additional privileges.
639 CVE-2001-0066 2001-02-16 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer.
640 CVE-2001-0084 +Priv 2001-02-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.
641 CVE-2001-0085 DoS Exec Code Overflow 2001-02-12 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and possibly execute arbitrary commands.
642 CVE-2001-0087 +Priv 2001-02-12 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.
643 CVE-2001-0093 +Priv 2001-02-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain root privileges by modifying critical environmental variables that affect the behavior of telnetd.
644 CVE-2001-0094 Overflow +Priv 2001-02-12 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root privileges.
645 CVE-2001-0102 +Priv 2001-02-12 2021-09-22
7.2
None Local Low Not required Complete Complete Complete
"Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user to log in as the Owner account without a password.
646 CVE-2001-0104 Bypass 2001-02-12 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock server" security setting by pressing the Cancel button at the password prompt, then pressing the enter key.
647 CVE-2001-0110 Overflow +Priv 2001-03-12 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY environmental variable.
648 CVE-2001-0111 Exec Code 2001-03-12 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument.
649 CVE-2001-0112 Exec Code Overflow 2001-03-12 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands.
650 CVE-2001-0115 Exec Code Overflow 2001-03-12 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.