CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 65279 | CVE-2013-5332 | Candidate | Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | Assigned (20130820) | None (candidate not yet proposed) | View | |
| 65535 | CVE-2013-5588 | Candidate | Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php. | Assigned (20130825) | None (candidate not yet proposed) | View | |
| 2101 | CVE-2000-0524 | Candidate | Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From. | Proposed (20000712) | MODIFY(3) Frech, LeBlanc, Levy | NOOP(1) Ozancin | RECAST(1) Wall | Levy> There was plenty of people that could not reproduce the problem although | some did. More research (as in actual testing) is probably required. | LeBlanc> This entry does not specify which versions of Outloook are vulnerable, nor | is that clear from the BUGTRAQ record. It is much too broad to say just | "Outlook" when it is definately not all versions of Outlook. The problem | appears confined to some version of Outlook 97, and if I recall correctly, | there has been a patch for this for quite some time. | Frech> XF:outlook-header-dos(4645) | CHANGE> [Wall changed vote from REVIEWING to RECAST] | Wall> UNABLE TO DUPLICATE | View |
| 105 | CVE-1999-0105 | Candidate | finger allows recursive searches by using a long string of @ symbols. | Proposed (19990726) | MODIFY(3) Baker, Frech, Shostack | NOOP(1) Christey | REJECT(1) Northcutt | Shostack> fingerD | Frech> XF:finger-bomb | Christey> aka redirection or forwarding requests? (but then might | overlap CVE-1999-0106) | Baker> should change description to indicate the recursive searching can consume enough system resources to cause a DoS. | View |
| 521 | CVE-1999-0524 | Candidate | ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | Modified (20161206) | MODIFY(3) Baker, Frech, Meunier | REJECT(1) Northcutt | Frech> XF:icmp-timestamp | XF:icmp-netmask | Meunier> If this is not merged with 1999-0523 as I commented for that | CVE, then the description should be changed to "ICMP messages of types | 13 and 14 (timestamp request and reply) and 17 and 18 (netmask request | and reply) are acted upon without any access control". It"s a more | precise and correct language. I believe that this is a valid CVE | entry (it"s a common source of vulnerabilities or exposures) even | though I see that the inferred action was "reject". Knowing the time | of a host also allows attacks against random number generators that | are seeded with the current time. I want to push to have it accepted. | Baker> I agree with the description changes suggested by Pascal | View |
Page 19784 of 20943, showing 5 records out of 104715 total, starting on record 98916, ending on 98920
