Weekly Vulnerabilities Reports > April 16 to 22, 2001
Overview
12 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 2 products from 2 vendors including Linux, and ISC. Vulnerabilities are notably categorized as and "Off-by-one Error".
- 1 reported vulnerabilities are remotely exploitables.
- 11 reported vulnerabilities are exploitable by an anonymous user.
- Linux has the most reported vulnerabilities, with 11 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
1 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2001-04-17 | CVE-2001-1398 | Linux | Remote Security vulnerability in kernel Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability. | 7.5 |
3 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2001-04-17 | CVE-2001-1390 | Linux | Local Security vulnerability in kernel Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages. | 6.2 |
2001-04-17 | CVE-2001-1391 | Linux | Off-by-one Error vulnerability in Linux Kernel Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory. | 5.5 |
2001-04-21 | CVE-2001-1442 | ISC | Buffer Overflow vulnerability in innfeed Command-Line Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument. | 4.6 |
8 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2001-04-17 | CVE-2001-1396 | Linux | Local Security vulnerability in kernel Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact. | 3.6 |
2001-04-17 | CVE-2001-1395 | Linux | Local Security vulnerability in kernel Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact. | 3.6 |
2001-04-17 | CVE-2001-1400 | Linux | Denial-Of-Service vulnerability in kernel Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock). | 2.1 |
2001-04-17 | CVE-2001-1399 | Linux | Local Security vulnerability in kernel Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86." | 2.1 |
2001-04-17 | CVE-2001-1397 | Linux | Local Security vulnerability in kernel The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory. | 2.1 |
2001-04-17 | CVE-2001-1394 | Linux | Denial-Of-Service vulnerability in kernel Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service. | 2.1 |
2001-04-17 | CVE-2001-1393 | Linux | Denial-Of-Service vulnerability in kernel Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang). | 2.1 |
2001-04-17 | CVE-2001-1392 | Linux | Denial-Of-Service vulnerability in kernel The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers. | 2.1 |