CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 5783 | CVE-2002-1399 | Candidate | Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cash_out(2). | Proposed (20030317) | ACCEPT(2) Baker, Cox | NOOP(2) Cole, Wall | CHANGE> [Cox changed vote from REVIEWING to ACCEPT] | View |
| 281 | CVE-1999-0282 | Candidate | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-1584, CVE-1999-1586. Reason: This candidate combined references from one issue with the description from another issue. Notes: Users should consult CVE-1999-1584 and CVE-1999-1586 to obtain the appropriate name. All references and descriptions in this candidate have been removed to prevent accidental usage. | Modified (20050830) | ACCEPT(2) Baker, Dik | MODIFY(1) Frech | NOOP(1) Ozancin | RECAST(1) Prosser | REJECT(1) Christey | Frech> XF:sun-loadmodule | XF:sun-modload (CERT CA-93.18 very old!) | Prosser> Believe the reference given, 95-12, is referencing a later | loadmodule(8) setuid problem in the X11/NeWS windowing system. There is an | earlier, similar setuid vulnerability in the CA-93.18, CIAC G-02 advisories | for the SunOS 4.1.x/Solbourne and OpenWindow 3.0. In fact, there may be the | same as the HP patches are 100448-02 for the 93 loadmodule/modload | vulnerability and 100448-03 for the 95 loadmodule vulnerability which | normally indicated a patch update. Looks like the original patch either | didn"t completely fix the problem or it resurfaced in X11 NeWS. Can"t tell | much beyond that and this is my opinion only as have no way to check it. | Which one is this CVE referencing? I accept both. | Dik> There are three similar Sun bug ids associated with the patches. | 1076118 loadmodule has a security vulnerability | 1148753 loadmodule has a security vulnerability | 1222192 loadmodule has a security vulnerability | as well as: | 1137491 | Ancient stuff. | Christey> Add period to the end of the description. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> This is distinct from CVE-1999-1584 - CVE-1999-1584 is for | CA-93.18. | CHANGE> [Christey changed vote from REVIEWING to REJECT] | Christey> This candidate combines two separate issues. It uses the CERT | alert reference from 1995, from one issue, but a description that | is associated with a separate issue. | View |
| 186 | CVE-1999-0186 | Candidate | In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters. | Modified (20071119) | ACCEPT(2) Baker, Dik | MODIFY(1) Frech | NOOP(1) Wall | REVIEWING(1) Christey | Frech> Change XF:snmp-backdoor-access to XF:sol-hidden-commstr | Add ISS:Hidden Community String in SNMP Implementation | Christey> What is the proper level of abstraction to use here? Should | we have a separate entry for each different default community | string? See: | http://cve.mitre.org/Board_Sponsors/archives/msg00242.html and | http://cve.mitre.org/Board_Sponsors/archives/msg00250.html | http://cve.mitre.org/Board_Sponsors/archives/msg00251.html | | Until the associated content decisions have been approved | by the Editorial Board, this candidate cannot be accepted | for inclusion in CVE. | Christey> ADDREF BID:177 | Christey> ISS:19981102 Hidden community string in SNMP implementation | http://xforce.iss.net/alerts/advise11.php | | Change description to include "hidden" | Christey> XF:snmp-backdoor-access is missing. | View |
| 2388 | CVE-2000-0812 | Candidate | The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag. | Interim (20010117) | ACCEPT(2) Baker, Dik | MODIFY(2) Frech, Levy | NOOP(3) Armstrong, Cole, Wall | REVIEWING(1) Christey | Frech> XF:sunjava-webadmin-bbs(5135) | Levy> BID 1600 | Frech> We also show this associated with CVE-2000-0629: The default | configuration of the Sun Java web server 2.0 and earlier allows remote | attackers to execute arbitrary commands by uploading Java code to the | server via board.html, then directly calling the JSP compiler | servlet. CVE web site concurs. | Christey> I think that Casper Dik confirmed that CVE-2000-0629 is a | configuration problem, and this one is a bug, so they are | different problems. I need to dig up that email, though... | Dik> CVE-2000-0629 indeed is about sample code which shouldn"t | be run on prodution servers | This one is an actual bug and patches have been produced | for JWS 2.0 and 1.1.3 | View |
| 5222 | CVE-2002-0832 | Candidate | Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature. | Proposed (20020830) | ACCEPT(2) Baker, Foat | MODIFY(1) Frech | NOOP(3) Armstrong, Cole, Cox | REVIEWING(1) Wall | Foat> This is more an exposure than a vulnerability. IE does have, as the | autho0r contends, a "user data persistence" feature that is independent of the | settings used to control cookies. Microsoft allows a user to turn off the | feature via a simple setting. Bottom line, this is a configuration problem. | Frech> XF:ie-bypass-cookie-restrictions(10459) | View |
Page 782 of 20943, showing 5 records out of 104715 total, starting on record 3906, ending on 3910
