LiveActive security incident?Get immediate response
CVE archive

October 2001

Browse CVE records published in October 2001, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 50 matching CVEs · Page 1 of 1.

Unknown · CVSS Not scored

CVE-2001-1585: SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, availabl...

SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file.

Published Oct 6, 2007 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2001-0713: Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configur...

Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function.

Published Oct 12, 2001 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2001-0669: Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco...

Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL.

Published Oct 12, 2001 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2001-0535: Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from ou...

Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.

Published Oct 12, 2001 · Updated Aug 8, 2024