[Secure-testing-commits] r1226 - data/CAN
Joey Hess
joeyh@costa.debian.org
Wed, 15 Jun 2005 09:14:22 +0000
Author: joeyh
Date: 2005-06-15 09:14:19 +0000 (Wed, 15 Jun 2005)
New Revision: 1226
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-06-13 09:49:00 UTC (rev 1225)
+++ data/CAN/list 2005-06-15 09:14:19 UTC (rev 1226)
@@ -1,3 +1,83 @@
+CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...)
+ TODO: check
+CAN-2005-1974 (Unknown vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 ...)
+ TODO: check
+CAN-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 ...)
+ TODO: check
+CAN-2005-1972 (Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 ...)
+ TODO: check
+CAN-2005-1971 (Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta ...)
+ TODO: check
+CAN-2005-1970 (Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with ...)
+ TODO: check
+CAN-2005-1969 (Cross-site scripting (XSS) vulnerability in Pragma Systems ...)
+ TODO: check
+CAN-2005-1968 (Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce ...)
+ TODO: check
+CAN-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce before ...)
+ TODO: check
+CAN-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal allows ...)
+ TODO: check
+CAN-2005-1965 (PHP remote code injection vulnerability in siteframe.php for Broadpool ...)
+ TODO: check
+CAN-2005-1964 (PHP remote code injection vulnerability in utilit.php for Ovidentia ...)
+ TODO: check
+CAN-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CAN-2005-1962 (Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 ...)
+ TODO: check
+CAN-2005-1961 (Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 ...)
+ TODO: check
+CAN-2005-1960 (The getemails function in C.J. Steele Tattle allows remote attackers ...)
+ TODO: check
+CAN-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute ...)
+ TODO: check
+CAN-2005-1958 (Backup Manager 0.5.7 and earlier creates archives with insecure ...)
+ TODO: check
+CAN-2005-1957 (File Upload Manager does not properly check user authentication for ...)
+ TODO: check
+CAN-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...)
+ TODO: check
+CAN-2005-1955 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...)
+ TODO: check
+CAN-2005-1954 (singapore 0.9.11 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CAN-2005-1953 (Heap-based buffer overflow in the CGI extension for Pico Server ...)
+ TODO: check
+CAN-2005-1952 (Directory traversal vulnerability in Pico Server (pServ) 3.3 allows ...)
+ TODO: check
+CAN-2005-1951 (Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 ...)
+ TODO: check
+CAN-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary ...)
+ TODO: check
+CAN-2005-1949 (The eping_validaddr function in functions.php for the eping plugin for ...)
+ TODO: check
+CAN-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery before ...)
+ TODO: check
+CAN-2005-1947 (Cross-site request forgery (CSRF) vulnerability in Invision Gallery ...)
+ TODO: check
+CAN-2005-1946 (Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 ...)
+ TODO: check
+CAN-2005-1945 (Cross-site scripting (XSS) vulnerability in the convert_highlite_words ...)
+ TODO: check
+CAN-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete arbitrary ...)
+ TODO: check
+CAN-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 ...)
+ TODO: check
+CAN-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to ...)
+ TODO: check
+CAN-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) ...)
+ TODO: check
+CAN-2005-1940
+ NOTE: reserved
+CAN-2005-1939
+ NOTE: reserved
+CAN-2005-1938
+ NOTE: reserved
+CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...)
+ TODO: check
+CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...)
+ TODO: check
CAN-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...)
NOTE: not-for-us (Xerox hardware issue)
CAN-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in ...)
@@ -360,23 +440,22 @@
NOTE: reserved
- kernel-source-2.6.8 (unfixed)
CAN-2005-1763 [Unprivileged write into kernel memory on amd64]
- NOTE: reserved
- kernel-source-2.6.8 (unfixed)
CAN-2005-1762 [Unspecified DoS vulnerability on amd64]
NOTE: reserved
- kernel-source-2.6.8 (unfixed)
CAN-2005-1761
NOTE: reserved
-CAN-2005-1760
- NOTE: reserved
+CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...)
+ TODO: check
CAN-2005-1759
NOTE: reserved
-CAN-2005-1758
- NOTE: reserved
-CAN-2005-1757
- NOTE: reserved
-CAN-2005-1756
- NOTE: reserved
+CAN-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell ...)
+ TODO: check
+CAN-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before ...)
+ TODO: check
+CAN-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for ...)
+ TODO: check
CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
- shtool 2.0.1-2
CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...)
@@ -533,24 +612,24 @@
NOTE: reserved
CAN-2005-1729
NOTE: reserved
-CAN-2005-1728
- NOTE: reserved
-CAN-2005-1727
- NOTE: reserved
+CAN-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...)
+ TODO: check
+CAN-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...)
+ TODO: check
CAN-2005-1726
NOTE: reserved
-CAN-2005-1725
- NOTE: reserved
-CAN-2005-1724
- NOTE: reserved
-CAN-2005-1723
- NOTE: reserved
-CAN-2005-1722
- NOTE: reserved
-CAN-2005-1721
- NOTE: reserved
-CAN-2005-1720
- NOTE: reserved
+CAN-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users ...)
+ TODO: check
+CAN-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the ...)
+ TODO: check
+CAN-2005-1723 (LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly ...)
+ TODO: check
+CAN-2005-1722 (Unknown vulnerability in the CoreGraphics Window Server for Mac OS X ...)
+ TODO: check
+CAN-2005-1721 (Buffer overflow in the legacy client support for AFP Server for Mac OS ...)
+ TODO: check
+CAN-2005-1720 (AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does ...)
+ TODO: check
CAN-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and ...)
NOTE: not-for-us (avast! antivirus)
CAN-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote ...)
@@ -1953,9 +2032,9 @@
- ethereal 0.10.10-2sarge2
CAN-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet ...)
- ethereal 0.10.10-2sarge2
-CAN-2005-1455 (Buffer overflow in the sql_escape_func function in FreeRADIUS 1.0.2 ...)
+CAN-2005-1455 (Buffer overflow in the sql_escape_func function in the SQL module for ...)
- freeradius 1.0.2-4
-CAN-2005-1454 (SQL injection vulnerability in the radius_xlat function in FreeRADIUS ...)
+CAN-2005-1454 (SQL injection vulnerability in the radius_xlat function in the SQL ...)
- freeradius 1.0.2-4
CAN-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to ...)
- leafnode 1.11.2.rel-1
@@ -2374,7 +2453,6 @@
CAN-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
- libconvert-uulib-perl 1.0.5.1-1
CAN-2005-1269 [Unspecified gaim DoS vulnerability]
- NOTE: reserved
- gaim 1:1.3.1-1
CAN-2005-1268
NOTE: reserved
@@ -2383,7 +2461,6 @@
CAN-2005-1266
NOTE: reserved
CAN-2005-1265 [Invalid range checking for mmap() in the Linux kernel]
- NOTE: reserved
- kernel-source-2.6.8 (unfixed)
CAN-2005-1264 [Local privilege escalation in the Linux kernel's raw ioctl]
- kernel-source-2.6.8 2.6.8-15sarge1
@@ -2493,30 +2570,30 @@
NOTE: reserved
CAN-2005-1217
NOTE: reserved
-CAN-2005-1216
- NOTE: reserved
-CAN-2005-1215
- NOTE: reserved
-CAN-2005-1214
- NOTE: reserved
-CAN-2005-1213
- NOTE: reserved
-CAN-2005-1212
- NOTE: reserved
-CAN-2005-1211
- NOTE: reserved
+CAN-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to ...)
+ TODO: check
+CAN-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ...)
+ TODO: check
+CAN-2005-1214 (Microsoft Agent allows remote attackers to spoof trusted Internet ...)
+ TODO: check
+CAN-2005-1213 (Stack-based buffer overflow in the news reader for Microsoft Outlook ...)
+ TODO: check
+CAN-2005-1212 (Buffer overflow in Microsoft Step-by-Step Interactive Training ...)
+ TODO: check
+CAN-2005-1211 (Buffer overflow in the PNG image rendering component of Microsoft ...)
+ TODO: check
CAN-2005-1210
NOTE: reserved
CAN-2005-1209
NOTE: reserved
-CAN-2005-1208
- NOTE: reserved
-CAN-2005-1207
- NOTE: reserved
-CAN-2005-1206
- NOTE: reserved
-CAN-2005-1205
- NOTE: reserved
+CAN-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, ...)
+ TODO: check
+CAN-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and ...)
+ TODO: check
+CAN-2005-1206 (Buffer overflow in the Server Message Block (SMB) functionality for ...)
+ TODO: check
+CAN-2005-1205 (The Telnet client for Microsoft Windows XP, Windows Server 2003, and ...)
+ TODO: check
CAN-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...)
NOTE: This is not a real world problem; it's only applicable in rare circurstances
NOTE: like someone analysing stolen user database information and even then the gain
@@ -3777,7 +3854,6 @@
CAN-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...)
- kernel-source-2.4.27 (unfixed; bug #311164)
CAN-2005-0756 [DoS through insufficient validation of addresses for ptrace() on amd64]
- NOTE: reserved
- kernel-source-2.6.8 (unfixed)
CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...)
- helix-player 1.0.4-1
@@ -4380,8 +4456,8 @@
NOTE: not-for-us (phpWebSite)
CAN-2005-0564
NOTE: reserved
-CAN-2005-0563
- NOTE: reserved
+CAN-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web ...)
+ TODO: check
CAN-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...)
NOTE: not-for-us (MSN Messenger)
CAN-2005-0561
@@ -4785,8 +4861,8 @@
NOTE: not-for-us (XOOPS)
CAN-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...)
NOTE: not-for-us (Thomson cable modem)
-CAN-2005-0488
- NOTE: reserved
+CAN-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...)
+ TODO: check
CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...)
NOTE: This is not a real security issue; it just describes the fact that the Gecko
NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks