Weekly Vulnerabilities Reports > January 18 to 24, 1999

Overview

5 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 4 products from 3 vendors including Microsoft, Linux, and Ramp Networks. Vulnerabilities are notably categorized as .

  • 3 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 2 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-01-19 CVE-1999-0119 Microsoft Unspecified vulnerability in Microsoft Windows NT 4.0

Windows NT 4.0 beta allows users to read and delete shares.

10.0

2 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-01-21 CVE-1999-1264 Ramp Networks Unspecified vulnerability in Ramp Networks Webramp

WebRamp M3 router does not disable remote telnet or HTTP access to itself, even when access has been explicitly disabled.

7.5
1999-01-21 CVE-1999-0121 Buffer overflow in dtaction command gives root access.
7.2

1 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-01-24 CVE-1999-1544 Microsoft Unspecified vulnerability in Microsoft Internet Information Server 3.0/4.0

Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command.

5.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-01-19 CVE-1999-0451 Linux Unspecified vulnerability in Linux Kernel 2.0/2.2.0

Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.

2.1