| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A system is operating in "promiscuous" mode which allows it to perform packet sniffing. |
| An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. |
| A DNS server allows inverse queries. |
| A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. |
| A trust relationship exists between two Unix hosts. |
| A password for accessing a WWW URL is guessable. |
| The Windows NT guest account is enabled. |
| An SSH server allows authentication through the .rhosts file. |
| A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. |
| LetterMerger 1.2 stores user information in Access database files with insecure permissions, which allows local users to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Windows NT automatically logs in an administrator upon rebooting. |
| A router's routing tables can be obtained from arbitrary hosts. |
| NFS exports system-critical data to the world, e.g. / or a password file. |
| A Unix account with a name other than "root" has UID 0, i.e. root privileges. |
| Two or more Unix accounts have the same UID. |
| A system-critical Unix file or directory has inappropriate permissions. |
| IIS has the #exec function enabled for Server Side Include (SSI) files. |
| The registry in Windows NT can be accessed remotely by users who are not administrators. |
| A Sendmail alias allows input to be piped to a program. |
| An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities. |
