LiveActive security incident?Get immediate response
CVE archive

December 2002

Browse CVE records published in December 2002, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 35 of 35 matching CVEs · Page 1 of 1.

Unknown · CVSS Not scored

CVE-2002-2437: The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2...

The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.

Published Dec 7, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2002-2436: The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and...

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.

Published Dec 7, 2011 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-1378: Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arb...

Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious ldaptemplates.conf that causes an overflow in libldap, (4) a certain access control list that causes an overflow in slapd, or (5) a long generated filename for logging rejected replication requests.

Published Dec 17, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-1360: Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the stri...

Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.

Published Dec 17, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-1368: Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of servi...

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding.

Published Dec 20, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-1347: Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial...

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.

Published Dec 11, 2002 · Updated Aug 8, 2024