[Secure-testing-commits] r1319 - data/CAN
Joey Hess
joeyh@costa.debian.org
Sat, 02 Jul 2005 09:14:18 +0000
Author: joeyh
Date: 2005-07-02 09:14:15 +0000 (Sat, 02 Jul 2005)
New Revision: 1319
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-01 22:10:20 UTC (rev 1318)
+++ data/CAN/list 2005-07-02 09:14:15 UTC (rev 1319)
@@ -1,3 +1,115 @@
+CAN-2005-2116 (Unknown vulnerability in the third-party XML-RPC library in Drupal ...)
+ TODO: check
+CAN-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...)
+ TODO: check
+CAN-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4 and Camino 0.8.4 allow remote attackers ...)
+ TODO: check
+CAN-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...)
+ TODO: check
+CAN-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 ...)
+ TODO: check
+CAN-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote attackers to ...)
+ TODO: check
+CAN-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain ...)
+ TODO: check
+CAN-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...)
+ TODO: check
+CAN-2005-2108 (SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and ...)
+ TODO: check
+CAN-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...)
+ TODO: check
+CAN-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 ...)
+ TODO: check
+CAN-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass ...)
+ TODO: check
+CAN-2005-2104
+ NOTE: reserved
+CAN-2005-2103
+ NOTE: reserved
+CAN-2005-2102
+ NOTE: reserved
+CAN-2005-2101
+ NOTE: reserved
+CAN-2005-2100
+ NOTE: reserved
+CAN-2005-2099
+ NOTE: reserved
+CAN-2005-2098
+ NOTE: reserved
+CAN-2005-2097
+ NOTE: reserved
+CAN-2005-2096
+ NOTE: reserved
+CAN-2005-2095
+ NOTE: reserved
+CAN-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison the ...)
+ TODO: check
+CAN-2005-2093 (Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote ...)
+ TODO: check
+CAN-2005-2092 (BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web ...)
+ TODO: check
+CAN-2005-2091 (IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison ...)
+ TODO: check
+CAN-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) ...)
+ TODO: check
+CAN-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ...)
+ TODO: check
+CAN-2005-2088 (Apache 2.0.45 and 1.3.29 allows remote attackers to poison the web ...)
+ TODO: check
+CAN-2005-2087 (Internet Explorer 6.0.2900.2180 on Windows XP allows remote attackers ...)
+ TODO: check
+CAN-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in phpBB ...)
+ TODO: check
+CAN-2005-2085 (Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 ...)
+ TODO: check
+CAN-2005-2084 (Cross-site scripting (XSS) vulnerability in SearchResults.aspx in ...)
+ TODO: check
+CAN-2005-2083 (Format string vulnerability in IMAP4 in IA eMailServer Corporate ...)
+ TODO: check
+CAN-2005-2082 (im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to ...)
+ TODO: check
+CAN-2005-2081 (Stack-based buffer overflow in the function that parses commands in ...)
+ TODO: check
+CAN-2005-2080 (Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in ...)
+ TODO: check
+CAN-2005-2079 (Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS ...)
+ TODO: check
+CAN-2005-1932 (Lpanel 1.59 and earlier, and other versions before 1.597, allows ...)
+ TODO: check
+CAN-2005-1931 (GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of ...)
+ TODO: check
+CAN-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management Software ...)
+ TODO: check
+CAN-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...)
+ TODO: check
+CAN-2004-2151 (Chatman 1.1.1 RCL and earlier allows remote attackers to cause a ...)
+ TODO: check
+CAN-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays different ...)
+ TODO: check
+CAN-2004-2149 (Buffer overflow in the prepared statements API in libmysqlclient for ...)
+ TODO: check
+CAN-2004-2148 (Unknown local vulnerability in the "change user" feature of Slava ...)
+ TODO: check
+CAN-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook ...)
+ TODO: check
+CAN-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...)
+ TODO: check
+CAN-2004-2145 (SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...)
+ TODO: check
+CAN-2004-2144 (Baal Smart Forms before 3.2 allows remote attackers to bypass ...)
+ TODO: check
+CAN-2004-2143 (SQL injection vulnerability in the ReMOSitory module in Mambo Portal ...)
+ TODO: check
+CAN-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in the RMT ...)
+ TODO: check
+CAN-2004-2141 (Cross-site scripting (XSS) vulnerability in YaBBC.pl in YaBB 1 Gold ...)
+ TODO: check
+CAN-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote ...)
+ TODO: check
+CAN-2004-2139 (Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows ...)
+ TODO: check
+CAN-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in ...)
+ TODO: check
CAN-2005-XXXX [proftpd: format string vulnerability in mod_sql's SQLShowInfo]
- proftpd 1.2.10-20 (medium)
CAN-2005-XXXX [XSS, SQL injection and other issues in Wordpress]
@@ -22,10 +134,10 @@
NOTE: not-for-us (Solaris)
CAN-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...)
- clamav 0.86-1 (medium)
-CAN-2005-2069
- NOTE: reserved
-CAN-2005-2068
- NOTE: reserved
+CAN-2005-2069 (pam_ldap and OpenLDAP, when connecting to a slave using TLS, does not ...)
+ TODO: check
+CAN-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers ...)
+ TODO: check
CAN-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of ...)
NOTE: not-for-us (ASP Nuke)
CAN-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 ...)
@@ -478,7 +590,7 @@
NOTE: not-for-us (JAF CMS)
CAN-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...)
NOTE: not-for-us (RealPlayer)
-CAN-2005-2051 (Buffer overflow in the Backup Exec Web Administration Console (BEWAC) ...)
+CAN-2005-2051 (Buffer overflow in the VERITAS Backup Exec Web Administration Console ...)
NOTE: not-for-us (BEWAC)
CAN-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers ...)
- tor 0.0.9.10-1 (medium)
@@ -549,8 +661,8 @@
NOTE: not-for-us (cPanel)
CAN-2005-2020
NOTE: reserved
-CAN-2005-2019
- NOTE: reserved
+CAN-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) ...)
+ TODO: check
CAN-2005-2018
NOTE: reserved
CAN-2005-2017
@@ -1006,7 +1118,7 @@
CAN-2005-1939
NOTE: reserved
CAN-2005-1938
- NOTE: reserved
+ NOTE: rejected
CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...)
- mozilla-firefox 1.0.4-3 (medium)
CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...)
@@ -1039,14 +1151,11 @@
NOTE: reserved
CAN-2005-1924
NOTE: reserved
-CAN-2005-1923 [clamav: DoS through malformed CAB archive headers]
- NOTE: reserved
+CAN-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...)
- clamav (unfixed; bug #316401; medium)
-CAN-2005-1922 [clamav: DoS through file descriptor leaks in cli_msexpand()]
- NOTE: reserved
+CAN-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 ...)
- clamav (unfixed; bug #316462; medium)
-CAN-2005-1921 [Remote code execution through Serendipity's XMPRPC parser]
- NOTE: reserved
+CAN-2005-1921 (PEAR XML_RPC 1.3.0 and earlier, as used in products such as WordPress, ...)
TODO: Track ITP #312413
CAN-2005-1920
NOTE: reserved
@@ -1371,16 +1480,14 @@
NOTE: reserved
CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...)
NOTE: not-for-us (RealPlayer)
-CAN-2005-1765 [Unspecified DoS vulnerability on amd64]
- NOTE: reserved
+CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...)
- kernel-source-2.6.8 (unfixed; unknown)
CAN-2005-1764 [Unspecified DoS vulnerability on amd64]
NOTE: reserved
- kernel-source-2.6.8 (unfixed; unknown)
CAN-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...)
- kernel-source-2.6.8 (unfixed; unknown)
-CAN-2005-1762 [Unspecified DoS vulnerability on amd64]
- NOTE: reserved
+CAN-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 ...)
- kernel-source-2.6.8 (unfixed; unknown)
CAN-2005-1761 [Kernel changelog for 2.6.12.1: ia64 ptrace + sigrestore_context]
NOTE: reserved
@@ -1630,7 +1737,7 @@
CAN-2005-1691
NOTE: reserved
CAN-2005-1690
- NOTE: reserved
+ NOTE: rejected
CAN-2005-1689
NOTE: reserved
CAN-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...)
@@ -4754,12 +4861,12 @@
NOTE: not-for-us (PhotoPost)
CAN-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts ...)
NOTE: not-for-us (PhotoPost)
-CAN-2005-0773
- NOTE: reserved
-CAN-2005-0772 (NDMLSRVR.DLL in VERITAS Backup Exec 10.0, 10.0 SP1, and possibly ...)
+CAN-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 ...)
+ TODO: check
+CAN-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 ...)
NOTE: not-for-us (VERITAS Backup Exec)
-CAN-2005-0771
- NOTE: reserved
+CAN-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows ...)
+ TODO: check
CAN-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...)
NOTE: not-for-us (IDA Pro)
CAN-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet ...)
@@ -6330,8 +6437,7 @@
NOTE: rejected
CAN-2005-0394
NOTE: reserved
-CAN-2005-0393
- NOTE: reserved
+CAN-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, ...)
{DSA-733-1}
CAN-2005-0392 (ppxp does not drop root privileges before opening log files, which ...)
{DSA-725-1}
@@ -6403,8 +6509,8 @@
NOTE: not-for-us (bind on hp-ux)
CAN-2005-0361
NOTE: reserved
-CAN-2005-0360
- NOTE: reserved
+CAN-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked ...)
+ TODO: check
CAN-2005-0359
NOTE: reserved
CAN-2005-0358