[Secure-testing-commits] r1403 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Jul 15 12:50:34 UTC 2005


Author: jmm-guest
Date: 2005-07-15 12:50:31 +0000 (Fri, 15 Jul 2005)
New Revision: 1403

Modified:
   data/CAN/list
Log:
new snmp dos issue


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-07-15 12:38:28 UTC (rev 1402)
+++ data/CAN/list	2005-07-15 12:50:31 UTC (rev 1403)
@@ -151,35 +151,35 @@
 	NOTE: not-for-us (Comersus)
 CAN-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 ...)
 	NOTE: not-for-us (Lantronix SecureLinx)
-begin claimed by jmm
 CAN-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...)
-	TODO: check
+	NOTE: not-for-us (McAfee IntruShield)
 CAN-2005-2187 (McAfee IntruShield Security Management System allows remote ...)
-	TODO: check
+	NOTE: not-for-us (McAfee IntruShield)
 CAN-2005-2186 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee ...)
-	TODO: check
+	NOTE: not-for-us (McAfee IntruShield)
 CAN-2005-2185 (eRoom does not set an expiration for Cookies, which allows remote ...)
-	TODO: check
+	NOTE: not-for-us (eRoom)
 CAN-2005-2184 (eRoom 6.x does not properly restrict files that can be attached, which ...)
-	TODO: check
+	NOTE: not-for-us (eRoom)
 CAN-2005-2183 (class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle ...)
-	TODO: check
+	NOTE: not-for-us (PhpXmail)
 CAN-2005-2182 (Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not ...)
-	TODO: check
+	NOTE: not-for-us (PhpXmail)
 CAN-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the ...)
-	TODO: check
+	NOTE: not-for-us (SIP phone hardware issue)
 CAN-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when ...)
 	TODO: check
 CAN-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 ...)
-	TODO: check
+	NOTE: not-for-us (Jaws)
 CAN-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands via ...)
-	TODO: check
+	NOTE: How bizarre, they assign a CVE Id without knowing which product contains
+	NOTE: the affected probe.cgi
 CAN-2005-2177 (Unknown vulnerability in Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before ...)
-	TODO: check
+	- net-snmp (unfixed; bug filed; medium)
 CAN-2005-2176 (Novell NetMail automatically processes HTML in an attachment without ...)
-	TODO: check
+	NOTE: not-for-us (Novell NetMail)
 CAN-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...)
-	TODO: check
+	NOTE: not-for-us (Notes)
 CAN-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 ...)
 	- bugzilla 2.18.3-1 (low)
 CAN-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to ...)
@@ -189,14 +189,13 @@
 CAN-2005-2171
 	NOTE: reserved
 CAN-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint ...)
-	TODO: check
+	NOTE: not-for-us (Tivoli)
 CAN-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 ...)
-	TODO: check
+	NOTE: not-for-us (AliveSites)
 CAN-2004-2211 (Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 ...)
-	TODO: check
+	NOTE: not-for-us (AliveSites)
 CAN-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...)
-	TODO: check
-end claimed by jmm
+	NOTE: not-for-us (Express-Web)
 CAN-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
 	TODO: check
 CAN-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)




More information about the Secure-testing-commits mailing list