[Secure-testing-commits] r1849 - data/CAN
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Thu Sep 8 10:43:06 UTC 2005
Author: jmm-guest
Date: 2005-09-08 10:43:02 +0000 (Thu, 08 Sep 2005)
New Revision: 1849
Modified:
data/CAN/list
Log:
hiki xss, kernel sg_seqfile dos, ssh, phpldapadmin CANified
new squid issue (dos again)
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-08 10:12:00 UTC (rev 1848)
+++ data/CAN/list 2005-09-08 10:43:02 UTC (rev 1849)
@@ -75,69 +75,69 @@
NOTE: reserved
begin claimed by jmm
CAN-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...)
- TODO: check
+ - hiki 0.8.3-1
CAN-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs ...)
- TODO: check
+ - linux-2.6 2.6.12-6 (low)
CAN-2005-2799
NOTE: reserved
CAN-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...)
- TODO: check
+ - openssh (unfixed; bug #326065; medium)
CAN-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle ...)
- TODO: check
+ - openssh (unfixed; bug #326065; medium)
CAN-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ...)
- TODO: check
+ - squid 2.5.10-5 (medium)
CAN-2005-2795
NOTE: reserved
CAN-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to ...)
- TODO: check
+ - squid 2.5.10-5 (medium)
CAN-2005-2793 (PHP remote code injection vulnerability in welcome.php in phpLDAPadmin ...)
- TODO: check
+ - phpldapadmin 0.9.6c-7 (bug #325785; medium)
CAN-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 ...)
- TODO: check
+ - phpldapadmin 0.9.6c-7 (bug #325785; medium)
CAN-2005-2791 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
- TODO: check
+ NOTE: not-for-us (BFCC)
CAN-2005-2790 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
- TODO: check
+ NOTE: not-for-us (BFCC)
CAN-2005-2789 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
- TODO: check
+ NOTE: not-for-us (BFCC)
CAN-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 ...)
- TODO: check
+ NOTE: not-for-us (Land Down Under)
CAN-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (Simple PHP Blog)
CAN-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop ...)
- TODO: check
+ NOTE: not-for-us (cosmoshop)
CAN-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in the ...)
- TODO: check
+ NOTE: not-for-us (cosmoshop)
CAN-2005-2784 (SQL injection vulnerability in the login function for the ...)
- TODO: check
+ NOTE: not-for-us (cosmoshop)
CAN-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and ...)
- TODO: check
+ NOTE: not-for-us (PHP-Fusion)
CAN-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for ...)
- TODO: check
+ NOTE: not-for-us (AutoLinks Pro)
CAN-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...)
- TODO: check
+ TODO: check, whether egroupware-fudforum and phpgroupware-fudforum are affected
CAN-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
- TODO: check
+ NOTE: not-for-us (Land Down Under)
CAN-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (iTAN)
CAN-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...)
- TODO: check
+ NOTE: not-for-us (MyBB)
CAN-2005-2777 (Looking Glass 20040427 allows remote attackers to execute arbitrary ...)
- TODO: check
+ NOTE: not-for-us (Looking Glass)
CAN-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass ...)
- TODO: check
+ NOTE: not-for-us (Looking Glass)
CAN-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to modify ...)
- TODO: check
+ NOTE: not-for-us (Looking Glass)
CAN-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows ...)
- TODO: check
+ NOTE: not-for-us (Litium Quake mod)
CAN-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote ...)
- TODO: check
+ NOTE: not-for-us (HP OpenView)
CAN-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota ...)
TODO: check
CAN-2005-2771 (Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
- TODO: check
+ NOTE: not-for-us (Reflection for Secure IT)
CAN-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 does not properly ...)
- TODO: check
+ NOTE: not-for-us (Reflection for Secure IT)
CAN-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and ...)
TODO: check
CAN-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...)
@@ -301,12 +301,6 @@
CAN-2005-XXXX [osh buffer overflow in handlers.c]
NOTE: This is not the same as -13
- osh 1.7-14 (bug #323424; medium)
-CAN-2005-XXXX [Insecure delegation of GSSAPI credentials in ssh]
- - openssh (unfixed; bug #326065; medium)
-CAN-2005-XXXX [Incorrect port forwarding for dynamic ports in ssh]
- - openssh (unfixed; bug #326065; medium)
-CAN-2005-XXXX [XSS and information information disclosure in phpldapadmin's welcome.php]
- - phpldapadmin 0.9.6c-7 (bug #325785; medium)
CAN-2005-XXXX [Insecure symlink handling in smb4k]
- smb4k 0.6.3-1 (medium)
CAN-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
@@ -1390,8 +1384,6 @@
- nvi 1.79-22 (medium)
CAN-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way]
- bugzilla (unfixed; bug #321567; medium)
-CAN-2005-XXXX [Unspecified XSS in hiki]
- - hiki 0.8.3-1
CAN-2005-XXXX [Crypto weakness in Tor's handshaking process]
- tor 0.1.0.14-1 (medium)
CAN-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux ...)
More information about the Secure-testing-commits
mailing list