Total
286887 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0853 | 1 Cisco | 1 Vpn Client | 2024-11-20 | 5.0 MEDIUM | N/A |
Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. | |||||
CVE-2002-0852 | 1 Cisco | 1 Vpn Client | 2024-11-20 | 5.0 MEDIUM | N/A |
Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads. | |||||
CVE-2002-0851 | 1 Isdn4linux | 1 Isdn4linux | 2024-11-20 | 7.2 HIGH | N/A |
Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog. | |||||
CVE-2002-0850 | 1 Pgp | 1 Corporate Desktop | 2024-11-20 | 7.5 HIGH | N/A |
Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers to execute arbitrary code via an encrypted document that has a long filename when it is decrypted. | |||||
CVE-2002-0849 | 1 Cisco | 1 Iscsi Driver | 2024-11-20 | 4.6 MEDIUM | N/A |
Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by reading the cleartext CHAP password. | |||||
CVE-2002-0848 | 1 Cisco | 2 Vpn 5000 Concentrator, Vpn 5000 Concentrator Series Software | 2024-11-20 | 5.0 MEDIUM | N/A |
Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing. | |||||
CVE-2002-0847 | 1 Tinyproxy | 1 Tinyproxy | 2024-11-20 | 7.5 HIGH | N/A |
tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free). | |||||
CVE-2002-0846 | 1 Macromedia | 1 Shockwave Flash | 2024-11-20 | 7.5 HIGH | N/A |
The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length. | |||||
CVE-2002-0845 | 1 Iplanet | 1 Iplanet Web Server | 2024-11-20 | 7.5 HIGH | N/A |
Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding. | |||||
CVE-2002-0844 | 1 Derek Price | 1 Cvsd | 2024-11-20 | 4.6 MEDIUM | 7.8 HIGH |
Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code. | |||||
CVE-2002-0843 | 2 Apache, Oracle | 4 Http Server, Application Server, Database Server and 1 more | 2024-11-20 | 7.5 HIGH | N/A |
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. | |||||
CVE-2002-0842 | 1 Oracle | 1 Application Server | 2024-11-20 | 7.5 HIGH | N/A |
Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror(). | |||||
CVE-2002-0840 | 2 Apache, Oracle | 5 Http Server, Application Server, Database Server and 2 more | 2024-11-20 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. | |||||
CVE-2002-0839 | 1 Apache | 1 Http Server | 2024-11-20 | 7.2 HIGH | N/A |
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard. | |||||
CVE-2002-0838 | 3 Ggv, Ghostview, Gv | 3 Ggv, Ghostview, Gv | 2024-11-20 | 4.6 MEDIUM | N/A |
Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf. | |||||
CVE-2002-0837 | 1 Wordtrans | 1 Wordtrans-web | 2024-11-20 | 7.5 HIGH | N/A |
wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remote attackers to (1) execute arbitrary code or (2) conduct cross-site scripting attacks via certain parameters (possibly "dict") to the wordtrans.php script. | |||||
CVE-2002-0836 | 3 Hp, Mandrakesoft, Redhat | 3 Secure Os, Mandrake Linux, Linux | 2024-11-20 | 7.5 HIGH | N/A |
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. | |||||
CVE-2002-0835 | 3 Caldera, Hp, Redhat | 4 Openlinux Server, Openlinux Workstation, Secure Os and 1 more | 2024-11-20 | 5.0 MEDIUM | N/A |
Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones. | |||||
CVE-2002-0834 | 1 Ethereal Group | 1 Ethereal | 2024-11-20 | 7.5 HIGH | N/A |
Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets. | |||||
CVE-2002-0833 | 1 Qualcomm | 1 Eudora | 2024-11-20 | 7.5 HIGH | N/A |
Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string. |