| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2002-1232 |
|
|
DoS |
2002-11-04 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist. |
|
2 |
CVE-2002-0836 |
|
|
Exec Code |
2002-10-28 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. |
|
3 |
CVE-2002-0638 |
|
|
+Priv |
2002-08-12 |
2016-10-18 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. |
|
4 |
CVE-2002-0083 |
189 |
|
+Priv |
2002-03-15 |
2016-10-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. |
|
5 |
CVE-2002-0080 |
269 |
|
|
2002-03-15 |
2020-11-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. |
|
6 |
CVE-2002-0045 |
|
|
|
2002-01-31 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs. |
|
7 |
CVE-2002-0044 |
|
|
|
2002-01-31 |
2017-10-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files. |
|
8 |
CVE-2001-1375 |
|
|
Exec Code |
2001-07-19 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory. |
|
9 |
CVE-2001-1374 |
|
|
+Priv |
2001-07-19 |
2017-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd. |
|
10 |
CVE-2001-1030 |
|
|
Bypass |
2001-07-18 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. |
|
11 |
CVE-2001-1013 |
|
|
|
2001-09-12 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server. |
|
12 |
CVE-2001-1002 |
|
|
Exec Code +Priv |
2001-08-31 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands. |
|
13 |
CVE-2001-0977 |
|
|
DoS |
2001-07-16 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. |
|
14 |
CVE-2001-0886 |
|
|
DoS Exec Code Overflow |
2001-12-21 |
2018-05-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character. |
|
15 |
CVE-2001-0872 |
|
|
+Priv |
2001-12-21 |
2018-05-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges. |
|
16 |
CVE-2001-0869 |
|
|
Exec Code |
2001-12-21 |
2018-05-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands. |
|
17 |
CVE-2001-0787 |
|
|
|
2001-10-18 |
2017-10-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges. |
|
18 |
CVE-2001-0736 |
|
|
|
2001-10-18 |
2017-12-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. |
|
19 |
CVE-2001-0641 |
|
|
Exec Code Overflow |
2001-09-20 |
2017-10-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option. |
|
20 |
CVE-2001-0473 |
|
|
Exec Code |
2001-06-27 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands. |
|
21 |
CVE-2001-0441 |
|
|
Exec Code Overflow |
2001-06-27 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header. |
|
22 |
CVE-2001-0439 |
|
|
Exec Code |
2001-07-02 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. |
|
23 |
CVE-2001-0233 |
|
|
DoS Exec Code Overflow |
2001-03-26 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field. |
|
24 |
CVE-2001-0197 |
|
|
Exec Code |
2001-03-26 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands. |
|
25 |
CVE-2001-0143 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack. |
|
26 |
CVE-2001-0142 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
|
27 |
CVE-2001-0140 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
|
28 |
CVE-2001-0139 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
|
29 |
CVE-2001-0138 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack. |
|
30 |
CVE-2001-0128 |
|
|
+Priv Bypass |
2001-03-12 |
2017-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. |
|
31 |
CVE-2001-0120 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack. |
|
32 |
CVE-2001-0119 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack. |
|
33 |
CVE-2001-0118 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack. |
|
34 |
CVE-2001-0117 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack. |
|
35 |
CVE-2001-0116 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack. |
|
36 |
CVE-2000-1214 |
|
|
Overflow +Priv |
2000-10-18 |
2016-10-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges. |
|
37 |
CVE-2000-1213 |
|
|
|
2000-10-18 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges. |
|
38 |
CVE-2000-1208 |
|
|
+Priv |
2002-08-12 |
2016-10-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call. |
|
39 |
CVE-2000-1095 |
|
|
Exec Code |
2001-01-09 |
2017-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters. |
|
40 |
CVE-2000-0963 |
|
|
Exec Code Overflow |
2000-12-19 |
2017-07-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS. |
|
41 |
CVE-2000-0917 |
|
|
Exec Code |
2000-12-19 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands. |
|
42 |
CVE-2000-0816 |
|
|
Exec Code |
2000-10-06 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters. |
