CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 2CVE-2001-1029 – FreeBSD 4.3/4.4 - Login Capabilities Privileged File Reading
https://notcve.org/view.php?id=CVE-2001-1029
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files. • https://www.exploit-db.com/exploits/21114 http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html http://www.osvdb.org/6073 https://exchange.xforce.ibmcloud.com/vulnerabilities/8697 •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2001-1145
https://notcve.org/view.php?id=CVE-2001-1145
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html http://www.iss.net/security_center/static/8715.php http://www.openbsd.org/errata28.html http://www.osvdb.org/5466 http://www.securityfocus.com/bid/3205 •
CVSS: 10.0EPSS: 0%CPEs: 87EXPL: 3CVE-2001-0554 – Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0554
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. • https://www.exploit-db.com/exploits/21018 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt http://archives.neohapsis.com/archives/hp/2001-q4/0014.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000413 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2001-0529
https://notcve.org/view.php?id=CVE-2001-0529
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc http://archives.neohapsis.com/archives/bugtraq/2001-05/0322.html http://archives.neohapsis.com/archives/bugtraq/2001-06/0007.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431 http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01 http://online.securityfocus.com/archive/1/188737 http://www.calderasystems.com/support/security/advisories/CSSA-2001-023.0.txt http://www.k •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 1CVE-2001-0572
https://notcve.org/view.php?id=CVE-2001-0572
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. • http://archives.neohapsis.com/archives/bugtraq/2001-03/0225.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000391 http://www.kb.cert.org/vuls/id/596827 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-033.php3 http://www.redhat.com/support/errata/RHSA-2001-033.html •