Search criteria
1209 vulnerabilities by gnu
CVE-2001-1132 (GCVE-0-2001-1132)
Vulnerability from cvelistv5 – Published: 2002-06-25 04:00 – Updated: 2024-08-08 04:44
VLAI?
Summary
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/5455 | vdb-entryx_refsource_OSVDB |
Date Public ?
2001-09-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:07.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2001:420",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000420"
},
{
"name": "mailman-blank-passwords(7091)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7091"
},
{
"name": "5455",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5455"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-22T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2001:420",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000420"
},
{
"name": "mailman-blank-passwords(7091)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7091"
},
{
"name": "5455",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5455"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2001:420",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000420"
},
{
"name": "mailman-blank-passwords(7091)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7091"
},
{
"name": "5455",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5455"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1132",
"datePublished": "2002-06-25T04:00:00.000Z",
"dateReserved": "2002-03-15T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:44:07.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0003 (GCVE-0-2002-0003)
Vulnerability from cvelistv5 – Published: 2002-06-25 04:00 – Updated: 2024-08-08 02:35
VLAI?
Summary
Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.linux-mandrake.com/en/security/2002/MD… | vendor-advisoryx_refsource_MANDRAKE |
| http://online.securityfocus.com/advisories/3793 | vendor-advisoryx_refsource_HP |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.redhat.com/support/errata/RHSA-2002-004.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/3869 | vdb-entryx_refsource_BID |
Date Public ?
2002-01-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2002:012",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-012.php"
},
{
"name": "HPSBTL0201-014",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://online.securityfocus.com/advisories/3793"
},
{
"name": "linux-groff-preprocessor-bo(7881)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7881"
},
{
"name": "RHSA-2002:004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-004.html"
},
{
"name": "3869",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-16T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2002:012",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-012.php"
},
{
"name": "HPSBTL0201-014",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://online.securityfocus.com/advisories/3793"
},
{
"name": "linux-groff-preprocessor-bo(7881)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7881"
},
{
"name": "RHSA-2002:004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-004.html"
},
{
"name": "3869",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2002:012",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-012.php"
},
{
"name": "HPSBTL0201-014",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/3793"
},
{
"name": "linux-groff-preprocessor-bo(7881)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7881"
},
{
"name": "RHSA-2002:004",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-004.html"
},
{
"name": "3869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0003",
"datePublished": "2002-06-25T04:00:00.000Z",
"dateReserved": "2002-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:35:17.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0044 (GCVE-0-2002-0044)
Vulnerability from cvelistv5 – Published: 2002-06-25 04:00 – Updated: 2024-08-08 02:35
VLAI?
Summary
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/advisories/3818 | vendor-advisoryx_refsource_HP |
| http://www.securityfocus.com/bid/3920 | vdb-entryx_refsource_BID |
| http://www.redhat.com/support/errata/RHSA-2002-012.html | vendor-advisoryx_refsource_REDHAT |
| http://www.debian.org/security/2002/dsa-105 | vendor-advisoryx_refsource_DEBIAN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.linux-mandrake.com/en/security/2002/MD… | vendor-advisoryx_refsource_MANDRAKE |
Date Public ?
2002-01-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBTL0201-019",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/3818"
},
{
"name": "3920",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3920"
},
{
"name": "RHSA-2002:012",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-012.html"
},
{
"name": "DSA-105",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-105"
},
{
"name": "gnu-enscript-tmpfile-symlink(7932)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7932"
},
{
"name": "MDKSA-2002:010",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-010.php3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-02T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "HPSBTL0201-019",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/advisories/3818"
},
{
"name": "3920",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3920"
},
{
"name": "RHSA-2002:012",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-012.html"
},
{
"name": "DSA-105",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-105"
},
{
"name": "gnu-enscript-tmpfile-symlink(7932)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7932"
},
{
"name": "MDKSA-2002:010",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-010.php3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBTL0201-019",
"refsource": "HP",
"url": "http://www.securityfocus.com/advisories/3818"
},
{
"name": "3920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3920"
},
{
"name": "RHSA-2002:012",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-012.html"
},
{
"name": "DSA-105",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-105"
},
{
"name": "gnu-enscript-tmpfile-symlink(7932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7932"
},
{
"name": "MDKSA-2002:010",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-010.php3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0044",
"datePublished": "2002-06-25T04:00:00.000Z",
"dateReserved": "2002-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:35:17.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1377 (GCVE-0-2001-1377)
Vulnerability from cvelistv5 – Published: 2002-06-11 04:00 – Updated: 2024-08-08 04:51
VLAI?
Summary
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.redhat.com/support/errata/RHSA-2002-030.html | vendor-advisoryx_refsource_REDHAT |
| http://www.iss.net/security_center/static/8354.php | vdb-entryx_refsource_XF |
| http://www.kb.cert.org/vuls/id/936683 | third-party-advisoryx_refsource_CERT-VN |
| http://marc.info/?l=bugtraq&m=101537153021792&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://archives.neohapsis.com/archives/linux/suse… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/4230 | vdb-entryx_refsource_BID |
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| http://www.cert.org/advisories/CA-2002-06.html | third-party-advisoryx_refsource_CERT |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories… | vendor-advisoryx_refsource_FREEBSD |
Date Public ?
2001-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2002:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "radius-vendor-attribute-dos(8354)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8354.php"
},
{
"name": "VU#936683",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/936683"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "4230",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4230"
},
{
"name": "CLA-2002:466",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-06.html"
},
{
"name": "FreeBSD-SN-02:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2002:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "radius-vendor-attribute-dos(8354)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8354.php"
},
{
"name": "VU#936683",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/936683"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "4230",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4230"
},
{
"name": "CLA-2002:466",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-06.html"
},
{
"name": "FreeBSD-SN-02:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2002:030",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "radius-vendor-attribute-dos(8354)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8354.php"
},
{
"name": "VU#936683",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/936683"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"refsource": "SUSE",
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "4230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4230"
},
{
"name": "CLA-2002:466",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-06.html"
},
{
"name": "FreeBSD-SN-02:02",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1377",
"datePublished": "2002-06-11T04:00:00.000Z",
"dateReserved": "2002-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:51:08.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1376 (GCVE-0-2001-1376)
Vulnerability from cvelistv5 – Published: 2002-06-11 04:00 – Updated: 2024-08-08 04:51
VLAI?
Summary
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.redhat.com/support/errata/RHSA-2002-030.html | vendor-advisoryx_refsource_REDHAT |
| http://online.securityfocus.com/archive/1/239784 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.kb.cert.org/vuls/id/589523 | third-party-advisoryx_refsource_CERT-VN |
| http://marc.info/?l=bugtraq&m=101537153021792&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://archives.neohapsis.com/archives/linux/suse… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/3530 | vdb-entryx_refsource_BID |
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| http://www.cert.org/advisories/CA-2002-06.html | third-party-advisoryx_refsource_CERT |
Date Public ?
2001-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2002:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "20011113 More problems with RADIUS (protocol and implementations)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/239784"
},
{
"name": "radius-message-digest-bo(7534)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7534"
},
{
"name": "VU#589523",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/589523"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "3530",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3530"
},
{
"name": "CLA-2002:466",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-06.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2002:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "20011113 More problems with RADIUS (protocol and implementations)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/239784"
},
{
"name": "radius-message-digest-bo(7534)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7534"
},
{
"name": "VU#589523",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/589523"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "3530",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3530"
},
{
"name": "CLA-2002:466",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-06.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2002:030",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "20011113 More problems with RADIUS (protocol and implementations)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/239784"
},
{
"name": "radius-message-digest-bo(7534)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7534"
},
{
"name": "VU#589523",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/589523"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"refsource": "SUSE",
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "3530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3530"
},
{
"name": "CLA-2002:466",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-06.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1376",
"datePublished": "2002-06-11T04:00:00.000Z",
"dateReserved": "2002-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:51:08.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0388 (GCVE-0-2002-0388)
Vulnerability from cvelistv5 – Published: 2002-05-31 04:00 – Updated: 2024-08-08 02:49
VLAI?
Summary
Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://mail.python.org/pipermail/mailman-announce… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/4826 | vdb-entryx_refsource_BID |
Date Public ?
2002-05-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:49:27.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html"
},
{
"name": "4826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4826"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-07-16T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html"
},
{
"name": "4826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4826"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html",
"refsource": "CONFIRM",
"url": "http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html"
},
{
"name": "4826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4826"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0388",
"datePublished": "2002-05-31T04:00:00.000Z",
"dateReserved": "2002-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:49:27.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0204 (GCVE-0-2002-0204)
Vulnerability from cvelistv5 – Published: 2002-05-03 04:00 – Updated: 2024-08-08 02:42
VLAI?
Summary
Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/3949 | vdb-entryx_refsource_BID |
| http://www.iss.net/security_center/static/7991.php | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=101189688815514&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public ?
2002-01-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:28.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3949",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3949"
},
{
"name": "gnu-chess-bo(7991)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7991.php"
},
{
"name": "20020124 gnuchess buffer overflow vulnerabilty",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101189688815514\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3949",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3949"
},
{
"name": "gnu-chess-bo(7991)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7991.php"
},
{
"name": "20020124 gnuchess buffer overflow vulnerabilty",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101189688815514\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3949"
},
{
"name": "gnu-chess-bo(7991)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7991.php"
},
{
"name": "20020124 gnuchess buffer overflow vulnerabilty",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101189688815514\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0204",
"datePublished": "2002-05-03T04:00:00.000Z",
"dateReserved": "2002-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:42:28.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1228 (GCVE-0-2001-1228)
Vulnerability from cvelistv5 – Published: 2002-04-12 04:00 – Updated: 2024-08-08 04:51
VLAI?
Summary
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://online.securityfocus.com/archive/1/247717 | mailing-listx_refsource_BUGTRAQ |
| ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… | vendor-advisoryx_refsource_NETBSD |
| http://www.iss.net/security_center/static/7882.php | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/3712 | vdb-entryx_refsource_BID |
Date Public ?
2001-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20011230 gzip bug w/ patch..",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/247717"
},
{
"name": "NetBSD-SA2002-002",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-002.txt.asc"
},
{
"name": "gzip-long-filename-bo(7882)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7882.php"
},
{
"name": "3712",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3712"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-08-17T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20011230 gzip bug w/ patch..",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/247717"
},
{
"name": "NetBSD-SA2002-002",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-002.txt.asc"
},
{
"name": "gzip-long-filename-bo(7882)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7882.php"
},
{
"name": "3712",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3712"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011230 gzip bug w/ patch..",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/247717"
},
{
"name": "NetBSD-SA2002-002",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-002.txt.asc"
},
{
"name": "gzip-long-filename-bo(7882)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7882.php"
},
{
"name": "3712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3712"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1228",
"datePublished": "2002-04-12T04:00:00.000Z",
"dateReserved": "2002-04-11T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:51:08.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0522 (GCVE-0-2001-0522)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:21
VLAI?
Summary
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public ?
2001-05-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/188218"
},
{
"name": "gnupg-tty-format-string(6642)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6642"
},
{
"name": "VU#403051",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/403051"
},
{
"name": "2797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2797"
},
{
"name": "CSSA-2001-020.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt"
},
{
"name": "RHSA-2001:073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-073.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnupg.org/whatsnew.html#rn20010529"
},
{
"name": "DSA-061",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-061"
},
{
"name": "TLSA2001028",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html"
},
{
"name": "CLA-2001:399",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000399"
},
{
"name": "1845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1845"
},
{
"name": "SuSE-SA:2001:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html"
},
{
"name": "IMNX-2001-70-023-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01"
},
{
"name": "MDKSA-2001:053",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-23T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/188218"
},
{
"name": "gnupg-tty-format-string(6642)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6642"
},
{
"name": "VU#403051",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/403051"
},
{
"name": "2797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2797"
},
{
"name": "CSSA-2001-020.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt"
},
{
"name": "RHSA-2001:073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-073.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnupg.org/whatsnew.html#rn20010529"
},
{
"name": "DSA-061",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-061"
},
{
"name": "TLSA2001028",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html"
},
{
"name": "CLA-2001:399",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000399"
},
{
"name": "1845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1845"
},
{
"name": "SuSE-SA:2001:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html"
},
{
"name": "IMNX-2001-70-023-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01"
},
{
"name": "MDKSA-2001:053",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/188218"
},
{
"name": "gnupg-tty-format-string(6642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6642"
},
{
"name": "VU#403051",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/403051"
},
{
"name": "2797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2797"
},
{
"name": "CSSA-2001-020.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt"
},
{
"name": "RHSA-2001:073",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-073.html"
},
{
"name": "http://www.gnupg.org/whatsnew.html#rn20010529",
"refsource": "CONFIRM",
"url": "http://www.gnupg.org/whatsnew.html#rn20010529"
},
{
"name": "DSA-061",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-061"
},
{
"name": "TLSA2001028",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html"
},
{
"name": "CLA-2001:399",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000399"
},
{
"name": "1845",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1845"
},
{
"name": "SuSE-SA:2001:020",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html"
},
{
"name": "IMNX-2001-70-023-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01"
},
{
"name": "MDKSA-2001:053",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0522",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-06-18T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:21:38.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1383 (GCVE-0-1999-1383)
Vulnerability from cvelistv5 – Published: 2001-09-12 04:00 – Updated: 2024-08-01 17:11
VLAI?
Summary
(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.dataguard.no/bugtraq/1996_3/0503.html | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=87602167419868&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public ?
1996-09-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:03.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19960919 Vulnerability in expansion of PS1 in bash \u0026 tcsh",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.dataguard.no/bugtraq/1996_3/0503.html"
},
{
"name": "19960913 tee see shell problems",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167419868\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1996-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \\w option in the PS1 variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19960919 Vulnerability in expansion of PS1 in bash \u0026 tcsh",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.dataguard.no/bugtraq/1996_3/0503.html"
},
{
"name": "19960913 tee see shell problems",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167419868\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \\w option in the PS1 variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19960919 Vulnerability in expansion of PS1 in bash \u0026 tcsh",
"refsource": "BUGTRAQ",
"url": "http://www.dataguard.no/bugtraq/1996_3/0503.html"
},
{
"name": "19960913 tee see shell problems",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=87602167419868\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1383",
"datePublished": "2001-09-12T04:00:00.000Z",
"dateReserved": "2001-08-31T00:00:00.000Z",
"dateUpdated": "2024-08-01T17:11:03.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1165 (GCVE-0-1999-1165)
Vulnerability from cvelistv5 – Published: 2001-09-12 04:00 – Updated: 2024-08-01 17:02
VLAI?
Summary
GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/535 | vdb-entryx_refsource_BID |
| http://marc.info/?l=bugtraq&m=93268249021561&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/2478 | mailing-listx_refsource_BUGTRAQ |
Date Public ?
1995-03-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:02:53.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "535",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/535"
},
{
"name": "19990721 old gnu finger bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=93268249021561\u0026w=2"
},
{
"name": "19950317 GNU finger 1.37 executes ~/.fingerrc with gid root",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/2478"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1995-03-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "535",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/535"
},
{
"name": "19990721 old gnu finger bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=93268249021561\u0026w=2"
},
{
"name": "19950317 GNU finger 1.37 executes ~/.fingerrc with gid root",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/2478"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/535"
},
{
"name": "19990721 old gnu finger bugs",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=93268249021561\u0026w=2"
},
{
"name": "19950317 GNU finger 1.37 executes ~/.fingerrc with gid root",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/2478"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1165",
"datePublished": "2001-09-12T04:00:00.000Z",
"dateReserved": "2001-08-31T00:00:00.000Z",
"dateUpdated": "2024-08-01T17:02:53.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0071 (GCVE-0-2001-0071)
Vulnerability from cvelistv5 – Published: 2001-05-07 04:00 – Updated: 2024-08-08 04:06
VLAI?
Summary
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| http://www.debian.org/security/2000/20001225b | vendor-advisoryx_refsource_DEBIAN |
| http://www.linux-mandrake.com/en/updates/2000/MDK… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.securityfocus.com/bid/2141 | vdb-entryx_refsource_BID |
| http://www.redhat.com/support/errata/RHSA-2000-131.html | vendor-advisoryx_refsource_REDHAT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/152197 | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/1699 | vdb-entryx_refsource_OSVDB |
Date Public ?
2000-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:55.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2000:368",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2141"
},
{
"name": "RHSA-2000:131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-detached-sig-modify(5802)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5802"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1699",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1699"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2000:368",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2141"
},
{
"name": "RHSA-2000:131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-detached-sig-modify(5802)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5802"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1699",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1699"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2000:368",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2141"
},
{
"name": "RHSA-2000:131",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-detached-sig-modify(5802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5802"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1699",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1699"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0071",
"datePublished": "2001-05-07T04:00:00.000Z",
"dateReserved": "2001-02-01T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:06:55.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0290 (GCVE-0-2001-0290)
Vulnerability from cvelistv5 – Published: 2001-05-07 04:00 – Updated: 2024-08-08 04:14
VLAI?
Summary
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public ?
2001-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:14:07.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010306 [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010306 [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010306 [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0290",
"datePublished": "2001-05-07T04:00:00.000Z",
"dateReserved": "2001-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:14:07.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0803 (GCVE-0-2000-0803)
Vulnerability from cvelistv5 – Published: 2001-05-07 04:00 – Updated: 2024-08-08 05:28
VLAI?
Summary
GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public ?
2000-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:28:41.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gnu-groff-utilities(5280)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gnu-groff-utilities(5280)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5280"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gnu-groff-utilities(5280)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5280"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0803",
"datePublished": "2001-05-07T04:00:00.000Z",
"dateReserved": "2000-09-22T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:28:41.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0072 (GCVE-0-2001-0072)
Vulnerability from cvelistv5 – Published: 2001-05-07 04:00 – Updated: 2024-08-08 04:06
VLAI?
Summary
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| http://www.debian.org/security/2000/20001225b | vendor-advisoryx_refsource_DEBIAN |
| http://www.linux-mandrake.com/en/updates/2000/MDK… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.securityfocus.com/bid/2153 | vdb-entryx_refsource_BID |
| http://www.redhat.com/support/errata/RHSA-2000-131.html | vendor-advisoryx_refsource_REDHAT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/152197 | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/1702 | vdb-entryx_refsource_OSVDB |
Date Public ?
2000-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:54.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2000:368",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2153"
},
{
"name": "RHSA-2000:131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-reveal-private(5803)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1702",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2000:368",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2153"
},
{
"name": "RHSA-2000:131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-reveal-private(5803)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1702",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2000:368",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000368"
},
{
"name": "DSA-010-1",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001225b"
},
{
"name": "MDKSA-2000-087",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3"
},
{
"name": "2153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2153"
},
{
"name": "RHSA-2000:131",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-131.html"
},
{
"name": "gnupg-reveal-private(5803)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803"
},
{
"name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/152197"
},
{
"name": "1702",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0072",
"datePublished": "2001-05-07T04:00:00.000Z",
"dateReserved": "2001-02-01T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:06:54.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0974 (GCVE-0-2000-0974)
Vulnerability from cvelistv5 – Published: 2001-01-22 05:00 – Updated: 2024-08-08 05:37
VLAI?
Summary
GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.debian.org/security/2000/20001111 | vendor-advisoryx_refsource_DEBIAN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.redhat.com/support/errata/RHSA-2000-089.html | vendor-advisoryx_refsource_REDHAT |
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories… | vendor-advisoryx_refsource_FREEBSD |
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| http://www.securityfocus.com/bid/1797 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/1608 | vdb-entryx_refsource_OSVDB |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… | vendor-advisoryx_refsource_CALDERA |
Date Public ?
2000-10-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:32.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20001011 GPG 1.0.3 doesn\u0027t detect modifications to files with multiple signatures",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html"
},
{
"name": "20001025 Immunix OS Security Update for gnupg package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html"
},
{
"name": "20001111 gnupg: incorrect signature verification",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001111"
},
{
"name": "gnupg-message-modify(5386)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5386"
},
{
"name": "RHSA-2000:089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-089.html"
},
{
"name": "FreeBSD-SA-00:67",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc"
},
{
"name": "CLSA-2000:334",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000334"
},
{
"name": "1797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1797"
},
{
"name": "1608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1608"
},
{
"name": "CSSA-2000-038.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20001011 GPG 1.0.3 doesn\u0027t detect modifications to files with multiple signatures",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html"
},
{
"name": "20001025 Immunix OS Security Update for gnupg package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html"
},
{
"name": "20001111 gnupg: incorrect signature verification",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001111"
},
{
"name": "gnupg-message-modify(5386)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5386"
},
{
"name": "RHSA-2000:089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-089.html"
},
{
"name": "FreeBSD-SA-00:67",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc"
},
{
"name": "CLSA-2000:334",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000334"
},
{
"name": "1797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1797"
},
{
"name": "1608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1608"
},
{
"name": "CSSA-2000-038.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20001011 GPG 1.0.3 doesn\u0027t detect modifications to files with multiple signatures",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html"
},
{
"name": "20001025 Immunix OS Security Update for gnupg package",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html"
},
{
"name": "20001111 gnupg: incorrect signature verification",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001111"
},
{
"name": "gnupg-message-modify(5386)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5386"
},
{
"name": "RHSA-2000:089",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-089.html"
},
{
"name": "FreeBSD-SA-00:67",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc"
},
{
"name": "CLSA-2000:334",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000334"
},
{
"name": "1797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1797"
},
{
"name": "1608",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1608"
},
{
"name": "CSSA-2000-038.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0974",
"datePublished": "2001-01-22T05:00:00.000Z",
"dateReserved": "2000-11-24T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:37:32.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0824 (GCVE-0-2000-0824)
Vulnerability from cvelistv5 – Published: 2001-01-22 05:00 – Updated: 2024-08-08 05:28
VLAI?
Summary
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public ?
1999-09-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:28:41.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "glibc-ld-unsetenv(5173)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5173"
},
{
"name": "19990917 A few bugs...",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=93760201002154\u0026w=2"
},
{
"name": "20000924 glibc locale security problem",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html"
},
{
"name": "20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0525.html"
},
{
"name": "RHSA-2000:057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-057.html"
},
{
"name": "MDKSA-2000:045",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/updates/MDKSA-2000-045.php3"
},
{
"name": "20000902 Conectiva Linux Security Announcement - glibc",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html"
},
{
"name": "1639",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1639"
},
{
"name": "TLSA2000020-1",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html"
},
{
"name": "20000902 glibc: local root exploit",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20000902"
},
{
"name": "20000831 glibc unsetenv bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/79537"
},
{
"name": "20000905 Conectiva Linux Security Announcement - glibc",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0509.html"
},
{
"name": "648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/648"
},
{
"name": "CSSA-2000-028.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt"
},
{
"name": "MDKSA-2000:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/updates/MDKSA-2000-040.php3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-09-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "glibc-ld-unsetenv(5173)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5173"
},
{
"name": "19990917 A few bugs...",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=93760201002154\u0026w=2"
},
{
"name": "20000924 glibc locale security problem",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html"
},
{
"name": "20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0525.html"
},
{
"name": "RHSA-2000:057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-057.html"
},
{
"name": "MDKSA-2000:045",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/updates/MDKSA-2000-045.php3"
},
{
"name": "20000902 Conectiva Linux Security Announcement - glibc",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html"
},
{
"name": "1639",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1639"
},
{
"name": "TLSA2000020-1",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html"
},
{
"name": "20000902 glibc: local root exploit",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20000902"
},
{
"name": "20000831 glibc unsetenv bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/79537"
},
{
"name": "20000905 Conectiva Linux Security Announcement - glibc",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0509.html"
},
{
"name": "648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/648"
},
{
"name": "CSSA-2000-028.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt"
},
{
"name": "MDKSA-2000:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/updates/MDKSA-2000-040.php3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "glibc-ld-unsetenv(5173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5173"
},
{
"name": "19990917 A few bugs...",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=93760201002154\u0026w=2"
},
{
"name": "20000924 glibc locale security problem",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html"
},
{
"name": "20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0525.html"
},
{
"name": "RHSA-2000:057",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-057.html"
},
{
"name": "MDKSA-2000:045",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/updates/MDKSA-2000-045.php3"
},
{
"name": "20000902 Conectiva Linux Security Announcement - glibc",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html"
},
{
"name": "1639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1639"
},
{
"name": "TLSA2000020-1",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html"
},
{
"name": "20000902 glibc: local root exploit",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20000902"
},
{
"name": "20000831 glibc unsetenv bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/79537"
},
{
"name": "20000905 Conectiva Linux Security Announcement - glibc",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0509.html"
},
{
"name": "648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/648"
},
{
"name": "CSSA-2000-028.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt"
},
{
"name": "MDKSA-2000:040",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/updates/MDKSA-2000-040.php3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0824",
"datePublished": "2001-01-22T05:00:00.000Z",
"dateReserved": "2000-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:28:41.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0947 (GCVE-0-2000-0947)
Vulnerability from cvelistv5 – Published: 2001-01-22 05:00 – Updated: 2024-08-08 05:37
VLAI?
Summary
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.linux-mandrake.com/en/security/MDKSA-2… | vendor-advisoryx_refsource_MANDRAKE |
| ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/adv… | vendor-advisoryx_refsource_NETBSD |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/1757 | vdb-entryx_refsource_BID |
Date Public ?
2000-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:31.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20001002 Very probable remote root vulnerability in cfengine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html"
},
{
"name": "MDKSA-2000:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1"
},
{
"name": "NetBSD-SA2000-013",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc"
},
{
"name": "cfengine-cfd-format-string(5630)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5630"
},
{
"name": "1757",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20001002 Very probable remote root vulnerability in cfengine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html"
},
{
"name": "MDKSA-2000:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1"
},
{
"name": "NetBSD-SA2000-013",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc"
},
{
"name": "cfengine-cfd-format-string(5630)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5630"
},
{
"name": "1757",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20001002 Very probable remote root vulnerability in cfengine",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html"
},
{
"name": "MDKSA-2000:061",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1"
},
{
"name": "NetBSD-SA2000-013",
"refsource": "NETBSD",
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc"
},
{
"name": "cfengine-cfd-format-string(5630)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5630"
},
{
"name": "1757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0947",
"datePublished": "2001-01-22T05:00:00.000Z",
"dateReserved": "2000-11-24T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:37:31.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0861 (GCVE-0-2000-0861)
Vulnerability from cvelistv5 – Published: 2001-01-22 05:00 – Updated: 2024-08-08 05:37
VLAI?
Summary
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/1667 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/freebsd/20… | vendor-advisoryx_refsource_FREEBSD |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public ?
2000-09-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:30.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1667",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1667"
},
{
"name": "FreeBSD-SA-00:51",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html"
},
{
"name": "mailman-execute-external-commands(5493)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5493"
},
{
"name": "20000907 Mailman 1.1 + external archiver vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1667",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1667"
},
{
"name": "FreeBSD-SA-00:51",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html"
},
{
"name": "mailman-execute-external-commands(5493)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5493"
},
{
"name": "20000907 Mailman 1.1 + external archiver vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1667"
},
{
"name": "FreeBSD-SA-00:51",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html"
},
{
"name": "mailman-execute-external-commands(5493)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5493"
},
{
"name": "20000907 Mailman 1.1 + external archiver vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0861",
"datePublished": "2001-01-22T05:00:00.000Z",
"dateReserved": "2000-10-18T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:37:30.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1137 (GCVE-0-2000-1137)
Vulnerability from cvelistv5 – Published: 2001-01-22 05:00 – Updated: 2024-08-08 05:45
VLAI?
Summary
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/6491 | vdb-entryx_refsource_OSVDB |
| http://www.linux-mandrake.com/en/security/MDKSA-2… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.redhat.com/support/errata/RHSA-2000-123.html | vendor-advisoryx_refsource_REDHAT |
| http://www.debian.org/security/2000/20001129 | vendor-advisoryx_refsource_DEBIAN |
Date Public ?
2000-11-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2000:359-2",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000359"
},
{
"name": "gnu-ed-symlink(5723)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5723"
},
{
"name": "6491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6491"
},
{
"name": "MDKSA-2000:076",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3"
},
{
"name": "RHSA-2000:123",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-123.html"
},
{
"name": "20001129 DSA-001-1 ed: symlink attack",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-11-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2000:359-2",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000359"
},
{
"name": "gnu-ed-symlink(5723)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5723"
},
{
"name": "6491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6491"
},
{
"name": "MDKSA-2000:076",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3"
},
{
"name": "RHSA-2000:123",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-123.html"
},
{
"name": "20001129 DSA-001-1 ed: symlink attack",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001129"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2000:359-2",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000359"
},
{
"name": "gnu-ed-symlink(5723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5723"
},
{
"name": "6491",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6491"
},
{
"name": "MDKSA-2000:076",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3"
},
{
"name": "RHSA-2000:123",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-123.html"
},
{
"name": "20001129 DSA-001-1 ed: symlink attack",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001129"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1137",
"datePublished": "2001-01-22T05:00:00.000Z",
"dateReserved": "2000-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:45:37.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0959 (GCVE-0-2000-0959)
Vulnerability from cvelistv5 – Published: 2001-01-22 05:00 – Updated: 2024-08-08 05:37
VLAI?
Summary
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/1719 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/85028 | mailing-listx_refsource_BUGTRAQ |
Date Public ?
2000-09-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:31.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1719",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1719"
},
{
"name": "glibc-unset-symlink(5299)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5299"
},
{
"name": "20000926 ld.so bug - LD_DEBUG_OUTPUT follows symlinks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/85028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1719",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1719"
},
{
"name": "glibc-unset-symlink(5299)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5299"
},
{
"name": "20000926 ld.so bug - LD_DEBUG_OUTPUT follows symlinks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/85028"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1719"
},
{
"name": "glibc-unset-symlink(5299)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5299"
},
{
"name": "20000926 ld.so bug - LD_DEBUG_OUTPUT follows symlinks",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/85028"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0959",
"datePublished": "2001-01-22T05:00:00.000Z",
"dateReserved": "2000-11-24T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:37:31.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0963 (GCVE-0-2000-0963)
Vulnerability from cvelistv5 – Published: 2000-11-29 05:00 – Updated: 2024-08-08 05:37
VLAI?
Summary
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/138550 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/1142 | vdb-entryx_refsource_BID |
| http://www.calderasystems.com/support/security/ad… | vendor-advisoryx_refsource_CALDERA |
Date Public ?
2000-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:31.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gnu-ncurses-term-terminfodirs-bo(44487)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44487"
},
{
"name": "20001009 ncurses buffer overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/138550"
},
{
"name": "1142",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1142"
},
{
"name": "CSSA-2000-036.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-036.0.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gnu-ncurses-term-terminfodirs-bo(44487)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44487"
},
{
"name": "20001009 ncurses buffer overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/138550"
},
{
"name": "1142",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1142"
},
{
"name": "CSSA-2000-036.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-036.0.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gnu-ncurses-term-terminfodirs-bo(44487)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44487"
},
{
"name": "20001009 ncurses buffer overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/138550"
},
{
"name": "1142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1142"
},
{
"name": "CSSA-2000-036.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-036.0.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0963",
"datePublished": "2000-11-29T05:00:00.000Z",
"dateReserved": "2000-11-24T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:37:31.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0335 (GCVE-0-2000-0335)
Vulnerability from cvelistv5 – Published: 2000-10-13 04:00 – Updated: 2024-08-08 05:14
VLAI?
Summary
The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/1166 | vdb-entryx_refsource_BID |
Date Public ?
2000-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:21.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1166",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1166",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1166"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1166"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0335",
"datePublished": "2000-10-13T04:00:00.000Z",
"dateReserved": "2000-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:14:21.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0786 (GCVE-0-2000-0786)
Vulnerability from cvelistv5 – Published: 2000-10-13 04:00 – Updated: 2024-08-08 05:28
VLAI?
Summary
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/1516 | vdb-entryx_refsource_BID |
| http://marc.info/?l=bugtraq&m=96473640717095&w=2 | x_refsource_CONFIRM |
| http://www.debian.org/security/2000/20000727 | vendor-advisoryx_refsource_DEBIAN |
Date Public ?
2000-07-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:28:41.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000726 userv security boundary tool 1.0.1 (SECURITY FIX)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0389.html"
},
{
"name": "1516",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1516"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96473640717095\u0026w=2"
},
{
"name": "20000727 userv: local exploit",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20000727"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000726 userv security boundary tool 1.0.1 (SECURITY FIX)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0389.html"
},
{
"name": "1516",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1516"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96473640717095\u0026w=2"
},
{
"name": "20000727 userv: local exploit",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20000727"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000726 userv security boundary tool 1.0.1 (SECURITY FIX)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0389.html"
},
{
"name": "1516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1516"
},
{
"name": "http://marc.info/?l=bugtraq\u0026m=96473640717095\u0026w=2",
"refsource": "CONFIRM",
"url": "http://marc.info/?l=bugtraq\u0026m=96473640717095\u0026w=2"
},
{
"name": "20000727 userv: local exploit",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20000727"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0786",
"datePublished": "2000-10-13T04:00:00.000Z",
"dateReserved": "2000-09-19T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:28:41.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0701 (GCVE-0-2000-0701)
Vulnerability from cvelistv5 – Published: 2000-09-21 04:00 – Updated: 2024-08-08 05:28
VLAI?
Summary
The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/73220 | mailing-listx_refsource_BUGTRAQ |
| http://www.redhat.com/support/errata/RHSA-2000-030.html | vendor-advisoryx_refsource_REDHAT |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/1539 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/templates/archive.pi… | x_refsource_CONFIRM |
Date Public ?
2000-08-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:28:41.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000801 Advisory: mailman local compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/73220"
},
{
"name": "RHSA-2000:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-030.html"
},
{
"name": "20000802 MDKSA-2000:030 - Linux-Mandrake not affected by mailman problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0479.html"
},
{
"name": "20000802 CONECTIVA LINUX SECURITY ANNOUNCEMENT - mailman",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0474.html"
},
{
"name": "1539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1539"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000802105050.A11733%40rak.isternet.sk"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000801 Advisory: mailman local compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/73220"
},
{
"name": "RHSA-2000:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-030.html"
},
{
"name": "20000802 MDKSA-2000:030 - Linux-Mandrake not affected by mailman problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0479.html"
},
{
"name": "20000802 CONECTIVA LINUX SECURITY ANNOUNCEMENT - mailman",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0474.html"
},
{
"name": "1539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1539"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000802105050.A11733%40rak.isternet.sk"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000801 Advisory: mailman local compromise",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/73220"
},
{
"name": "RHSA-2000:030",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-030.html"
},
{
"name": "20000802 MDKSA-2000:030 - Linux-Mandrake not affected by mailman problem",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0479.html"
},
{
"name": "20000802 CONECTIVA LINUX SECURITY ANNOUNCEMENT - mailman",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0474.html"
},
{
"name": "1539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1539"
},
{
"name": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000802105050.A11733@rak.isternet.sk",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000802105050.A11733@rak.isternet.sk"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0701",
"datePublished": "2000-09-21T04:00:00.000Z",
"dateReserved": "2000-09-19T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:28:41.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0491 (GCVE-0-1999-0491)
Vulnerability from cvelistv5 – Published: 2000-06-02 04:00 – Updated: 2024-08-01 16:41
VLAI?
Summary
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/templates/archive.pi… | mailing-listx_refsource_BUGTRAQ |
| ftp://ftp.calderasystems.com/pub/OpenLinux/securi… | vendor-advisoryx_refsource_CALDERA |
| http://www.securityfocus.com/bid/119 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:41:45.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19990420 Bash Bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=Pine.LNX.4.10.9904202114070.6623-100000%40smooth.Operator.org"
},
{
"name": "CSSA-1999-008.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt"
},
{
"name": "119",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19990420 Bash Bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=Pine.LNX.4.10.9904202114070.6623-100000%40smooth.Operator.org"
},
{
"name": "CSSA-1999-008.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt"
},
{
"name": "119",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19990420 Bash Bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=Pine.LNX.4.10.9904202114070.6623-100000@smooth.Operator.org"
},
{
"name": "CSSA-1999-008.0",
"refsource": "CALDERA",
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt"
},
{
"name": "119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0491",
"datePublished": "2000-06-02T04:00:00.000Z",
"dateReserved": "1999-06-07T00:00:00.000Z",
"dateUpdated": "2024-08-01T16:41:45.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0719 (GCVE-0-1999-0719)
Vulnerability from cvelistv5 – Published: 2000-06-02 04:00 – Updated: 2024-08-01 16:48
VLAI?
Summary
The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/563 | vdb-entryx_refsource_BID |
Date Public ?
1999-07-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:37.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "563",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "563",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0719",
"datePublished": "2000-06-02T04:00:00.000Z",
"dateReserved": "1999-11-25T00:00:00.000Z",
"dateUpdated": "2024-08-01T16:48:37.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0270 (GCVE-0-2000-0270)
Vulnerability from cvelistv5 – Published: 2000-04-26 04:00 – Updated: 2024-08-08 05:14
VLAI?
Summary
The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/1126 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/templates/archive.pi… | mailing-listx_refsource_BUGTRAQ |
Date Public ?
2000-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:20.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1126",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1126"
},
{
"name": "20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-04-15\u0026msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-15T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1126",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1126"
},
{
"name": "20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-04-15\u0026msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1126"
},
{
"name": "20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-04-15\u0026msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0270",
"datePublished": "2000-04-26T04:00:00.000Z",
"dateReserved": "2000-04-26T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:14:20.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0271 (GCVE-0-2000-0271)
Vulnerability from cvelistv5 – Published: 2000-04-26 04:00 – Updated: 2024-08-08 05:14
VLAI?
Summary
read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/templates/archive.pi… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/1125 | vdb-entryx_refsource_BID |
Date Public ?
2000-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:20.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-04-15\u0026msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de"
},
{
"name": "1125",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-04-15\u0026msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de"
},
{
"name": "1125",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-04-15\u0026msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de"
},
{
"name": "1125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0271",
"datePublished": "2000-04-26T04:00:00.000Z",
"dateReserved": "2000-04-26T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:14:20.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0269 (GCVE-0-2000-0269)
Vulnerability from cvelistv5 – Published: 2000-04-26 04:00 – Updated: 2024-08-08 05:14
VLAI?
Summary
Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/templates/archive.pi… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/1125 | vdb-entryx_refsource_BID |
Date Public ?
2000-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:20.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-04-15\u0026msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de"
},
{
"name": "1125",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-04-15\u0026msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de"
},
{
"name": "1125",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-04-15\u0026msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de"
},
{
"name": "1125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0269",
"datePublished": "2000-04-26T04:00:00.000Z",
"dateReserved": "2000-04-26T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:14:20.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}