Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-09-24 | CVE-2002-0973 | Buffer Overflow vulnerability in FreeBSD System Call Signed Integer Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl. | 4.6 |
| 2002-09-24 | CVE-2002-0972 | Unspecified vulnerability in Postgresql Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad. | 4.6 |
| 2002-09-24 | CVE-2002-0971 | Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box. | 4.6 |
| 2002-09-24 | CVE-2002-0860 | Local File Read vulnerability in Microsoft Office web Components and Project The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file. | 5.0 |
| 2002-09-24 | CVE-2002-0648 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file. | 5.0 |
| 2002-09-05 | CVE-2002-0874 | Denial-Of-Service vulnerability in Interchange Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files. | 5.0 |
| 2002-09-05 | CVE-2002-0873 | Remote Security vulnerability in l2tpd Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow. | 5.0 |
| 2002-09-05 | CVE-2002-0856 | Denial Of Service vulnerability in Oracle Listener Malformed Debugging Command SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. | 5.0 |
| 2002-09-05 | CVE-2002-0853 | Denial Of Service vulnerability in Cisco VPN Client Zero Length IKE Packet Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. | 5.0 |
| 2002-09-05 | CVE-2002-0852 | Denial-Of-Service vulnerability in VPN Client for Linux Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads. | 5.0 |