[Secure-testing-commits] r2589 - data/CVE
Joey Hess
joeyh at costa.debian.org
Thu Oct 27 09:14:27 UTC 2005
Author: joeyh
Date: 2005-10-27 09:14:21 +0000 (Thu, 27 Oct 2005)
New Revision: 2589
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-10-27 08:56:15 UTC (rev 2588)
+++ data/CVE/list 2005-10-27 09:14:21 UTC (rev 2589)
@@ -1,3 +1,189 @@
+CVE-2005-3339 (Mantis before 0.19.3 caches the User ID longer than necessary, which ...)
+ TODO: check
+CVE-2005-3338 (Unspecified vulnerability in Mantis before 0.19.3, when using ...)
+ TODO: check
+CVE-2005-3337 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis before ...)
+ TODO: check
+CVE-2005-3336 (SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows ...)
+ TODO: check
+CVE-2005-3335 (PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php ...)
+ TODO: check
+CVE-2005-3334 (Cross-site scripting (XSS) vulnerability in index.php in Flyspray ...)
+ TODO: check
+CVE-2005-3333 (SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to ...)
+ TODO: check
+CVE-2005-3332 (PHP remote file include vulnerability in admin/define.inc.php in ...)
+ TODO: check
+CVE-2005-3331 (viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary ...)
+ TODO: check
+CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2 allows remote attackers to ...)
+ TODO: check
+CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication Agent ...)
+ TODO: check
+CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php PunBB 1.1.2 ...)
+ TODO: check
+CVE-2005-3327 (Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators ...)
+ TODO: check
+CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) ...)
+ TODO: check
+CVE-2005-3325 (SQL injection vulnerability in base_qry_main.php in Basic Analysis and ...)
+ TODO: check
+CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows remote ...)
+ TODO: check
+CVE-2005-3323 (docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows ...)
+ TODO: check
+CVE-2005-3322 (Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote ...)
+ TODO: check
+CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify ...)
+ TODO: check
+CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager ...)
+ TODO: check
+CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module ...)
+ TODO: check
+CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM lib ...)
+ TODO: check
+CVE-2005-3317 (Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and ...)
+ TODO: check
+CVE-2005-3316 (The installation of ON Symantec Discovery 4.5.x and Symantec Discovery ...)
+ TODO: check
+CVE-2005-3315
+ RESERVED
+CVE-2005-3314
+ RESERVED
+CVE-2005-3313
+ RESERVED
+CVE-2005-3312 (The HTML rendering engine in Microsoft Internet Explorer 6.0 allows ...)
+ TODO: check
+CVE-2005-3311 (BMC Software Control-M 6.1.03 for Solaris, and possibly other ...)
+ TODO: check
+CVE-2005-3310 (Multiple interpretation error in phpBB 2.0.17, with remote avatars and ...)
+ TODO: check
+CVE-2005-3309 (Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote ...)
+ TODO: check
+CVE-2005-3308 (Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 ...)
+ TODO: check
+CVE-2005-3307 (Directory traversal vulnerability in index.php for FlatNuke 2.5.6 ...)
+ TODO: check
+CVE-2005-3306 (Cross-site scripting (XSS) vulnerability in index.php for FlatNuke ...)
+ TODO: check
+CVE-2005-3305 (Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote ...)
+ TODO: check
+CVE-2005-3304 (Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote ...)
+ TODO: check
+CVE-2005-3303
+ RESERVED
+CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP ...)
+ TODO: check
+CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple ...)
+ TODO: check
+CVE-2004-2537 (Unspecified vulnerability in SurgeMail before 2.2c10 has unknown ...)
+ TODO: check
+CVE-2004-2536 (The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 ...)
+ TODO: check
+CVE-2004-2535 (The person-to-person secure messaging feature in Sticker before 3.1.0 ...)
+ TODO: check
+CVE-2004-2534 (Fastream NETFile Server 7.1.2 does not properly handle keep-alive ...)
+ TODO: check
+CVE-2004-2533 (Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause ...)
+ TODO: check
+CVE-2004-2532 (Serv-U FTP server before 5.1.0.0 has a default account and password ...)
+ TODO: check
+CVE-2004-2531 (X.509 Certificate Signature Verification in Gnu transport layer ...)
+ TODO: check
+CVE-2004-2530 (Visual truncation vulnerability in Gadu-Gadu allows remote attackers ...)
+ TODO: check
+CVE-2004-2529 (Gadu-Gadu allows remote attackers to bypass the "image send" option by ...)
+ TODO: check
+CVE-2004-2528 (Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam ...)
+ TODO: check
+CVE-2004-2527 (The local and remote desktop login screens in Microsoft Windows XP ...)
+ TODO: check
+CVE-2004-2526 (Directory traversal vulnerability in ldacgi.exe in IBM Tivoli ...)
+ TODO: check
+CVE-2004-2525 (Cross-site scripting (XSS) vulnerability in compat.php in Serendipity ...)
+ TODO: check
+CVE-2004-2524 (clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier ...)
+ TODO: check
+CVE-2004-2523 (Format string vulnerability in the msg command (cat_message function ...)
+ TODO: check
+CVE-2004-2522 (Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server ...)
+ TODO: check
+CVE-2004-2521 (Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to ...)
+ TODO: check
+CVE-2004-2520 (POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote ...)
+ TODO: check
+CVE-2004-2519 (Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2004-2518 (Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2004-2517 (myServer 0.7.1 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2004-2516 (Directory traversal vulnerability in myServer 0.7 allows remote ...)
+ TODO: check
+CVE-2004-2515 (Format string vulnerability in VMware Workstation 4.5.2 build-8848, if ...)
+ TODO: check
+CVE-2004-2514 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2004-2513 (Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 ...)
+ TODO: check
+CVE-2004-2512 (CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and ...)
+ TODO: check
+CVE-2004-2511 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...)
+ TODO: check
+CVE-2004-2510 (Cross-site scripting (XSS) vulnerability in showflat.php in Infopop ...)
+ TODO: check
+CVE-2004-2509 (Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) ...)
+ TODO: check
+CVE-2004-2508 (Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B ...)
+ TODO: check
+CVE-2004-2507 (Absolute path traversal vulnerability in main.cgi in Linksys WVC11B ...)
+ TODO: check
+CVE-2004-2506 (Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g ...)
+ TODO: check
+CVE-2004-2505 (Macromedia ColdFusion MX before 6.1 does not restrict the size of ...)
+ TODO: check
+CVE-2004-2504 (The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, ...)
+ TODO: check
+CVE-2004-2503 (INweb Mail Server 2.40 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2004-2502 (im-switch before 11.4-46.1 in Fedora Core 2 allows local users to ...)
+ TODO: check
+CVE-2004-2501 (Buffer overflow in the IMAP service of MailEnable Professional Edition ...)
+ TODO: check
+CVE-2004-2500 (Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown ...)
+ TODO: check
+CVE-2004-2499 (Unspecified vulnerability in Hitachi Web Page Generator and Web Page ...)
+ TODO: check
+CVE-2004-2498 (Unspecified vulnerability in the error handler in Hitachi Web Page ...)
+ TODO: check
+CVE-2004-2497 (Cross-site scripting (XSS) vulnerability in the error handler in ...)
+ TODO: check
+CVE-2004-2496 (The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote ...)
+ TODO: check
+CVE-2004-2495 (The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail ...)
+ TODO: check
+CVE-2004-2494 (Cross-site scripting (XSS) vulnerability in _error in Ability Mail ...)
+ TODO: check
+CVE-2004-2493 (Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) ...)
+ TODO: check
+CVE-2004-2492 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web ...)
+ TODO: check
+CVE-2004-2491 (A race condition in Opera web browser 7.53 Build 3850 causes Opera to ...)
+ TODO: check
+CVE-2004-2490 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and ...)
+ TODO: check
+CVE-2004-2489 (Format string vulnerability in IBM Informix Dynamic Server (IDS) ...)
+ TODO: check
+CVE-2004-2488 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...)
+ TODO: check
+CVE-2004-2487 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...)
+ TODO: check
+CVE-2004-2486 (The DSS verification code in Dropbear SSH Server before 0.43 frees ...)
+ TODO: check
+CVE-2004-2485 (Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major ...)
+ TODO: check
+CVE-2004-2484 (Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 ...)
+ TODO: check
CVE-2005-XXXX [kernel: Signedness problems in net/core/filter]
- linux-2.6 2.6.12-2
[sarge] - kernel-source-2.4.27 <not-affected>
@@ -57,7 +243,7 @@
NOT-FOR-US: TikiWiki
CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass ...)
NOT-FOR-US: Splatt Forum
-CVE-2005-3281 (Directory traversal vulnerability in NukeFix 3.1 for PHP-Nuke 7.8 ...)
+CVE-2005-3281 (Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 ...)
NOT-FOR-US: PHP-Nuke addon
CVE-2005-3280 (Paros 3.2.5 uses a default password for the "sa" account in the ...)
NOT-FOR-US: Paros
@@ -102,12 +288,12 @@
NOT-FOR-US: Sun Java System Directory Server
CVE-2005-3268 (yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and ...)
- yiff 2.14.2-8 (bug #334616; low)
-CVE-2005-3267
- RESERVED
+CVE-2005-3267 (Heap-based buffer overflow in Skype client before 1.4.x.84 on Windows, ...)
+ TODO: check
CVE-2005-3266
REJECTED
-CVE-2005-3265
- RESERVED
+CVE-2005-3265 (Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows ...)
+ TODO: check
CVE-2005-3264 (Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog ...)
NOT-FOR-US: Zeroblog
CVE-2005-3263 (Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 ...)
@@ -445,6 +631,7 @@
- module-assistant 0.9.10
TODO: Check, whether this version really fixes the issue, it's not mentioned in the changelog
CVE-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and ...)
+ {DSA-874-1}
- lynx <unfixed> (bug #335033; high)
- lynx-cur 2.8.6-16 (bug #334423; high)
CVE-2005-3118 (Mason before 1.0.0 does not install the init script after the user ...)
@@ -905,8 +1092,8 @@
CVE-2005-2971 (Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 ...)
{DSA-872-1}
- koffice 1:1.3.5-5 (bug #333497; medium)
-CVE-2005-2970
- RESERVED
+CVE-2005-2970 (Memory leak in the worker MPM (worker.c) for Apache 2, in certain ...)
+ TODO: check
CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...)
{DSA-868-1}
- openssl 0.9.8-3 (bug #333500; low)
@@ -939,12 +1126,10 @@
{DSA-836-1 DSA-835-1}
- cfengine <unfixed>
- cfengine2 <unfixed>
-CVE-2005-2959 [Sudo does not sanitize SHELLOPTS and PS4 shell env vars before starting sudoed apps]
- RESERVED
+CVE-2005-2959 (sudo 1.6.8 and earlier does not clear the (1) SHELLOPTS and (2) PS4 ...)
{DSA-870-1}
- sudo 1.6.8p9-3 (medium)
-CVE-2005-2958 [Format string vulnerability in libgda2]
- RESERVED
+CVE-2005-2958 (Multiple format string vulnerabilities in the GNOME Data Access ...)
{DSA-871-1}
- libgda2 1.2.2-1 (medium)
CVE-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 ...)
@@ -1008,10 +1193,10 @@
RESERVED
CVE-2005-2928
RESERVED
-CVE-2005-2927
- RESERVED
-CVE-2005-2926
- RESERVED
+CVE-2005-2927 (Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, ...)
+ TODO: check
+CVE-2005-2926 (Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO ...)
+ TODO: check
CVE-2005-2925 (runpriv in SGI IRIX allows local users to bypass intended restrictions ...)
NOT-FOR-US: IRIX
CVE-2005-2924
@@ -1401,22 +1586,22 @@
RESERVED
CVE-2005-2749
RESERVED
-CVE-2005-2748
- RESERVED
-CVE-2005-2747
- RESERVED
-CVE-2005-2746
- RESERVED
-CVE-2005-2745
- RESERVED
-CVE-2005-2744
- RESERVED
-CVE-2005-2743
- RESERVED
-CVE-2005-2742
- RESERVED
-CVE-2005-2741
- RESERVED
+CVE-2005-2748 (The malloc function in the libSystem library in Apple Mac OS X 10.3.9 ...)
+ TODO: check
+CVE-2005-2747 (Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by ...)
+ TODO: check
+CVE-2005-2746 (Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message ...)
+ TODO: check
+CVE-2005-2745 (Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for ...)
+ TODO: check
+CVE-2005-2744 (Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, ...)
+ TODO: check
+CVE-2005-2743 (The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X ...)
+ TODO: check
+CVE-2005-2742 (SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, ...)
+ TODO: check
+CVE-2005-2741 (Authorization Services in securityd for Apple Mac OS X 10.3.9 allows ...)
+ TODO: check
CVE-2005-2740
RESERVED
CVE-2005-2739
@@ -1484,8 +1669,8 @@
- helix-player 1.0.6-1 (bug #330364; high)
CVE-2005-2709
RESERVED
-CVE-2005-2708
- RESERVED
+CVE-2005-2708 (The search_binary_handler function in exec.c in Linux kernel on 64-bit ...)
+ TODO: check
CVE-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
{DSA-868-1 DSA-866-1 DSA-838-1}
- mozilla-firefox 1.0.7-1 (bug #329778; medium)
@@ -2340,8 +2525,8 @@
NOT-FOR-US: MacOS X
CVE-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file ...)
NOT-FOR-US: MacOS X
-CVE-2005-2524
- RESERVED
+CVE-2005-2524 (Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to ...)
+ TODO: check
CVE-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server ...)
NOT-FOR-US: Weblog Server in Mac OS X
CVE-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs ...)
@@ -2944,8 +3129,8 @@
RESERVED
CVE-2005-2339
RESERVED
-CVE-2005-2338
- RESERVED
+CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP ...)
+ TODO: check
CVE-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to ...)
{DSA-864-1 DSA-862-1 DSA-860-1}
- ruby <removed>
@@ -3847,6 +4032,7 @@
NOTE: How bizarre, they assign a CVE Id without knowing which product contains
NOTE: the affected probe.cgi
CVE-2005-2177 (Unknown vulnerability in Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before ...)
+ {DSA-873-1}
- net-snmp 5.2.1.2-1 (bug #318420; medium)
CVE-2005-2176 (Novell NetMail automatically processes HTML in an attachment without ...)
NOT-FOR-US: Novell NetMail
@@ -4127,8 +4313,8 @@
CVE-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in ...)
{DSA-818-1}
- kdeedu 4:3.4.2-1 (low)
-CVE-2005-2100
- RESERVED
+CVE-2005-2100 (The rw_vm function in usercopy.c in the 4GB split patch for the Linux ...)
+ TODO: check
CVE-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring ...)
{DTSA-16-1}
NOTE: 2.6.8 and 2.4.27 not affected
@@ -7635,7 +7821,7 @@
- courier <unfixed> (bug #307575; medium)
NOTE: Upstream explanation looks wrong, not all code paths perform
NOTE: escaping.
-CVE-2005-1307 (stopserver.sh in Adobe Version Cue on Mac OS X allows local users to ...)
+CVE-2005-1307 (The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version ...)
NOT-FOR-US: Adobe Version Cue
CVE-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...)
NOT-FOR-US: Adobe Reader 7
@@ -10209,7 +10395,7 @@
NOT-FOR-US: UBB.threads
CVE-2004-1621 (** DISPUTED ** ...)
NOT-FOR-US: Lotus Notes
-CVE-2004-1620 (CRLF injection vulnerability in exit.php in Serendipity before 0.7rc1 ...)
+CVE-2004-1620 (CRLF injection vulnerability in Serendipity before 0.7rc1 allows ...)
NOT-FOR-US: Serendipity
CVE-2004-1619 (Buffer overflow in Privateer's Bounty: Age of Sail II allows ...)
NOT-FOR-US: Privateer's Bounty: Age of Sail II
@@ -12648,7 +12834,7 @@
NOT-FOR-US: Citrix
CVE-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and ...)
NOT-FOR-US: Citrix
-CVE-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in Atari800 ...)
+CVE-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in rt-config.c ...)
{DSA-609-1}
- atari800 1.3.2-1
CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtml ...)
@@ -14704,7 +14890,7 @@
NOT-FOR-US: general MIME bug with security gateways
CVE-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...)
{DSA-445}
-CVE-2004-0157 (xonix 1.4 and earlier invokes an external program while running at ...)
+CVE-2004-0157 (x11.c in xonix 1.4 and earlier uses the current working directory to ...)
{DSA-484}
CVE-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event ...)
{DSA-485}
More information about the Secure-testing-commits
mailing list