CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 756 | CVE-1999-0776 | Candidate | Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack. | Proposed (19991214) | ACCEPT(4) Frech, Levy, Ozancin, Stracener | MODIFY(1) Baker | NOOP(6) Armstrong, Blake, Cole, Landfield, LeBlanc, Wall | REVIEWING(1) Christey | Christey> This candidate is unconfirmed by the vendor. | | Posted by Arne Vidstrom. | Blake> I"d like to change my vote on this from ACCEPT to NOOP. I did some | digging and the vendor seems to have discontinued the product, so no | information is available beyond Arne"s post. Unless Andre has a copy | in his archive and can test it, I think we have to leave it out. | Wall> I agree with Blake. We have not seen the product and it has been discontinued. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> If this is (or was) tested by some tool, we should ACCEPT it. | Baker> http://www.securityfocus.com/bid/270 | Christey> BID:270 | URL:http://www.securityfocus.com/bid/270 | View |
| 4406 | CVE-2002-0012 | Candidate | Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. | Modified (20061101) | ACCEPT(6) Cole, Foat, Green, Jones, Wall, Ziese | REVIEWING(1) Christey | Christey> This candidate is at a higher level of abstraction (more | general) than most other candidates. CVE"s content | decisions suggest that we should provide different candidates | for each implementation and type of bug that is affected by | the PROTOS suite. | | However, as of this writing (Feb 12, 2002), there is | insufficient information to assign the proper number of | candidates. This high-level candidate will serve as a | "catch-all," but we will be assigning lower-level (more | specific) candidates when there is more information. | | Due to the size and extent of this problem, it is better to | have a high-level candidate than no candidate at all. | Ziese> ACKNOWLEDGED-BY-VENDOR | Christey> DEBIAN:DSA-111 | MANDRAKE:MDKSA-2002:014 | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> CALDERA:CSSA-2002-004.0 | Christey> Consider adding BID:4088 | Christey> ADDREF SGI:20020404-01-P, which discusses the "hpsnmpd" daemon. | Christey> COMPAQ:SSRT0799 | CONECTIVA:CLA-2002:462 | BID:4088 | DEBIAN:DSA-111 | HP:HPSBUX0202-184 | URL:http://online.securityfocus.com/advisories/4032 | CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities | CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products | MANDRAKE:MDKSA-2002:014 | FREEBSD:FreeBSD-SA-02:11 | Christey> SUSE:SuSE-SA:2002:012 | | Should also mention ucd-snmp package by name. | BUGTRAQ:20020824 NOVL-2002-2961546 - SNMPv1 Trap and Request Handling Vulnerabilities | URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0295.html | HP:HPSBMP0206-015 | URL:http://archives.neohapsis.com/archives/hp/2002-q4/0010.html | CALDERA:CSSA-2002-SCO.25 | URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q2/0024.html | CALDERA:CSSA-2002-004.1 | URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-004.1 | BUGTRAQ:20020227 nCipher Security Advisory #2: SNMP vulnerabilities | URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0353.html | Christey> REDHAT:RHSA-2002:036 | URL:http://www.redhat.com/support/errata/RHSA-2002-036.html | View |
| 4407 | CVE-2002-0013 | Candidate | Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. | Modified (20061101) | ACCEPT(6) Cole, Foat, Green, Jones, Wall, Ziese | REVIEWING(1) Christey | Christey> This candidate is at a higher level of abstraction (more | general) than most other candidates. CVE"s content | decisions suggest that we should provide different candidates | for each implementation and type of bug that is affected by | the PROTOS suite. | | However, as of this writing (Feb 12, 2002), there is | insufficient information to assign the proper number of | candidates. This high-level candidate will serve as a | "catch-all," but we will be assigning lower-level (more | specific) candidates when there is more information. | | Due to the size and extent of this problem, it is better to | have a high-level candidate than no candidate at all. | Christey> BID:4089 | Christey> DEBIAN:DSA-111 | MANDRAKE:MDKSA-2002:014 | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> CALDERA:CSSA-2002-004.0 | Christey> ADDREF SGI:20020404-01-P, which discusses the "hpsnmpd" daemon. | Christey> COMPAQ:SSRT0799 | CONECTIVA:CLA-2002:462 | DEBIAN:DSA-111 | HP:HPSBUX0202-184 | URL:http://online.securityfocus.com/advisories/4032 | CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities | CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products | MANDRAKE:MDKSA-2002:014 | FREEBSD:FreeBSD-SA-02:11 | Christey> SUSE:SuSE-SA:2002:012 | | Should also mention ucd-snmp package by name. | BUGTRAQ:20020824 NOVL-2002-2961546 - SNMPv1 Trap and Request Handling Vulnerabilities | URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0295.html | HP:HPSBMP0206-015 | URL:http://archives.neohapsis.com/archives/hp/2002-q4/0010.html | CALDERA:CSSA-2002-SCO.25 | URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q2/0024.html | CALDERA:CSSA-2002-004.1 | URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-004.1 | BUGTRAQ:20020227 nCipher Security Advisory #2: SNMP vulnerabilities | URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0353.html | Christey> SUNALERT:57404 | Christey> REDHAT:RHSA-2002:036 | URL:http://www.redhat.com/support/errata/RHSA-2002-036.html | View |
| 1020 | CVE-1999-1040 | Candidate | Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable. | Proposed (20010912) | ACCEPT(3) Cole, Foat, Stracener | NOOP(1) Christey | REJECT(1) Frech | Christey> This candidate and CVE-1999-1501 are duplicates. However, | CVE-1999-1501 will be REJECTed in favor of this candidate. | Add the following references: | BID:70 | URL:http://www.securityfocus.com/bid/70 | BID:71 | URL:http://www.securityfocus.com/bid/71 | XF:irix-ipxchk-ipxlink-ifs-commands(7365) | URL:http://xforce.iss.net/static/7365.php | View |
| 5146 | CVE-2002-0756 | Candidate | Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies. | Proposed (20020726) | ACCEPT(2) Armstrong, Cole | NOOP(4) Christey, Cox, Foat, Wall | Christey> This *might* be vendor acknowledgement: | URL:http://www.geocrawler.com/lists/3/SourceForge/12082/0/8595354/ | | However, the person who"s credited by the vendor found *TWO* | authentication-related vulnerabilities at about the same time, | and the vendor is clearly fixing "a" vulnerability. So, which | issue did the vendor fix? Which issue is the vendor | acknowledging - CVE-2002-0757 or CVE-2002-0756? | View |
Page 284 of 20943, showing 5 records out of 104715 total, starting on record 1416, ending on 1420
