[Secure-testing-commits] r1383 - data/CAN
Joey Hess
joeyh@costa.debian.org
Thu, 14 Jul 2005 10:17:58 +0000
Author: joeyh
Date: 2005-07-14 10:17:54 +0000 (Thu, 14 Jul 2005)
New Revision: 1383
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-14 09:33:55 UTC (rev 1382)
+++ data/CAN/list 2005-07-14 10:17:54 UTC (rev 1383)
@@ -1,3 +1,299 @@
+CAN-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet ...)
+ TODO: check
+CAN-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...)
+ TODO: check
+CAN-2005-2257 (The saveProfile function in PhpSlash 0.8.0 allows remote attackers to ...)
+ TODO: check
+CAN-2005-2256 (Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 ...)
+ TODO: check
+CAN-2005-2255 (Directory traversal vulnerability in PhpAuction 2.5 allows remote ...)
+ TODO: check
+CAN-2005-2254 (Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 ...)
+ TODO: check
+CAN-2005-2253 (SQL injection vulnerability in PhpAuction 2.5 allow remote attackers ...)
+ TODO: check
+CAN-2005-2252 (PhpAuction 2.5 allows remote attackers to bypass authentication and ...)
+ TODO: check
+CAN-2005-2251 (PHP remote file inclusion vulnerability in secure.php in ...)
+ TODO: check
+CAN-2005-2250 (Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 ...)
+ TODO: check
+CAN-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact ...)
+ TODO: check
+CAN-2005-2248 (Directory traversal vulnerability in DownloadProtect before 1.0.3 ...)
+ TODO: check
+CAN-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown ...)
+ TODO: check
+CAN-2005-2246 (Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 ...)
+ TODO: check
+CAN-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers ...)
+ TODO: check
+CAN-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and ...)
+ TODO: check
+CAN-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and ...)
+ TODO: check
+CAN-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
+ TODO: check
+CAN-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
+ TODO: check
+CAN-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...)
+ TODO: check
+CAN-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service via a ...)
+ TODO: check
+CAN-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to ...)
+ TODO: check
+CAN-2005-2237 (Format string vulnerability in the swcons command in IBM AIX 5.3, and ...)
+ TODO: check
+CAN-2005-2236 (Format string vulnerability in the paginit command in IBM AIX 5.3, and ...)
+ TODO: check
+CAN-2005-2235 (Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and ...)
+ TODO: check
+CAN-2005-2234 (Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, ...)
+ TODO: check
+CAN-2005-2233 (Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 ...)
+ TODO: check
+CAN-2005-2232 (Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow ...)
+ TODO: check
+CAN-2005-2231 (High Availability Linux Project Heartbeat 1.2.3 allows local users to ...)
+ TODO: check
+CAN-2005-2230 (Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the ...)
+ TODO: check
+CAN-2005-2229 (Blog Torrent 0.92 and earlier stores the data/newusers file under the ...)
+ TODO: check
+CAN-2005-2228 (Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message ...)
+ TODO: check
+CAN-2005-2227 (Softiacom wMailserver 1.0 stores passwords in plaintext in the ...)
+ TODO: check
+CAN-2005-2226 (Microsoft Outlook Express 6.0 leaks the default news server account ...)
+ TODO: check
+CAN-2005-2225 (Microsoft MSN Messenger allows remote attackers to cause a denial of ...)
+ TODO: check
+CAN-2005-2224 (aspnet_wp.exe in Microsoft ASP.NET web services allows remote ...)
+ TODO: check
+CAN-2005-2223 (Unknown vulnerability in the SMTP service in MailEnable Standard ...)
+ TODO: check
+CAN-2005-2222 (Unknown vulnerability in the HTTPMail service in MailEnable Professional ...)
+ TODO: check
+CAN-2005-2221 (Multiple SQL injection vulnerabilities in Dragonfly Commerce allows ...)
+ TODO: check
+CAN-2005-2220 (Dragonfly Commerce allows remote attackers to changing a product price ...)
+ TODO: check
+CAN-2005-2219 (Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to ...)
+ TODO: check
+CAN-2005-2218
+ NOTE: reserved
+CAN-2005-2217 (Dansie Shopping Cart stores the vars.dat file under the web root with ...)
+ TODO: check
+CAN-2005-2216 (PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo ...)
+ TODO: check
+CAN-2005-2215 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x ...)
+ TODO: check
+CAN-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...)
+ TODO: check
+CAN-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in MMS ...)
+ TODO: check
+CAN-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world ...)
+ TODO: check
+CAN-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...)
+ TODO: check
+CAN-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows ...)
+ TODO: check
+CAN-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as ...)
+ TODO: check
+CAN-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of service ...)
+ TODO: check
+CAN-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ ...)
+ TODO: check
+CAN-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote ...)
+ TODO: check
+CAN-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote attackers ...)
+ TODO: check
+CAN-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates (CA) ...)
+ TODO: check
+CAN-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers to ...)
+ TODO: check
+CAN-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web Server ...)
+ TODO: check
+CAN-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox ...)
+ TODO: check
+CAN-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server for ...)
+ TODO: check
+CAN-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...)
+ TODO: check
+CAN-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD before ...)
+ TODO: check
+CAN-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows ...)
+ TODO: check
+CAN-2005-2196
+ NOTE: reserved
+CAN-2005-2195
+ NOTE: reserved
+CAN-2005-2194
+ NOTE: reserved
+CAN-2005-2193 (SQL injection vulnerability in the user profile edit module in ...)
+ TODO: check
+CAN-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...)
+ TODO: check
+CAN-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus ...)
+ TODO: check
+CAN-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart allow ...)
+ TODO: check
+CAN-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 ...)
+ TODO: check
+CAN-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...)
+ TODO: check
+CAN-2005-2187 (McAfee IntruShield Security Management System allows remote ...)
+ TODO: check
+CAN-2005-2186 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee ...)
+ TODO: check
+CAN-2005-2185 (eRoom does not set an expiration for Cookies, which allows remote ...)
+ TODO: check
+CAN-2005-2184 (eRoom 6.x does not properly restrict files that can be attached, which ...)
+ TODO: check
+CAN-2005-2183 (class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle ...)
+ TODO: check
+CAN-2005-2182 (Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not ...)
+ TODO: check
+CAN-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the ...)
+ TODO: check
+CAN-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when ...)
+ TODO: check
+CAN-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 ...)
+ TODO: check
+CAN-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands via ...)
+ TODO: check
+CAN-2005-2177 (Unknown vulnerability in Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before ...)
+ TODO: check
+CAN-2005-2176 (Novell NetMail automatically processes HTML in an attachment without ...)
+ TODO: check
+CAN-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...)
+ TODO: check
+CAN-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 ...)
+ TODO: check
+CAN-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to ...)
+ TODO: check
+CAN-2005-2172
+ NOTE: reserved
+CAN-2005-2171
+ NOTE: reserved
+CAN-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint ...)
+ TODO: check
+CAN-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 ...)
+ TODO: check
+CAN-2004-2211 (Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 ...)
+ TODO: check
+CAN-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...)
+ TODO: check
+CAN-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
+ TODO: check
+CAN-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
+ TODO: check
+CAN-2004-2207 (Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB ...)
+ TODO: check
+CAN-2004-2206 (SQL injection vulnerability in NatterChat 1.12 allows remote attackers ...)
+ TODO: check
+CAN-2004-2205 (Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 ...)
+ TODO: check
+CAN-2004-2204 (Macromedia ColdFusion MX 6.0 and 6.1 application server, when running ...)
+ TODO: check
+CAN-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows ...)
+ TODO: check
+CAN-2004-2202 (SQL injection in DUware DUclassified 4.0 through 4.2 allows remote ...)
+ TODO: check
+CAN-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows ...)
+ TODO: check
+CAN-2004-2200 (Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through ...)
+ TODO: check
+CAN-2004-2199 (Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 ...)
+ TODO: check
+CAN-2004-2198 (account.asp in DUware DUclassmate 1.0 through 1.1 allows remote ...)
+ TODO: check
+CAN-2004-2197 (kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ...)
+ TODO: check
+CAN-2004-2196 (Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of ...)
+ TODO: check
+CAN-2004-2195 (PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite ...)
+ TODO: check
+CAN-2004-2194 (MailEnable Professional Edition before 1.53 and Enterprise Edition ...)
+ TODO: check
+CAN-2004-2193 (Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill ...)
+ TODO: check
+CAN-2004-2192 (SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic ...)
+ TODO: check
+CAN-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...)
+ TODO: check
+CAN-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact ...)
+ TODO: check
+CAN-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows ...)
+ TODO: check
+CAN-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis ...)
+ TODO: check
+CAN-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to ...)
+ TODO: check
+CAN-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...)
+ TODO: check
+CAN-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...)
+ TODO: check
+CAN-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0 through ...)
+ TODO: check
+CAN-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to ...)
+ TODO: check
+CAN-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows remote ...)
+ TODO: check
+CAN-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allows ...)
+ TODO: check
+CAN-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum ...)
+ TODO: check
+CAN-2004-2179 (asycpict.dll, as used in Microsoft products such as Front Page 97 and ...)
+ TODO: check
+CAN-2004-2178 (SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote ...)
+ TODO: check
+CAN-2004-2177 (Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 ...)
+ TODO: check
+CAN-2004-2176 (The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is ...)
+ TODO: check
+CAN-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow ...)
+ TODO: check
+CAN-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ...)
+ TODO: check
+CAN-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact ...)
+ TODO: check
+CAN-2004-2172 (EarlyImpact ProductCart uses a weak encryption scheme to encrypt ...)
+ TODO: check
+CAN-2004-2171 (Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 ...)
+ TODO: check
+CAN-2004-2170 (Directory traversal vulnerability in sample_showcode.html in Caravan ...)
+ TODO: check
+CAN-2004-2169 (Application Access Server (A-A-S) 1.0.37 and earlier allows remote ...)
+ TODO: check
+CAN-2004-2168 (BaSoMail 1.24 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CAN-2004-2167 (Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other ...)
+ TODO: check
+CAN-2004-2166 (The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and ...)
+ TODO: check
+CAN-2004-2165 (Lords of the Realm III 1.01 and earlier, when in the lobby stage, ...)
+ TODO: check
+CAN-2004-2164 (shoprestoreorder.asp in VP-ASP 5.0 does not close the database ...)
+ TODO: check
+CAN-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not ...)
+ TODO: check
+CAN-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
+ TODO: check
+CAN-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows ...)
+ TODO: check
+CAN-2004-2160 (Format string vulnerability in xml_elem.c for XMLStarlet Command Line ...)
+ TODO: check
+CAN-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 ...)
+ TODO: check
+CAN-2004-2158 (SQL injection vulnerability in Serendipity 0.7-beta1 allows remote ...)
+ TODO: check
+CAN-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity ...)
+ TODO: check
+CAN-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have ...)
+ TODO: check
+CAN-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...)
+ TODO: check
CAN-2005-XXXX [base-config log should not be world readable]
- base-config 2.68 (low)
CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick & Dirty ...)
@@ -41,8 +337,8 @@
NOTE: testing/sid should be affected, but that's a very minor issue and I'm
NOTE: currently too busy
- courier (unfixed; low)
-CAN-2005-2150
- NOTE: reserved
+CAN-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does ...)
+ TODO: check
CAN-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...)
- cacti 0.8.6f-1 (high)
CAN-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input validation to ...)
@@ -114,11 +410,12 @@
- cupsys 1.1.20final+rc1-1 (low)
CAN-2005-XXXX [Insecure tempfile generation in ekg]
- ekg (unfixed; bug #318059; medium)
-CAN-2005-2116 (Unknown vulnerability in the third-party XML-RPC library in Drupal ...)
+CAN-2005-2116
NOTE: rejected
+ {DSA-745-1}
CAN-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...)
NOTE: not-for-us (Soldier of Fortune)
-CAN-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4 and Camino 0.8.4 allow remote attackers ...)
+CAN-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and ...)
- mozilla-firefox (unfixed; low)
- mozilla (unfixed; low)
CAN-2005-XXXX [XSS, SQL injection and other issues in Wordpress]
@@ -138,6 +435,7 @@
CAN-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...)
- wordpress 1.5.1.3-1
CAN-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 ...)
+ {DSA-745-1}
- drupal 4.5.4-1
CAN-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass ...)
NOTE: not-for-us (IOS)
@@ -185,6 +483,7 @@
- texmacs (unfixed; bug #318100; medium)
CAN-2005-2095
NOTE: reserved
+ {DSA-756-1}
- squirrelmail (unfixed; #317094; medium)
CAN-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison the ...)
NOTE: not-for-us (Sun)
@@ -801,7 +1100,7 @@
{DSA-738-1}
NOTE: varying and apparently innacurate info about what versions fix it
- razor 2.720-1 (low)
-CAN-2005-2023 (Unknown vulnerability in gpg2 on SUSE Linux 9.3, when using S/MIME ...)
+CAN-2005-2023 (The send_pinentry_environment function in asshelp.c in gpg2 on SUSE ...)
NOTE: insufficient info, possibly SuSE specific
TODO: check
CAN-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...)
@@ -864,9 +1163,10 @@
CAN-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download ...)
NOTE: not-for-us (Finjan SurfinGate)
CAN-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...)
- {DSA-735-1}
+ {DSA-735-2 DSA-735-2 DSA-735-1}
- sudo 1.6.8p9-1 (medium)
CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...)
+ {DSA-748-1}
- ruby1.8 1.8.2-8 (medium)
- ruby1.9 1.9.0+20050623-1 (medium)
CAN-2005-1991
@@ -1163,7 +1463,8 @@
NOTE: not-for-us (Network Query Tool)
CAN-2001-1494 (script command in the util-linux package before 2.11n allows local ...)
- util-linux 2.11n-1
-CAN-2001-1492 ( ...)
+CAN-2001-1492
+ NOTE: rejected
TODO: check
CAN-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...)
NOTE: not-for-us (Opera)
@@ -1308,7 +1609,8 @@
CAN-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 ...)
{DSA-737-1}
- clamav 0.86.1-1 (low)
-CAN-2005-1921 (PEAR XML_RPC 1.3.0 and earlier, as used in products such as WordPress, ...)
+CAN-2005-1921 (PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC ...)
+ {DSA-746-1 DSA-747-1 DSA-745-1}
TODO: Track ITP #312413
NOTE: This will probably be re-organized by the CVE editor, but lets keep it for now,
NOTE: as it's the same issue
@@ -1332,13 +1634,14 @@
NOTE: reserved
CAN-2005-1914 [Insecure tempfile usage in centericq]
NOTE: reserved
+ {DSA-754-1}
- centericq 4.20.0-7 (medium)
CAN-2005-1913 [Kernel changelog for 2.6.12.1: Clean up subthread exec]
NOTE: reserved
TODO: Check 2.6.8
- kernel-source-2.6.11 2.6.11-6 (normal)
CAN-2005-1912
- NOTE: reserved
+ NOTE: rejected
CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...)
- leafnode 1.11.3.rel-1 (low)
CAN-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...)
@@ -1447,8 +1750,8 @@
NOTE: reserved
CAN-2005-1860
NOTE: reserved
-CAN-2005-1859
- NOTE: reserved
+CAN-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...)
+ TODO: check
CAN-2005-1857
NOTE: reserved
CAN-2005-1856
@@ -1467,8 +1770,8 @@
NOTE: reserved
CAN-2005-1849
NOTE: reserved
-CAN-2005-1848 [Unspecified DoS vulnerability in dhcpcd]
- NOTE: reserved
+CAN-2005-1848 (The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause ...)
+ {DSA-750-1}
- dhcpcd 1:1.3.22pl4-22 (medium)
CAN-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to ...)
NOTE: not-for-us (YaMT)
@@ -1482,9 +1785,10 @@
NOTE: reserved
CAN-2005-1842
NOTE: reserved
-CAN-2005-1841
- NOTE: reserved
+CAN-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, ...)
+ TODO: check
CAN-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory ...)
+ {DSA-744-1}
- fuse 2.3.0-1
CAN-2005-XXXX [Directory traversal in zoo]
- zoo (unfixed; bug #309594; medium)
@@ -1581,6 +1885,7 @@
CAN-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...)
NOTE: Cryptographic attack on AES, cannot be fixed
CAN-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...)
+ {DSA-749-1}
- ettercap 1:0.7.1-1.1
CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...)
NOTE: not-for-us (ClamAV on Mac OS X)
@@ -1635,9 +1940,10 @@
CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...)
NOTE: not-for-us (Avast)
CAN-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
+ {DSA-756-1}
- squirrelmail (unfixed; bug #314374; medium)
-CAN-2005-1768
- NOTE: reserved
+CAN-2005-1768 (Race condition in the ia32 compatibility code for the execve system ...)
+ TODO: check
CAN-2005-1767
NOTE: reserved
CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...)
@@ -1910,6 +2216,7 @@
NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
- wordpress 1.5.1-1
CAN-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...)
+ {DSA-753-1}
NOTE: Only exploitable under rare circumstances
- gedit 2.10.3-1 (low)
CAN-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...)
@@ -2202,7 +2509,7 @@
CAN-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler ...)
NOTE: According to Horms from kernel team 2.6.8 not affected
- kernel-source-2.6.11 2.6.11-5
-CAN-2005-1588 (SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows ...)
+CAN-2005-1588 (** DISPUTED ** ...)
NOTE: not-for-us (Quick.cart)
CAN-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart ...)
NOTE: not-for-us (Quick.cart)
@@ -2288,10 +2595,13 @@
CAN-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, ...)
NOTE: not-for-us (Bakbone Netvault)
CAN-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...)
+ {DSA-743-1}
- ht 0.8.0-2
CAN-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows ...)
+ {DSA-743-1}
- ht 0.8.0-3
CAN-2005-1544 (Stack-based buffer overflow in libTIFF before 1.53 allows remote ...)
+ {DSA-755-1}
NOTE: CVE info about vulnerable version number is bogus
- tiff 3.7.2-3
NOTE: tiff3g not in testing
@@ -2350,6 +2660,7 @@
{DSA-732-1}
- mailutils 1:0.6.1-3
CAN-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...)
+ {DSA-751-1}
- squid 2.5.9-9
CAN-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated ...)
NOTE: not-for-us (Solaris)
@@ -2864,7 +3175,7 @@
NOTE: not-for-us
CAN-2004-1861 (Invision NetSupport School Pro uses a weak encryption algorithm to ...)
NOTE: not-for-us
-CAN-2004-1860 (Buffer overflow in Check Point Smartview Tracker in Check Point NG AI ...)
+CAN-2004-1860 (Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 ...)
NOTE: not-for-us
CAN-2004-1859 (Directory traversal vulnerability in Trend Micro Interscan Web ...)
NOTE: not-for-us
@@ -3670,7 +3981,7 @@
CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...)
- tcpdump 3.9.0.cvs.20050614-1 (medium)
CAN-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...)
- {DSA-736-1}
+ {DSA-736-2 DSA-736-1}
- spamassassin 3.0.4-1 (bug #314447; medium)
CAN-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...)
- kernel-source-2.6.8 (unfixed; medium)
@@ -3690,6 +4001,7 @@
NOTE: see http://gaim.sourceforge.net/security/
- gaim 1:1.2.1-1.1
CAN-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard drive ...)
+ {DSA-741-1}
- bzip2 1.0.2-7
CAN-2005-1259
NOTE: reserved
@@ -3758,6 +4070,7 @@
CAN-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows ...)
- cpio (unfixed; bug #306693; medium)
CAN-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through ...)
+ {DSA-752-1}
- gzip 1.3.5-10
CAN-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier ...)
NOTE: not-for-us (PHPProjekt)
@@ -3775,8 +4088,8 @@
NOTE: not-for-us (ECommPro)
CAN-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain ...)
NOTE: not-for-us (Shoutbox)
-CAN-2005-1219
- NOTE: reserved
+CAN-2005-1219 (Buffer overflow in the Microsoft Color Management Module for Windows ...)
+ TODO: check
CAN-2005-1218
NOTE: reserved
CAN-2005-1217
@@ -4432,7 +4745,8 @@
CAN-2005-0989 (The find_replen function in jsstr.c in the the Javascript engine for ...)
- mozilla 1.7.7-1
- mozilla-firefox 1.0.2-3
-CAN-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier when decompressing a ...)
+CAN-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a ...)
+ {DSA-752-1}
- gzip 1.3.5-10
NOTE: Essentially the same as CAN-2005-0953
CAN-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...)
@@ -5076,6 +5390,7 @@
CAN-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files without ...)
- kdewebdev 3.3.2-6
CAN-2005-0753 (Buffer overflow in CVS before 1.11.20 allows remote attackers to ...)
+ {DSA-742-1}
- cvs 1.12.9-13
CAN-2005-0752 (The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote ...)
- mozilla-firefox 1.0.3-1
@@ -5670,8 +5985,8 @@
NOTE: not-for-us (Golden FTP Server)
CAN-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote ...)
NOTE: not-for-us (phpWebSite)
-CAN-2005-0564
- NOTE: reserved
+CAN-2005-0564 (Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and ...)
+ TODO: check
CAN-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web ...)
NOTE: not-for-us (Microsoft)
CAN-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...)
@@ -12760,7 +13075,7 @@
{DSA-248}
CAN-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local ...)
{DSA-252}
-CAN-2003-0049 (AFP in Mac OS X before 10.2.4 allows administrators to log in as other ...)
+CAN-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows ...)
NOTE: not-for-us (MacOS)
CAN-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...)
NOTE: apparently fixed upstream 2002-11-12 changelog
@@ -13220,7 +13535,7 @@
CAN-2002-1348
{DSA-251 DSA-250 DSA-249}
- w3mmee 0.3.p24.17-3
-CAN-2002-1347 (Buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote ...)
+CAN-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier ...)
- libsasl2 2.1.10-1
CAN-2002-1346
NOTE: reserved
@@ -14517,7 +14832,7 @@
CAN-2002-0056 (Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to ...)
CAN-2002-0053 (Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows ...)
CAN-2002-0048 (Multiple signedness errors (mixed signed and unsigned numbers) in the ...)
-CAN-2002-0041 (Vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and possibly ...)
+CAN-2002-0041 (Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and ...)
CAN-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier ...)
CAN-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass ...)
CAN-2002-0035
@@ -14728,7 +15043,7 @@
CAN-2001-1152 (Baltimore Technologies WEBsweeper 4.02, when used to manage URL ...)
CAN-2001-1151 (Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 ...)
CAN-2001-1150 (Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate ...)
-CAN-2001-1148 (Buffer overflows in programs used by scoadmin and sysadmsh in SCO ...)
+CAN-2001-1148 (Multiple buffer overflows in programs used by scoadmin and sysadmsh in ...)
CAN-2001-1143 (IBM DB2 7.0 allows a remote attacker to cause a denial of service ...)
CAN-2001-1142 (ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, ...)
CAN-2001-1140 (BadBlue Personal Edition v1.02 beta allows remote attackers to read ...)
@@ -16167,7 +16482,7 @@
CAN-1999-0844 (Denial of service in MDaemon WorldClient and WebConfig services via ...)
CAN-1999-0843 (Denial of service in Cisco routers running NAT via a PORT command from ...)
CAN-1999-0841 (Buffer overflow in CDE mailtool allows local users to gain root ...)
-CAN-1999-0840 (Buffer overflow in CDE dtmail and dtmailpr programs via the -f ...)
+CAN-1999-0840 (Buffer overflow in CDE dtmail and dtmailpr programs allows local users ...)
CAN-1999-0830 (Buffer overflow in SCO UnixWare Xsco command via a long argument. ...)
CAN-1999-0829 (HP Secure Web Console uses weak encryption. ...)
CAN-1999-0828 (UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam ...)