CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1601 CVE-2001-1029 Bypass 2001-09-20 2017-10-10
2.1
None Local Low Not required Partial None None
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
1602 CVE-2001-1041 2001-08-31 2016-10-18
2.1
None Local Low Not required None Partial None
oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable.
1603 CVE-2001-1066 2001-08-31 2018-05-03
2.1
None Local Low Not required None Partial None
ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.
1604 CVE-2001-1070 DoS 2001-08-31 2017-12-19
2.1
None Local Low Not required None None Partial
Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters.
1605 CVE-2001-1092 2001-09-10 2017-12-19
2.1
None Local Low Not required Partial None None
msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mh_profile file.
1606 CVE-2001-1098 2001-10-10 2017-10-10
2.1
None Local Low Not required Partial None None
Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file.
1607 CVE-2001-1122 DoS 2001-08-03 2017-12-19
2.1
None Local Low Not required None None Partial
Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.
1608 CVE-2001-1133 DoS 2001-08-21 2008-09-05
2.1
None Local Low Not required None None Partial
Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions.
1609 CVE-2001-1136 DoS 2001-09-13 2017-12-19
2.1
None Local Low Not required None None Partial
The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service.
1610 CVE-2001-1218 DoS 2001-12-20 2008-09-10
2.1
None Local Low Not required None None Partial
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
1611 CVE-2001-1225 DoS 2001-12-26 2008-09-05
2.1
None Local Low Not required None None Partial
Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried.
1612 CVE-2001-1267 Dir. Trav. 2001-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
1613 CVE-2001-1268 Dir. Trav. 2001-07-12 2010-05-25
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
1614 CVE-2001-1269 2001-07-12 2010-05-25
2.1
None Local Low Not required None Partial None
Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character.
1615 CVE-2001-1270 Dir. Trav. 2001-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files.
1616 CVE-2001-1271 Dir. Trav. 2001-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) attack on archived filenames.
1617 CVE-2001-1273 DoS 2001-02-12 2008-09-05
2.1
None Local Low Not required None None Partial
The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt).
1618 CVE-2001-1277 2001-06-11 2016-10-18
2.1
None Local Low Not required None Partial None
makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters.
1619 CVE-2001-1288 DoS 2001-07-27 2019-04-30
2.1
None Local Low Not required None None Partial
Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.
1620 CVE-2001-1302 2001-07-18 2019-04-30
2.1
None Local Low Not required None Partial None
The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function.
1621 CVE-2001-1378 59 2001-09-06 2011-02-16
2.1
None Local Low Not required None Partial None
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.
1622 CVE-2001-1387 200 +Info 2001-11-05 2021-02-02
2.1
None Local Low Not required Partial None None
iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak.
1623 CVE-2001-1391 2001-04-17 2017-10-10
2.1
None Local Low Not required None Partial None
Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.
1624 CVE-2001-1392 2001-04-17 2016-12-08
2.1
None Local Low Not required None None Partial
The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers.
1625 CVE-2001-1393 DoS 2001-04-17 2016-12-08
2.1
None Local Low Not required None None Partial
Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang).
1626 CVE-2001-1394 DoS 2001-04-17 2016-12-08
2.1
None Local Low Not required None None Partial
Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service.
1627 CVE-2001-1397 2001-04-17 2016-12-08
2.1
None Local Low Not required None Partial None
The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory.
1628 CVE-2001-1399 2001-04-17 2016-12-08
2.1
None Local Low Not required None Partial None
Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86."
1629 CVE-2001-1400 DoS 2001-04-17 2016-12-08
2.1
None Local Low Not required None None Partial
Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock).
1630 CVE-2001-1405 DoS 2001-09-10 2016-10-18
2.1
None Local Low Not required None None Partial
Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.
1631 CVE-2001-1406 2001-09-10 2016-10-18
2.1
None Local Low Not required Partial None None
process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.
1632 CVE-2001-1439 DoS Overflow 2001-02-16 2017-07-11
2.1
None Local Low Not required None None Partial
Buffer overflow in the text editor functionality in HP-UX 10.01 through 11.04 on HP9000 Series 700 and Series 800 allows local users to cause a denial of service ("system availability") via text editors such as (1) e, (2) ex, (3) vi, (4) edit, (5) view, and (6) vedit.
1633 CVE-2001-1479 2001-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT.
1634 CVE-2001-1494 Exec Code 2001-12-31 2017-10-11
2.1
None Local Low Not required None Partial None
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
1635 CVE-2001-1497 2001-12-31 2021-07-23
2.1
None Local Low Not required Partial None None
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
1636 CVE-2001-1503 2001-12-31 2018-10-30
2.1
None Local Low Not required Partial None None
The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.
1637 CVE-2001-1517 +Info 2001-12-31 2019-04-30
2.1
None Local Low Not required Partial None None
** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information.
1638 CVE-2001-1518 DoS 2001-12-31 2019-04-30
2.1
None Local Low Not required None None Partial
RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.
1639 CVE-2001-1520 2001-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN.
1640 CVE-2001-1527 2001-12-31 2009-04-03
2.1
None Local Low Not required Partial None None
easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access.
1641 CVE-2001-1534 384 Bypass +Info 2001-12-31 2021-07-15
2.1
None Local Low Not required Partial None None
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
1642 CVE-2001-1548 Bypass 2001-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
1643 CVE-2001-1549 Bypass 2001-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
1644 CVE-2001-1550 2001-12-31 2017-07-11
2.1
None Local Low Not required Partial None None
CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users.
1645 CVE-2001-1551 2001-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, which allows local users to exceed disk quota restrictions during execution of setuid programs.
1646 CVE-2001-1559 DoS 2001-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.
1647 CVE-2001-1560 DoS 2001-12-31 2019-04-30
2.1
None Local Low Not required None None Partial
Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.
1648 CVE-2001-1564 DoS 2001-12-31 2017-10-12
2.1
None Local Low Not required None None Partial
setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow local users to cause a denial of service by exhausting available disk space.
1649 CVE-2001-1565 +Info 2001-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command.
1650 CVE-2001-1570 2001-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 (This Page)34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.