CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 3926 | CVE-2001-1122 | Candidate | Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in "SPECIAL" mode. | Proposed (20020315) | ACCEPT(3) Foat, Frech, Green | NOOP(2) Baker, Cole | REJECT(2) Armstrong, Ziese | REVIEWING(1) Wall | Ziese> fact that important system | files are not appropriately secured from user, a/o admin, level access. | Green> ACCESS TO THE WINNT/SYSTEM32 DIRECTORY, ALLOWING FOR A DoS TO BE PERFORMED. | Foat> Our attempts to repair the computer with the Windows NT cd-rom failed. | The machine still would not allow logins. Tried two different NT 4.0 CD"s. Both | CD"s gave the error message that the file MSV1_0.dll read okay but is invalid on | the hard drive. It says the CD is probably defective. | Armstrong> I don"t believe that a privileged user being able to run code | on a system is a vulnerability. | Baker> I generally agree that unless you are elevating your priveleges, this should not be listed as a vulnerability. | CHANGE> [Baker changed vote from REVIEWING to NOOP] | View |
| 3947 | CVE-2001-1143 | Candidate | IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789. | Proposed (20020315) | ACCEPT(1) Frech | NOOP(5) Armstrong, Cole, Foat, Green, Wall | REVIEWING(1) Ziese | Ziese> HAS ANYONE BEEN ABLE TO REPRODUCE THIS? | View |
| 3994 | CVE-2001-1190 | Candidate | The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended. | Proposed (20020315) | ACCEPT(4) Cole, Frech, Green, Wall | NOOP(1) Foat | REJECT(1) Ziese | Ziese> This candidate should be explicitly defined. | View |
| 3431 | CVE-2001-0618 | Candidate | Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of the "Network Name" or SSID as the default Wired Equivalent Privacy (WEP) encryption key. Since the SSID occurs in the clear during communications, a remote attacker could determine the WEP key and decrypt RG-1000 traffic. | Proposed (20010727) | ACCEPT(1) Frech | MODIFY(1) Ziese | NOOP(3) Cole, Foat, Wall | REVIEWING(1) Bishop | Ziese> vulnerability, per se, then why is this? If WEP is delievred enabled, by | any vendor, it must give the existing/default WEP-key somewhere. Will every | hardware product be flawed by his definition? | View |
| 4495 | CVE-2002-0101 | Candidate | Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released. | Proposed (20020315) | ACCEPT(4) Foat, Frech, Green, Ziese | NOOP(1) Cole | REVIEWING(1) Wall | Ziese> would seem appropriate as a CVE entry. | CHANGE> [Foat changed vote from NOOP to ACCEPT] | View |
Page 20943 of 20943, showing 5 records out of 104715 total, starting on record 104711, ending on 104715
