thr3ads.net - Secure testing commits - [Secure-testing-commits] r2589

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Oct-27 09:15 UTC
[Secure-testing-commits] r2589 - data/CVE

Author: joeyh
Date: 2005-10-27 09:14:21 +0000 (Thu, 27 Oct 2005)
New Revision: 2589

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-10-27 08:56:15 UTC (rev 2588)
+++ data/CVE/list	2005-10-27 09:14:21 UTC (rev 2589)
@@ -1,3 +1,189 @@
+CVE-2005-3339 (Mantis before 0.19.3 caches the User ID longer than necessary,
which ...)
+	TODO: check
+CVE-2005-3338 (Unspecified vulnerability in Mantis before 0.19.3, when using
...)
+	TODO: check
+CVE-2005-3337 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis
before ...)
+	TODO: check
+CVE-2005-3336 (SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows
...)
+	TODO: check
+CVE-2005-3335 (PHP file inclusion vulnerability in
bug_sponsorship_list_view_inc.php ...)
+	TODO: check
+CVE-2005-3334 (Cross-site scripting (XSS) vulnerability in index.php in
Flyspray ...)
+	TODO: check
+CVE-2005-3333 (SQL injection vulnerability in eBASEweb 3.0 allows remote
attackers to ...)
+	TODO: check
+CVE-2005-3332 (PHP remote file include vulnerability in admin/define.inc.php in
...)
+	TODO: check
+CVE-2005-3331 (viewpatch in mgdiff 1.0 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2 allows remote attackers
to ...)
+	TODO: check
+CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication
Agent ...)
+	TODO: check
+CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php PunBB
1.1.2 ...)
+	TODO: check
+CVE-2005-3327 (Network Appliance Data ONTAP 7.0 and earlier allows iSCSI
Initiators ...)
+	TODO: check
+CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard
(MyBB) ...)
+	TODO: check
+CVE-2005-3325 (SQL injection vulnerability in base_qry_main.php in Basic
Analysis and ...)
+	TODO: check
+CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows
remote ...)
+	TODO: check
+CVE-2005-3323 (docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2
allows ...)
+	TODO: check
+CVE-2005-3322 (Unspecified vulnerability in Squid on SUSE Linux 9.0 allows
remote ...)
+	TODO: check
+CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to
modify ...)
+	TODO: check
+CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain
Manager ...)
+	TODO: check
+CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module
...)
+	TODO: check
+CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM lib
...)
+	TODO: check
+CVE-2005-3317 (Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and
...)
+	TODO: check
+CVE-2005-3316 (The installation of ON Symantec Discovery 4.5.x and Symantec
Discovery ...)
+	TODO: check
+CVE-2005-3315
+	RESERVED
+CVE-2005-3314
+	RESERVED
+CVE-2005-3313
+	RESERVED
+CVE-2005-3312 (The HTML rendering engine in Microsoft Internet Explorer 6.0
allows ...)
+	TODO: check
+CVE-2005-3311 (BMC Software Control-M 6.1.03 for Solaris, and possibly other
...)
+	TODO: check
+CVE-2005-3310 (Multiple interpretation error in phpBB 2.0.17, with remote
avatars and ...)
+	TODO: check
+CVE-2005-3309 (Multiple SQL injection vulnerabilities in Zomplog 3.4 allow
remote ...)
+	TODO: check
+CVE-2005-3308 (Multiple cross-site scripting (XSS) vulnerabilities in Zomplog
3.4 ...)
+	TODO: check
+CVE-2005-3307 (Directory traversal vulnerability in index.php for FlatNuke
2.5.6 ...)
+	TODO: check
+CVE-2005-3306 (Cross-site scripting (XSS) vulnerability in index.php for
FlatNuke ...)
+	TODO: check
+CVE-2005-3305 (Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow
remote ...)
+	TODO: check
+CVE-2005-3304 (Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow
remote ...)
+	TODO: check
+CVE-2005-3303
+	RESERVED
+CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data
ONTAP ...)
+	TODO: check
+CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple
...)
+	TODO: check
+CVE-2004-2537 (Unspecified vulnerability in SurgeMail before 2.2c10 has unknown
...)
+	TODO: check
+CVE-2004-2536 (The exit_thread function (process.c) in Linux kernel 2.6 through
2.6.5 ...)
+	TODO: check
+CVE-2004-2535 (The person-to-person secure messaging feature in Sticker before
3.1.0 ...)
+	TODO: check
+CVE-2004-2534 (Fastream NETFile Server 7.1.2 does not properly handle
keep-alive ...)
+	TODO: check
+CVE-2004-2533 (Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to
cause ...)
+	TODO: check
+CVE-2004-2532 (Serv-U FTP server before 5.1.0.0 has a default account and
password ...)
+	TODO: check
+CVE-2004-2531 (X.509 Certificate Signature Verification in Gnu transport layer
...)
+	TODO: check
+CVE-2004-2530 (Visual truncation vulnerability in Gadu-Gadu allows remote
attackers ...)
+	TODO: check
+CVE-2004-2529 (Gadu-Gadu allows remote attackers to bypass the &quot;image
send&quot; option by ...)
+	TODO: check
+CVE-2004-2528 (Cross-site scripting (XSS) vulnerability in sresult.exe in
Webcam ...)
+	TODO: check
+CVE-2004-2527 (The local and remote desktop login screens in Microsoft Windows
XP ...)
+	TODO: check
+CVE-2004-2526 (Directory traversal vulnerability in ldacgi.exe in IBM Tivoli
...)
+	TODO: check
+CVE-2004-2525 (Cross-site scripting (XSS) vulnerability in compat.php in
Serendipity ...)
+	TODO: check
+CVE-2004-2524 (clogin.php in Benchmark Designs'' WHM AutoPilot 2.4.5
and earlier ...)
+	TODO: check
+CVE-2004-2523 (Format string vulnerability in the msg command (cat_message
function ...)
+	TODO: check
+CVE-2004-2522 (Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca
Server ...)
+	TODO: check
+CVE-2004-2521 (Mail server in Gattaca Server 2003 1.1.10.0 allows remote
attackers to ...)
+	TODO: check
+CVE-2004-2520 (POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote ...)
+	TODO: check
+CVE-2004-2519 (Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2004-2518 (Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain
...)
+	TODO: check
+CVE-2004-2517 (myServer 0.7.1 allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CVE-2004-2516 (Directory traversal vulnerability in myServer 0.7 allows remote
...)
+	TODO: check
+CVE-2004-2515 (Format string vulnerability in VMware Workstation 4.5.2
build-8848, if ...)
+	TODO: check
+CVE-2004-2514 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2004-2513 (Buffer overflow in the IMAP service of Mercury (Pegasus) Mail
4.01 ...)
+	TODO: check
+CVE-2004-2512 (CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2
and ...)
+	TODO: check
+CVE-2004-2511 (Multiple cross-site scripting (XSS) vulnerabilities in
DCP-Portal ...)
+	TODO: check
+CVE-2004-2510 (Cross-site scripting (XSS) vulnerability in showflat.php in
Infopop ...)
+	TODO: check
+CVE-2004-2509 (Cross-site scripting (XSS) vulnerabilities in (1) calendar.php,
(2) ...)
+	TODO: check
+CVE-2004-2508 (Cross-site scripting (XSS) vulnerability in main.cgi in Linksys
WVC11B ...)
+	TODO: check
+CVE-2004-2507 (Absolute path traversal vulnerability in main.cgi in Linksys
WVC11B ...)
+	TODO: check
+CVE-2004-2506 (Unparsed web content delivery vulnerability in WIKINDX before
0.9.9g ...)
+	TODO: check
+CVE-2004-2505 (Macromedia ColdFusion MX before 6.1 does not restrict the size
of ...)
+	TODO: check
+CVE-2004-2504 (The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including
6.8, ...)
+	TODO: check
+CVE-2004-2503 (INweb Mail Server 2.40 allows remote attackers to cause a denial
of ...)
+	TODO: check
+CVE-2004-2502 (im-switch before 11.4-46.1 in Fedora Core 2 allows local users
to ...)
+	TODO: check
+CVE-2004-2501 (Buffer overflow in the IMAP service of MailEnable Professional
Edition ...)
+	TODO: check
+CVE-2004-2500 (Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown
...)
+	TODO: check
+CVE-2004-2499 (Unspecified vulnerability in Hitachi Web Page Generator and Web
Page ...)
+	TODO: check
+CVE-2004-2498 (Unspecified vulnerability in the error handler in Hitachi Web
Page ...)
+	TODO: check
+CVE-2004-2497 (Cross-site scripting (XSS) vulnerability in the error handler in
...)
+	TODO: check
+CVE-2004-2496 (The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote
...)
+	TODO: check
+CVE-2004-2495 (The (1) Webmail, (2) admin, and (3) SMTP services in Ability
Mail ...)
+	TODO: check
+CVE-2004-2494 (Cross-site scripting (XSS) vulnerability in _error in Ability
Mail ...)
+	TODO: check
+CVE-2004-2493 (Directory traversal vulnerability in Groupmax World Wide Web
(GmaxWWW) ...)
+	TODO: check
+CVE-2004-2492 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide
Web ...)
+	TODO: check
+CVE-2004-2491 (A race condition in Opera web browser 7.53 Build 3850 causes
Opera to ...)
+	TODO: check
+CVE-2004-2490 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1
and ...)
+	TODO: check
+CVE-2004-2489 (Format string vulnerability in IBM Informix Dynamic Server (IDS)
...)
+	TODO: check
+CVE-2004-2488 (Directory traversal vulnerability in Nexgen FTP Server before
2.2.3.23 ...)
+	TODO: check
+CVE-2004-2487 (Directory traversal vulnerability in Nexgen FTP Server before
2.2.3.23 ...)
+	TODO: check
+CVE-2004-2486 (The DSS verification code in Dropbear SSH Server before 0.43
frees ...)
+	TODO: check
+CVE-2004-2485 (Unspecified vulnerability in PHP Live! before 2.8.2, due to a
&quot;major ...)
+	TODO: check
+CVE-2004-2484 (Cross-site scripting (XSS) vulnerability in PHP Gift Registry
1.3.5 ...)
+	TODO: check
 CVE-2005-XXXX [kernel: Signedness problems in net/core/filter]
 	- linux-2.6 2.6.12-2
 	[sarge] - kernel-source-2.4.27 <not-affected>
@@ -57,7 +243,7 @@
 	NOT-FOR-US: TikiWiki
 CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass ...)
 	NOT-FOR-US: Splatt Forum
-CVE-2005-3281 (Directory traversal vulnerability in NukeFix 3.1 for PHP-Nuke
7.8 ...)
+CVE-2005-3281 (Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke
7.8 ...)
 	NOT-FOR-US: PHP-Nuke addon
 CVE-2005-3280 (Paros 3.2.5 uses a default password for the
&quot;sa&quot; account in the ...)
 	NOT-FOR-US: Paros
@@ -102,12 +288,12 @@
 	NOT-FOR-US: Sun Java System Directory Server
 CVE-2005-3268 (yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as
root and ...)
 	- yiff 2.14.2-8 (bug #334616; low)
-CVE-2005-3267
-	RESERVED
+CVE-2005-3267 (Heap-based buffer overflow in Skype client before 1.4.x.84 on
Windows, ...)
+	TODO: check
 CVE-2005-3266
 	REJECTED
-CVE-2005-3265
-	RESERVED
+CVE-2005-3265 (Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83
allows ...)
+	TODO: check
 CVE-2005-3264 (Cross-site scripting (XSS) vulnerability in thread.php for
Zeroblog ...)
 	NOT-FOR-US: Zeroblog
 CVE-2005-3263 (Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR
2.90 ...)
@@ -445,6 +631,7 @@
 	- module-assistant 0.9.10
 	TODO: Check, whether this version really fixes the issue, it''s not
mentioned in the changelog
 CVE-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6
and ...)
+	{DSA-874-1}
 	- lynx <unfixed> (bug #335033; high)
 	- lynx-cur 2.8.6-16 (bug #334423; high)
 CVE-2005-3118 (Mason before 1.0.0 does not install the init script after the
user ...)
@@ -905,8 +1092,8 @@
 CVE-2005-2971 (Heap-based buffer overflow in the KWord RTF importer for KOffice
1.2.0 ...)
 	{DSA-872-1}
 	- koffice 1:1.3.5-5 (bug #333497; medium)
-CVE-2005-2970
-	RESERVED
+CVE-2005-2970 (Memory leak in the worker MPM (worker.c) for Apache 2, in
certain ...)
+	TODO: check
 CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h
and ...)
 	{DSA-868-1}
 	- openssl 0.9.8-3 (bug #333500; low)
@@ -939,12 +1126,10 @@
 	{DSA-836-1 DSA-835-1}
 	- cfengine <unfixed>
 	- cfengine2 <unfixed>
-CVE-2005-2959 [Sudo does not sanitize SHELLOPTS and PS4 shell env vars before
starting sudoed apps]
-	RESERVED
+CVE-2005-2959 (sudo 1.6.8 and earlier does not clear the (1) SHELLOPTS and (2)
PS4 ...)
 	{DSA-870-1}
 	- sudo 1.6.8p9-3 (medium)
-CVE-2005-2958 [Format string vulnerability in libgda2]
-	RESERVED
+CVE-2005-2958 (Multiple format string vulnerabilities in the GNOME Data Access
...)
 	{DSA-871-1}
 	- libgda2 1.2.2-1 (medium)
 CVE-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows
1.00.00.68 ...)
@@ -1008,10 +1193,10 @@
 	RESERVED
 CVE-2005-2928
 	RESERVED
-CVE-2005-2927
-	RESERVED
-CVE-2005-2926
-	RESERVED
+CVE-2005-2927 (Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and
7.1.4, ...)
+	TODO: check
+CVE-2005-2926 (Stack-based buffer overflow in (1) backupsh and (2) authsh in
SCO ...)
+	TODO: check
 CVE-2005-2925 (runpriv in SGI IRIX allows local users to bypass intended
restrictions ...)
 	NOT-FOR-US: IRIX
 CVE-2005-2924
@@ -1401,22 +1586,22 @@
 	RESERVED
 CVE-2005-2749
 	RESERVED
-CVE-2005-2748
-	RESERVED
-CVE-2005-2747
-	RESERVED
-CVE-2005-2746
-	RESERVED
-CVE-2005-2745
-	RESERVED
-CVE-2005-2744
-	RESERVED
-CVE-2005-2743
-	RESERVED
-CVE-2005-2742
-	RESERVED
-CVE-2005-2741
-	RESERVED
+CVE-2005-2748 (The malloc function in the libSystem library in Apple Mac OS X
10.3.9 ...)
+	TODO: check
+CVE-2005-2747 (Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by
...)
+	TODO: check
+CVE-2005-2746 (Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes
message ...)
+	TODO: check
+CVE-2005-2745 (Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos
5 for ...)
+	TODO: check
+CVE-2005-2744 (Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and
10.4.2, ...)
+	TODO: check
+CVE-2005-2743 (The Java extensions for QuickTime 6.52 and earlier in Apple Mac
OS X ...)
+	TODO: check
+CVE-2005-2742 (SecurityAgent in Apple Mac OS X 10.4.2, under certain
circumstances, ...)
+	TODO: check
+CVE-2005-2741 (Authorization Services in securityd for Apple Mac OS X 10.3.9
allows ...)
+	TODO: check
 CVE-2005-2740
 	RESERVED
 CVE-2005-2739
@@ -1484,8 +1669,8 @@
 	- helix-player 1.0.6-1 (bug #330364; high)
 CVE-2005-2709
 	RESERVED
-CVE-2005-2708
-	RESERVED
+CVE-2005-2708 (The search_binary_handler function in exec.c in Linux kernel on
64-bit ...)
+	TODO: check
 CVE-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows
remote ...)
 	{DSA-868-1 DSA-866-1 DSA-838-1}
 	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
@@ -2340,8 +2525,8 @@
 	NOT-FOR-US: MacOS X
 CVE-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file
...)
 	NOT-FOR-US: MacOS X
-CVE-2005-2524
-	RESERVED
+CVE-2005-2524 (Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote
attackers to ...)
+	TODO: check
 CVE-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog
Server ...)
 	NOT-FOR-US: Weblog Server in Mac OS X
 CVE-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses
URLs ...)
@@ -2944,8 +3129,8 @@
 	RESERVED
 CVE-2005-2339
 	RESERVED
-CVE-2005-2338
-	RESERVED
+CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS
2.0.12 JP ...)
+	TODO: check
 CVE-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development
up to ...)
 	{DSA-864-1 DSA-862-1 DSA-860-1}
 	- ruby <removed>
@@ -3847,6 +4032,7 @@
 	NOTE: How bizarre, they assign a CVE Id without knowing which product contains
 	NOTE: the affected probe.cgi
 CVE-2005-2177 (Unknown vulnerability in Net-SNMP 5.0.x before 5.0.10.2, 5.2.x
before ...)
+	{DSA-873-1}
 	- net-snmp 5.2.1.2-1 (bug #318420; medium)
 CVE-2005-2176 (Novell NetMail automatically processes HTML in an attachment
without ...)
 	NOT-FOR-US: Novell NetMail
@@ -4127,8 +4313,8 @@
 CVE-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary
files in ...)
 	{DSA-818-1}
 	- kdeedu 4:3.4.2-1 (low)
-CVE-2005-2100
-	RESERVED
+CVE-2005-2100 (The rw_vm function in usercopy.c in the 4GB split patch for the
Linux ...)
+	TODO: check
 CVE-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a
keyring ...)
 	{DTSA-16-1}
 	NOTE: 2.6.8 and 2.4.27 not affected
@@ -7635,7 +7821,7 @@
 	- courier <unfixed> (bug #307575; medium)
 	NOTE: Upstream explanation looks wrong, not all code paths perform
 	NOTE: escaping.
-CVE-2005-1307 (stopserver.sh in Adobe Version Cue on Mac OS X allows local
users to ...)
+CVE-2005-1307 (The (1) stopserver.sh and (2) startserver.sh scripts in Adobe
Version ...)
 	NOT-FOR-US: Adobe Version Cue
 CVE-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and
7.0.1 ...)
 	NOT-FOR-US: Adobe Reader 7
@@ -10209,7 +10395,7 @@
 	NOT-FOR-US: UBB.threads
 CVE-2004-1621 (** DISPUTED ** ...)
 	NOT-FOR-US: Lotus Notes
-CVE-2004-1620 (CRLF injection vulnerability in exit.php in Serendipity before
0.7rc1 ...)
+CVE-2004-1620 (CRLF injection vulnerability in Serendipity before 0.7rc1 allows
...)
 	NOT-FOR-US: Serendipity
 CVE-2004-1619 (Buffer overflow in Privateer''s Bounty: Age of Sail II
allows ...)
 	NOT-FOR-US: Privateer''s Bounty: Age of Sail II
@@ -12648,7 +12834,7 @@
 	NOT-FOR-US: Citrix
 CVE-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and
earlier and ...)
 	NOT-FOR-US: Citrix
-CVE-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in
Atari800 ...)
+CVE-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in
rt-config.c ...)
 	{DSA-609-1}
 	- atari800 1.3.2-1
 CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in
standard_error_message.dtml ...)
@@ -14704,7 +14890,7 @@
 	NOT-FOR-US: general MIME bug with security gateways
 CVE-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain
''games'' group ...)
 	{DSA-445}
-CVE-2004-0157 (xonix 1.4 and earlier invokes an external program while running
at ...)
+CVE-2004-0157 (x11.c in xonix 1.4 and earlier uses the current working
directory to ...)
 	{DSA-484}
 CVE-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event
...)
 	{DSA-485}
Secure testing commits - Oct 2005 - r2589 - data/CVE

[Secure-testing-commits] r2589 - data/CVE
