CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0550
https://notcve.org/view.php?id=CVE-2003-0550
25 Jul 2003 — The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. El protocolo STP, activado en Linux 2.4.x, no provee de suficiente seguridad por diseño, lo que permite a atacantes modificar la topología de puente. • http://www.debian.org/security/2004/dsa-358 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2003-0551
https://notcve.org/view.php?id=CVE-2003-0551
25 Jul 2003 — The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service. La implementación del protocolo STP en Linux 2.4.x no verifica adecuadamente ciertas longitudes, lo que podría permitir a atacantes causar una denegación de servicio. • http://www.debian.org/security/2004/dsa-358 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0552
https://notcve.org/view.php?id=CVE-2003-0552
25 Jul 2003 — Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target. Linux 2.4.x pemite a atacantes remotos suplantar entradas en la tabla de reenvio de puente (bridge forwarding) mediante paquetes falsificados cuya dirección de origen es la misma que la del objetivo. • http://www.debian.org/security/2004/dsa-358 •
CVSS: 10.0EPSS: 86%CPEs: 28EXPL: 4CVE-2002-1337 – Sendmail 8.11.x (Linux/i386) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2002-1337
04 Mar 2003 — Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. Desbordamiento de búfer en Sendmail 5.79 a la 8.12.7 que permite a atacantes remotos la ejecución arbitraria de código mediante ciertos campos de dirección formateados, relativos a comentarios de cabecera de emisor y receptor, procesados por la función crackaddr del fichero heade... • https://www.exploit-db.com/exploits/411 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 48EXPL: 0CVE-2002-1323
https://notcve.org/view.php?id=CVE-2002-1323
11 Dec 2002 — Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls. Safe.pm 2.0.7 y anteriores, si se usan con Perl 5.8.0 y anteriores, pueden permitir a atacantes escapar de compartimientos seguros en Safe::reval o Safe::rdo usando una variable @_ redefinida, que no es reestablecida entre llamadas sucesivas. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt •
CVSS: 7.0EPSS: 0%CPEs: 29EXPL: 0CVE-2002-0638
https://notcve.org/view.php?id=CVE-2002-0638
12 Aug 2002 — setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. setpwnam.c en el paquete util-linux, como se incluye en Red Hat Linux 7.3 y antieriores, y en otros sistemas operativos, no bloquea adecuadamente un fichero temporal cuando se mo... • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt •
CVSS: 10.0EPSS: 1%CPEs: 38EXPL: 1CVE-2002-0083 – OpenSSH 2.x/3.0.1/3.0.2 - Channel Code Off-by-One
https://notcve.org/view.php?id=CVE-2002-0083
15 Mar 2002 — Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. Error 'off-by-one' en el código de canal de OpenSSH 2.0 a 3.0.2 permite a usuarios locales o a servidores remotos ganar privilegios. • https://www.exploit-db.com/exploits/21314 • CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2002-0062
https://notcve.org/view.php?id=CVE-2002-0062
08 Mar 2002 — Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." El desbordamiento del búfer en ncurses 5.0, y el paquete de compatibilidad ncurses4 basado en él, permite a usuarios locales la obtención de privilegios. • http://www.debian.org/security/2002/dsa-113 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2002-0044
https://notcve.org/view.php?id=CVE-2002-0044
31 Jan 2002 — GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files. Enscript 1.5.1 y anteriores permiten a usaurios locales sobreescribir ficheros arbitrarios del usuario Enscript mediante un ataque de enlaces simbólicos (symlink attack) en ficheros temporales. • http://www.debian.org/security/2002/dsa-105 •
CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0CVE-2001-0834
https://notcve.org/view.php?id=CVE-2001-0834
06 Dec 2001 — htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000429 •