CVE List

Id CVE No. Status Description Phase Votes Comments Actions
1375  CVE-1999-1395  Candidate  Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 through 5.4-2 allows local users to gain privileges.  Modified (20091029)  ACCEPT(3) Cole, Foat, Stracener | MODIFY(1) Frech | NOOP(2) Christey, Wall  Frech> XF:vms-monitor-gain-privileges(7136) | Duplicate of CVE-1999-1056? If not, indicate why in Analysis | comments. | Christey> Note that CVE-1999-1056 | Christey> CVE-1999-1056 is in fact a duplicate. This candidate will | be kept, and CVE-1999-1056 will be REJECTed, because this | candidate has more references.  View
2404  CVE-2000-0835  Candidate  search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 allows remote attackers to read arbitrary directories by specifying the directory in the query parameter.  Modified (20100115)  MODIFY(1) Frech | NOOP(5) Armstrong, Christey, Cole, Collins, Wall | REJECT(2) Baker, Magdych  Magdych> Unless the beta product is in very widespread use, or the product is in | "perpetual beta" (e.g. ICQ), I would prefer not to include beta software. | Christey> XF:sambar-search-view-folder | Frech> XF:sambar-search-view-folder(5247) | Baker> Unless we change our CD:EX-BETA, we should reject this entry. Perhaps we need to address the issue of Beta software again, but the previous discussion was pretty thorough and I believe the editorial board was unanimous in excluding normal beta software. | Christey> Fix typo: "paramater" | Christey> fix typo: "paramatar"  View
4987  CVE-2002-0596  Candidate  WebTrends Reporting Center 4.0d allows remote attackers to determine the real path of the web server via a GET request to get_od_toc.pl with an empty Profile parameter, which leaks the pathname in an error message.  Modified (20100115)  ACCEPT(1) Frech | NOOP(4) Cole, Cox, Foat, Wall    View
4791  CVE-2002-0399  Candidate  Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.  Modified (20100521)  ACCEPT(3) Armstrong, Cole, Green | MODIFY(1) Cox | NOOP(1) Christey  Christey> MANDRAKE:MDKSA-2002:066 | Cox> Addref: RHSA-2002:138  View
4557  CVE-2002-0164  Candidate  Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.  Modified (20100521)  ACCEPT(5) Armstrong, Cole, Cox, Green, Wall | MODIFY(1) Frech | NOOP(2) Christey, Foat  Christey> SGI:20021001-01-P | Christey> BUGTRAQ:20021024 GLSA: xfree | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103547625009363&w=2 | | This Gentoo advisory mentions XFree86 4.2.0-r12 and earlier. | Frech> XF:xfree86-mitshm-memory-access(8706) | Christey> REDHAT:RHSA-2003:067 | URL:http://www.redhat.com/support/errata/RHSA-2003-067.html | Christey> Add something like "Xfree86 before 4.2.1" to the description. | | The affected versions aren"t quite clear, as various vendor | advisories list different versions. | Christey> DEBIAN:DSA-380 | Christey> CALDERA:CSSA-2003-SCO.26  View

Page 20510 of 20943, showing 5 records out of 104715 total, starting on record 102546, ending on 102550

Actions