[Secure-testing-commits] r3066 - data/CVE
Joey Hess
joeyh at costa.debian.org
Fri Dec 16 04:11:04 UTC 2005
Author: joeyh
Date: 2005-12-16 04:10:56 +0000 (Fri, 16 Dec 2005)
New Revision: 3066
Modified:
data/CVE/list
Log:
processed old CVEs
also removed unterminated block claim
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-15 23:18:49 UTC (rev 3065)
+++ data/CVE/list 2005-12-16 04:10:56 UTC (rev 3066)
@@ -1,4 +1,3 @@
-begin claimed by jmm
CVE-2005-4266 (WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a ...)
NOT-FOR-US: Alt-N MDaemon and WorldClient
CVE-2005-4265 (Alt-N MDaemon and WorldClient 8.1.3 allows remote attackers to cause a ...)
@@ -1466,8 +1465,8 @@
CVE-2004-2553 (The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows ...)
NOT-FOR-US: ignitionServer
CVE-2004-2552 (Buffer overflow in XBoard 4.2.7 and earlier might allow local users to ...)
- - xboard <unfixed> (unimportant)
- TODO: hardly exploitable, should be fixed anyway
+ - xboard <unfixed> (bug #343560; unimportant)
+ NOTE: hardly exploitable, should be fixed anyway
CVE-2004-2551 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow ...)
NOT-FOR-US: Layton HelpBox
CVE-2004-2550 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...)
@@ -2027,163 +2026,170 @@
CVE-2002-2205 (Buffer overflow in Webresolve 0.1.0 and earlier allows remote ...)
NOT-FOR-US: webresolve
CVE-2002-2204 (The default --checksig setting in RPM Package Manager 4.0.4 checks ...)
- TODO: check
+ NOTE: verified with rpm 4.4.1, but this can hardly affect debian at
+ NOTE: all since it requires rpm be configured to trust some key,
+ NOTE: which in debian requires a manual and non-documented
+ NOTE: initialization of the rpm database which is not configured in
+ NOTE: the package
+ TODO: file bug?
CVE-2002-2203 (Unknown vulnerability in the System Serial Console terminal in Solaris ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2002-2202 (Outlook Express 6.0 does not delete messages from dbx files, even when ...)
- TODO: check
+ NOT-FOR-US: Outlook Express
CVE-2002-2201 (The Printer Administration module for Webmin 0.990 and earlier allows ...)
- TODO: check
+ - webmin 1.000 (high)
CVE-2002-2200 (Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote ...)
- TODO: check
+ NOTE: not-for-us (Benjamin Lefevre Dobermann FORUM)
CVE-2002-2199 (The default aide.conf file in Advanced Intrusion Detection Environment ...)
- TODO: check
+ NOTE: freebsd misconfiguration
CVE-2002-2198 (Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to ...)
- TODO: check
+ - zmailer 2.99.51_1 (high)
CVE-2002-2197 (Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2002-2196 (Samba 2.2.5 and earlier does not properly terminate the ...)
- TODO: check
+ - samba 2.2.5 (high)
CVE-2002-2195 (Buffer overflow in the version update check for Winamp 2.80 and ...)
- TODO: check
+ NOT-FOR-US: Winamp
CVE-2002-2194 (Solaris 8 allows local users to cause a denial of service (kernel ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2002-2193 (Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 ...)
- TODO: check
+ NOT-FOR-US: Mojo Mail
CVE-2002-2192 (Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 ...)
- TODO: check
+ NOT-FOR-US: Perception LiteServe
CVE-2002-2191 (Lotus Domino 5.0.9a and earlier, even when configured with the ...)
- TODO: check
+ NOT-FOR-US: (Lotus Domino
CVE-2002-2190 (ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext ...)
- TODO: check
+ NOT-FOR-US: ArtsCore Studios CuteCast Forum
CVE-2002-2189 (Cross-site scripting (XSS) vulnerability in ActiveXperts Software ...)
- TODO: check
+ NOT-FOR-US: ActiveXperts Software ActiveWebserver
CVE-2002-2188 (OpenBSD before 3.2 allows local users to cause a denial of service ...)
- TODO: check
+ NOT-FOR-US: OpenBSD kernel
CVE-2002-2187 (Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, ...)
- TODO: check
+ NOT-FOR-US: Macromedia JRun
CVE-2002-2186 (Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the ...)
- TODO: check
+ NOT-FOR-US: Macromedia JRun
CVE-2002-2185 (The Internet Group Management Protocol (IGMP) allows local users to ...)
+ NOTE: fixed in IRIX..
TODO: check
CVE-2002-2184 (Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP ...)
- TODO: check
+ NOT-FOR-US: DigiChat
CVE-2002-2183 (phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: phpShare
CVE-2002-2182 (Buffer overflow in Seunghyun Seo's MSN666 MSN Sniffer 1.0 and 1.0.1 ...)
- TODO: check
+ NOT-FOR-US: MSN666
CVE-2002-2181 (SonicWall Content Filtering allows local users to access prohibited ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2002-2180 (The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not ...)
- TODO: check
+ NOT-FOR-US: OpenBSD kernel
CVE-2002-2179 (The dynamic initialization feature of the ClearPath MCP environment ...)
- TODO: check
+ NOT-FOR-US: ClearPath MCP
CVE-2002-2178 (Cross-site scripting (XSS) vulnerability in article.php module for ...)
- TODO: check
+ NOT-FOR-US: phpWebSite
CVE-2002-2177 (BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2002-2176 (SQL injection vulnerability in Gender MOD 1.1.3 allows remote ...)
- TODO: check
+ NOT-FOR-US: Gender MOD
CVE-2002-2175 (phpSquidPass before 0.2 uses an incomplete regular expression to find ...)
- TODO: check
+ NOT-FOR-US: phpSquidPass
CVE-2002-2174 (The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number ...)
- TODO: check
+ NOT-FOR-US: 602Pro LAN SUITE
CVE-2002-2173 (Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing ...)
- TODO: check
+ NOT-FOR-US: Trillian
CVE-2002-2172 (Informed (1) Designer and (2) Filler 3.05 does not zero out newly ...)
- TODO: check
+ NOT-FOR-US: Informed Designer, Informed Filler
CVE-2002-2171 (Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows ...)
- TODO: check
+ NOT-FOR-US: acWEB
CVE-2002-2170 (Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 ...)
- TODO: check
+ NOT-FOR-US: BadBlue Enterprise Edition
CVE-2002-2169 (Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and ...)
- TODO: check
+ NOT-FOR-US: AIM
CVE-2002-2168 (SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 ...)
- TODO: check
+ NOT-FOR-US: 123tkShop
CVE-2002-2167 (Directory traversal vulnerability in function_foot_1.inc.php for ...)
- TODO: check
+ NOT-FOR-US: 123tkShop
CVE-2002-2166 (Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 ...)
- TODO: check
+ NOT-FOR-US: FuseTalk
CVE-2002-2165 (The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER ...)
- TODO: check
+ NOT-FOR-US: IMHO Webmail for Roxen
CVE-2002-2164 (Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows ...)
- TODO: check
+ NOT-FOR-US: MSIE
CVE-2002-2163 (KvPoll 1.1 allows remote authenticated users to vote more than once by ...)
- TODO: check
+ NOT-FOR-US: KvPoll
CVE-2002-2162 (Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) ...)
- TODO: check
+ NOT-FOR-US: Trillian
CVE-2002-2161 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: Kerio Personal Firewall
CVE-2002-2160 (MidiCart (1) PHP, (2) PHP Plus, and (3) PHP Maxi does not restrict ...)
- TODO: check
+ NOT-FOR-US: MidiCart
CVE-2002-2159 (Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the ...)
- TODO: check
+ NOT-FOR-US: Linksys hardware
CVE-2002-2158 (zenTrack 2.0.3 and earlier allows remote attackers to obtain the full ...)
- TODO: check
+ NOT-FOR-US: zenTrack
CVE-2002-2157 (calendar.php in Jelsoft Enterprises vBulletin 2.2.0 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2002-2156 (Buffer overflow in Trillian 0.73 allows remote IRC servers to execute ...)
- TODO: check
+ NOT-FOR-US: Trillian
CVE-2002-2155 (Format string vulnerability in the error handling of IRC invite ...)
- TODO: check
+ NOT-FOR-US: Trillian
CVE-2002-2154 (Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows ...)
- TODO: check
+ NOT-FOR-US: Monkey HTTP Daemon
CVE-2002-2153 (Format string vulnerability in the administrative pages of the PL/SQL ...)
- TODO: check
+ NOT-FOR-US: Oracle Application Server
CVE-2002-2152 (The Czech edition of Software602's Web Server before 2002.0.02.0916 ...)
- TODO: check
+ NOT-FOR-US: Software602
CVE-2002-2151 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...)
- TODO: check
+ NOT-FOR-US: Search97
CVE-2002-2150 (Firewalls from multiple vendors empty state tables more slowly than ...)
- TODO: check
+ NOTE: SYN floods etc generally filed as issues in linux specifically
+ NOTE: if it is affected
CVE-2002-2149 (Buffer overflow in Lucent Access Point 300, 600, and 1500 Service ...)
- TODO: check
+ NOT-FOR-US: Lucent Access Point
CVE-2002-2148 (Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline ...)
- TODO: check
+ NOT-FOR-US: Lucent MAX Router
CVE-2002-2147 (Savant Web Server 3.1 and earlier allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: Savant Web Server
CVE-2002-2146 (cgitest.exe in Savant Web Server 3.1 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: Savant Web Server
CVE-2002-2145 (Savant Web Server 3.1 and earlier allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Savant Web Server
CVE-2002-2144 (Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows ...)
- TODO: check
+ NOT-FOR-US: BearShare
CVE-2002-2143 (The admin.html file in MySimple News 1.0 stores its administrative ...)
- TODO: check
+ NOT-FOR-US: MySimple News
CVE-2002-2142 (An undocumented extension for the Servlet mappings in the Servlet 2.3 ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2002-2141 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2002-2140 (Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2002-2139 (Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2002-2138 (RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when ...)
- TODO: check
+ NOT-FOR-US: HP Advanced Server
CVE-2002-2137 (GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and ...)
- TODO: check
+ NOT-FOR-US: GlobalSunTech Wireless Access Points
CVE-2002-2136 (The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) ...)
- TODO: check
+ NOT-FOR-US: SUNW*
CVE-2002-2135 (OnlineJFS and JournalFS.VXFS-BASE-KRN (JFS 3.1) in HP-UX 10.20 through ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2002-2134 (haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP ...)
- TODO: check
+ NOT-FOR-US: PEEL
CVE-2002-2133 (Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption ...)
- TODO: check
+ NOT-FOR-US: Telindus 1100 ASDL router
CVE-2002-2132 (Windows File Protection (WFP) in Windows 2000 and XP does not remove ...)
- TODO: check
+ NOT-FOR-US: Windows
CVE-2002-2131 (Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows ...)
- TODO: check
+ NOT-FOR-US: Perl-HTTPd
CVE-2002-2130 (publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to ...)
- TODO: check
+ - gallery 1.3.3 (high)
CVE-2002-2129 (Cross-site scripting vulnerability (XSS) in editform.php for w-Agora ...)
- TODO: check
+ NOT-FOR-US: w-Agora
CVE-2002-2128 (editform.php in w-Agora 4.1.5 allows local users to execute arbitrary ...)
- TODO: check
+ NOT-FOR-US: w-Agora
CVE-2002-2127 (Integrity Protection Driver (IPD) 1.2 and earlier blocks access to ...)
- TODO: check
+ NOT-FOR-US: Integrity Protection Driver (IPD)
CVE-2002-2126 (restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver ...)
- TODO: check
+ NOT-FOR-US: Integrity Protection Driver (IPD)
CVE-2002-2125 (Internet Explorer 6.0 does not warn users when an expired certificate ...)
NOT-FOR-US: MSIE
CVE-2000-1238 (BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows ...)
@@ -2491,7 +2497,7 @@
CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in ...)
NOT-FOR-US: FlatNuke
CVE-2005-3360 (The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 ...)
- TODO: check
+ NOT-FOR-US: Trend Micro PC-Cillin Internet Security 2005
CVE-2005-3359
RESERVED
CVE-2005-3358 (Linux kernel 2.6.x, possibly before 2.6.11, allows local users to ...)
@@ -3303,7 +3309,6 @@
- libnss-ldap 199-1 (bug #169793)
CVE-2004-XXXX [Firefox doesn't clear all cookies]
- mozilla-firefox <unfixed> (bug #203034; bug #235932; low)
- TODO: Re-check this, most probably fixed by now
CVE-2004-XXXX [Insecure temp files in amanda's chg-manual]
- amanda <unfixed> (bug #226139; low)
CVE-2004-XXXX [Buffer overflow in wdm's login]
More information about the Secure-testing-commits
mailing list