Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 107551 entries
IDDescriptionPriorityModified dateFixed Release
CVE-1999-0095 The debug command in Sendmail is enabled, allowing attackers to execute commands as root. HIGH Jun 11, 2019 -- (Wind River Linux LTS 19)
CVE-1999-0145 Sendmail WIZ command enabled, allowing root access. HIGH Jun 11, 2019 -- (Wind River Linux LTS 19)
CVE-1999-1170 IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the \"flags\" registry key to 1920. MEDIUM Aug 13, 2019 -- (Wind River Linux LTS 19)
CVE-1999-1171 IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the \"flags\" registry key to 1920. MEDIUM Aug 13, 2019 -- (Wind River Linux LTS 19)
CVE-1999-1593 Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable. LOW Jan 15, 2009 -- (Wind River Linux LTS 19)
CVE-2000-1245 Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allow remote attackers to bypass intended restrictions on anonymous access via unknown vectors. High Apr 5, 2010 -- (Wind River Linux LTS 19)
CVE-2000-1246 NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO command after a failed RNFR command. Low Apr 5, 2010 -- (Wind River Linux LTS 19)
CVE-2000-1247 The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an allow from 127.0.0.1 line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI. LOW Oct 5, 2011 -- (Wind River Linux LTS 19)
CVE-2000-1254 crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms. Medium May 6, 2016 -- (Wind River Linux LTS 19)
CVE-2001-1021 Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD. HIGH Aug 13, 2019 -- (Wind River Linux LTS 19)
CVE-2001-1586 Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier allows remote attackers to execute arbitrary programs via encoded ../ (%2E%2E%2F%) sequences in a request to the cgi-bin/ directory, a different vulnerability than CVE-2000-0664. High Feb 15, 2010 -- (Wind River Linux LTS 19)
CVE-2001-1587 NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via an anonymous STOU command. Medium Apr 5, 2010 -- (Wind River Linux LTS 19)
CVE-2001-1593 The tempname_ensure function lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file. Low Apr 7, 2014 -- (Wind River Linux LTS 19)
CVE-2001-1594 GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. High Aug 11, 2015 -- (Wind River Linux LTS 19)
CVE-2002-0390 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0639. Reason: This candidate is a reservation duplicate of CVE-2002-0639. Notes: All CVE users should reference CVE-2002-0639 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. -- Jul 21, 2019 -- (Wind River Linux LTS 19)
CVE-2002-0471 PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable. High Sep 24, 2008 -- (Wind River Linux LTS 19)
CVE-2002-0510 The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux. LOW Sep 5, 2008 -- (Wind River Linux LTS 19)
CVE-2002-0806 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the del option. Low Sep 5, 2008 -- (Wind River Linux LTS 19)
CVE-2002-0811 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. High Feb 11, 2009 -- (Wind River Linux LTS 19)
CVE-2002-0826 Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command. HIGH Aug 13, 2019 -- (Wind River Linux LTS 19)
CVE-2002-2427 The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via an extra slash in a URL, a different vulnerability than CVE-2002-1603. Medium Feb 6, 2009 -- (Wind River Linux LTS 19)
CVE-2002-2428 webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data. Medium Feb 6, 2009 -- (Wind River Linux LTS 19)
CVE-2002-2429 webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header. Medium Feb 6, 2009 -- (Wind River Linux LTS 19)
CVE-2002-2430 GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server. Medium Feb 6, 2009 -- (Wind River Linux LTS 19)
CVE-2002-2431 Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause incorrect behavior via unknown malicious code, related to incorrect use of the socketInputBuffered function by sockGen.c. High Feb 9, 2009 -- (Wind River Linux LTS 19)
CVE-2002-2432 Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via a crafted username. Medium Apr 5, 2010 -- (Wind River Linux LTS 19)
CVE-2002-2433 NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command. Medium Apr 5, 2010 -- (Wind River Linux LTS 19)
CVE-2002-2434 NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not properly listen for data connections, which allows remote attackers to cause a denial of service (abend) via multiple FTP sessions. Medium Apr 5, 2010 -- (Wind River Linux LTS 19)
CVE-2002-2435 The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. Medium Dec 8, 2011 -- (Wind River Linux LTS 19)
CVE-2002-2436 The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. Medium Dec 8, 2011 -- (Wind River Linux LTS 19)
CVE-2002-2437 The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. Medium Dec 8, 2011 -- (Wind River Linux LTS 19)
CVE-2002-2439 Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. MEDIUM Oct 31, 2019 -- (Wind River Linux LTS 19)
CVE-2002-2443 schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. Medium May 31, 2013 -- (Wind River Linux LTS 19)
CVE-2002-2444 Snoopy before 2.0.0 has a security hole in exec cURL HIGH Nov 1, 2019 -- (Wind River Linux LTS 19)
CVE-2002-2445 GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) service. for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdwon user, which has unspecified impact and attack vectors. High Aug 6, 2015 -- (Wind River Linux LTS 19)
CVE-2002-2446 GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors. High Aug 4, 2015 -- (Wind River Linux LTS 19)
CVE-2003-0367 znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. LOW May 23, 2019 -- (Wind River Linux LTS 19)
CVE-2003-0772 Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments. HIGH Aug 13, 2019 -- (Wind River Linux LTS 19)
CVE-2003-1566 Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection. Medium Jan 16, 2009 -- (Wind River Linux LTS 19)
CVE-2003-1567 The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE. Medium Jan 16, 2009 -- (Wind River Linux LTS 19)
CVE-2003-1568 GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function. Medium Feb 9, 2009 -- (Wind River Linux LTS 19)
CVE-2003-1569 GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. Medium Feb 9, 2009 -- (Wind River Linux LTS 19)
CVE-2003-1570 The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to session exposure. Low Apr 8, 2009 -- (Wind River Linux LTS 19)
CVE-2003-1571 Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected. Medium Apr 2, 2009 -- (Wind River Linux LTS 19)
CVE-2003-1572 Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields. High Jun 2, 2009 -- (Wind River Linux LTS 19)
CVE-2003-1573 The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to inadequate security settings and library bugs in sun.* and org.apache.* packages. High Jun 2, 2009 -- (Wind River Linux LTS 19)
CVE-2003-1574 TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer Remember Me feature. NOTE: some of these details are obtained from third party information. High Aug 26, 2009 -- (Wind River Linux LTS 19)
CVE-2003-1575 VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem. Medium Jan 31, 2010 -- (Wind River Linux LTS 19)
CVE-2003-1576 Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors. High Jan 31, 2010 -- (Wind River Linux LTS 19)
CVE-2003-1577 Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an Inverse Lookup Log Corruption (ILLC) issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316. Low Feb 8, 2010 -- (Wind River Linux LTS 19)
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online