2002-03-15 | CVE-2002-0083 | Off-by-one Error vulnerability in multiple products Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. | 9.8 |
2001-12-06 | CVE-2001-0834 | Remote Denial of Service/File Disclosure vulnerability in ht://Dig htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file. | 6.4 |
2001-07-02 | CVE-2001-0440 | Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands. | 7.5 |
2001-07-02 | CVE-2001-0439 | licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | 7.5 |
2001-03-26 | CVE-2001-0170 | glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files. | 2.1 |
2001-03-12 | CVE-2001-0128 | Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. | 7.2 |
2001-01-09 | CVE-2000-1134 | Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack. | 7.2 |
2000-11-14 | CVE-2000-0844 | Permissions, Privileges, and Access Controls vulnerability in multiple products Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. | 10.0 |
2000-10-20 | CVE-2000-0747 | Unspecified vulnerability in Conectiva Linux 4.1/4.2/5.0 The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it. | 10.0 |
2000-10-20 | CVE-2000-0715 | Link Following vulnerability in multiple products DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file. | 2.1 |