Common Vulnerabilities & Exposures

MontaVista CVE List and Response

MontaVista continually monitors the security community and customers for threats. We follow the community on CVE scoring (NVD) and set fix priority accordingly for effected products. Please view the following CVEs that have been remediated or are in process by clicking the CVE Year to the left or use the CVE Filters below.

For inquiries into CVEs at MontaVista, please send email to security@mvista.com

CVE Filters

CVE List 2002

CVE Score Severity Package Description Published
CVE-2002-2439 4.0 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. September 22, 2019 07:09 am
CVE-2002-0655 7.5 High openssl OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. August 12, 2002 13:08 pm
CVE-2002-1436 7.5 High netware The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request. April 11, 2003 13:04 pm
CVE-2002-0659 5.0 Medium openssl The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. August 12, 2002 13:08 pm
CVE-2002-1216 5.0 Medium tar GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check. October 28, 2002 14:10 pm
CVE-2002-0657 7.5 High openssl Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key. August 12, 2002 13:08 pm
CVE-2002-0656 7.5 High openssl Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. August 12, 2002 13:08 pm
CVE-2002-2185 4.9 Medium kernel The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network. December 31, 2002 14:12 pm
CVE-2002-1438 5.0 Medium netware The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option. April 11, 2003 13:04 pm
CVE-2002-1437 5.0 Medium netware Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences. April 11, 2003 13:04 pm