National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 133,753 matching records.
Displaying matches 129401 through 129420.
Vuln ID Summary CVSS Severity
CVE-2002-0059

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0070

Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 7.6 HIGH
CVE-2002-0080

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2002-0082

The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0083

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2002-0084

Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-0085

cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0086

Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-0087

bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2002-0088

Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-0089

Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-0090

Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-0091

Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attackers to execute arbitrary commands via certain form fields.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0092

CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0164

Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2002-0018

In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2002-0020

Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0021

Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0022

Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0023

Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM