CVE & Exploit Intelligence Database

CVE-2001-1494 5.5 MEDIUM EPSS 0.00

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.

CWE-59 Dec 31, 2001

CVE-2001-1533 5.3 MEDIUM EPSS 0.27

Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE

Dec 31, 2001

CVE-2001-1559 5.5 MEDIUM 1 PoC Analysis EPSS 0.00

The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.

CWE-476 Dec 31, 2001

CVE-2000-1198 5.5 MEDIUM 1 PoC Analysis EPSS 0.00

qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes.

CWE-667 Aug 31, 2001

CVE-2001-0682 5.5 MEDIUM EPSS 0.00

ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.

CWE-667 Aug 29, 2001

CVE-2001-1391 5.5 MEDIUM EPSS 0.00

Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.

CWE-193 Apr 17, 2001

CVE-2000-1178 5.5 MEDIUM EPSS 0.00

Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.

CWE-59 Jan 09, 2001

CVE-2000-0972 5.5 MEDIUM 2 PoCs Analysis EPSS 0.02

HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.

CWE-59 Dec 19, 2000

CVE-2000-0552 5.5 MEDIUM 1 PoC Analysis EPSS 0.01

ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.

CWE-459 Jun 06, 2000

CVE-2000-0338 5.5 MEDIUM 1 PoC Analysis EPSS 0.01

Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.

CWE-667 Apr 23, 2000

CVE-1999-1386 5.5 MEDIUM EPSS 0.00

Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.

CWE-59 Dec 31, 1999

CVE-1999-0783 5.5 MEDIUM EPSS 0.00

FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.

CWE-59 Jun 16, 1998

CVE-1999-0011 5.4 MEDIUM EPSS 0.11

Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.

CWE-1067 Apr 08, 1998

CVE-1999-0035 5.4 MEDIUM EPSS 0.00

Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.

CWE-364 May 29, 1997