[Secure-testing-commits] r2987 - data/CVE
Joey Hess
joeyh at costa.debian.org
Fri Dec 9 09:14:25 UTC 2005
Author: joeyh
Date: 2005-12-09 09:14:20 +0000 (Fri, 09 Dec 2005)
New Revision: 2987
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-09 01:01:24 UTC (rev 2986)
+++ data/CVE/list 2005-12-09 09:14:20 UTC (rev 2987)
@@ -1,4 +1,61 @@
-CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernams and ...)
+CVE-2005-4095 (Directory traversal vulnerability in connector.php in the ...)
+ TODO: check
+CVE-2005-4094 (connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows ...)
+ TODO: check
+CVE-2005-4093 (Unspecified vulnerability in Check Point VPN-1 SecureClient NG with ...)
+ TODO: check
+CVE-2005-4092 (Heap-based buffer overflow in Apple QuickTime Player 7.0.3 and iTunes ...)
+ TODO: check
+CVE-2005-4091 (Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script ...)
+ TODO: check
+CVE-2005-4090 (Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is ...)
+ TODO: check
+CVE-2005-4089 (Microsoft Internet Explorer allows remote attackers to bypass ...)
+ TODO: check
+CVE-2005-4088 (SQL injection vulnerability in index.php in phpForumPro 2.2 allows ...)
+ TODO: check
+CVE-2005-4087 (PHP remote file inclusion vulnerability in acceptDecline.php in Sugar ...)
+ TODO: check
+CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite ...)
+ TODO: check
+CVE-2005-4085
+ RESERVED
+CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier ...)
+ TODO: check
+CVE-2005-4083 (Directory traversal vulnerability in xs_edit.php in the eXtreme Styles ...)
+ TODO: check
+CVE-2005-4082 (The dhcp.client program for QNX 4.25 vmware is setuid, possibly by ...)
+ TODO: check
+CVE-2005-4081 (Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow ...)
+ TODO: check
+CVE-2005-4080 (Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 ...)
+ TODO: check
+CVE-2005-4079 (The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote ...)
+ TODO: check
+CVE-2005-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET ...)
+ TODO: check
+CVE-2005-4076 (Buffer overflow in Appfluent Technology Database IDS 2.0 allows local ...)
+ TODO: check
+CVE-2005-4075 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in ...)
+ TODO: check
+CVE-2005-4074 (Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and ...)
+ TODO: check
+CVE-2005-4073 (SQL injection vulnerability in view_archive.cfm in Magic List Pro 2.5 ...)
+ TODO: check
+CVE-2005-4072 (Cross-site scripting (XSS) vulnerability in Magic Forum Personal 2.5 ...)
+ TODO: check
+CVE-2005-4071 (Multiple SQL injection vulnerabilities in Magic Forum Personal 2.5 and ...)
+ TODO: check
+CVE-2005-4070
+ REJECTED
+ TODO: check
+CVE-2005-4069 (SunnComm MediaMax DRM 5.0.21.0 assigns insecure permissions to the ...)
+ TODO: check
+CVE-2005-4068 (Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 ...)
+ TODO: check
+CVE-2005-4067 (Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows ...)
+ TODO: check
+CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and ...)
NOT-FOR-US: Total Commander
CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac ...)
- trac 0.9.2-1 (medium)
@@ -119,7 +176,7 @@
NOT-FOR-US: Jax Calendar
CVE-2005-XXXX [Insufficient variable overwrite protection in phpmyadmin]
- phpmyadmin <not-affected> (Apparently affects only 2.7.0)
-CVE-2005-4077 [Off-By-One heap overflow in curl]
+CVE-2005-4077 (Multiple off-by-one errors in libcurl 7.11.2 through 7.15.0 and ...)
- curl 7.15.1-1 (bug #342339; medium)
[woody] - curl <not-affected> (Only curl >= 7.11 is vulnerable)
CVE-2005-XXXX [Buffer overflows in electricsheep]
@@ -1038,8 +1095,7 @@
NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3666 (Multiple unspecified format string vulnerabilities in multiple ...)
NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
-CVE-2005-3665 [Yet another phpmyadmin XSS]
- RESERVED
+CVE-2005-3665 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- phpmyadmin 4:2.6.4-pl4-2 (bug #340438; medium)
CVE-2004-2558 (Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, ...)
NOT-FOR-US: Tivoli
@@ -1152,8 +1208,8 @@
NOT-FOR-US: Kaspersky AV
CVE-2005-3662 (Off-by-one buffer overflow in pnmtopng before 2.39, when using the ...)
- netpbm-free <unfixed> (medium)
-CVE-2005-3661
- RESERVED
+CVE-2005-3661 (Dell TrueMobile 2300 Wireless Broadband Router running firmware ...)
+ TODO: check
CVE-2005-3660
RESERVED
CVE-2005-3659
@@ -2437,7 +2493,7 @@
- linux-2.6 2.6.13-1 (low)
[sarge] - kernel-source-2.6.8 2.6.8-16sarge1 (low)
[sarge] - kernel-source-2.4.27 2.4.27-10sarge1 (low)
-CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for ROSE in Linux 2.6 ...)
+CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for Radionet Open Source ...)
- linux-2.6 2.6.12-1
- kernel-source-2.4.27 <not-affected>
[sarge] - kernel-source-2.6.8 2.6.8-16sarge1
@@ -2617,8 +2673,7 @@
- tetex-bin 3.0-11 (bug #342292; medium)
- koffice <not-affected> (Vulnerable xpdf code not contained)
- libextractor 0.5.8-1 (medium)
-CVE-2005-3192 [xpdf stream predictor heap overflow]
- RESERVED
+CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpdf ...)
- xpdf 3.01-3 (bug #342281; bug #342337; medium)
- gpdf <unfixed> (bug #342286; medium)
- pdftohtml <unfixed> (bug #342289; medium)
More information about the Secure-testing-commits
mailing list