[Secure-testing-commits] r1496 - data/CAN
Joey Hess
joeyh at costa.debian.org
Sat Jul 30 04:21:01 UTC 2005
Author: joeyh
Date: 2005-07-30 04:20:57 +0000 (Sat, 30 Jul 2005)
New Revision: 1496
Modified:
data/CAN/list
Log:
processed block, pulled in a few previously tracked items
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-30 03:59:53 UTC (rev 1495)
+++ data/CAN/list 2005-07-30 04:20:57 UTC (rev 1496)
@@ -165,64 +165,63 @@
NOTE: reserved
CAN-2005-2315
NOTE: reserved
-begin claimed by joeyh
CAN-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (PHPsFTPd)
CAN-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows ...)
- TODO: check
+ NOTE: not-for-us (Check Point SecuRemote NG with Application Intelligence)
CAN-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows remote ...)
- TODO: check
+ NOTE: not-for-us (Realnode Emilda)
CAN-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...)
- TODO: check
+ - sms-pl (unfixed; bug filed; low)
+ NOTE: vulnerable contrib file only in source package
CAN-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Winamp)
CAN-2005-2309 (Opera 8.01 allows remote attackers to cause a denial of service (CPU ...)
- TODO: check
+ NOTE: not-for-us (Opera)
CAN-2005-2308 (The JPEG decoder in Microsoft Internet Explorer allows remote ...)
- TODO: check
+ NOTE: not-for-us (MSIE)
CAN-2005-2307 (netman.dll in Microsoft Windows Connections Manager Library allows ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2005-2306 (Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when ...)
- TODO: check
+ NOTE: not-for-us (Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0)
CAN-2005-2305 (DG Remote Control Server 1.6.2 allows remote attackers to cause a ...)
- TODO: check
+ NOTE: not-for-us (DG Remote Control Server)
CAN-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2005-2303 (Unknown vulnerability in the Microsoft Windows kernel allows remote ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...)
- TODO: check
+ - pdns (unfixed; bug #318798; medium)
CAN-2005-2301 (PowerDNS before 2.9.18, when running with an LDAP backend, does not ...)
- TODO: check
+ - pdns (unfixed; bug #318798; medium)
CAN-2005-2300 (Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary ...)
- TODO: check
+ NOTE: not-for-us (Skype)
CAN-2005-2299 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Message ...)
- TODO: check
+ NOTE: not-for-us (Simple Message Board)
CAN-2005-2298 (BitDefender Engine 1.6.1 and earlier does not properly scan all ...)
- TODO: check
+ NOTE: BitDefender can be used by AMaViS but is not shipped in Debian
CAN-2005-2297 (Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 ...)
- TODO: check
+ NOTE: not-for-us (Sybase EAServer)
CAN-2005-2296 (YabbSE 1.5.5c allows remote attackers to obtain sensitive information ...)
- TODO: check
+ NOTE: not-for-us (YabbSE)
CAN-2005-2295 (NetPanzer 0.8 and earlier allows remote attackers to cause a denial of ...)
- TODO: check
+ - netpanzer (unfixed; bug #318329; medium)
CAN-2005-2294 (Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2005-2293 (Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2005-2292 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2005-2291 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2005-2290 (wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (WPS)
CAN-2005-2289 (PHPCounter 7.2 allows remote attackers to obtain sensitive information ...)
- TODO: check
+ NOTE: not-for-us (PHPCounter)
CAN-2005-2288 (Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows ...)
- TODO: check
+ NOTE: not-for-us (PHPCounter)
CAN-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a ...)
- TODO: check
-end claimed by joeyh
+ NOTE: not-for-us (SoftiaCom wMailServer)
CAN-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization, which ...)
TODO: check
CAN-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations such as ...)
@@ -422,9 +421,6 @@
NOTE: This doesn't look like a real security issue as cron.daily should only be
NOTE: writable by root, but lets include it as the maintainer considers it an issue
- faif 1.19.2-14 (low)
-CAN-2005-XXXX [pdns: Two DoS vulnerabilities in the LDAP backend]
- - pdns (unfixed; bug #318798; medium)
- NOTE: CVE id requested from mitre
CAN-2005-2275
NOTE: reserved
CAN-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a ...)
@@ -833,9 +829,6 @@
TODO: check
CAN-2000-1228 (Phorum 3.0.7 allows remote attackers to change the administrator ...)
TODO: check
-CAN-2005-XXXX [netpanzer: DoS through endless loop trigged through a crafted packet]
- - netpanzer (unfixed; bug #318329; medium)
- NOTE: CVE id requested from mitre
CAN-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet ...)
NOTE: not-for-us (USANet)
CAN-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...)
More information about the Secure-testing-commits
mailing list