[Secure-testing-commits] r4044 - data/CVE

Alec Berryman alec-guest at costa.debian.org
Mon May 22 16:01:32 UTC 2006


Author: alec-guest
Date: 2006-05-22 16:01:28 +0000 (Mon, 22 May 2006)
New Revision: 4044

Modified:
   data/CVE/list
Log:
NOT-FOR-US

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-05-22 13:53:11 UTC (rev 4043)
+++ data/CVE/list	2006-05-22 16:01:28 UTC (rev 4044)
@@ -1016,7 +1016,7 @@
 CVE-2006-2019 (Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows ...)
 	NOT-FOR-US: Apple
 CVE-2005-4791 (Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 ...)
-	TODO: check
+	NOT-FOR-US: SUSE-specific
 CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and ...)
 	NOT-FOR-US: SUSE-specific
 CVE-2005-4789 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...)
@@ -4815,7 +4815,7 @@
 CVE-2005-4682 (Cross-site scripting (XSS) vulnerability in error.asp in AudienceView ...)
 	NOT-FOR-US: AudienceView 
 CVE-2005-4681 (** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 ...)
-	TODO: check
+	NOT-FOR-US: mIRC
 CVE-2005-4680 (Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, ...)
 	NOT-FOR-US: Sophos Anti-Virus
 CVE-2005-4679 (Internet Explorer 6 for Windows XP Service Pack 2 allows remote ...)
@@ -7879,7 +7879,7 @@
 	{DSA-1018-1 DSA-1017-1}
 	- linux-2.6 2.6.14-3 (medium)
 CVE-2005-3782 (Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2004-2606 (The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with ...)
 	NOT-FOR-US: Linksys hardware
 CVE-2004-2605 (aStats 1.6.5 allows local users to overwrite arbitrary files via a ...)
@@ -9949,7 +9949,7 @@
 CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP Server ...)
 	NOT-FOR-US: Qualcomm WorldMail IMAP Server
 CVE-2005-3188 (Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Winamp
 CVE-2005-3187 (The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a ...)
 	NOT-FOR-US: WinProxy
 CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in ...)
@@ -11171,13 +11171,13 @@
 CVE-2005-2715 (Format string vulnerability in the Java user interface service ...)
 	NOT-FOR-US: VERITAS NetBackup Data and Business Center
 CVE-2005-2714 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2005-2713 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2005-2712 (The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2005-2711 (ISS BlackIce 3.6, as used in multiple products including BlackICE PC ...)
-	TODO: check
+	NOT-FOR-US: ISS
 CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 ...)
 	{DSA-826-1}
 	NOTE: see  http://www.open-security.org/advisories/13
@@ -11550,9 +11550,9 @@
 CVE-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the ...)
 	NOT-FOR-US: Novell GroupWise
 CVE-2005-2619 (Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly ...)
-	TODO: check
+	NOT-FOR-US: Autonomy
 CVE-2005-2618 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) ...)
-	TODO: check
+	NOT-FOR-US: Autonomy
 CVE-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
 	NOT-FOR-US: MS IE
 CVE-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...)
@@ -29666,7 +29666,7 @@
 CVE-2002-0516 (SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users ...)
 	TODO: check
 CVE-2002-0513 (The PHP administration script in popper_mod 1.2.1 and earlier relies ...)
-	TODO: check
+	NOT-FOR-US: popper_mod
 CVE-2002-0512 (startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the ...)
 	TODO: check
 CVE-2002-0511 (The default configuration of Name Service Cache Daemon (nscd) in ...)
@@ -29682,37 +29682,37 @@
 CVE-2002-0495 (csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to ...)
 	NOT-FOR-US: csSearch
 CVE-2002-0494 (Cross-site scripting vulnerability in WebSight Directory System 0.1 ...)
-	TODO: check
+	NOT-FOR-US: WebSight
 CVE-2002-0493 (Apache Tomcat may be started without proper security settings if ...)
 	TODO: check
 CVE-2002-0490 (Instant Web Mail before 0.60 does not properly filter CR/LF sequences, ...)
-	TODO: check
+	NOT-FOR-US: Instant Web Mail
 CVE-2002-0488 (Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Linux Directory Penguin
 CVE-2002-0484 (move_uploaded_file in PHP does not does not check for the base ...)
 	TODO: check
 CVE-2002-0473 (db.php in phBB 2.0 (aka phBB2) RC-3 and earlier allows remote ...)
 	TODO: check
 CVE-2002-0464 (Directory traversal vulnerability in Hosting Controller 1.4.1 and ...)
-	TODO: check
+	NOT-FOR-US: Hosting Controller
 CVE-2002-0463 (home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: ARSC
 CVE-2002-0462 (bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone ...)
-	TODO: check
+	NOT-FOR-US: Big Sam
 CVE-2002-0454 (Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote ...)
 	TODO: check
 CVE-2002-0451 (filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote ...)
-	TODO: check
+	NOT-FOR-US: PHProjekt
 CVE-2002-0445 (article.php in PHP FirstPost 0.1 allows allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: PHP FirstPost
 CVE-2002-0444 (Microsoft Windows 2000 running the Terminal Server 90-day trial ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-2002-0443 (Microsoft Windows 2000 allows local users to bypass the policy that ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-2002-0442 (Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 ...)
 	TODO: check
 CVE-2002-0441 (Directory traversal vulnerability in imlist.php for Php Imglist allows ...)
-	TODO: check
+	NOT-FOR-US: PHP Imglist
 CVE-2002-0437 (Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote ...)
 	TODO: check
 CVE-2002-0435 (Race condition in the recursive (1) directory deletion and (2) ...)
@@ -29723,7 +29723,7 @@
 	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
 	- kernel-source-2.2.20 <removed>
 CVE-2002-0425 (mIRC DCC server protocol allows remote attackers to gain sensitive ...)
-	TODO: check
+	NOT-FOR-US: mIRC
 CVE-2002-0424 (efingerd 1.61 and earlier, when configured without the -u option, ...)
 	TODO: check
 CVE-2002-0423 (Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, ...)
@@ -29733,7 +29733,7 @@
 CVE-2002-0412 (Format string vulnerability in TraceEvent function for ntop before 2.1 ...)
 	TODO: check
 CVE-2002-0406 (Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause ...)
-	TODO: check
+	NOT-FOR-US: SPHERE
 CVE-2002-0404 (Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote ...)
 	TODO: check
 CVE-2002-0403 (DNS dissector in Ethereal before 0.9.3 allows remote attackers to ...)
@@ -29745,15 +29745,15 @@
 CVE-2002-0400 (ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of ...)
 	TODO: check
 CVE-2002-0398 (Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to ...)
-	TODO: check
+	NOT-FOR-US: Red-M
 CVE-2002-0397 (Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, ...)
-	TODO: check
+	NOT-FOR-US: Red-M
 CVE-2002-0396 (The web management server for Red-M 1050 (Bluetooth Access Point) does ...)
-	TODO: check
+	NOT-FOR-US: Red-M
 CVE-2002-0395 (The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be ...)
-	TODO: check
+	NOT-FOR-US: Red-M
 CVE-2002-0394 (Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, ...)
-	TODO: check
+	NOT-FOR-US: Red-M
 CVE-2002-0392 (Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote ...)
 	- apache2 2.0.37
 CVE-2002-0391 (Integer overflow in xdr_array function in RPC servers for operating ...)
@@ -29766,7 +29766,7 @@
 CVE-2002-0389 (Pipermail in Mailman stores private mail messages with predictable ...)
 	TODO: check
 CVE-2002-0387 (Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module ...)
-	TODO: check
+	NOT-FOR-US: Sun
 CVE-2002-0384 (Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows ...)
 	TODO: check
 CVE-2002-0382 (XChat IRC client allows remote attackers to execute arbitrary commands ...)
@@ -29781,103 +29781,103 @@
 CVE-2002-0377 (Gaim 0.57 stores sensitive information in world-readable and ...)
 	TODO: check
 CVE-2002-0376 (Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2002-0374 (Format string vulnerability in the logging function for the pam_ldap ...)
 	TODO: check
 CVE-2002-0373 (The Windows Media Device Manager (WMDM) Service in Microsoft Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0372 (Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0369 (Buffer overflow in ASP.NET Worker Process allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0368 (The Store Service in Microsoft Exchange 2000 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0367 (smss.exe debugging subsystem in Windows NT and Windows 2000 does not ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0366 (Buffer overflow in Remote Access Service (RAS) phonebook for Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0364 (Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0363 (ghostscript before 6.53 allows attackers to execute arbitrary commands ...)
 	TODO: check
 CVE-2002-0362 (Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows ...)
-	TODO: check
+	NOT-FOR-US: AOL
 CVE-2002-0359 (xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which ...)
-	TODO: check
+	NOT-FOR-US: IRIX
 CVE-2002-0358 (MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: MediaMail
 CVE-2002-0357 (Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI ...)
 	TODO: check
 CVE-2002-0356 (Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX ...)
 	TODO: check
 CVE-2002-0355 (netstat in SGI IRIX before 6.5.12 allows local users to determine the ...)
-	TODO: check
+	NOT-FOR-US: SGI
 CVE-2002-0339 (Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2002-0330 (Cross-site scripting vulnerability in codeparse.php of Open Bulletin ...)
-	TODO: check
+	NOT-FOR-US: OpenBB
 CVE-2002-0329 (Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and ...)
-	TODO: check
+	NOT-FOR-US: Snitz
 CVE-2002-0318 (FreeRADIUS RADIUS server allows remote attackers to cause a denial of ...)
 	TODO: check
 CVE-2002-0313 (Buffer overflow in Essentia Web Server 2.1 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Essentia
 CVE-2002-0309 (SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2002-0302 (The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2002-0300 (gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, ...)
 	TODO: check
 CVE-2002-0299 (CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code ...)
-	TODO: check
+	NOT-FOR-US: CatchUp
 CVE-2002-0292 (Cross-site scripting vulnerability in Slash before 2.2.5, as used in ...)
 	TODO: check
 CVE-2002-0290 (Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows ...)
-	TODO: check
+	NOT-FOR-US: WebNews
 CVE-2002-0287 (pforum 1.14 and earlier does no explicitly enable PHP magic quotes, ...)
-	TODO: check
+	NOT-FOR-US: pforum
 CVE-2002-0276 (Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, ...)
 	TODO: check
 CVE-2002-0275 (Falcon web server 2.0.0.1020 and earlier allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Falcon
 CVE-2002-0274 (Exim 3.34 and earlier may allow local users to gain privileges via a ...)
 	TODO: check
 CVE-2002-0267 (preferences.php in Simple Internet Publishing System (SIPS) before ...)
-	TODO: check
+	NOT-FOR-US: SIPS
 CVE-2002-0265 (Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file ...)
-	TODO: check
+	NOT-FOR-US: Sawmill
 CVE-2002-0251 (Buffer overflow in licq 1.0.4 and earlier allows remote attackers to ...)
 	TODO: check
 CVE-2002-0250 (Web configuration utility in HP AdvanceStack hubs J3200A through ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2002-0246 (Format string vulnerability in the message catalog library functions ...)
-	TODO: check
+	NOT-FOR-US: UnixWare
 CVE-2002-0241 (NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2002-0237 (Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE ...)
-	TODO: check
+	NOT-FOR-US: ISS
 CVE-2002-0226 (retrieve_password.pl in DCForum 6.x and 2000 generates predictable new ...)
-	TODO: check
+	NOT-FOR-US: DCForum
 CVE-2002-0213 (xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read ...)
-	TODO: check
+	NOT-FOR-US: Xinet
 CVE-2002-0211 (Race condition in the installation script for Tarantella Enterprise 3 ...)
-	TODO: check
+	NOT-FOR-US: Tarantella
 CVE-2002-0209 (Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing ...)
-	TODO: check
+	NOT-FOR-US: Nortel
 CVE-2002-0207 (Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: Real Networks
 CVE-2002-0197 (psyBNC 2.3 beta and earlier allows remote attackers to spoof ...)
-	TODO: check
+	NOT-FOR-US: psyBNC
 CVE-2002-0196 (GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the ...)
-	TODO: check
+	NOT-FOR-US: ACD
 CVE-2002-0193 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0191 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0190 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0188 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0187 (Cross-site scripting vulnerability in the SQLXML component of ...)
 	TODO: check
 CVE-2002-0186 (Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server ...)




More information about the Secure-testing-commits mailing list