[Secure-testing-commits] r2806 - data/CVE
Joey Hess
joeyh at costa.debian.org
Mon Nov 21 09:14:26 UTC 2005
Author: joeyh
Date: 2005-11-21 09:14:21 +0000 (Mon, 21 Nov 2005)
New Revision: 2806
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-21 09:06:31 UTC (rev 2805)
+++ data/CVE/list 2005-11-21 09:14:21 UTC (rev 2806)
@@ -1,3 +1,143 @@
+CVE-2005-3731 (Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and ...)
+ TODO: check
+CVE-2005-3730 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2005-3729 (Idetix Software Systems Revize CMS allows remote attackers to obtain ...)
+ TODO: check
+CVE-2005-3728 (Idetix Software Systems Revize CMS stores conf/revize.xml under the ...)
+ TODO: check
+CVE-2005-3727 (SQL injection vulnerability in debug/query_results.jsp in Idetix ...)
+ TODO: check
+CVE-2005-3726 (SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows ...)
+ TODO: check
+CVE-2005-3725 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP ...)
+ TODO: check
+CVE-2005-3724 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote ...)
+ TODO: check
+CVE-2005-3723 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to ...)
+ TODO: check
+CVE-2005-3722 (The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows ...)
+ TODO: check
+CVE-2005-3721 (The default configuration of the HTTP server in Hitachi IP5000 VOIP ...)
+ TODO: check
+CVE-2005-3720 (The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI ...)
+ TODO: check
+CVE-2005-3719 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator ...)
+ TODO: check
+CVE-2005-3718 (UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel ...)
+ TODO: check
+CVE-2005-3717 (The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running ...)
+ TODO: check
+CVE-2005-3716 (The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running ...)
+ TODO: check
+CVE-2005-3715 (Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the ...)
+ TODO: check
+CVE-2005-3699 (Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers ...)
+ TODO: check
+CVE-2005-3698 (PHP Easy Download allows remote attackers to bypass authentication via ...)
+ TODO: check
+CVE-2005-3697 (Unspecified vulnerability in the administration interface in Uresk ...)
+ TODO: check
+CVE-2005-3696 (SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote ...)
+ TODO: check
+CVE-2005-3695 (Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php ...)
+ TODO: check
+CVE-2005-3694 (centericq 4.20.0-r3 with "Enable peer-to-peer communications" set ...)
+ TODO: check
+CVE-2005-3693 (The AxWebRemoveCtrl ActiveX control for uninstalling the SunnComm ...)
+ TODO: check
+CVE-2005-3692 (Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server ...)
+ TODO: check
+CVE-2005-3691 (Directory traversal vulnerability in the IMAP service (meimaps.exe) of ...)
+ TODO: check
+CVE-2005-3690 (Stack-based buffer overflow in the IMAP service (meimaps.exe) of ...)
+ TODO: check
+CVE-2005-3689 (post.php in XMB 1.9.2 allows remote attackers to obtain the ...)
+ TODO: check
+CVE-2005-3688 (Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 ...)
+ TODO: check
+CVE-2005-3687 (cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote ...)
+ TODO: check
+CVE-2005-3686 (SQL injection vulnerability in search.inc.php in Unclassified ...)
+ TODO: check
+CVE-2005-3685 (Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP ...)
+ TODO: check
+CVE-2005-3684 (Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, ...)
+ TODO: check
+CVE-2005-3683 (Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging ...)
+ TODO: check
+CVE-2005-3682 (Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote ...)
+ TODO: check
+CVE-2005-3681 (SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads ...)
+ TODO: check
+CVE-2005-3680 (Directory traversal vulnerability in editor_registry.php in XOOPS ...)
+ TODO: check
+CVE-2005-3679 (SQL injection vulnerability in admin/index.php in ActiveCampaign ...)
+ TODO: check
+CVE-2005-3678 (Google Talk before 1.0.0.76, with email notification enabled, allows ...)
+ TODO: check
+CVE-2005-3677 (Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote ...)
+ TODO: check
+CVE-2005-3676 (SQL injection vulnerability in download.php in PhpWebThings 1.4.4 ...)
+ TODO: check
+CVE-2005-3675 (The Transmission Control Protocol (TCP) allows remote attackers to ...)
+ TODO: check
+CVE-2005-3674 (The Internet Key Exchange version 1 (IKEv1) implementation in the ...)
+ TODO: check
+CVE-2005-3673 (The Internet Key Exchange version 1 (IKEv1) implementation in Check ...)
+ TODO: check
+CVE-2005-3672 (The Internet Key Exchange version 1 (IKEv1) implementation in ...)
+ TODO: check
+CVE-2005-3671 (The Internet Key Exchange version 1 (IKEv1) implementation in Openswan ...)
+ TODO: check
+CVE-2005-3670 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...)
+ TODO: check
+CVE-2005-3669 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...)
+ TODO: check
+CVE-2005-3668 (Multiple buffer overflows in multiple unspecified implementations of ...)
+ TODO: check
+CVE-2005-3667 (Multiple unspecified vulnerabilities in multiple unspecified ...)
+ TODO: check
+CVE-2005-3666 (Multiple unspecified format string vulnerabilities in multiple ...)
+ TODO: check
+CVE-2005-3665
+ RESERVED
+CVE-2004-2558 (Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, ...)
+ TODO: check
+CVE-2004-2557 (NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a ...)
+ TODO: check
+CVE-2004-2556 (NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and ...)
+ TODO: check
+CVE-2004-2555 (Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses ...)
+ TODO: check
+CVE-2004-2554 (Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost ...)
+ TODO: check
+CVE-2004-2553 (The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows ...)
+ TODO: check
+CVE-2004-2552 (Buffer overflow in XBoard 4.2.7 and earlier might allow local users to ...)
+ TODO: check
+CVE-2004-2551 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow ...)
+ TODO: check
+CVE-2004-2550 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...)
+ TODO: check
+CVE-2004-2549 (Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 ...)
+ TODO: check
+CVE-2004-2548 (Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) ...)
+ TODO: check
+CVE-2004-2547 (NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote ...)
+ TODO: check
+CVE-2004-2546 (Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a ...)
+ TODO: check
+CVE-2004-2545 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote ...)
+ TODO: check
+CVE-2004-2544 (Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 ...)
+ TODO: check
+CVE-2004-2543 (Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote ...)
+ TODO: check
+CVE-2004-2542 (Multiple SQL injection vulnerabilities in Dynix (formerly known as ...)
+ TODO: check
+CVE-2004-2541 (Buffer overflow in Cscope 15.5, and possibly multiple overflows, ...)
+ TODO: check
CVE-2005-XXXX [unsafe file permissions in vpnc]
- vpnc <unfixed> (bug #340105; medium)
CVE-2005-XXXX [Insecure tempfiles in libjpeg]
@@ -94,7 +234,7 @@
RESERVED
CVE-2005-3651
RESERVED
-CVE-2005-3650 (CodeSupport.ocx ActiveX control, as used by Sony to uninstall the ...)
+CVE-2005-3650 (The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the ...)
NOT-FOR-US: Sony Root Kit Uninstaller
CVE-2005-3649 (jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users ...)
- moodle <unfixed> (bug #338592; medium)
@@ -120,7 +260,8 @@
NOT-FOR-US: Help Center Live
CVE-2005-3638 (Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow ...)
NOT-FOR-US: Ekinboard
-CVE-2005-3637 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...)
+CVE-2005-3637
+ REJECTED
NOT-FOR-US: Antville
CVE-2005-3636 (Cross-site scripting (XSS) vulnerability in SAP Web Application Server ...)
NOT-FOR-US: SAP Web Application Server
@@ -218,7 +359,7 @@
- clamav 0.87.1-1 (medium)
CVE-2005-3586 (content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to ...)
NOT-FOR-US: Mambo
-CVE-2005-3585 (SQL injection vulnerability in forum.php in PhpWebThings 0.4.4 allows ...)
+CVE-2005-3585 (SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows ...)
NOT-FOR-US: PhpWebThings
CVE-2005-3584 (Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings ...)
NOT-FOR-US: PhpWebThings
@@ -304,7 +445,8 @@
NOT-FOR-US: XMB
CVE-2005-3543 (SQL injection vulnerability in search.php in Phorum 5.0.0alpha through ...)
NOT-FOR-US: Phorum
-CVE-2005-3542 (SQL injection vulnerability in showGallery.php in Tonio Gallery 2.4 ...)
+CVE-2005-3542
+ REJECTED
NOT-FOR-US: Tonio Gallery
CVE-2005-3541
RESERVED
@@ -328,12 +470,12 @@
RESERVED
CVE-2005-3531
RESERVED
-CVE-2005-3530
- RESERVED
-CVE-2005-3529
- RESERVED
-CVE-2005-3528
- RESERVED
+CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...)
+ TODO: check
+CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows ...)
+ TODO: check
+CVE-2005-3528 (Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php ...)
+ TODO: check
CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6 allows ...)
- linux-2.6 <unfixed>
NOTE: Pinged Horms and Dannf
@@ -1000,40 +1142,35 @@
RESERVED
CVE-2005-3356
RESERVED
-CVE-2005-3355 [gnump3d dir traversal]
- RESERVED
+CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has ...)
{DSA-901-1}
- gnump3d 2.9.8-1
-CVE-2005-3354
- RESERVED
-CVE-2005-3353 [PHP: EXIF DoS in JPEG parsing]
- RESERVED
+CVE-2005-3354 (Stack-based buffer overflow in the ldif_get_line function in ldif.c of ...)
+ TODO: check
+CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before 4.4.1 ...)
- php4 <unfixed> (bug #339577; medium)
TODO: Check php5
CVE-2005-3352
RESERVED
-CVE-2005-3351 [spamassassin/perl dos]
- RESERVED
+CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...)
- spamassassin <unfixed> (bug #339526; medium)
CVE-2005-3350 (libungif library before 4.1.0 allows attackers to corrupt memory and ...)
{DSA-890-1}
- libungif4 4.1.3-4 (bug #337972; high)
-CVE-2005-3349 [insecure tmp in gnump3d]
- RESERVED
+CVE-2005-3349 (GNU Gnump3d before 2.9.8 allows local users to modify or delete ...)
{DSA-901-1}
- gnump3d 2.9.8-1
-CVE-2005-3348 (HTTP response splitting vulnerability in phpgroupware 0.9.16 and ...)
+CVE-2005-3348 (HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 ...)
{DSA-899-1 DSA-898-1 DSA-897-1}
- phpsysinfo 2.3-7 (bug #339079)
- egroupware 1.0.0.009.dfsg-3-3
- phpgroupware 0.9.16.008-2
-CVE-2005-3347 (PHP file inclusion vulnerability in phpgroupware 0.9.16 and earlier ...)
+CVE-2005-3347 (Multiple directory traversal vulnerabilities in index.php in ...)
{DSA-899-1 DSA-898-1 DSA-897-1}
- phpsysinfo 2.3-7 (bug #339079)
- egroupware 1.0.0.009.dfsg-3-3
- phpgroupware 0.9.16.008-2
-CVE-2005-3346 [osh: Local root exploit due to incorrect env var handling]
- RESERVED
+CVE-2005-3346 (Buffer overflow in the environment variable substitution code in ...)
- osh 1.7-15 (bug #338312; medium)
CVE-2005-3345
RESERVED
@@ -1124,8 +1261,8 @@
NOT-FOR-US: Symantec Discovery
CVE-2005-3315 (Multiple SQL injection vulnerabilities in Novell ZENworks Patch ...)
NOT-FOR-US: Novell ZENworks
-CVE-2005-3314
- RESERVED
+CVE-2005-3314 (Stack-based buffer overflow in the IMAP deamon in Novell Netmail 3.5.2 ...)
+ TODO: check
CVE-2005-3313 (The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers ...)
- ethereal <unfixed> (bug #334880; medium)
TODO: This supposedly fixed after the 13 release, separate bug might be necessary
@@ -1725,7 +1862,7 @@
- linux-2.6 2.6.12-1
- kernel-source-2.6.8 2.6.8-16sarge1
NOTE: 2.4.27 not applicable
-CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers to ...)
+CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to ...)
- linux-2.6 2.6.12-1
- kernel-source-2.6.8 2.6.8-16sarge1
- kernel-source-2.4.27 <unfixed> (low)
@@ -2139,9 +2276,9 @@
- pam <unfixed> (bug #336344; medium)
[sarge] - pam <not-affected> (Does not contain SELinux support)
[woody] - pam <not-affected> (Does not contain SELinux support)
-CVE-2005-2976 (Integer overflow in gdk-pixbuf 0.22.0 allows attackers to cause a ...)
+CVE-2005-2976 (Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 ...)
- gdk-pixbuf 0.22.0-11 (bug #339431; medium)
-CVE-2005-2975 (The GTK+ gdk-pixbuf XPM image rendering library allows attackers to ...)
+CVE-2005-2975 (io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before ...)
- gdk-pixbuf 0.22.0-11 (bug #339431; low)
- gtk+2.0 2.6.10-2 (bug #339431; low)
CVE-2005-2974 (libungif library before 4.1.0 allows attackers to cause a denial of ...)
@@ -2742,8 +2879,7 @@
{DSA-826-1}
NOTE: see http://www.open-security.org/advisories/13
- helix-player 1.0.6-1 (bug #330364; high)
-CVE-2005-2709 [Linux kernel sysctl unregistration DoS]
- RESERVED
+CVE-2005-2709 (sysctl.c in Linux kernel before 2.6.14.1 allows local users to cause a ...)
- linux-2.6 2.6.14-3
NOTE: Send to Horms as usual
CVE-2005-2708 (The search_binary_handler function in exec.c in Linux kernel on 64-bit ...)
@@ -2991,10 +3127,10 @@
- mediabox404 <itp> (bug #294397)
CVE-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to ...)
NOT-FOR-US: Cisco
-CVE-2005-2630
- RESERVED
-CVE-2005-2629
- RESERVED
+CVE-2005-2630 (Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and ...)
+ TODO: check
+CVE-2005-2629 (Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne ...)
+ TODO: check
CVE-2005-2628 (Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to ...)
- flashplugin-nonfree <unfixed> (bug #339290; high)
CVE-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...)
@@ -3713,7 +3849,7 @@
CVE-2005-XXXX [time delay of password check proves account existence to attackers]
NOTE: unknown if really a bug; if it is it's different than the previous ssh delay bugs
- ssh <unfixed> (bug #314645; low)
-CVE-2005-2548 (vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a ...)
+CVE-2005-2548 (vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote ...)
{DTSA-16-1}
NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2
- kernel-source-2.6.8 2.6.8-16sarge1 (bug #309308; low)
@@ -11246,7 +11382,7 @@
NOT-FOR-US: My Firewall Plus
CVE-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek before ...)
NOT-FOR-US: Verity Ultraseek
-CVE-2005-0513 (PHP remote code injection vulnerability in mail_autocheck.php in ...)
+CVE-2005-0513 (PHP remote code injection vulnerability in mail_autocheck.php in the ...)
NOT-FOR-US: pMachine
CVE-2005-0512 (PHP remote code injection vulnerability in Tar.php in Mambo 4.5.2 ...)
NOT-FOR-US: Mambo
More information about the Secure-testing-commits
mailing list