CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 2256 | CVE-2000-0680 | Candidate | The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action. | Proposed (20000921) | ACCEPT(2) Baker, Levy | MODIFY(1) Frech | NOOP(2) Cole, Wall | Frech> XF:cvs-checkin-execute-binary | View |
| 1662 | CVE-2000-0084 | Candidate | CuteFTP uses weak encryption to store password information in its tree.dat file. | Proposed (20000125) | MODIFY(2) Baker, Frech | NOOP(1) Christey | Frech> XF:cuteftp-weak-encrypt(3910) | Christey> BUGTRAQ:20010823 Re: Respondus v1.1.2 stores passwords using weak encryption | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99861651923668&w=2 | This followup to a different thread mentions the sm.dat file | for the site manager. | Baker> The reference from the Bugtraq mentions the sm.dat uses better encryption, but doesn"t really address the tree.dat file. | View |
| 1853 | CVE-2000-0275 | Candidate | CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user"s PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN. | Proposed (20000426) | ACCEPT(3) Baker, Cole, Levy | MODIFY(1) Frech | NOOP(1) Wall | Frech> XF:cryptoadmin-weak-encryption | View |
| 1890 | CVE-2000-0312 | Candidate | cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron"s fake popen function. | Proposed (20010214) | ACCEPT(3) Baker, Cole, Collins | MODIFY(1) Frech | REVIEWING(1) Christey | Frech> XF:cron-sendmail-root(3335) | Seems like this issue is not just OpenBSD, and is described | differently by other vendors: | SuSE Security Announcement #15 Security hole in cron | http://www.suse.de/de/support/security/suse_security_announce_15.txt | Red Hat, Inc. Security Advisory RHSA-1999:030-02 Buffer overflow in | cron daemon | http://www.redhat.com/support/errata/rh52-errata-general.html#vixie-cron | Caldera Systems, Inc. Security Advisory CSSA-1999-023.0 serious security | problem in cron | http://www.calderasystems.com/support/security/advisories/CSSA-1999-023.0.tx | t | All are dated on or around 1999-08-27 to 1999-08-30. | Also, may overlap with CVE-1999-0769: Vixie Cron on Linux systems allows | local users to set parameters of sendmail commands via the MAILTO | environmental variable. | Christey> See Andre"s comments, but I believe this is different than | CVE-1999-0769. Also consider CVE-1999-0768 and CVE-1999-0872 | (Vixie Cron buffer overflow via MAILTO), | View |
| 8652 | CVE-2004-0224 | Candidate | Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." | Modified (20050719) | ACCEPT(4) Armstrong, Baker, Cole, Cox | MODIFY(1) Frech | NOOP(3) Christey, Green, Wall | Frech> XF:courier-codeset-converter-bo(15434) | http://xforce.iss.net/xforce/xfdb/15434 | Christey> BUGTRAQ:20040329 [ GLSA 200403-06 ] Multiple remote buffer overflow vulnerabilities in Courier | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108058112903373&w=2 | Christey> BUGTRAQ:20040329 [ GLSA 200403-06 ] Multiple remote buffer overflow vulnerabilities in Courier | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108058112903373&w=2 | Christey> MISC:http://www.debian.org/security/nonvulns-woody#CVE-2004-0075 | CHANGE> [Cox changed vote from REVIEWING to ACCEPT] | View |
Page 188 of 20943, showing 5 records out of 104715 total, starting on record 936, ending on 940
