2001 CVEs

1556 CVEs published in 2001. 12 critical, 19 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2001
CVESeverityScorePublishedSummary
CVE-2001-1496Critical9.82001-12-31Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly exec…
CVE-2001-1481Critical9.82001-12-31Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows re…
CVE-2001-0766Critical9.82001-10-18Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose c…
CVE-2001-1125Critical9.82001-10-05Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via…
CVE-2001-0967Critical9.82001-08-31Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an at…
CVE-2001-1155Critical9.82001-08-23TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which…
CVE-2001-0609Critical9.82001-08-02Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is p…
CVE-2001-1291Critical9.82001-07-12The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, whi…
CVE-2001-0395Critical9.82001-07-02Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password gu…
CVE-2001-0249Critical9.82001-06-18Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which…
CVE-2001-0248Critical9.82001-06-18Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which…
CVE-2001-1339Critical9.82001-05-24Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote atta…
CVE-2001-1471High8.82001-07-31prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variable…
CVE-2001-1546High7.82001-12-31Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc…
CVE-2001-0497High7.82001-07-21dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS T…
CVE-2001-1238High7.82001-07-16Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) ser…
CVE-2001-0195High7.82001-03-26sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via pas…
CVE-2001-1537High7.52001-12-31The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow a…
CVE-2001-1536High7.52001-12-31Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain una…
CVE-2001-1515High7.52001-12-31Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which…