LanGuard reports



Supported OVAL Bulletins


More information on 2020 updates



ID:
CVE-2003-1132
Title:
The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to...
Type:
Hardware
Bulletins:
CVE-2003-1132
Severity:
Medium
Description:
The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server.
Applies to:
Cisco CSS 11100 Content Services Switch Series
Content Services Switch 11500
Created:
2003-12-31
Updated:
2020-08-14

ID:
CVE-2003-1398
Title:
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
Type:
Hardware
Bulletins:
CVE-2003-1398
SFBID6823
Severity:
High
Description:
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
Applies to:
Created:
2003-12-31
Updated:
2020-08-14

ID:
CVE-2003-1490
Title:
SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow.
Type:
Hardware
Bulletins:
CVE-2003-1490
SFBID7435
Severity:
High
Description:
SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow.
Applies to:
SonicWall Firewall Pro 100
SonicWall Firewall Pro 200
SonicWall Firewall Pro 300
Created:
2003-12-31
Updated:
2020-08-14

ID:
CVE-2003-1497
Title:
Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.
Type:
Hardware
Bulletins:
CVE-2003-1497
SFBID8834
Severity:
Medium
Description:
Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.
Applies to:
BEFSX41
Created:
2003-12-31
Updated:
2020-08-14

ID:
CVE-2003-1264
Title:
TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img)...
Type:
Hardware
Bulletins:
CVE-2003-1264
SFBID6533
Severity:
Medium
Description:
TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication.
Applies to:
DI-614+B
Created:
2003-12-31
Updated:
2020-08-14

ID:
CVE-2003-1346
Title:
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
Type:
Hardware
Bulletins:
CVE-2003-1346
SFBID6609
Severity:
High
Description:
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
Applies to:
DWL-900AP+B
Created:
2003-12-31
Updated:
2020-08-14

ID:
CVE-2003-0795
Title:
zebra/Quagga versions older than 0.96.4
Type:
Services
Bulletins:
CVE-2003-0795
SFBID9029
Severity:
Medium
Description:
zebra/Quagga versions older than 0.96.4 are vulnerable to a denial of service.
Applies to:
Created:
2003-11-12
Updated:
2010-08-21

ID:
CVE-2003-0511
Title:
The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL.
Type:
Hardware
Bulletins:
CVE-2003-0511
Severity:
Medium
Description:
The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL.
Applies to:
Created:
2003-08-27
Updated:
2020-08-14

ID:
CVE-2003-0512
Title:
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password...
Type:
Hardware
Bulletins:
CVE-2003-0512
Severity:
Medium
Description:
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge.
Applies to:
Created:
2003-08-27
Updated:
2020-08-14

ID:
CVE-2003-0647
Title:
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.
Type:
Hardware
Bulletins:
CVE-2003-0647
Severity:
High
Description:
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.
Applies to:
Created:
2003-08-27
Updated:
2020-08-14

ID:
SFBID8062
Title:
Abyss Web server Bufferoverflow
Type:
Miscellaneous
Bulletins:
SFBID8062
Severity:
High
Description:
A security vulnerability exists in Abyss Web Server. A heap overrun takes place due to insufficient bounds checking of data supplied via client HTTP GET requests. In such case random code can be executed with the privileges of the web server. This vulnerability affects Abyss Web Server version 1.1.2. Later versions may also be affected. Abyss Web Server version 1.1.6 does is not prone to such a vulnerability thus users are advised to upgrade to such a version.
Applies to:
Abyss Web Server
Created:
2003-06-30
Updated:
2010-08-21

ID:
CVE-2003-0305
Title:
The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.
Type:
Hardware
Bulletins:
CVE-2003-0305
Severity:
Medium
Description:
The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.
Applies to:
Created:
2003-06-09
Updated:
2020-08-14

ID:
CVE-2003-0216
Title:
Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password.
Type:
Hardware
Bulletins:
CVE-2003-0216
Severity:
High
Description:
Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password.
Applies to:
Created:
2003-05-12
Updated:
2020-08-14

ID:
CVE-2002-1426
Title:
HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow.
Type:
Hardware
Bulletins:
CVE-2002-1426
SFBID5336
Severity:
High
Description:
HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow.
Applies to:
Procurve Switch 4000m
Created:
2003-04-11
Updated:
2020-08-14

ID:
CVE-2002-1547
Title:
Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different...
Type:
Hardware
Bulletins:
CVE-2002-1547
Severity:
Medium
Description:
Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144.
Applies to:
Created:
2003-03-31
Updated:
2020-08-14

ID:
CVE-2003-0161
Title:
Sendmail is older than 8.12.9
Type:
Mail
Bulletins:
CVE-2003-0161
Severity:
Low
Description:
Sendmail is a Mail Transport Agent included in all the Red Hat Linux distributions. A security flaw was discovered in the handling of DNS maps in Sendmail 8.12 versions before 8.12.9. A remote attacker will be able to crash the instance of Sendmail dealing with the request.In case version 8.12.9 is not available, a patch should be installed. The patch and PGP signature can be downloaded from a link given in: http://www.sendmail.org/patchps.html. Check the PGP signature using either: gpg -verify prescan.tar.gz.uu.asc prescan.tar.gz.uuorpgp prescan.tar.gz.uu.asc prescan.tar.gz.uuThen unpack the patches using the following command:uudecode -p < prescan.tar.gz.uu | gunzip -c | tar -xf -Then apply the appropriate patch to your version of the Sendmail source code:cd sendmail-8.12.8/sendmailpatch < prescan.VERSION.patchIf version older than 8.12.8 was installed, make sure you install the previous patches. Recompile sendmail and install the new binary.
Applies to:
Sendmail
Created:
2003-03-29
Updated:
2010-08-21

ID:
CVE-2003-0100
Title:
Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.
Type:
Hardware
Bulletins:
CVE-2003-0100
SFBID6895
Severity:
High
Description:
Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.
Applies to:
Created:
2003-03-03
Updated:
2020-08-14

ID:
CVE-2002-1337
Title:
Remote Buffer Overflow in Sendmail
Type:
Mail
Bulletins:
CVE-2002-1337
SFBID6991
Severity:
Low
Description:
Sendmail version 5.79 to 8.12.7 are vulnerable to a buffer overflow, allowing attackers to execute their own code on the target via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function, which is found in headers.c. A newer version of Sendmail 8.12.8 exists, which contains a fix for this critical security problem.
Applies to:
Sendmail
Created:
2003-03-02
Updated:
2010-08-21