Common Vulnerabilities & Exposures

MontaVista CVE List and Response

MontaVista continually monitors the security community and customers for threats. We follow the community on CVE scoring (NVD) and set fix priority accordingly for effected products. Please view the following CVEs that have been remediated or are in process by clicking the CVE Year to the left or use the CVE Filters below.

For inquiries into CVEs at MontaVista, please send email to security@mvista.com

Vulnerabilities

CVE Filters

Product

Score

Severity

Status

CVE

CVE List 2002

CVE	Score	Severity	Package	Description	Published
CVE-2002-2439	4.0			RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.	September 4, 2012 21:09 pm
CVE-2002-2185	4.9	Medium	kernel	The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a targets Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.	December 31, 2002 14:12 pm
CVE-2002-1438	5.0	Medium	netware	The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option.	April 11, 2003 13:04 pm
CVE-2002-1437	5.0	Medium	netware	Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing ..%5c (URL-encoded dot-dot backslash) sequences.	April 11, 2003 13:04 pm
CVE-2002-1436	7.5	High	netware	The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.	April 11, 2003 13:04 pm
CVE-2002-1216	5.0	Medium	tar	GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.	October 28, 2002 14:10 pm
CVE-2002-0659	5.0	Medium	openssl	The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.	August 12, 2002 13:08 pm
CVE-2002-0657	7.5	High	openssl	Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.	August 12, 2002 13:08 pm
CVE-2002-0656	7.5	High	openssl	Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.	August 12, 2002 13:08 pm
CVE-2002-0655	7.5	High	openssl	OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.	August 12, 2002 13:08 pm