| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target. |
| An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv. |
| An SNMP community name is guessable. |
| An SNMP community name is the default (e.g. public), null, or missing. |
| A NETBIOS/SMB share password is guessable. |
| A NETBIOS/SMB share password is the default, null, or missing. |
| A system-critical NETBIOS/SMB share has inappropriate access control. |
| The permissions for a system-critical NIS+ table (e.g. passwd) are inappropriate. |
| ICMP echo (ping) is allowed from arbitrary hosts. |
| IP traceroute is allowed from arbitrary hosts. |
| An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. |
| The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten. |
| A router or firewall forwards external packets that claim to come from inside the network that the router/firewall is in front of. |
| A router or firewall forwards packets that claim to come from IANA reserved or private addresses, e.g. 10.x.x.x, 127.x.x.x, 217.x.x.x, etc. |
| A system is operating in "promiscuous" mode which allows it to perform packet sniffing. |
| A DNS server allows inverse queries. |
| A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. |
| A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. |
| A trust relationship exists between two Unix hosts. |
| A password for accessing a WWW URL is guessable. |
