[Secure-testing-commits] r2849 - data/CVE
Joey Hess
joeyh at costa.debian.org
Thu Nov 24 09:14:23 UTC 2005
Author: joeyh
Date: 2005-11-24 09:14:19 +0000 (Thu, 24 Nov 2005)
New Revision: 2849
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-23 23:41:32 UTC (rev 2848)
+++ data/CVE/list 2005-11-24 09:14:19 UTC (rev 2849)
@@ -1,3 +1,129 @@
+CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows attackers to ...)
+ TODO: check
+CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers to ...)
+ TODO: check
+CVE-2005-3779 (Unknown vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 ...)
+ TODO: check
+CVE-2005-3778 (Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev ...)
+ TODO: check
+CVE-2005-3777 (MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to ...)
+ TODO: check
+CVE-2005-3776 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...)
+ TODO: check
+CVE-2005-3775 (PHP file inclusion vulnerability in pollvote.php in PollVote allows ...)
+ TODO: check
+CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2005-3773 (Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact ...)
+ TODO: check
+CVE-2005-3772 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow ...)
+ TODO: check
+CVE-2005-3771 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
+ TODO: check
+CVE-2005-3770 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) ...)
+ TODO: check
+CVE-2005-3769 (SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 ...)
+ TODO: check
+CVE-2005-3768 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) ...)
+ TODO: check
+CVE-2005-3767 (Exponent CMS 0.96.3 and later versions does not properly restrict the ...)
+ TODO: check
+CVE-2005-3766 (Exponent CMS 0.96.3 and later versions stores sensitive user pages ...)
+ TODO: check
+CVE-2005-3765 (Exponent CMS 0.96.3 and later versions performs a chmod on uploaded ...)
+ TODO: check
+CVE-2005-3764 (The image gallery (imagegallery) component in Exponent CMS 0.96.3 and ...)
+ TODO: check
+CVE-2005-3763 (Exponent CMS 0.96.3 and later versions includes the full installation ...)
+ TODO: check
+CVE-2005-3762 (SQL injection vulnerability in the navigation module ...)
+ TODO: check
+CVE-2005-3761 (Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and ...)
+ TODO: check
+CVE-2005-3760 (Double-free vulnerability in the BBOORB module in IBM WebSphere ...)
+ TODO: check
+CVE-2005-3758 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...)
+ TODO: check
+CVE-2005-3757 (The Saxon XSLT parser in Google Mini Search Appliance, and possibly ...)
+ TODO: check
+CVE-2005-3756 (Google Mini Search Appliance, and possibly Google Search Appliance, ...)
+ TODO: check
+CVE-2005-3755 (Directory traversal vulnerability in Google Mini Search Appliance, and ...)
+ TODO: check
+CVE-2005-3754 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...)
+ TODO: check
+CVE-2005-3750 (Opera before 8.51 on Linux and Unix systems allows remote attackers to ...)
+ TODO: check
+CVE-2005-3749 (Unspecified "absolute path vulnerabilities" in the diagela command ...)
+ TODO: check
+CVE-2005-3748 (SQL injection vulnerability in the Search module in Tru-Zone Nuke ET ...)
+ TODO: check
+CVE-2005-3747 (Unspecified vulnerability in Jetty before 5.1.6 allows remote ...)
+ TODO: check
+CVE-2005-3746 (SQL injection vulnerability in thread.php in APBoard allows remote ...)
+ TODO: check
+CVE-2005-3745 (Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and ...)
+ TODO: check
+CVE-2005-3744 (SQL injection vulnerability in index.php in phpComasy 0.7.5 and ...)
+ TODO: check
+CVE-2005-3743 (SQL injection vulnerability in results.php in SimplePoll allows remote ...)
+ TODO: check
+CVE-2005-3742 (Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll ...)
+ TODO: check
+CVE-2005-3741 (Almond Classifieds does not properly verify the password, which allows ...)
+ TODO: check
+CVE-2005-3740 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and ...)
+ TODO: check
+CVE-2005-3739 (Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and ...)
+ TODO: check
+CVE-2005-3738 (globals.php in Mambo Site Server 4.0.14 and earlier, when ...)
+ TODO: check
+CVE-2005-3737 (Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 ...)
+ TODO: check
+CVE-2005-3736 (Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart ...)
+ TODO: check
+CVE-2005-3735 (Multiple SQL injection vulnerabilities in e-Quick Cart allow remote ...)
+ TODO: check
+CVE-2005-3734 (Cross-site scripting (XSS) vulnerability in the "add content" page in ...)
+ TODO: check
+CVE-2005-3733 (The Internet Key Exchange version 1 (IKEv1) implementation in Juniper ...)
+ TODO: check
+CVE-2005-3732 (The Internet Key Exchange version 1 (IKEv1) implementation ...)
+ TODO: check
+CVE-2004-2572 (AMAX Magic Winmail Server 3.6 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2004-2571 (Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote ...)
+ TODO: check
+CVE-2004-2570 (Opera before 7.54 allows remote attackers to modify properties and ...)
+ TODO: check
+CVE-2004-2568 (Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 ...)
+ TODO: check
+CVE-2004-2567 (Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote ...)
+ TODO: check
+CVE-2004-2566 (Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld ...)
+ TODO: check
+CVE-2004-2565 (Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta ...)
+ TODO: check
+CVE-2004-2564 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server ...)
+ TODO: check
+CVE-2004-2563 (Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2004-2562 (SQL injection vulnerability in jobedit.asp in Leigh Business ...)
+ TODO: check
+CVE-2004-2561 (Multiple SQL injection vulnerabilities in Internet Software Sciences ...)
+ TODO: check
+CVE-2004-2560 (DokuWiki before 2004-10-19, when used on a web server that permits ...)
+ TODO: check
+CVE-2004-2559 (DokuWiki before 2004-10-19 allows remote attackers to access ...)
+ TODO: check
+CVE-2003-1287 (Sambar Server before 6.0 beta 3 allows attackers with physical access ...)
+ TODO: check
+CVE-2003-1286 (HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks ...)
+ TODO: check
+CVE-2003-1285 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server ...)
+ TODO: check
+CVE-2003-1284 (Sambar Server before 6.0 beta 6 allows remote attackers to obtain ...)
+ TODO: check
CVE-2005-XXXX [Kernel DoS through integer overflow in invalidate_inode_pages2()]
- linux-2.6 <unfixed>
NOTE: Pinged Horms/dannf
@@ -4,10 +130,10 @@
CVE-2005-XXXX [Two potential netfilter DoS issues]
- linux-2.6 <unfixed>
NOTE: Pinged Horms/dannf
-CVE-2005-3759 [XSS in horde3]
+CVE-2005-3759 (Multiple cross-site scripting (XSS) vulnerabilities in Horde before ...)
{DSA-909-1}
- horde3 3.0.7-1 (bug #340323; medium)
-CVE-2004-2569 [Insecure temp file in ipmenu]
+CVE-2004-2569 (ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users ...)
{DSA-907-1}
- ipmenu 0.0.3-5
CVE-2005-XXXX [Multiple security issues in OTRS]
@@ -294,8 +420,7 @@
NOT-FOR-US: SAP Web Application Server
CVE-2005-3633 (HTTP response splitting vulnerability in frameset.htm in SAP Web ...)
NOT-FOR-US: SAP Web Application Server
-CVE-2005-3632 [buffer overflows in netpbm's pnmtopng]
- RESERVED
+CVE-2005-3632 (Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow ...)
{DSA-904-1}
- netpbm-free 10.0-11
TODO: Check, whether this is the same as CVE-2005-3662
@@ -494,8 +619,7 @@
RESERVED
CVE-2005-3532
RESERVED
-CVE-2005-3531 [fuse: fusermount special chars interpretation errors]
- RESERVED
+CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root, allows ...)
- fuse <unfixed> (bug filed; medium)
CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...)
NOT-FOR-US: Antville
@@ -1506,7 +1630,7 @@
CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow]
- pavuk 0.9.33-1 (bug #264684; high)
NOTE: second hole mentioned in bug report
-CVE-2005-3751 [HTTP Request smuggling in pound]
+CVE-2005-3751 (HTTP request smuggling vulnerability in Pound before 1.9.4 allows ...)
- pound 1.9.4-1 (low)
NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before ...)
@@ -1943,7 +2067,7 @@
- amanda <unfixed> (bug #226139; low)
CVE-2004-XXXX [Buffer overflow in wdm's login]
- wdm <unfixed> (bug #276218; low)
-CVE-2005-3752 [Unsafe string landling in ldapdiff]
+CVE-2005-3752 (Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact ...)
- ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878)
CVE-2005-XXXX [apt-cache doesn't differentiate sources which share several properties]
- apt <unfixed> (bug #329814; low)
@@ -2161,7 +2285,7 @@
CVE-2005-XXXX [ Chroot escape in vserver kernel patch]
- kernel-patch-vserver 2.1 (bug #329087; bug #329090; medium)
[sarge] - kernel-patch-vserver 1.9.5.4
-CVE-2005-3753 [Local kernel DoS through incorrect boundary checks in cipher processors]
+CVE-2005-3753 (Linux kernel before after 2.6.12 and before 2.6.13.1 might allow ...)
- linux-2.6 2.6.12-7 (low)
CVE-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...)
NOT-FOR-US: Mall23 eCommerce
@@ -4375,8 +4499,8 @@
RESERVED
CVE-2005-2340
RESERVED
-CVE-2005-2339
- RESERVED
+CVE-2005-2339 (Cross-site scripting (XSS) vulnerability in the Unicode version of ...)
+ TODO: check
CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP ...)
- xoops <itp> (bug #207640)
CVE-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to ...)
@@ -7942,7 +8066,7 @@
- qmail-src 1.03-38
CVE-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when ...)
- qmail-src 1.03-38
-CVE-2004-2067 (SQL injection vulnerability in controlpanel.php in JAWS 0.4 allows ...)
+CVE-2004-2067 (SQL injection vulnerability in controlpanel.php in Jaws Framework and ...)
NOT-FOR-US: JAWS
CVE-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows ...)
NOT-FOR-US: LinPHA
@@ -8285,7 +8409,7 @@
- monit 1:4.2.1-1
CVE-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 ...)
NOT-FOR-US: no_package
-CVE-2004-1895 (YaST Online Update (YOU) in SuSE 9.0 allows local users to overwrite ...)
+CVE-2004-1895 (YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to ...)
NOT-FOR-US: no_package
CVE-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option, allows ...)
NOT-FOR-US: no_package
More information about the Secure-testing-commits
mailing list