CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 66574 | CVE-2013-6627 | Candidate | net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response. | Assigned (20131105) | None (candidate not yet proposed) | View | |
| 1294 | CVE-1999-1314 | Candidate | Vulnerability in union file system in FreeBSD 2.2 and earlier, and possibly other operating systems, allows local users to cause a denial of service (system reload) via a series of certain mount_union commands. | Modified (20020218-01) | ACCEPT(3) Cole, Foat, Stracener | MODIFY(1) Frech | Frech> XF:unionfs-mount-ordering(7429) | View |
| 66830 | CVE-2013-6883 | Candidate | Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors. | Assigned (20131127) | None (candidate not yet proposed) | View | |
| 1550 | CVE-1999-1570 | Candidate | Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter. | Proposed (20020830) | ACCEPT(4) Armstrong, Cole, Frech, Green | NOOP(3) Cox, Foat, Wall | REVIEWING(1) Christey | Frech> It seems as if the BID-4089 assignment on this CAN name may be | in error. | BID-4089 (Multiple Vendor SNMP Request Handling Vulnerabilities) is | already assigned to CVE-2002-0013. Also, this CVE issue seems to have | nothing to do with SNMP. | Christey> Agreed, this is the wrong BID. SecurityFocus has assigned | BID:643 to CVE-1999-1570, but there"s a bit of an | inconsistency. BID:643 alludes to Bugtraq posts in 1999 | from Brock Tellier, mentioning overflows in sar via BOTH the | -o and -f parameters. However, they also link this issue to | SCO advisory 99.17, although the advisory itself is too vague | to *really* know what vulns they fixed. And now the link | to a potentially more detailed document (sse037.ltr) | is broken. So we don"t have any independent reason for | knowing whether SCO 99.17 (a) addresses any "sar" | vulnerabilities, and (b) even if it does, whether it addresses | *both* the -o and -f arguments originally claimed by Tellier. | Finally, it seems rather curious that CSSA-2002-SCO.17 | talks about a -o overflow but does not mention -f. | Sounds like an email to the security people at SCO | is in order... | | OK. Having consulted with SCO (who responded quickly), I | looked even further into this issue. There is now sufficient | evidence that the -f overflow was fixed in 1999. This | means that a separate candidate should be created (by | CD:SF-LOC), so the -f overflow is now covered by | CVE-1999-1571. | | Need to DELREF BID:4089 | CHANGE> [Frech changed vote from NOOP to ACCEPT] | CHANGE> [Christey changed vote from NOOP to REVIEWING] | View |
| 67086 | CVE-2013-7139 | Candidate | SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter. | Assigned (20131218) | None (candidate not yet proposed) | View |
Page 1728 of 20943, showing 5 records out of 104715 total, starting on record 8636, ending on 8640
