CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1551 CVE-2001-0169 2001-03-26 2017-10-10
2.1
None Local Low Not required None Partial None
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
1552 CVE-2001-0170 2001-03-26 2017-10-10
2.1
None Local Low Not required Partial None None
glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.
1553 CVE-2001-0178 +Priv 2001-03-26 2017-10-10
2.1
None Local Low Not required Partial None None
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
1554 CVE-2001-0195 +Priv 2001-03-26 2017-10-10
2.1
None Local Low Not required Partial None None
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
1555 CVE-2001-0219 DoS 2001-03-26 2017-10-10
2.1
None Local Low Not required None None Partial
Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service.
1556 CVE-2001-0235 2001-03-26 2017-10-10
2.1
None Local Low Not required Partial None None
Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.
1557 CVE-2001-0261 2001-06-02 2017-12-19
2.1
None Local Low Not required Partial None None
Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
1558 CVE-2001-0265 2001-06-18 2017-10-10
2.1
None Local Low Not required None Partial None
ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file.
1559 CVE-2001-0275 DoS Exec Code 2001-05-03 2008-09-05
2.1
None Local Low Not required None None Partial
Moby Netsuite Web Server 1.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request.
1560 CVE-2001-0287 DoS 2001-05-03 2008-09-05
2.1
None Local Low Not required None None Partial
VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command.
1561 CVE-2001-0300 2001-06-02 2017-07-11
2.1
None Local Low Not required None Partial None
oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.
1562 CVE-2001-0310 2001-06-02 2017-10-10
2.1
None Local Low Not required None None Partial
sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts.
1563 CVE-2001-0351 DoS 2001-07-21 2018-10-12
2.1
None Local Low Not required None None Partial
Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
1564 CVE-2001-0373 2001-06-18 2017-10-10
2.1
None Local Low Not required Partial None None
The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information.
1565 CVE-2001-0378 2001-06-27 2017-10-10
2.1
None Local Low Not required Partial None None
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.
1566 CVE-2001-0384 2001-07-02 2008-09-05
2.1
None Local Low Not required None Partial None
ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file.
1567 CVE-2001-0406 2001-07-02 2008-09-05
2.1
None Local Low Not required None Partial None
Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.
1568 CVE-2001-0409 2001-06-18 2017-10-10
2.1
None Local Low Not required None Partial None
vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.
1569 CVE-2001-0416 2001-06-27 2017-10-10
2.1
None Local Low Not required Partial None None
sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.
1570 CVE-2001-0417 2001-06-27 2020-01-21
2.1
None Local Low Not required None Partial None
Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.
1571 CVE-2001-0438 2001-07-02 2008-09-05
2.1
None Local Low Not required None Partial None
Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu.
1572 CVE-2001-0444 +Info 2001-07-02 2017-10-10
2.1
None Local Low Not required Partial None None
Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.
1573 CVE-2001-0474 2001-06-27 2017-10-10
2.1
None Local Low Not required None Partial None
Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.
1574 CVE-2001-0488 DoS 2001-06-27 2017-10-10
2.1
None Local Low Not required None None Partial
pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service.
1575 CVE-2001-0544 DoS 2001-10-30 2018-10-30
2.1
None Local Low Not required None None Partial
IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table.
1576 CVE-2001-0547 DoS 2001-09-20 2018-10-12
2.1
None Local Low Not required None None Partial
Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
1577 CVE-2001-0568 2001-08-22 2008-09-05
2.1
None Local Low Not required None Partial None
Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.
1578 CVE-2001-0569 2001-08-22 2008-09-05
2.1
None Local Low Not required None Partial None
Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.
1579 CVE-2001-0584 DoS 2001-08-22 2017-12-19
2.1
None Local Low Not required None None Partial
IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE commands.
1580 CVE-2001-0589 Bypass 2001-08-22 2017-10-10
2.1
None Local Low Not required None None Partial
NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns.
1581 CVE-2001-0620 2001-08-02 2017-12-19
2.1
None Local Low Not required Partial None None
iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server (NAS) LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from the configuration file, which has insecure permissions.
1582 CVE-2001-0624 2001-08-02 2017-12-19
2.1
None Local Low Not required Partial None None
QNX 2.4 allows a local user to read arbitrary files by directly accessing the mount point for the FAT disk partition, e.g. /fs-dos.
1583 CVE-2001-0642 Dir. Trav. 2001-09-20 2017-12-19
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in IncrediMail version 1400185 and earlier allows local users to overwrite files on the local hard drive by appending .. (dot dot) sequences to filenames listed in the content.ini file.
1584 CVE-2001-0666 400 DoS 2001-10-30 2020-04-02
2.1
None Local Low Not required None None Partial
Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
1585 CVE-2001-0682 DoS 2001-08-29 2017-10-10
2.1
None Local Low Not required None None Partial
ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.
1586 CVE-2001-0706 DoS 2001-09-20 2017-10-10
2.1
None Local Low Not required None None Partial
Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders.
1587 CVE-2001-0714 DoS 2001-10-30 2008-09-05
2.1
None Local Low Not required None None Partial
Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS option.
1588 CVE-2001-0715 +Info 2001-10-30 2011-03-08
2.1
None Local Low Not required Partial None None
Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode.
1589 CVE-2001-0736 2001-10-18 2017-12-19
2.1
None Local Low Not required None Partial None
Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.
1590 CVE-2001-0741 DoS 2001-10-18 2017-10-10
2.1
None Local Low Not required None None Partial
Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets.
1591 CVE-2001-0744 2001-10-18 2008-09-10
2.1
None Local Low Not required None Partial None
Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.
1592 CVE-2001-0809 2001-12-06 2017-10-11
2.1
None Local Low Not required None Partial None
Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources.
1593 CVE-2001-0832 2001-12-06 2016-10-18
2.1
None Local Low Not required None Partial None
Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the "Oracle File Overwrite Security Vulnerability."
1594 CVE-2001-0837 2001-12-06 2017-10-10
2.1
None Local Low Not required Partial None None
DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in (1) temp.html, (2) the log folder, and (3) the PhoneBook folder.
1595 CVE-2001-0890 2001-12-11 2008-09-10
2.1
None Local Low Not required None Partial None
Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files.
1596 CVE-2001-0907 DoS 2001-10-18 2018-09-20
2.1
None Local Low Not required None None Partial
Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link.
1597 CVE-2001-0914 DoS 2001-11-21 2017-10-10
2.1
None Local Low Not required None None Partial
Linux kernel before 2.4.11pre3 in multiple Linux distributions allows local users to cause a denial of service (crash) by starting the core vmlinux kernel, possibly related to poor error checking during ELF loading.
1598 CVE-2001-0921 2001-11-21 2017-10-10
2.1
None Local Low Not required Partial None None
Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext.
1599 CVE-2001-0993 DoS 2001-07-24 2017-10-10
2.1
None Local Low Not required None None Partial
sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause a denial of service (kernel trap or panic) via a msghdr structure with a large msg_controllen length.
1600 CVE-2001-1000 2001-09-07 2017-12-19
2.1
None Local Low Not required Partial None None
rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and possibly other versions, allows local users to read arbitrary files via a symlink attack on the rlmadmin.help file.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 (This Page)33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.