Weekly Vulnerabilities Reports > October 22 to 28, 2001
Overview
4 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 4 products from 4 vendors including RSA, Redhat, Palm, and Handspring. Vulnerabilities are notably categorized as .
- 3 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities are exploitable by an anonymous user.
- RSA has the most reported vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
3 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2001-10-24 | CVE-2001-1462 | RSA | Information Disclosure vulnerability in RSA Securid 5.0 WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information. | 7.5 |
| 2001-10-22 | CVE-2001-1461 | RSA | Directory Traversal vulnerability in RSA Securid 5.0 Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. | 7.5 |
| 2001-10-25 | CVE-2001-0923 | Redhat | Unspecified vulnerability in Redhat Package Manager 4.0.271/4.0.272 RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried. | 7.2 |
1 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2001-10-22 | CVE-2001-1438 | Palm Handspring | Denial-Of-Service vulnerability in Palm OS Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image. | 5.0 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|