LiveActive security incident?Get immediate response
CVE archive

November 2002

Browse CVE records published in November 2002, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 143 matching CVEs · Page 1 of 3.

Unknown · CVSS Not scored

CVE-2002-20001: The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary...

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.

Published Nov 11, 2021 · Updated Feb 13, 2025

Unknown · CVSS Not scored

CVE-2002-2408: Gordano Messaging Server (GMS) Mail 8 (a.k.a.

Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters email messages for the first recipient, which allows remote attackers to bypass JUCE filters by sending a message to more than one user on the GMS server.

Published Nov 1, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2002-2170: Working Resources Inc.

Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared.

Published Nov 16, 2005 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2002-2137: GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link...

GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive information like WEP keys, the administrator password, and the MAC filter via a "getsearch" request to UDP port 27155.

Published Nov 16, 2005 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2002-2407: Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the fi...

Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.

Published Nov 1, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2002-2148: Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline Router 6.0.2 and earlier and Lucent DSLTer...

Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline Router 6.0.2 and earlier and Lucent DSLTerminator allows remote attackers to obtain sensitive information such as hostname, MAC, and IP address of the Ethernet interface via a discard (UDP port 9) packet, which causes the device to leak the information in the response.

Published Nov 16, 2005 · Updated Sep 16, 2024