thr3ads.net - Secure testing commits - [Secure-testing-commits] r2631

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Nov-01 14:11 UTC
[Secure-testing-commits] r2631 - data/CVE

Author: joeyh
Date: 2005-11-01 09:14:55 +0000 (Tue, 01 Nov 2005)
New Revision: 2631

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-11-01 09:10:41 UTC (rev 2630)
+++ data/CVE/list	2005-11-01 09:14:55 UTC (rev 2631)
@@ -1,3 +1,117 @@
+CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows
remote ...)
+	TODO: check
+CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard
forum ...)
+	TODO: check
+CVE-2005-3393 (Format string vulnerability in the foreign_option function in
...)
+	TODO: check
+CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the
virtual ...)
+	TODO: check
+CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote
attackers to ...)
+	TODO: check
+CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x
up to ...)
+	TODO: check
+CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to
5.0.5, ...)
+	TODO: check
+CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function
in ...)
+	TODO: check
+CVE-2005-3387 (The startup script in packages/RedHat/ntop.init in ntop before
3.2, ...)
+	TODO: check
+CVE-2005-3386 (SQL injection vulnerability in Techno Dreams Web Directory
script ...)
+	TODO: check
+CVE-2005-3385 (SQL injection vulnerability in Techno Dreams Mailing List script
...)
+	TODO: check
+CVE-2005-3384 (SQL injection vulnerability in Techno Dreams Guest Book script
allows ...)
+	TODO: check
+CVE-2005-3383 (SQL injection vulnerability in Techno Dreams Announcement script
...)
+	TODO: check
+CVE-2005-3382 (Multiple interpretation error in Sophos 3.91 with the 2.28.4
engine ...)
+	TODO: check
+CVE-2005-3381 (Multiple interpretation error in Ukrainian National Antivirus
(UNA) ...)
+	TODO: check
+CVE-2005-3380 (Multiple interpretation error in Panda Titanium 2005 4.02.01
allows ...)
+	TODO: check
+CVE-2005-3379 (Multiple interpretation error in Trend Micro (1) PC-Cillin 2005
...)
+	TODO: check
+CVE-2005-3378 (Multiple interpretation error in Norman 5.81 with the 5.83.02
engine ...)
+	TODO: check
+CVE-2005-3377 (Multiple interpretation error in (1) McAfee Internet Security
Suite ...)
+	TODO: check
+CVE-2005-3376 (Multiple interpretation error in Kaspersky 5.0.372 allows remote
...)
+	TODO: check
+CVE-2005-3375 (Multiple interpretation error in Ikarus demo version allows
remote ...)
+	TODO: check
+CVE-2005-3374 (Multiple interpretation error in F-Prot 3.16c allows remote
attackers ...)
+	TODO: check
+CVE-2005-3373 (Multiple interpretation error in Dr.Web 4.32b allows remote
attackers ...)
+	TODO: check
+CVE-2005-3372 (Multiple interpretation error in eTrust CA 7.0.1.4 with the
11.9.1 ...)
+	TODO: check
+CVE-2005-3371 (Multiple interpretation error in AVG 7 7.0.323 allows remote
attackers ...)
+	TODO: check
+CVE-2005-3370 (Multiple interpretation error in ArcaVir 2005 package 2005-06-21
...)
+	TODO: check
+CVE-2005-3369 (Multiple SQL injection vulnerabilities in the Info-DB module
...)
+	TODO: check
+CVE-2005-3368 (Cross-site scripting (XSS) vulnerability in the Search_Enhanced
module ...)
+	TODO: check
+CVE-2005-3367 (Cross-site scripting (XSS) vulnerability in journal.php in
SparkleBlog ...)
+	TODO: check
+CVE-2005-3366 (PHP file inclusion vulnerability in index.php in PHP iCalendar
2.0a2 ...)
+	TODO: check
+CVE-2005-3365 (Multiple SQL injection vulnerabilities in DCP-Portal 6 and
earlier ...)
+	TODO: check
+CVE-2005-3364 (Multiple SQL injection vulnerabilities in DboardGear allow
remote ...)
+	TODO: check
+CVE-2005-3363 (SQL injection vulnerability in Saphp Lesson, possibly saphp
Lesson1.1 ...)
+	TODO: check
+CVE-2005-3362 (myBloggie 2.1.3 beta and earlier allows remote attackers to
bypass a ...)
+	TODO: check
+CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in
...)
+	TODO: check
+CVE-2005-3360
+	RESERVED
+CVE-2005-3359
+	RESERVED
+CVE-2005-3358
+	RESERVED
+CVE-2005-3357
+	RESERVED
+CVE-2005-3356
+	RESERVED
+CVE-2005-3355
+	RESERVED
+CVE-2005-3354
+	RESERVED
+CVE-2005-3353
+	RESERVED
+CVE-2005-3352
+	RESERVED
+CVE-2005-3351
+	RESERVED
+CVE-2005-3350
+	RESERVED
+CVE-2005-3349
+	RESERVED
+CVE-2005-3348
+	RESERVED
+CVE-2005-3347
+	RESERVED
+CVE-2005-3346
+	RESERVED
+CVE-2005-3345
+	RESERVED
+CVE-2005-3344
+	RESERVED
+CVE-2005-3343
+	RESERVED
+CVE-2005-3342
+	RESERVED
+CVE-2005-3340
+	RESERVED
+CVE-2003-1233 (Pedestal Software Integrity Protection Driver (IPD) 1.3 and
earlier ...)
+	TODO: check
+CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the
recv ...)
+	TODO: check
 CVE-2005-XXXX [Remotely exploitable format string vulnerability in openvpn]
 	- openvpn <unfixed> (bug filed; medium)
 CVE-2005-XXXX [generic XSS vulnerability in PHP''s phpinfo function]
@@ -26,6 +140,7 @@
 CVE-2005-XXXX [Firefox IFRAME buffer overflow]
 	- mozilla-firefox <unfixed> (bug #336171; medium)
 CVE-2005-3341 [Insecure temp files in dhis-tools-dns]
+	RESERVED
 	- dhis-tools-dns 5.0-5
 CVE-2005-XXXX [xdm: full-force SAINT attack crashes xdm]
 	- xorg-x11 <unfixed> (bug #24706; low)
@@ -56,7 +171,7 @@
 	- wordpress <unfixed> (bug #335817; high)
 CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication
Agent ...)
 	NOT-FOR-US: RSA Authentication Agent
-CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php PunBB
1.1.2 ...)
+CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php in PunBB
1.1.2 ...)
 	NOT-FOR-US: PunBB
 CVE-2005-3327 (Network Appliance Data ONTAP 7.0 and earlier allows iSCSI
Initiators ...)
 	NOT-FOR-US: Data ONTAP
@@ -84,12 +199,11 @@
 	NOT-FOR-US: ZipGenius
 CVE-2005-3316 (The installation of ON Symantec Discovery 4.5.x and Symantec
Discovery ...)
 	NOT-FOR-US: Symantec Discovery
-CVE-2005-3315
-	RESERVED
+CVE-2005-3315 (Multiple SQL injection vulnerabilities in Novell ZENworks Patch
...)
+	TODO: check
 CVE-2005-3314
 	RESERVED
-CVE-2005-3313 [ethereal: DoS in IRC dissector]
-	RESERVED
+CVE-2005-3313 (The IRC protocol dissector in Ethereal 0.10.13 allows remote
attackers ...)
 	- ethereal <unfixed> (bug #334880; medium)
 	TODO: This supposedly fixed after the 13 release, separate bug might be
necessary
 CVE-2005-3312 (The HTML rendering engine in Microsoft Internet Explorer 6.0
allows ...)
@@ -325,7 +439,7 @@
 	NOT-FOR-US: Sun Java System Directory Server
 CVE-2005-3268 (yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as
root and ...)
 	- yiff 2.14.2-8 (bug #334616; low)
-CVE-2005-3267 (Heap-based buffer overflow in Skype client before 1.4.x.84 on
Windows, ...)
+CVE-2005-3267 (Integer overflow in Skype client before 1.4.x.84 on Windows,
before ...)
 	TODO: check
 CVE-2005-3266
 	REJECTED
@@ -363,32 +477,23 @@
 	- gallery 2.0.1-1 (medium)
 CVE-2005-3250 (Unknown vulnerability in Solaris 10 allows local users to cause
a ...)
 	NOT-FOR-US: Solaris
-CVE-2005-3249 [ethereal: lots of vulnerabilities]
-	RESERVED
+CVE-2005-3249 (Unspecified vulnerability in the WSP dissector in Ethereal
0.10.1 to ...)
 	- ethereal <unfixed> (bug #334880; medium)
-CVE-2005-3248 [ethereal: lots of vulnerabilities]
-	RESERVED
+CVE-2005-3248 (Unspecified vulnerability in the X11 dissector in Ethereal
0.10.12 and ...)
 	- ethereal <unfixed> (bug #334880; medium)
-CVE-2005-3247 [ethereal: lots of vulnerabilities]
-	RESERVED
+CVE-2005-3247 (The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to
cause ...)
 	- ethereal <unfixed> (bug #334880; medium)
-CVE-2005-3246 [ethereal: lots of vulnerabilities]
-	RESERVED
+CVE-2005-3246 (Ethereal 0.10.12 and earlier allows remote attackers to cause a
denial ...)
 	- ethereal <unfixed> (bug #334880; medium)
-CVE-2005-3245 [ethereal: lots of vulnerabilities]
-	RESERVED
+CVE-2005-3245 (Unspecified vulnerability in the ONC RPC dissector in Ethereal
0.10.3 ...)
 	- ethereal <unfixed> (bug #334880; medium)
-CVE-2005-3244 [ethereal: lots of vulnerabilities]
-	RESERVED
+CVE-2005-3244 (The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote
...)
 	- ethereal <unfixed> (bug #334880; medium)
-CVE-2005-3243 [ethereal: Buffer overflows in SLIM3 and AgentX dissectors]
-	RESERVED
+CVE-2005-3243 (Multiple buffer overflows in Ethereal 0.10.12 and earlier might
allow ...)
 	- ethereal <unfixed> (bug #334880; medium)
-CVE-2005-3242 [ethereal: lots of vulnerabilities]
-	RESERVED
+CVE-2005-3242 (Ethereal 0.10.12 and earlier allows remote attackers to cause a
denial ...)
 	- ethereal <unfixed> (bug #334880; medium)
-CVE-2005-3241 [ethereal: lots of vulnerabilities]
-	RESERVED
+CVE-2005-3241 (Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow
remote ...)
 	- ethereal <unfixed> (bug #334880; medium)
 CVE-2005-3240
 	RESERVED
@@ -658,12 +763,10 @@
 	RESERVED
 CVE-2005-3124
 	RESERVED
-CVE-2005-3123 [Directory traversal in gnump3d]
-	RESERVED
+CVE-2005-3123 (Directory traversal vulnerability in GNUMP3D before 2.9.6 allows
...)
 	{DSA-877-1}
 	- gnump3d 2.9.6-1 (medium)
-CVE-2005-3122 [XSS in gnump3d''s 404 page]
-	RESERVED
+CVE-2005-3122 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6
...)
 	{DSA-877-1}
 	- gnump3d 2.9.6-1 (low)
 CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary
file ...)
@@ -828,8 +931,7 @@
 	- mantis 0.19.2-4 (bug #330682; medium)
 CVE-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service
(crash) ...)
 	TODO: file a bug, it''s not really clear, whether this has security
implications
-CVE-2005-3088 [Insecure file creation in fetchmailconf may expose sensitive
data]
-	RESERVED
+CVE-2005-3088 (fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2
...)
 	- fetchmail <unfixed> (bug #336096; low)
 CVE-2005-3111 (The handler code for backupninja 0.8 and earlier creates
temporary ...)
 	{DSA-827-1}
@@ -1108,8 +1210,7 @@
 CVE-2005-2978 (pnmtopng in netpbm before 10.25, when using the -trans option,
uses ...)
 	{DSA-878-1}
 	- netpbm-free 2:10.0-10
-CVE-2005-2977 [pam vulnerable to brute force attacks when using SELinux]
-	RESERVED
+CVE-2005-2977 (The SELinux version of PAM before 0.78 r3 allows local users to
...)
 	- pam <unfixed> (bug #336344; medium)
 	[sarge] - pam <not-affected> (Does not contain SELinux support)
 	[woody] - pam <not-affected> (Does not contain SELinux support)
@@ -1119,8 +1220,7 @@
 	RESERVED
 CVE-2005-2974
 	RESERVED
-CVE-2005-2973 [Kernel 2.6 ipv6 local DoS vulnerability]
-	RESERVED
+CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before
2.6.14-rc5, ...)
 	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low)
 	- kernel-source-2.4.27 <unfixed>
 	TODO: Check, whether this is fixed in sid''s 2.4.27
@@ -1370,8 +1470,7 @@
 	- mozilla 2:1.7.12-1 (bug #327455; medium)
 	NOTE: epiphany-browser is apparently fixed fix the mozilla-browser
 	NOTE: upload; see bug #327366
-CVE-2005-2930 [several buffer overflows in MS CHM library before version 0.36]
-	RESERVED
+CVE-2005-2930 (Stack-based buffer overflow in the _chm_find_in_PMGL function in
...)
 	- chmlib 0.36-1 (bug #327431)
 CVE-2005-2802
 	REJECTED
@@ -5090,7 +5189,7 @@
 	NOT-FOR-US: MSIE
 CVE-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0
allows ...)
 	NOT-FOR-US: MSIE
-CVE-2005-1987 (Collaboration Data Objects (CDO), as used in Microsoft Windows
and ...)
+CVE-2005-1987 (Buffer overflow in Collaboration Data Objects (CDO), as used in
...)
 	NOT-FOR-US: Microsoft
 CVE-2005-1986
 	RESERVED
@@ -13239,7 +13338,7 @@
 CVE-2004-0944 (The web management interface for Mitel 3300 Integrated
Communications ...)
 	NOT-FOR-US: Mitel 3300 Integrated Communications Platform
 CVE-2004-0943
-	RESERVED
+	REJECTED
 CVE-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to
cause a ...)
 	- apache2 2.0.52-2
 CVE-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd)
2.0.21 ...)
@@ -15491,8 +15590,8 @@
 	RESERVED
 CVE-2003-0888
 	RESERVED
-CVE-2003-0887
-	RESERVED
+CVE-2003-0887 (ez-ipupdate 3.0.11b7 and earlier creates insecure temporary
cache ...)
+	TODO: check
 CVE-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and
earlier ...)
 	{DSA-401}
 CVE-2003-0885
@@ -24357,7 +24456,7 @@
 CVE-1999-0356 (ControlIT v4.5 and earlier uses weak encryption to store ...)
 CVE-1999-0354 (Internet Explorer 4.x or 5.x with Word 97 allows arbitrary
execution ...)
 CVE-1999-0352 (ControlIT 4.5 and earlier (aka Remotely Possible) has weak
password ...)
-CVE-1999-0347 (Javascript bug in Internet Explorer 4.01 by adding %01URL allows
...)
+CVE-1999-0347 (Internet Explorer 4.01 allows remote attackers to read local
files and ...)
 CVE-1999-0345 (Jolt ICMP attack causes a denial of service in Windows 95 and
Windows ...)
 CVE-1999-0336 (Buffer overflow in mstm in HP-UX allows local users to gain root
...)
 CVE-1999-0333 (HP OpenView Omniback allows remote execution of commands as root
via ...)
Secure testing commits - Nov 2005 - r2631 - data/CVE

[Secure-testing-commits] r2631 - data/CVE
