CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 1798 | CVE-2000-0220 | Candidate | ZoneAlarm sends sensitive system and network information in cleartext to the Zone Labs server if a user requests more information about an event. | Proposed (20000322) | ACCEPT(1) Armstrong | MODIFY(1) Frech | NOOP(5) Baker, Cole, LeBlanc, Ozancin, Wall | REJECT(1) Blake | REVIEWING(1) Levy | Blake> Discussion on Bugtraq shows that this is a really marginal issue. Very | tough to come up with a viable attack scenario. Also, it"s part of how | this class of software works, not a flaw in the cited package. Might be | possible to recast this into something more generic.... | Frech> XF:zonealarm-exposes-info | View |
| 3071 | CVE-2001-0250 | Candidate | The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command. | Proposed (20010404) | ACCEPT(4) Baker, Bishop, Cole, Frech | NOOP(2) Wall, Ziese | Bishop> This is a problem if the policy says it is. It may not be a security | problem in general, though. I voted accept because it may be a problem. | View |
| 3382 | CVE-2001-0569 | Candidate | Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet. | Proposed (20010727) | ACCEPT(4) Baker, Cole, Williams, Ziese | MODIFY(2) Bishop, Frech | NOOP(2) Foat, Wall | Bishop> the description is too vague; please specify the result of | the problem | Frech> XF:zope-classes-return-value(6952) | View |
| 3082 | CVE-2001-0261 | Candidate | Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files. | Proposed (20010404) | ACCEPT(3) Baker, Bishop, Frech | NOOP(3) Christey, Cole, Ziese | REJECT(1) LeBlanc | REVIEWING(1) Wall | Bishop> Sounds like Microsoft just confirmed it! | Christey> The description should make the point that the original files | are in plaintext. | LeBlanc> The preconditions needed to obtain the clear-text backup file | are that the user must be able to read the raw disk. Only administrators | or those with physical access can read the raw disk. An admin could | alter the operating system such that anything a user did would be | available, even EFS information (since the admin can cause processes to | run as any user who is logged on currently). Thus even if this issue | were not present, the same set of preconditions would lead to access to | the same information. In the case of physical access, scrubbing the disk | should be viewed only as raising the bar - information can be recovered | even from overwritten sectors. Additionally, coverage of a file might | not be complete - in the case where a file is truncated, then encrypted, | there could be sectors with file information that the operating system | would have no knowledge of at the time the encryption occurred, and | there is no practical way to wipe these. Considering all the realities | of the situation, the only real-world solution is to create files you"d | like encrypted in a directory marked for encryption. | CHANGE> [Baker changed vote from REVIEWING to ACCEPT] | View |
| 3389 | CVE-2001-0576 | Candidate | lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the "-u" command line parameter. | Modified (20020225-01) | ACCEPT(2) Frech, Williams | MODIFY(1) Bishop | NOOP(4) Cole, Foat, Wall, Ziese | RECAST(1) Baker | Bishop> recommend combining as stated in analysis | Baker> Merge with CVE-2001-0575, which has vendor acknowledgement, and includes this as one of the binaries with the same problem. | Williams> re: Baker recast - why merge 19 separate vuln issues into one CAN? | View |
Page 361 of 20943, showing 5 records out of 104715 total, starting on record 1801, ending on 1805
