[Secure-testing-commits] r1844 - data/CAN
Joey Hess
joeyh at costa.debian.org
Wed Sep 7 21:14:23 UTC 2005
Author: joeyh
Date: 2005-09-07 21:14:18 +0000 (Wed, 07 Sep 2005)
New Revision: 1844
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-07 17:12:05 UTC (rev 1843)
+++ data/CAN/list 2005-09-07 21:14:18 UTC (rev 1844)
@@ -1,3 +1,147 @@
+CAN-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier ...)
+ TODO: check
+CAN-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...)
+ TODO: check
+CAN-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and ...)
+ TODO: check
+CAN-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software WebGUI ...)
+ TODO: check
+CAN-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a ...)
+ TODO: check
+CAN-2005-2835
+ NOTE: reserved
+CAN-2005-2834
+ NOTE: reserved
+CAN-2005-2833
+ NOTE: reserved
+CAN-2005-2832
+ NOTE: reserved
+CAN-2005-2831
+ NOTE: reserved
+CAN-2005-2830
+ NOTE: reserved
+CAN-2005-2829
+ NOTE: reserved
+CAN-2005-2828
+ NOTE: reserved
+CAN-2005-2827
+ NOTE: reserved
+CAN-2005-2826
+ NOTE: reserved
+CAN-2005-2825
+ NOTE: reserved
+CAN-2005-2824
+ NOTE: reserved
+CAN-2005-2823
+ NOTE: reserved
+CAN-2005-2822
+ NOTE: reserved
+CAN-2005-2821
+ NOTE: reserved
+CAN-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
+ TODO: check
+CAN-2005-2819 (Unknown vulnerability in DownFile 1.3 allows remote attackers to ...)
+ TODO: check
+CAN-2005-2818 (Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote ...)
+ TODO: check
+CAN-2005-2817 (Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs ...)
+ TODO: check
+CAN-2005-2816 (Cross-site scripting (XSS) vulnerability in Greymatter allows remote ...)
+ TODO: check
+CAN-2005-2815 (print.php in FlatNuke 2.5.6 allows remote attackers to obtain ...)
+ TODO: check
+CAN-2005-2814 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows ...)
+ TODO: check
+CAN-2005-2813 (Directory traversal vulnerability in FlatNuke 2.5.6 and possibly ...)
+ TODO: check
+CAN-2005-2812 (man2web allows remote attackers to execute arbitrary commands via -P ...)
+ TODO: check
+CAN-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, ...)
+ TODO: check
+CAN-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3 allow ...)
+ TODO: check
+CAN-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 ...)
+ TODO: check
+CAN-2005-2808 (frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, ...)
+ TODO: check
+CAN-2005-2807 (frox 0.7.18, when running setuid root, does not properly drop ...)
+ TODO: check
+CAN-2005-2806 (client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows ...)
+ TODO: check
+CAN-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to ...)
+ TODO: check
+CAN-2005-2804
+ NOTE: reserved
+CAN-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...)
+ TODO: check
+CAN-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs ...)
+ TODO: check
+CAN-2005-2799
+ NOTE: reserved
+CAN-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...)
+ TODO: check
+CAN-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle ...)
+ TODO: check
+CAN-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ...)
+ TODO: check
+CAN-2005-2795
+ NOTE: reserved
+CAN-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to ...)
+ TODO: check
+CAN-2005-2793 (PHP remote code injection vulnerability in welcome.php in phpLDAPadmin ...)
+ TODO: check
+CAN-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 ...)
+ TODO: check
+CAN-2005-2791 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
+ TODO: check
+CAN-2005-2790 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
+ TODO: check
+CAN-2005-2789 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
+ TODO: check
+CAN-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 ...)
+ TODO: check
+CAN-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote attackers to ...)
+ TODO: check
+CAN-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop ...)
+ TODO: check
+CAN-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in the ...)
+ TODO: check
+CAN-2005-2784 (SQL injection vulnerability in the login function for the ...)
+ TODO: check
+CAN-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and ...)
+ TODO: check
+CAN-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for ...)
+ TODO: check
+CAN-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...)
+ TODO: check
+CAN-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
+ TODO: check
+CAN-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...)
+ TODO: check
+CAN-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...)
+ TODO: check
+CAN-2005-2777 (Looking Glass 20040427 allows remote attackers to execute arbitrary ...)
+ TODO: check
+CAN-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass ...)
+ TODO: check
+CAN-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to modify ...)
+ TODO: check
+CAN-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows ...)
+ TODO: check
+CAN-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote ...)
+ TODO: check
+CAN-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota ...)
+ TODO: check
+CAN-2005-2771 (Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
+ TODO: check
+CAN-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 does not properly ...)
+ TODO: check
+CAN-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and ...)
+ TODO: check
+CAN-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...)
+ TODO: check
+CAN-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute ...)
+ TODO: check
CAN-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6]
- linux-2.6 2.6.12-6 (low)
CAN-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly ...)
@@ -6,8 +150,8 @@
NOTE: not-for-us (Microsoft Windows)
CAN-2005-2764
NOTE: reserved
-CAN-2005-2763
- NOTE: reserved
+CAN-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...)
+ TODO: check
CAN-2005-2762
NOTE: reserved
CAN-2005-2760
@@ -129,8 +273,7 @@
NOTE: reserved
CAN-2005-2701
NOTE: reserved
-CAN-2005-2700 [Insufficient enforcement of SSL cert verification]
- NOTE: reserved
+CAN-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...)
- libapache-mod-ssl 2.8.24-1 (medium)
NOTE: apache2 maintainer working on an update
- apache2 (unfixed; medium)
@@ -140,7 +283,7 @@
NOTE: not-for-us (Nephp Publisher Enterprise)
CAN-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) ...)
NOTE: not-for-us (MyBB)
-CAN-2005-2696 (The Lotus Notes client does not properly restrict access to password ...)
+CAN-2005-2696 (IBM Lotus Notes does not properly restrict access to password hashes ...)
NOTE: not-for-us (Notes)
CAN-2005-2695 (Unspecified vulnerability in the SSL certificate checking ...)
NOTE: not-for-us (Cisco)
@@ -166,10 +309,10 @@
CAN-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
{DSA-793-1}
- courier 0.47-8 (medium; bug #325631)
-CAN-2005-2801 [xattr sharing bug in kernel's ext3 code]
+CAN-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 ...)
- kernel-source-2.4.27 2.4.27-11 (medium)
NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00238.html
-CAN-2005-2802 [Remote DoS when using ipt_recent on 64 bit systems]
+CAN-2005-2802 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before ...)
- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
CAN-2005-XXXX [polygen doesn't honor umask when creating grm.o files]
NOTE: Fix in -8 had problems
@@ -259,8 +402,7 @@
NOTE: reserved
CAN-2005-2657
NOTE: reserved
-CAN-2005-2656
- NOTE: reserved
+CAN-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with ...)
{DSA-794-1}
CAN-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges before ...)
{DSA-791-1 DTSA-11-1}
@@ -1009,8 +1151,8 @@
- ntp 1:4.2.0a+stable-4 (medium)
CAN-2005-2495
NOTE: reserved
-CAN-2005-2494
- NOTE: reserved
+CAN-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root ...)
+ TODO: check
CAN-2005-2493
NOTE: reserved
CAN-2005-2492
@@ -1313,7 +1455,7 @@
- gforge (unfixed; medium)
CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...)
NOTE: not-for-us (Firefox on Windows)
-CAN-2005-2428 (Lotus Domino R5 and R6 WebMail stores data in hidden form fields in ...)
+CAN-2005-2428 (Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" ...)
NOTE: not-for-us (Lotus Domino)
CAN-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...)
NOTE: not-for-us (CartWIZ)
@@ -1482,6 +1624,7 @@
TODO: check gaim and others that embed libgadu in source tree
- centericq 4.20.0-8etch1 (bug #323185; medium)
CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external ...)
+ {DTSA-12-1}
- vim 1:6.3-085+1 (bug #320017; medium)
CAN-2005-2367 (Format string vulnerability in the proto_item_set_text function in ...)
- ethereal 0.10.12 (medium)
@@ -1531,8 +1674,8 @@
NOTE: reserved
CAN-2005-2337
NOTE: reserved
-CAN-2005-2336
- NOTE: reserved
+CAN-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows ...)
+ TODO: check
CAN-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via shell ...)
NOTE: not-for-us (Y.SAK)
CAN-2005-2333 (Cross-site scripting (XSS) vulnerability in smilies_popup.php in ...)
@@ -2640,7 +2783,7 @@
NOTE: not-for-us (EtoShop)
CAN-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow ...)
NOTE: not-for-us (NetBSD)
-CAN-2005-2133 (The log4sh_readProperties function in log4sh allows local users to ...)
+CAN-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CAN-2005-1915. Reason: ...)
NOTE: not-for-us (log4sh)
CAN-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...)
NOTE: not-for-us (SCO UnixWare)
@@ -4020,8 +4163,7 @@
NOTE: reserved
CAN-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...)
NOTE: not-for-us (arshell)
-CAN-2005-1857
- NOTE: reserved
+CAN-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ...)
{DSA-786-1}
CAN-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses a ...)
{DSA-787-1}
More information about the Secure-testing-commits
mailing list