[Secure-testing-commits] r2544 - data/CVE
Joey Hess
joeyh at costa.debian.org
Mon Oct 24 09:14:28 UTC 2005
Author: joeyh
Date: 2005-10-24 09:14:21 +0000 (Mon, 24 Oct 2005)
New Revision: 2544
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-10-24 08:47:17 UTC (rev 2543)
+++ data/CVE/list 2005-10-24 09:14:21 UTC (rev 2544)
@@ -1,3 +1,53 @@
+CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
+ TODO: check
+CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for ...)
+ TODO: check
+CVE-2005-3299 (PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin ...)
+ TODO: check
+CVE-2005-3298 (Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote ...)
+ TODO: check
+CVE-2005-3297 (Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote ...)
+ TODO: check
+CVE-2005-3296 (The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote ...)
+ TODO: check
+CVE-2005-3295 (Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows ...)
+ TODO: check
+CVE-2005-3294 (Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows ...)
+ TODO: check
+CVE-2005-3293 (Xerver 4.17 allows remote attackers to (1) obtain source code of ...)
+ TODO: check
+CVE-2005-3292 (Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 ...)
+ TODO: check
+CVE-2005-3291 (Stani's Python Editor (SPE) 0.7.5 is installed with world-writable ...)
+ TODO: check
+CVE-2005-3290 (SQL injection vulnerability in Accelerated Mortgage Manager allows ...)
+ TODO: check
+CVE-2005-3289 (LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, ...)
+ TODO: check
+CVE-2005-3288 (Mailsite Express allows remote attackers to upload and execute files ...)
+ TODO: check
+CVE-2005-3287 (Incomplete blacklist vulnerability in Mailsite Express allows remote ...)
+ TODO: check
+CVE-2005-3286 (The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall ...)
+ TODO: check
+CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before ...)
+ TODO: check
+CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 ...)
+ TODO: check
+CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2005-3281 (Directory traversal vulnerability in NukeFix 3.1 for PHP-Nuke 7.8 ...)
+ TODO: check
+CVE-2005-3280 (Paros 3.2.5 uses a default password for the "sa" account in the ...)
+ TODO: check
+CVE-2005-3279 (Stack-based buffer overflow in the vgasco_printf function in Jan Kybic ...)
+ TODO: check
+CVE-2005-3278 (Integer overflow in the openpsfile function in gsinterf.c for Jan ...)
+ TODO: check
+CVE-2005-3277 (The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote ...)
+ TODO: check
CVE-2005-XXXX [adduser's deluser creates backup files with world readable permissions]
- adduser 3.77 (bug #331720; low)
CVE-2005-XXXX [yet another local file inclusion vulnverability in phpmyadmin]
@@ -28,7 +78,7 @@
CVE-2005-3267
RESERVED
CVE-2005-3266
- RESERVED
+ REJECTED
CVE-2005-3265
RESERVED
CVE-2005-3264 (Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog ...)
@@ -248,7 +298,7 @@
- xloadimage 4.1-15 (bug #332524; medium)
- xli 1.17.0-20 (medium)
NOTE: xli couldn't load the provided test images when I checked?
-CVE-2005-3302 [Arbitrary command execution in import script for bvh files in Blender]
+CVE-2005-3302 (Eval injection vulnerability in bvh_import.py in Blender 2.36 allows ...)
- blender <unfixed> (bug #330895; medium)
CVE-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, ...)
NOT-FOR-US: Microsoft
@@ -280,7 +330,8 @@
NOT-FOR-US: Hitachi Cosminexus Application Server
CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...)
- polipo <unfixed> (bug #332411; medium)
-CVE-2005-3162 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.109 allow ...)
+CVE-2005-3162
+ REJECTED
NOT-FOR-US: PHP-Fusion
CVE-2005-3161 (SQL injection vulnerability in PHP-Fusion before 6.00.110 allows ...)
NOT-FOR-US: PHP-Fusion
@@ -822,8 +873,7 @@
RESERVED
- linux-2.6 <unfixed>
NOTE: Pinged Horms as usual
-CVE-2005-2972 [Further RTF buffer overflows in abiword]
- RESERVED
+CVE-2005-2972 (Multiple stack-based buffer overflows in the RTF import feature in ...)
- abiword 2.4.1-1 (bug #333740; medium)
CVE-2005-2971 (Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 ...)
- koffice 1:1.3.5-5 (bug #333497; medium)
@@ -3971,7 +4021,7 @@
NOT-FOR-US: EtoShop
CVE-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow ...)
NOT-FOR-US: NetBSD
-CVE-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CAN-2005-1915. Reason: ...)
+CVE-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1915. Reason: ...)
NOT-FOR-US: log4sh
CVE-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...)
NOT-FOR-US: SCO UnixWare
@@ -3985,26 +4035,26 @@
NOT-FOR-US: Windows
CVE-2005-2127 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
NOT-FOR-US: Windows
-CVE-2005-2126
- RESERVED
+CVE-2005-2126 (The FTP client in Windows XP SP1 and Server 2003, and Internet ...)
+ TODO: check
CVE-2005-2125
RESERVED
CVE-2005-2124
RESERVED
CVE-2005-2123
RESERVED
-CVE-2005-2122
- RESERVED
+CVE-2005-2122 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and ...)
+ TODO: check
CVE-2005-2121
RESERVED
CVE-2005-2120 (Stack-based buffer overflow in the Plug and Play (PnP) service ...)
NOT-FOR-US: Windows
CVE-2005-2119 (The MIDL_user_allocate function in the Microsoft Distributed ...)
NOT-FOR-US: Microsoft
-CVE-2005-2118
- RESERVED
-CVE-2005-2117
- RESERVED
+CVE-2005-2118 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and ...)
+ TODO: check
+CVE-2005-2117 (Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and ...)
+ TODO: check
CVE-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...)
- cupsys 1.1.20final+rc1-1 (low)
CVE-2005-2116
More information about the Secure-testing-commits
mailing list