(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群最近- 64 - 21的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):最近集群- 64 - 21的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0400年:星期五,2001年7月27日03:00:55(美国东部时间)
- 交货日期:2001年7月27日03:00:58星期五
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我最近提出了集群——64年由编辑委员会审查和投票。名称:最近- 64描述:候选人宣布4/2/2001与4/21/2001大小:21你可能通过修改这封邮件投票表决候选人,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0596 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0596最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010409 Netscape 4.76 gif参考评论缺陷:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98685237415117&w=2参考:DEBIAN: dsa - 051参考:网址:http://www.debian.org/security/2001/dsa - 051参考:CONECTIVA: CLA-2001:393参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000393参考:REDHAT: RHSA-2001:046参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 046. - html参考:XF: netscape-javascript-access-data(6344)参考:网址:http://xforce.iss.net/static/6344.php网景沟通者之前4.77允许远程攻击者通过精雕细琢GIF图像执行任意javascript。javascript是嵌入式的GIF文件作为评论。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0596 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0609网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0609最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010411 CFINGERD远程漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0202.html参考:DEBIAN: dsa - 048参考:网址:http://www.debian.org/security/2001/dsa - 048参考:报价:2576参考:网址:http://www.securityfocus.com/bid/2576参考:XF: cfingerd-remote-format-string(6364)参考:网址:http://xforce.iss.net/static/6364.php3格式字符串漏洞在Infodrom cfingerd早些时候,允许远程攻击者获得更多特权通过畸形鉴别回答,传递给syslog功能。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0609 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0623网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0623最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:DEBIAN: dsa - 052参考:网址:http://www.debian.org/security/2001/dsa - 052参考:XF: saft-sendfiled-execute-code(6430)参考:网址:http://xforce.iss.net/static/6430.phpsendfile,包含简单的异步文件传输(果汁),在不同的Linux系统不适当放弃特权在发送通知邮件,它允许本地攻击者获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0623 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0573网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0573最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:AIX-APAR: IY16909参考:网址:http://archives.neohapsis.com/archives/aix/2001-q2/0000.htmllsf在AIX中4。x允许本地用户获得更多特权通过创建特洛伊木马程序命名grep(1)或(2)在某个目录lslv,在用户的控制之下,导致lsf访问该目录项目。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0573 2供应商确认:是的咨询的信息没有提到AIX或lsf的特定版本。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0590网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0590最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010403 Re: Tomcat可以通过URL显示脚本源代码诡计参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.htmlApache软件基金会Tomcat Servlet之前3.2.2允许远程攻击者阅读源代码任意的jsp文件通过一个畸形的URL请求不结束与HTTP协议规范(例如HTTP / 1.0)分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0590 2供应商确认:是的changelog投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0592网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0592最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010405 def - 2001 - 18:沃奇卫士燃烧室II内核DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0054.html参考:XF: firebox-kernel-dos(6327)参考:网址:http://xforce.iss.net/static/6327.php沃奇卫士燃烧室II 4.6允许远程攻击者创建一个拒绝服务在内核中通过大量流(> 10000)畸形ICMP和TCP数据包。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0592 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0594网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0594最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010409 Solaris kcms_configure脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0140.html参考:报价:2558参考:网址:http://www.securityfocus.com/bid/2558参考:XF: solaris-kcms-command-bo(6359)参考:网址:http://xforce.iss.net/static/6359.phpkcms_configure Solaris 7和8中包含允许当地通过缓冲区溢出攻击者获得更多特权的命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0594 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0595网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0595最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010411 (LSD) Solaris kcsSUNWIOsolf。所以和dtsession漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0203.html参考:XF: solaris-kcssunwiosolf-bo(6365)参考:网址:http://xforce.iss.net/static/6365.phpkcsSUNWIOsolf缓冲区溢出。所以图书馆在Solaris 7和8允许本地攻击者执行任意命令通过KCMS_PROFILES环境变量,例如kcms_configure项目。与kcms_configure程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0595 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0597网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0597最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010410条密码生成的灾难性失败。参考网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0169.html参考:报价:2567参考:网址:http://www.securityfocus.com/bid/2567参考:XF: strip-weak-passwords(6362)参考:网址:http://xforce.iss.net/static/6362.php考究的回忆重要的密码安全工具(带)0.5和更早的PalmOS允许本地攻击者通过蛮力攻击恢复密码。这种攻击是由地带使用SysRandom可行,由TimeGetTicks播种,实现缺陷,大大减少了搜索空间的密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0597 3供应商确认:未知的内容决定:DESIGN-WEAK-ENCRYPTION投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0598网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0598最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010411 def - 2001 - 21:鬼多个DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0175.html参考:XF: ghost-configuration-server-dos(6357)参考:网址:http://xforce.iss.net/static/6357.php参考:报价:2570参考:网址:http://www.securityfocus.com/bid/2570赛门铁克6.5和更早的鬼魂允许远程攻击者创建一个拒绝服务通过发送大的数据量(> 45 kb)鬼配置服务器在端口1347上,触发一个错误,不妥善处理。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0598 3供应商确认:未知的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0599网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0599最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010411 def - 2001 - 21:鬼多个DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0175.html参考:XF: ghost-database-engine-dos(6356)参考:网址:http://xforce.iss.net/static/6356.php参考:报价:2572参考:网址:http://www.securityfocus.com/bid/2572Sybase服务器自适应任何数据库引擎6.0.3.2747 6.5附带赛门铁克鬼早些时候,允许远程攻击者创建一个拒绝服务通过发送大的数据量(> 45 kb)端口2638。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0599 3供应商确认:未知的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0600网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0600最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010411 def - 2001 - 20: Lotus Domino多个DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html参考:XF: lotus-domino-header-dos(6347)参考:网址:http://xforce.iss.net/static/6347.phpLotus Domino R5 5.0.7之前允许远程攻击者创建一个拒绝服务通过重复相同的URL请求HTTP头,如(1)接受,(2)Accept-Charset,(3)接受编码,(4)接收语言,(5)内容类型。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0600 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0601网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0601最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010411 def - 2001 - 20: Lotus Domino多个DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html参考:XF: lotus-domino-unicode-dos(6349)参考:网址:http://xforce.iss.net/static/6349.phpLotus Domino R5 5.0.7之前允许远程攻击者创建一个拒绝服务通过HTTP请求包含某些UNICODE字符的组合。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0601 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0602网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0602最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010411 def - 2001 - 20: Lotus Domino多个DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html参考:XF: lotus-domino-device-dos(6348)参考:网址:http://xforce.iss.net/static/6348.phpLotus Domino R5 5.0.7之前允许远程攻击者创建一个通过重复(> 400)拒绝服务的URL请求DOS设备。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0602 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0603网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0603最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010411 def - 2001 - 20: Lotus Domino多个DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html参考:XF: lotus-domino-corba-dos(6350)参考:网址:http://xforce.iss.net/static/6350.phpLotus Domino R5 5.0.7之前允许远程攻击者创建一个拒绝服务通过反复发送大的数据量(> 10 kb) DIIOP - CORBA服务的TCP端口63148。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0603 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0604网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0604最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010411 def - 2001 - 20: Lotus Domino多个DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html参考:XF: lotus-domino-url-dos(6351)参考:网址:http://xforce.iss.net/static/6351.phpLotus Domino R5 5.0.7之前允许远程攻击者创建一个通过URL请求拒绝服务(> 8 kb)含有大量的“/”字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0604 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0610网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0610最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010418不安全目录处理KFM文件管理器引用:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0336.html参考:XF: kfm-tmpfile-symlink(6428)参考:网址:http://xforce.iss.net/static/6428.phpkfm, KDE附带1所示。x可以允许本地攻击者获得更多特权通过一个符号链接攻击kfm缓存目录在/ tmp。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0610 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0618网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0618最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:CF参考:BUGTRAQ: 20010402 rg - 1000 802.11住宅网关默认WEP关键参考披露缺陷:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0020.html参考:XF: orinoco-rg1000-wep-key(6328)参考:网址:http://xforce.iss.net/static/6328.php奥里诺科河rg - 1000无线家庭网关使用的最后5位数的网络名称或名称作为默认隐私(WEP)有线等效加密密钥。SSID以来发生在明确的通信,远程攻击者可以确定WEP密钥和解密rg - 1000流量。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0618 3供应商确认:未知的内容决定:CF-PASS投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0619网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0619最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:未知参考:BUGTRAQ: 20010402设计缺陷在朗讯/奥里诺科河802.11专有访问控制——封闭的网络参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0015.html朗讯关闭网络协议允许远程攻击者可以加入封闭网络网络不能访问。网络名称或名称,这是作为一个共享的秘密加入网络,传播的清晰。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0619 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0620网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0620最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010418 iplanet日历server 5.0 p2暴露网景Admin服务器主密码参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0320.html参考:XF: iplanet-calendar-plaintext-password(6402)参考:网址:http://xforce.iss.net/static/6402.php早些时候iPlanet日历Server 5.0 p2和允许本地攻击者获得网景管理服务器(NAS) LDAP数据库,读取任意文件获取明文管理员用户名和密码从配置文件,不安全的权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0620 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0624网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0624最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:VULN-DEV: 20010421 QNX文件读脆弱性参考:网址:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0266.html参考:XF: qnx-fat-file-read参考:网址:http://xforce.iss.net/static/6437.phpQNX 2.4允许本地用户读取任意文件通过直接访问脂肪磁盘分区的挂载点,例如/ fs-dos。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0624 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群最近- 63 - 32的候选人
- 下一个按日期:(提案)集群最近40 - 65的候选人
- Prev线程:(提案)集群最近- 63 - 32的候选人
- 下一个线程:(提案)集群最近40 - 65的候选人
- 指数(es):
