[Secure-testing-commits] r2781 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Fri Nov 18 09:55:46 UTC 2005
Author: jmm-guest
Date: 2005-11-18 09:55:42 +0000 (Fri, 18 Nov 2005)
New Revision: 2781
Modified:
data/CVE/list
Log:
moodle CVEfied
new clamav issue already fixed in 0.87.1
several not-affected
new mailman issue
lots of not-for-us
claim more
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-18 09:31:00 UTC (rev 2780)
+++ data/CVE/list 2005-11-18 09:55:42 UTC (rev 2781)
@@ -62,13 +62,12 @@
RESERVED
CVE-2005-3700
RESERVED
-begin claimed by jmm
CVE-2005-3664 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in ...)
- TODO: check
+ NOT-FOR-US: Kaspersky AV
CVE-2005-3663 (Untrusted Windows search path vulnerability in Kaspersky Anti-Virus ...)
- TODO: check
+ NOT-FOR-US: Kaspersky AV
CVE-2005-3662 (Off-by-one buffer overflow in pnmtopng before 2.39, when using the ...)
- TODO: check
+ TODO: Check, whether this applies to netpbm-free
CVE-2005-3661
RESERVED
CVE-2005-3660
@@ -92,41 +91,41 @@
CVE-2005-3651
RESERVED
CVE-2005-3650 (CodeSupport.ocx ActiveX control, as used by Sony to uninstall the ...)
- TODO: check
+ NOT-FOR-US: Sony Root Kit Uninstaller
CVE-2005-3649 (jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users ...)
- TODO: check
+ - moodle <unfixed> (bug #338592; medium)
CVE-2005-3648 (Multiple SQL injection vulnerabilities in the get_record function in ...)
- TODO: check
+ - moodle <unfixed> (bug #338592; medium)
CVE-2005-3647 (Folder Guard allows local users to bypass protections by running from ...)
- TODO: check
+ NOT-FOR-US: Folder Guard
CVE-2005-3646 (Multiple SQL injection vulnerabilities in lib-sessions.inc.php in ...)
- TODO: check
+ NOT-FOR-US: phpAdsNews
CVE-2005-3645 (phpAdsNew 2.0.6 and possibly earlier versions allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: phpAdsNews
CVE-2005-3644 (upnp_getdevicelist in UPnP for Windows 2000 Server SP3 and earlier, ...)
- TODO: check
+ NOT-FOR-US: Windows
CVE-2005-3643 (IBM DB2 Database server running on Windows XP with Simple File Sharing ...)
- TODO: check
+ NOT-FOR-US: DB2
CVE-2005-3642 (IBM Informix Dynamic Database server running on Windows XP with Simple ...)
- TODO: check
+ NOT-FOR-US: Informix
CVE-2005-3641 (Oracle Databases running on Windows XP with Simple File Sharing ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3640 (Multiple buffer overflows in the IMAP Groupware Mail server of ...)
- TODO: check
+ NOT-FOR-US: FTGate
CVE-2005-3639 (PHP file inclusion vulnerability in the osTicket module in Help Center ...)
- TODO: check
+ NOT-FOR-US: Help Center Live
CVE-2005-3638 (Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow ...)
- TODO: check
+ NOT-FOR-US: Ekinboard
CVE-2005-3637 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: Antville
CVE-2005-3636 (Cross-site scripting (XSS) vulnerability in SAP Web Application Server ...)
- TODO: check
+ NOT-FOR-US: SAP Web Application Server
CVE-2005-3635 (Multiple cross-site scripting (XSS) vulnerabilities in SAP Web ...)
- TODO: check
+ NOT-FOR-US: SAP Web Application Server
CVE-2005-3634 (frameset.htm in the BSP runtime in SAP Web Application Server (WAS) ...)
- TODO: check
+ NOT-FOR-US: SAP Web Application Server
CVE-2005-3633 (HTTP response splitting vulnerability in frameset.htm in SAP Web ...)
- TODO: check
+ NOT-FOR-US: SAP Web Application Server
CVE-2005-3632
RESERVED
CVE-2005-3631
@@ -148,7 +147,7 @@
CVE-2005-3623
RESERVED
CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain ...)
- TODO: check
+ - phpmyadmin <unfixed> (unimportant)
CVE-2005-3620
RESERVED
CVE-2005-3619
@@ -198,50 +197,50 @@
CVE-2005-3597
RESERVED
CVE-2005-3596 (SQL injection vulnerability in ASPKnowledgebase allows remote ...)
- TODO: check
+ NOT-FOR-US: ASPKnowledgebase
CVE-2005-3595 (By default Microsoft Windows XP Home Edition installs with a blank ...)
- TODO: check
+ NOT-FOR-US: Windows XP
CVE-2005-3594 (game_score.php in e107 allows remote attackers to insert high scores ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2005-3592 (index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: CuteNews
CVE-2005-3591 (Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier ...)
TODO: check
CVE-2005-3589 (Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote ...)
- TODO: check
+ NOT-FOR-US: FileZilla
CVE-2005-3588 (SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 ...)
- TODO: check
+ NOT-FOR-US: Advanced Guestbook
CVE-2005-3587 (Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before ...)
- TODO: check
+ - clamav 0.87.1-1 (medium)
CVE-2005-3586 (content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Mambo
CVE-2005-3585 (SQL injection vulnerability in forum.php in PhpWebThings 0.4.4 allows ...)
- TODO: check
+ NOT-FOR-US: PhpWebThings
CVE-2005-3584 (Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings ...)
- TODO: check
+ NOT-FOR-US: PhpWebThings
CVE-2005-3583 ((1) Java Runtime Environment (JRE) and (2) Software Development Kit ...)
- TODO: check
+ NOT-FOR-US: Sun Java
CVE-2005-3582 (ImageMagick before 6.2.4.2-r1 allows local users in the portage group ...)
- TODO: check
+ - imagemagick <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3581 (GDAL before 1.3.0-r1 allows local users in the portage group to ...)
- TODO: check
+ - gdal <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3580 (QDBM before 1.8.33-r2 allows local users in the portage group to ...)
- TODO: check
+ - qdbm <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3579 (ts.cgi in Walla TeleSite 3.0 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Walla TeleSite
CVE-2005-3578 (SQL injection vulnerability in ts.exe in Walla TeleSite 3.0 and ...)
- TODO: check
+ NOT-FOR-US: Walla TeleSite
CVE-2005-3577 (Cross-site scripting vulnerability (XSS) in ts.exe in Walla TeleSite ...)
- TODO: check
+ NOT-FOR-US: Walla TeleSite
CVE-2005-3576 (ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Walla TeleSite
CVE-2005-3575 (SQL injection vulnerability in show.php in Cyphor 0.19 and earlier ...)
- TODO: check
+ NOT-FOR-US: Cyphor
CVE-2005-3574 (PHP file inclusion vulnerability in index.php of iCMS allows remote ...)
- TODO: check
+ NOT-FOR-US: iCMS
CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character ...)
- TODO: check
-end claimed by jmm
+ - mailman <unfixed> (bug #327732; medium)
+begin claimed by jmm
CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7 ...)
TODO: check
CVE-2005-3571 (PHP file inclusion vulnerability in protection.php in CodeGrrl (a) ...)
@@ -338,6 +337,7 @@
RESERVED
CVE-2005-3525
RESERVED
+end claimed by jmm
CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine ...)
TODO: check
CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617 through ...)
@@ -708,8 +708,6 @@
- courier 0.47-12 (bug #211920; medium)
CVE-2005-XXXX [double free() in libungif]
- libungif4 4.1.4-1 (bug #338542; medium)
-CVE-2005-XXXX [moodle SQL injection]
- - moodle <unfixed> (bug #338592; medium)
CVE-2005-XXXX [Buffer overflows in Sylpheed's address book import]
- sylpheed <unfixed> (bug #338434; medium)
- sylpheed-claws <unfixed> (bug #338436; medium)
More information about the Secure-testing-commits
mailing list