Author: stef-guest Date: 2005-11-23 20:38:00 +0000 (Wed, 23 Nov 2005) New Revision: 2845 Modified: data/CVE/list Log: php5 egroupware-fudforum helix-player Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-11-23 16:11:31 UTC (rev 2844) +++ data/CVE/list 2005-11-23 20:38:00 UTC (rev 2845) @@ -96,7 +96,7 @@ NOT-FOR-US: Google Talk CVE-2005-3677 (Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote ...) NOT-FOR-US: RealPlayer - TODO: check Helix, some past issues affected it as well + - helixplayer <not-affected> CVE-2005-3676 (SQL injection vulnerability in download.php in PhpWebThings 1.4.4 ...) NOT-FOR-US: PhpWebThings CVE-2005-3675 (The Transmission Control Protocol (TCP) allows remote attackers to ...) @@ -694,7 +694,7 @@ CVE-2002-2206 (The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows ...) NOT-FOR-US: Norton AntiVirus CVE-2002-2205 (Buffer overflow in Webresolve 0.1.0 and earlier allows remote ...) - TODO: check + NOT-FOR-US: webresolve CVE-2002-2204 (The default --checksig setting in RPM Package Manager 4.0.4 checks ...) TODO: check CVE-2002-2203 (Unknown vulnerability in the System Serial Console terminal in Solaris ...) @@ -854,9 +854,9 @@ CVE-2002-2126 (restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver ...) TODO: check CVE-2002-2125 (Internet Explorer 6.0 does not warn users when an expired certificate ...) - TODO: check + NOT-FOR-US: MSIE CVE-2000-1238 (BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows ...) - TODO: check + NOT-FOR-US: BEA Weblogic CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows ...) - phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium) CVE-2005-XXXX [Two unspecified issues in non-free rar] @@ -1080,9 +1080,11 @@ CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...) - php4 <unfixed> (bug #336645; unknown) TODO: check PHP5 + NOTE: pinged maintainers CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...) - php4 <unfixed> (bug #336645; unknown) TODO: check PHP5 + NOTE: pinged maintainers CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ...) - php4 <unfixed> (bug #336645; high) - php5 <unfixed> (bug #336654; high) @@ -1173,7 +1175,7 @@ - sylpheed-claws-gtk2 1.9.100-1 (bug #339529; medium) CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before 4.4.1 ...) - php4 <unfixed> (bug #339577; medium) - TODO: Check php5 + - php5 <unfixed> (bug #336654; medium) CVE-2005-3352 RESERVED CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...) @@ -1338,7 +1340,7 @@ - gnutls11 <unfixed> (bug #336006; low) TODO: Check, when this was fixed in gnutls12 CVE-2004-2530 (Visual truncation vulnerability in Gadu-Gadu allows remote attackers ...) - TODO: check + NOT-FOR-US: Gadu-Gadu CVE-2004-2529 (Gadu-Gadu allows remote attackers to bypass the "image send" option by ...) TODO: check CVE-2004-2528 (Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam ...) @@ -2756,7 +2758,7 @@ NOT-FOR-US: AutoLinks Pro CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...) - phpgroupware <unfixed> (bug #340094; medium) - TODO: check, whether egroupware-fudforum is affected + - egroupware <unfixed> (bug #340495; medium) CVE-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...) NOT-FOR-US: Land Down Under CVE-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...)