[Secure-testing-commits] r3011 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Mon Dec 12 10:19:27 UTC 2005
Author: jmm-guest
Date: 2005-12-12 10:19:22 +0000 (Mon, 12 Dec 2005)
New Revision: 3011
Modified:
data/CVE/list
Log:
two historic asn1c issues
three historic phpmyadmin issues
one thttpd not-affected
two probably historic vserver issues; Micah, can you
check these?
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-12 09:54:26 UTC (rev 3010)
+++ data/CVE/list 2005-12-12 10:19:22 UTC (rev 3011)
@@ -424,94 +424,92 @@
- openmotif <unfixed> (bug #342092; medium)
CVE-2005-3963 (SQL injection vulnerability in session.php in DotClear before 1.2.3 ...)
NOT-FOR-US: DotClear
-begin claimed by jmm
CVE-2004-2649 (Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in ...)
- TODO: check
+ NOT-FOR-US: Eudora
CVE-2004-2648 (FreezeX 1.00.100.0666 allows local users with administrator privileges ...)
- TODO: check
+ NOT-FOR-US: FreezeX
CVE-2004-2647 (Free Web Chat 2.0 allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOT-FOR-US: Free Web Chat
CVE-2004-2646 (The addUser function in UserManager.java in Free Web Chat 2.0 allows ...)
- TODO: check
+ NOT-FOR-US: Free Web Chat
CVE-2004-2645 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has ...)
- TODO: check
+ - asn1c <not-affected> (Fixed before upload into archive; 0.9.7)
CVE-2004-2644 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has ...)
- TODO: check
+ - asn1c <not-affected> (Fixed before upload into archive; 0.9.7)
CVE-2004-2643 (Directory traversal vulnerability in Microsoft cabarc allows remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft cabarc
CVE-2004-2642 (Yeemp 0.9.9 and earlier does properly encrypt inbound files, which ...)
- TODO: check
+ NOT-FOR-US: Yeemp
CVE-2004-2641 (Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire ...)
- TODO: check
+ NOT-FOR-US: Sun appliances
CVE-2004-2640 (Directory traversal vulnerability in lstat.cgi in LinuxStat before ...)
- TODO: check
+ NOT-FOR-US: LinuxStat
CVE-2004-2639 (Unspecified vulnerability in Journalness 3.0.7 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: Journalness
CVE-2004-2638 (The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: osCommerce
CVE-2004-2637 (The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code ...)
- TODO: check
+ NOT-FOR-US: Zyxel hardware
CVE-2004-2636 (TinyWeb 1.9 allows remote attackers to read source code of scripts via ...)
- TODO: check
+ NOT-FOR-US: TinyWeb
CVE-2004-2635 (An ActiveX control for McAfee Security Installer Control System ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2004-2634 (The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2004-2633 (Unspecified vulnerability in Sesamie 1.0 allows remote anonymous ...)
- TODO: check
+ NOT-FOR-US: Sesamie
CVE-2004-2632 (phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify ...)
- TODO: check
+ - phpmyadmin 1:2.5.7-pl1-1
CVE-2004-2631 (Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to ...)
- TODO: check
+ - phpmyadmin 1:2.5.7-pl1-1
CVE-2004-2630 (The MIME transformation system ...)
- TODO: check
+ - phpmyadmin 2:2.6.0-pl2-1
CVE-2004-2629 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
- TODO: check
+ NOT-FOR-US: Click to Meet express
CVE-2004-2628 (Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, ...)
- TODO: check
+ - thttpd <not-affected> (Windows-specific vulnerabilities)
CVE-2004-2627 (Java 2 Micro Edition (J2ME) does not properly validate bytecode, which ...)
- TODO: check
+ NOT-FOR-US: J2ME
CVE-2004-2626 (GUI overlay vulnerability in the Java API in Siemens S55 cellular ...)
- TODO: check
+ NOT-FOR-US: Siemens cell phone
CVE-2004-2625 (Cross-site scripting (XSS) vulnerability in Outblaze Email allows ...)
- TODO: check
+ NOT-FOR-US: Outblaze Email
CVE-2004-2624 (Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki ...)
- TODO: check
+ NOT-FOR-US: WackoWiki
CVE-2004-2623 (Unknown vulnerability in Rippy the Aggregator before 0.10, when ...)
- TODO: check
+ NOT-FOR-US: Rippy the Aggregator
CVE-2004-2622 (AClient.exe in Altiris Deployment Solution 6.x and 5.x does not ...)
- TODO: check
+ NOT-FOR-US: Altiris Deployment Solution
CVE-2004-2621 (Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when ...)
- TODO: check
+ NOT-FOR-US: Nortel Contivity VPN client
CVE-2004-2620 (The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly ...)
- TODO: check
+ NOT-FOR-US: ripMIME
CVE-2004-2619 (ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail ...)
- TODO: check
+ NOT-FOR-US: ripMIME
CVE-2004-2618 (Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) ...)
- TODO: check
+ NOT-FOR-US: Pegasi Web Server
CVE-2004-2617 (Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 ...)
- TODO: check
+ NOT-FOR-US: Pegasi Web Server
CVE-2004-2616 (The file server in ActivePost Standard 3.1 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: ActivePost Standard
CVE-2004-2615 (The documentation for CuteNews 1.3.6 and possibly other versions ...)
- TODO: check
+ NOT-FOR-US: Cutenews
CVE-2004-2614 (Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: MyWeb
CVE-2004-2613 (Unspecified vulnerability in procfs in the Linux-VServer stable branch ...)
- TODO: check
+ TODO: Micah, can you have a look at this?
CVE-2004-2612 (BNC 2.9.0 only grants access when an incorrect password is provided, ...)
- TODO: check
+ NOT-FOR-US: BNC
CVE-2004-2611 (The Change Permissions function in the Sophster suite before 0.9.6 28 ...)
- TODO: check
+ NOT-FOR-US: Sophster suite
CVE-2004-2610 (mntd_mount.c in mntd before 0.4.2 might allow local users to gain ...)
- TODO: check
+ NOT-FOR-US: mntd
CVE-2004-2609 (The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 ...)
- TODO: check
+ NOT-FOR-US: Symantec PowerQuest DeployCenter
CVE-2004-2608 (SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news ...)
- TODO: check
+ NOT-FOR-US: SmartWebby Smart Guest Book
CVE-2003-1288 (Multiple race conditions in Linux-VServer 1.22 with Linux kernel ...)
- TODO: check
-end claimed by jmm
+ TODO: Micah, can you have a look at this?
CVE-2004-2607 (A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to ...)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
- kernel-source-2.4.27 2.4.27-8
More information about the Secure-testing-commits
mailing list