CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 234 | CVE-1999-0235 | Candidate | Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. | Modified (19991220-01) | ACCEPT(3) Hill, Northcutt, Prosser | MODIFY(1) Frech | REJECT(2) Baker, Christey | Frech> XF:http-ncsa-longurl | Christey> CVE-1999-0235 has the same ref"s as CVE-1999-0267 | Baker> Not to mention, the X-force listings of http-ncsa-longurl and http-port both | refer to the same problem. This should be rejected as 1999-0267 is the same problem. | View |
| 65770 | CVE-2013-5823 | Candidate | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security. | Assigned (20130918) | None (candidate not yet proposed) | View | |
| 490 | CVE-1999-0492 | Candidate | The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses. | Proposed (19990726) | ACCEPT(3) Armstrong, Collins, Northcutt | MODIFY(4) Baker, Blake, Frech, Shostack | NOOP(4) Christey, Cole, Landfield, Wall | REVIEWING(1) Ozancin | Shostack> isn"t that what finger is supposed to do? | Landfield> Maybe we need a new category of "unsafe system utilities and protocols" | Blake> Ffingerd 1.19 allows remote attackers to differentiate valid and invalid | usernames on the target system based on its responses to finger queries. | Christey> CHANGEREF BUGTRAQ [canonicalize] | BUGTRAQ:19990423 Ffingerd privacy issues | http://marc.theaimsgroup.com/?l=bugtraq&m=92488772121313&w=2 | | Here"s the nature of the problem. | (1) FFingerd allows users to decide not to be fingered, | printing a message "That user does not want to be fingered" | (2) If the fingered user does not exist, then FFingerd"s | intended default is to print that the user does not | want to be fingered; however, the error message has a | period at the end. | Thus, ffingerd can allow someone to determine who valid users | on the server are, *in spite of* the intended functionality of | ffingerd itself. Thus this exposure should be viewed in light | of the intended functionality of the application, as opposed | to the common usage of the finger protocol in general. | | Also, the vendor posted a followup and said that a patch was | available. See: | http://marc.theaimsgroup.com/?l=bugtraq&m=92489375428016&w=2 | Baker> Vulnerability Reference (HTML) Reference Type | http://www.securityfocus.com/archive/1/13422 Misc Defensive Info | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:ffinger-user-info(5393) | View |
| 66026 | CVE-2013-6079 | Candidate | Buffer overflow in MostGear Soft Easy LAN Folder Share 3.2.0.100 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in the (1) registration code field in the activate license window or the (2) HKLMSOFTWAREMostGearEasyLanFolderShare_V1License registry key. NOTE: it is not clear from the original report whether this issue crosses privilege boundaries. If not, then it should not be included in CVE. | Assigned (20131011) | None (candidate not yet proposed) | View | |
| 66282 | CVE-2013-6335 | Candidate | The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations. | Assigned (20131031) | None (candidate not yet proposed) | View |
Page 19193 of 20943, showing 5 records out of 104715 total, starting on record 95961, ending on 95965
