Security Vulnerabilities, CVEs, Published In 2002 (Code Execution)
Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header.
Max CVSS
7.5
EPSS Score
5.26%
Published
2002-04-01
Updated
2017-10-10
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
Max CVSS
7.5
EPSS Score
3.66%
Published
2002-03-04
Updated
2018-10-30
Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTP_USER_AGENT CGI environment variable.
Max CVSS
7.5
EPSS Score
1.28%
Published
2002-01-30
Updated
2017-07-11
Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.
Max CVSS
7.5
EPSS Score
1.08%
Published
2002-01-31
Updated
2017-10-10
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-02-27
Updated
2017-10-10
Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary code via a long argument in a game request (AddGame).
Max CVSS
10.0
EPSS Score
15.45%
Published
2002-01-31
Updated
2017-10-10
Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request.
Max CVSS
7.5
EPSS Score
4.85%
Published
2002-04-03
Updated
2008-09-05
Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options.
Max CVSS
7.5
EPSS Score
3.85%
Published
2002-03-08
Updated
2018-10-12
Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.
Max CVSS
7.5
EPSS Score
9.62%
Published
2002-03-08
Updated
2021-07-23
Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request.
Max CVSS
7.5
EPSS Score
7.10%
Published
2002-02-27
Updated
2017-10-10
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.
Max CVSS
7.5
EPSS Score
93.62%
Published
2002-11-29
Updated
2008-09-10
Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend.
Max CVSS
4.6
EPSS Score
1.86%
Published
2002-07-26
Updated
2008-09-05
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
Max CVSS
10.0
EPSS Score
19.35%
Published
2002-05-29
Updated
2018-10-30
Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.
Max CVSS
10.0
EPSS Score
91.75%
Published
2002-02-27
Updated
2016-10-18
Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
Max CVSS
7.5
EPSS Score
2.97%
Published
2002-03-08
Updated
2018-10-12
Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available.
Max CVSS
7.5
EPSS Score
26.09%
Published
2002-03-08
Updated
2018-10-12
Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection.
Max CVSS
7.5
EPSS Score
9.27%
Published
2002-03-08
Updated
2018-10-12
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
Max CVSS
9.8
EPSS Score
47.29%
Published
2002-03-15
Updated
2024-02-02
Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values.
Max CVSS
7.5
EPSS Score
1.59%
Published
2002-03-08
Updated
2018-05-03
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
Max CVSS
7.5
EPSS Score
43.97%
Published
2002-03-08
Updated
2016-10-18
Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.
Max CVSS
7.6
EPSS Score
7.31%
Published
2002-03-15
Updated
2018-10-12
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.
Max CVSS
7.5
EPSS Score
34.45%
Published
2002-04-22
Updated
2018-10-30
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.
Max CVSS
7.5
EPSS Score
96.48%
Published
2002-04-22
Updated
2018-10-30
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
Max CVSS
7.5
EPSS Score
93.67%
Published
2002-03-08
Updated
2016-10-18
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
Max CVSS
7.5
EPSS Score
47.59%
Published
2002-03-15
Updated
2016-10-18