Author: jmm-guest Date: 2005-11-18 10:12:30 +0000 (Fri, 18 Nov 2005) New Revision: 2782 Modified: data/CVE/list Log: horde2 and asterisk CVEfied new kernel dos lots of not-for-us claim more Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-11-18 09:55:42 UTC (rev 2781) +++ data/CVE/list 2005-11-18 10:12:30 UTC (rev 2782) @@ -240,69 +240,68 @@ NOT-FOR-US: iCMS CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character ...) - mailman <unfixed> (bug #327732; medium) -begin claimed by jmm CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7 ...) - TODO: check + NOT-FOR-US: Peel CVE-2005-3571 (PHP file inclusion vulnerability in protection.php in CodeGrrl (a) ...) - TODO: check + NOT-FOR-US: protection.php from several crappy web apps not in Debian CVE-2005-3570 (Unknown cross-site scripting (XSS) vulnerability in Horde before 2.2.9 ...) - TODO: check + - horde2 <unfixed> (bug #338983; unknown) CVE-2005-3569 (INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX ...) - TODO: check + NOT-FOR-US: DB2 CVE-2005-3568 (db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 ...) - TODO: check + NOT-FOR-US: DB2 CVE-2005-3567 (slapd daemon in IBM Tivoli Directory Server 5.2.0 and 6.0.0 binds ...) - TODO: check + NOT-FOR-US: Tivoli CVE-2005-3566 (Buffer overflow in the ha command of VERITAS Cluster Server for UNIX ...) - TODO: check + NOT-FOR-US: VERITAS Cluster Server CVE-2005-3565 (Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and ...) - TODO: check + NOT-FOR-US: HP-UX CVE-2005-3564 (envd daemon in HP-UX B.11.00 through B.11.11 allows local users to ...) - TODO: check + NOT-FOR-US: HP-UX CVE-2005-3563 (ATutor 1.5.1 stores temporary chat logs as world readable under the ...) - TODO: check + NOT-FOR-US: ATutor CVE-2005-3562 (Direct code injection vulnerability in ATutor 1.5.1 allows remote ...) - TODO: check + NOT-FOR-US: ATutor CVE-2005-3561 (SQL injection vulnerability in password_reminder.php in ATutor before ...) - TODO: check + NOT-FOR-US: ATutor CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...) - TODO: check + NOT-FOR-US: Zone Labs CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 ...) - TODO: check + - asterisk <unfixed> (bug #338116; medium) CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows ...) - TODO: check + NOT-FOR-US: OSTE CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in PHPlist ...) - TODO: check + NOT-FOR-US: PHPList CVE-2005-3556 (Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 ...) - TODO: check + NOT-FOR-US: PHPList CVE-2005-3555 (Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier ...) - TODO: check + NOT-FOR-US: PHPList CVE-2005-3554 (Multiple direct code injection vulnerabilities in the help function in ...) - TODO: check + NOT-FOR-US: PHPKIT CVE-2005-3553 (Multiple SQL injection vulnerabilities include.php in PHPKIT 1.6.1 R2 ...) - TODO: check + NOT-FOR-US: PHPKIT CVE-2005-3552 (Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 ...) - TODO: check + NOT-FOR-US: PHPKIT CVE-2005-3551 (toendaCMS before 0.6.2 stores user account and session data in the web ...) - TODO: check + NOT-FOR-US: toendaCMS CVE-2005-3550 (Directory traversal vulnerability in admin.php in toendaCMS before ...) - TODO: check + NOT-FOR-US: toendaCMS CVE-2005-3549 (Direct code injection vulnerability in Task Manager in Invision Power ...) - TODO: check + NOT-FOR-US: Invision Power Board CVE-2005-3548 (Directory traversal vulnerability in Task Manager in Invision Power ...) - TODO: check + NOT-FOR-US: Invision Power Board CVE-2005-3547 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 ...) - TODO: check + NOT-FOR-US: Invision Power Board CVE-2005-3546 (suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before ...) - TODO: check + NOT-FOR-US: F-Secure Internet Gatekeeper and Antivirus Gateway CVE-2005-3545 (SQL injection vulnerability in index.php of the report module in ...) - TODO: check + NOT-FOR-US: ibProArcade CVE-2005-3544 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 ...) - TODO: check + NOT-FOR-US: XMB CVE-2005-3543 (SQL injection vulnerability in search.php in Phorum 5.0.0alpha through ...) - TODO: check + NOT-FOR-US: Phorum CVE-2005-3542 (SQL injection vulnerability in showGallery.php in Tonio Gallery 2.4 ...) - TODO: check + NOT-FOR-US: Tonio Gallery CVE-2005-3541 RESERVED CVE-2005-3540 @@ -332,12 +331,13 @@ CVE-2005-3528 RESERVED CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6 allows ...) - TODO: check + - linux-2.6 <unfixed> + NOTE: Pinged Horms and Dannf CVE-2005-3526 RESERVED CVE-2005-3525 RESERVED -end claimed by jmm +begin claimed by jmm CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine ...) TODO: check CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617 through ...) @@ -414,6 +414,7 @@ TODO: check CVE-2005-3483 (Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows ...) TODO: check +end claimed by jmm CVE-2004-2540 (readObject in (1) Java Runtime Environment (JRE) and (2) Software ...) TODO: check CVE-2003-1283 (KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet ...) @@ -697,8 +698,6 @@ CVE-2005-XXXX [kernel: NFS leases mem leak] - linux-2.6 <unfixed> - kernel-source-2.4.27 <not-affected> -CVE-2005-XXXX [XSS in Horde] - - horde2 <unfixed> (bug #338983; unknown) CVE-2005-XXXX [Insecure temp file usage in migrationtools] - migrationtools <unfixed> (bug #338920; medium) CVE-2005-XXXX [user logout in drupal has no effect] @@ -711,8 +710,6 @@ CVE-2005-XXXX [Buffer overflows in Sylpheed''s address book import] - sylpheed <unfixed> (bug #338434; medium) - sylpheed-claws <unfixed> (bug #338436; medium) -CVE-2005-XXXX [Information disclosure in Asterisk''s voice mail system] - - asterisk <unfixed> (bug #338116; medium) CVE-2005-XXXX [webcalendar''s password visible to local users through debconf] - webcalendar <unfixed> (bug #337624) CVE-2005-3523 (Format string vulnerability in friendsd2 in GpsDrive allows remote ...)