CVSS: 6.8EPSS: 20%CPEs: 11EXPL: 1CVE-2002-0862 – Microsoft Internet Explorer 5/6 / Konqueror 2.2.2/3.0 / Weblogic Server 5/6/7 - Invalid X.509 Certificate Chain
https://notcve.org/view.php?id=CVE-2002-0862
10 Sep 2002 — The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explo... • https://www.exploit-db.com/exploits/21692 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 4%CPEs: 6EXPL: 0CVE-2002-0699
https://notcve.org/view.php?id=CVE-2002-0699
31 Aug 2002 — Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. Vulnerabilidad desconocida en el Control ActiveX de Enrolamiento de Certificados (Certificate Enrollment) en Microsoft Windows 98, Windows 98 Segunda Edición, Windows Millenium, Windows NT 4.0, Windows 2000 y Windows XP, permite a atacantes rem... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-048 •
CVSS: 7.5EPSS: 44%CPEs: 30EXPL: 2CVE-2002-0724 – Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0724
24 Aug 2002 — Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service". • https://www.exploit-db.com/exploits/21746 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-0725
https://notcve.org/view.php?id=CVE-2002-0725
20 Aug 2002 — NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file. El sistema de archivos NTFS en Windows NT4.0 y Windows 2000 SP2 permite a atacantes locales ocultar las actividades de uso de ficheros mediante un enlace duro al fichero objetivo, lo que causa la auditoría se haga sobre el enlace y no sobre el fichero objetivo. • http://www.atstake.com/research/advisories/2000/a081602-1.txt • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 4%CPEs: 10EXPL: 4CVE-2002-0391
https://notcve.org/view.php?id=CVE-2002-0391
12 Aug 2002 — Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2002-0366
https://notcve.org/view.php?id=CVE-2002-0366
03 Jul 2002 — Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry. • http://online.securityfocus.com/archive/1/276776 •
CVSS: 7.8EPSS: 4%CPEs: 2EXPL: 2CVE-2002-0367 – Microsoft Windows Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2002-0367
25 Jun 2002 — smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges. • https://www.exploit-db.com/exploits/21344 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 26%CPEs: 8EXPL: 0CVE-2002-0421
https://notcve.org/view.php?id=CVE-2002-0421
11 Jun 2002 — IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr. IIS 4.0 permite a usuarios locales eludir la restricción de "Los usuarios no pueden cambiar la contraseña" (User cannot change password) para Windows NT invocando directamente los programas de cambio de conrtaseña .htr del directorio /iisadmpwd, incluyendo: aexp2... • http://online.securityfocus.com/archive/1/259963 •
CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 0CVE-2002-0151
https://notcve.org/view.php?id=CVE-2002-0151
04 Apr 2002 — Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. Desbordamiento de buffer en el proveedor múltiple de UNC (MUP) en sistemas operativos Microsoft Windows permite a usuarios locales provocar una denegación de servicio y posiblemente ganar privilegios de SYSTEM mediante una petición UNC larga. • http://marc.info/?l=bugtraq&m=101793727306282&w=2 •
CVSS: 8.4EPSS: 24%CPEs: 5EXPL: 0CVE-2002-0070
https://notcve.org/view.php?id=CVE-2002-0070
15 Mar 2002 — Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled. El desbordamiento del búfer en el Windows Shell (usado como escritorio de Windows) permite a atacantes locales y posibles atacantes remotos, la ejecución de código arbitrario mediante un manejador de URL que no ha sido eliminado de una aplicación defectuosamente desinstal... • http://marc.info/?l=bugtraq&m=101594127017290&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •