CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 802 | CVE-1999-0822 | Candidate | Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via AUTH command. | Proposed (19991208) | ACCEPT(4) Armstrong, Baker, Cole, Stracener | MODIFY(1) Frech | NOOP(1) Christey | REVIEWING(1) Prosser | Frech> XF:qpopper-auth-bo | Christey> ADDREF? DEBIAN:19991215 buffer overflow in qpopper v3.0 | ADDREF XF:qpopper-auth-bo | View |
| 807 | CVE-1999-0827 | Candidate | By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing. | Proposed (19991208) | ACCEPT(4) Armstrong, Baker, LeBlanc, Stracener | MODIFY(2) Cole, Frech | REVIEWING(1) Prosser | Cole> The BID is 855. If I have the right vulnerability, this allows an | attacker to access URL"s of there choosing which could lead to a compromise | of private information. | Frech> XF:http-frame-spoof | Question: Similar vulnerability to MS98-020 / CVE-1999-0869? | LeBlanc> MSRC tells me this is patched in MS00-009 | View |
| 809 | CVE-1999-0829 | Candidate | HP Secure Web Console uses weak encryption. | Proposed (19991208) | ACCEPT(2) Armstrong, Stracener | MODIFY(1) Frech | NOOP(2) Baker, Cole | REVIEWING(1) Prosser | Cole> I could not find details on this using the above references. | Frech> XF:hp-secure-console | View |
| 810 | CVE-1999-0830 | Candidate | Buffer overflow in SCO UnixWare Xsco command via a long argument. | Proposed (19991208) | ACCEPT(3) Armstrong, Baker, Stracener | MODIFY(3) Cole, Frech, Prosser | REVIEWING(1) Christey | Cole> This is BID 824 and the BUGTRAQ reference is 19991125. | Frech> XF:sco-unixware-xsco | Christey> Confirmed by vendor, albeit vaguely: | http://marc.theaimsgroup.com/?l=bugtraq&m=94581379905584&w=2 | | Prosser> agree with Steve on vendor confirmation, however not sure the | fix ref"d in BID 824 (SSE041) is right. It lists fixes for libnsl and | tcpip.so, nothing about xsco. SSE050b | (ftp://ftp.sco.com/SSE/security_bulletins/SB-99.26b) fixes a buffer overflow | in xsco on OpenServer (the vendor message Steve refers to) but not the | UnixWare vulnerability reported on Bugtraq and in BID824. Anyone more | familar with SCO shed some light on this? Are they the same codebase so fix | would be same? From the SCO site it seems the UnixWare and OpenSever | products are similar but have differences. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> BID:824 | http://www.securityfocus.com/bid/824 | View |
| 823 | CVE-1999-0843 | Candidate | Denial of service in Cisco routers running NAT via a PORT command from an FTP client to a Telnet port. | Proposed (19991208) | ACCEPT(3) Balinsky, Cole, Stracener | MODIFY(1) Frech | NOOP(2) Armstrong, Baker | REVIEWING(3) Christey, Prosser, Ziese | Frech> XF:cisco-nat-dos | Christey> Mike Prosser"s REVIEWING vote expires July 17, 2000 | Ziese> After reviewing | http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml | I can not confirm this exists unless it"s restructred to | describe a problem against IOS per se; not NAT per se. I am | reviewing this and it may take some time. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> Not sure if Kevin"s suggested reference really describes this | one. However, a followup email by Jim Duncan of Cisco does | acknowledge the problem as discussed in the Bugtraq post: | http://marc.theaimsgroup.com/?l=vuln-dev&m=94385601831585&w=2 | The original post is: | http://marc.theaimsgroup.com/?l=bugtraq&m=94184947504814&w=2 | | It could be that the researcher believed that the problem was | NAT, but in fact it wasn"t. | | I need to follow up with Ziese/Balinsky on this one. | View |
Page 20550 of 20943, showing 5 records out of 104715 total, starting on record 102746, ending on 102750
