Weekly Vulnerabilities Reports > April 1 to 7, 2002
Overview
13 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 15 products from 11 vendors including Microsoft, Oracle, IBM, Broadcom, and Checkpoint. Vulnerabilities are notably categorized as and "Improper Locking".
- 5 reported vulnerabilities are remotely exploitables.
- 12 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
9 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-04-04 | CVE-2002-0051 | Microsoft | Improper Locking vulnerability in Microsoft Windows 2000 Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. | 7.8 |
2002-04-03 | CVE-2002-0017 | SGI | Buffer Overflow vulnerability in IRIX SNMP Daemon Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request. | 7.5 |
2002-04-01 | CVE-2002-1639 | Oracle | Unspecified vulnerability in Oracle Configurator Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host". | 7.5 |
2002-04-01 | CVE-2001-1174 | ELM Development Group | Unspecified vulnerability in ELM Development Group ELM Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header. | 7.5 |
2002-04-04 | CVE-2002-0151 | Microsoft | Buffer Overflow vulnerability in Microsoft Windows 2000, Windows NT and Windows XP Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. | 7.2 |
2002-04-03 | CVE-2002-0165 | Logwatch | Local Security vulnerability in Logwatch 2.5 LogWatch 2.5 allows local users to gain root privileges via a symlink attack, a different vulnerability than CVE-2002-0162. | 7.2 |
2002-04-02 | CVE-2002-0158 | SUN | Heap Overflow vulnerability in Sun Solaris XSun Color Database File Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument. | 7.2 |
2002-04-01 | CVE-2001-1175 | Andries Brouwer | Unspecified vulnerability in Andries Brouwer Util-Linux 2.10S/2.11D vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing. | 7.2 |
2002-04-01 | CVE-2001-1171 | Checkpoint | Local Security vulnerability in Checkpoint Firewall-1 3.0B Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Policy rules, which could allow local users to gain privileges or modify the firewall policy. | 7.2 |
4 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-04-01 | CVE-2002-1640 | Oracle | Unspecified vulnerability in Oracle Configurator Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet. | 6.8 |
2002-04-01 | CVE-2002-1620 | IBM | Remote Security vulnerability in IBM AIX Parallel Systems Support Programs 3.1.1/3.2/3.4 Unknown vulnerability in IBM AIX Parallel Systems Support Programs (PSSP) 3.1.1, 3.2, and 3.4 allows remote attackers to read arbitrary files from a file collection. | 5.0 |
2002-04-05 | CVE-2002-1598 | Broadcom | Unspecified vulnerability in Broadcom Mlink 6.5 Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock. | 4.6 |
2002-04-01 | CVE-2001-1165 | Intego | Weak Password Encryption vulnerability in Intego FileGuard Intego FileGuard 4.0 uses weak encryption to store user information and passwords, which allows local users to gain privileges by decrypting the information, e.g., with the Disengage tool. | 4.6 |
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|