Weekly Vulnerabilities Reports > October 22 to 28, 2001

Overview

4 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 4 products from 4 vendors including RSA, Redhat, Palm, and Handspring. Vulnerabilities are notably categorized as .

  • 3 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities are exploitable by an anonymous user.
  • RSA has the most reported vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

3 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-10-24 CVE-2001-1462 RSA Information Disclosure vulnerability in RSA Securid 5.0

WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information.

7.5
2001-10-22 CVE-2001-1461 RSA Directory Traversal vulnerability in RSA Securid 5.0

Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /..

7.5
2001-10-25 CVE-2001-0923 Redhat Unspecified vulnerability in Redhat Package Manager 4.0.271/4.0.272

RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried.

7.2

1 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-10-22 CVE-2001-1438 Palm
Handspring
Denial-Of-Service vulnerability in Palm OS

Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image.

5.0

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS