[Secure-testing-commits] r2810 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Mon Nov 21 09:46:24 UTC 2005
Author: jmm-guest
Date: 2005-11-21 09:46:20 +0000 (Mon, 21 Nov 2005)
New Revision: 2810
Modified:
data/CVE/list
Log:
centericq/dos CVEfied and fixed
openswan/dos CVEfied and fixed
add some itp notes to xoops issues
lots of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-21 09:29:07 UTC (rev 2809)
+++ data/CVE/list 2005-11-21 09:46:20 UTC (rev 2810)
@@ -1,109 +1,110 @@
-begin claimed by jmm
CVE-2005-3731 (Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and ...)
- TODO: check
+ NOT-FOR-US: yaSSL
CVE-2005-3730 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Revize CMS
CVE-2005-3729 (Idetix Software Systems Revize CMS allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: Revize CMS
CVE-2005-3728 (Idetix Software Systems Revize CMS stores conf/revize.xml under the ...)
- TODO: check
+ NOT-FOR-US: Revize CMS
CVE-2005-3727 (SQL injection vulnerability in debug/query_results.jsp in Idetix ...)
- TODO: check
+ NOT-FOR-US: Revize CMS
CVE-2005-3726 (SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows ...)
- TODO: check
+ NOT-FOR-US: ArticleLive NX
CVE-2005-3725 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP ...)
- TODO: check
+ NOT-FOR-US: Zyxel WIFI Phone
CVE-2005-3724 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote ...)
- TODO: check
+ NOT-FOR-US: Zyxel WIFI Phone
CVE-2005-3723 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to ...)
- TODO: check
+ NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3722 (The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows ...)
- TODO: check
+ NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3721 (The default configuration of the HTTP server in Hitachi IP5000 VOIP ...)
- TODO: check
+ NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3720 (The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI ...)
- TODO: check
+ NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3719 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator ...)
- TODO: check
+ NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3718 (UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel ...)
- TODO: check
+ NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3717 (The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running ...)
- TODO: check
+ NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3716 (The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running ...)
- TODO: check
+ NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3715 (Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the ...)
- TODO: check
+ NOT-FOR-US: Senao Wireless VoIP Phone
CVE-2005-3699 (Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2005-3698 (PHP Easy Download allows remote attackers to bypass authentication via ...)
- TODO: check
+ NOT-FOR-US: PHP Easy Download
CVE-2005-3697 (Unspecified vulnerability in the administration interface in Uresk ...)
- TODO: check
+ NOT-FOR-US: Uresk Links Lite
CVE-2005-3696 (SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: Arki-DB
CVE-2005-3695 (Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php ...)
- TODO: check
+ NOT-FOR-US: LiteSpeed Webserver
CVE-2005-3694 (centericq 4.20.0-r3 with "Enable peer-to-peer communications" set ...)
- TODO: check
+ - centericq 4.21.0-4 (bug #334089; low)
CVE-2005-3693 (The AxWebRemoveCtrl ActiveX control for uninstalling the SunnComm ...)
- TODO: check
+ NOT-FOR-US: SunnComm MediaMax DRM
CVE-2005-3692 (Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server ...)
- TODO: check
+ NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3691 (Directory traversal vulnerability in the IMAP service (meimaps.exe) of ...)
- TODO: check
+ NOT-FOR-US: MailEnable Professional
CVE-2005-3690 (Stack-based buffer overflow in the IMAP service (meimaps.exe) of ...)
- TODO: check
+ NOT-FOR-US: MailEnable Professional
CVE-2005-3689 (post.php in XMB 1.9.2 allows remote attackers to obtain the ...)
- TODO: check
+ NOT-FOR-US: XMB
CVE-2005-3688 (Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 ...)
- TODO: check
+ NOT-FOR-US: XMB
CVE-2005-3687 (cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: WHM AutoPilot
CVE-2005-3686 (SQL injection vulnerability in search.inc.php in Unclassified ...)
- TODO: check
+ NOT-FOR-US: Unclassified Newsboard
CVE-2005-3685 (Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP ...)
- TODO: check
+ NOT-FOR-US: VP-ASP Shopping Cart
CVE-2005-3684 (Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, ...)
- TODO: check
+ NOT-FOR-US: freeFTPd
CVE-2005-3683 (Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging ...)
- TODO: check
+ NOT-FOR-US: freeFTPd
CVE-2005-3682 (Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote ...)
- TODO: check
+ NOT-FOR-US: Wizz Forum
CVE-2005-3681 (SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads ...)
- TODO: check
+ - xoops <itp> (bug #207640)
CVE-2005-3680 (Directory traversal vulnerability in editor_registry.php in XOOPS ...)
- TODO: check
+ - xoops <itp> (bug #207640)
CVE-2005-3679 (SQL injection vulnerability in admin/index.php in ActiveCampaign ...)
- TODO: check
+ NOT-FOR-US: ActiveCampaign 1-2-All Broadcast Email
CVE-2005-3678 (Google Talk before 1.0.0.76, with email notification enabled, allows ...)
- TODO: check
+ NOT-FOR-US: Google Talk
CVE-2005-3677 (Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote ...)
- TODO: check
+ NOT-FOR-US: RealPlayer
+ TODO: check Helix, some past issues affected it as well
CVE-2005-3676 (SQL injection vulnerability in download.php in PhpWebThings 1.4.4 ...)
- TODO: check
+ NOT-FOR-US: PhpWebThings
CVE-2005-3675 (The Transmission Control Protocol (TCP) allows remote attackers to ...)
TODO: check
CVE-2005-3674 (The Internet Key Exchange version 1 (IKEv1) implementation in the ...)
- TODO: check
+ NOT-FOR-US: libike from Solaris
CVE-2005-3673 (The Internet Key Exchange version 1 (IKEv1) implementation in Check ...)
- TODO: check
+ NOT-FOR-US: Check Point's IKE implementation
CVE-2005-3672 (The Internet Key Exchange version 1 (IKEv1) implementation in ...)
- TODO: check
+ NOT-FOR-US: StoneGate's IKE implementation
CVE-2005-3671 (The Internet Key Exchange version 1 (IKEv1) implementation in Openswan ...)
- TODO: check
+ - openswan 1:2.4.4-1 (bug #339082; medium)
+ NOTE: Initial 2.4.3 didn't fix all the issues from the NISCC report
+ TODO: Keep an eye on ipsec-tools's upstream, it's potentially affected as well
CVE-2005-3670 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...)
- TODO: check
+ NOT-FOR-US: HP-UX's IKE implementation
CVE-2005-3669 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...)
- TODO: check
+ NOT-FOR-US: Cisco's IKE implementation
CVE-2005-3668 (Multiple buffer overflows in multiple unspecified implementations of ...)
- TODO: check
+ NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3667 (Multiple unspecified vulnerabilities in multiple unspecified ...)
- TODO: check
+ NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3666 (Multiple unspecified format string vulnerabilities in multiple ...)
- TODO: check
+ NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3665
RESERVED
-end claimed by jmm
CVE-2004-2558 (Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, ...)
TODO: check
CVE-2004-2557 (NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a ...)
@@ -833,10 +834,6 @@
TODO: check
CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows ...)
- phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium)
-CVE-2005-XXXX [openswan isakmp dos]
- - openswan 1:2.4.4-1 (bug #339082; medium)
- NOTE: Initial 2.4.3 didn't fix all the issues from the NISCC report
- TODO: Keep an eye on ipsec-tools's upstream, it's potentially affected as well
CVE-2005-XXXX [Two unspecified issues in non-free rar]
- rar <unfixed> (bug #339077; unknown)
CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd ...)
@@ -1684,8 +1681,6 @@
- flexbackup <unfixed> (bug #334350; low)
CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade]
- xscreensaver <unfixed> (bug #334193; low)
-CVE-2005-XXXX [centericq remote dos by special nmap scan]
- - centericq <unfixed> (bug #334089; low)
CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...)
- wget 1.10.2-1 (medium)
- curl 7.15.0-1 (bug #333734; medium)
@@ -5504,9 +5499,9 @@
NOTE: cannot reproduce with firefox 1.0.5-1 using POC exploits
- mozilla 2:1.7.10-1 (bug #318723; medium)
CVE-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...)
- NOT-FOR-US: XOOPS
+ - xoops <itp> (bug #207640)
CVE-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 ...)
- NOT-FOR-US: XOOPS
+ - xoops <itp> (bug #207640)
CVE-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote attackers to ...)
NOT-FOR-US: Community Link Pro Web Editor
CVE-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain ...)
More information about the Secure-testing-commits
mailing list