Author: jmm-guest Date: 2005-10-27 10:04:50 +0000 (Thu, 27 Oct 2005) New Revision: 2593 Modified: data/CVE/list Log: new kernel issue already addressed new minor gnutls issue lots of NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-10-27 09:47:42 UTC (rev 2592) +++ data/CVE/list 2005-10-27 10:04:50 UTC (rev 2593) @@ -76,66 +76,69 @@ NOT-FOR-US: PHP-Nuke CVE-2005-3303 RESERVED -begin claimed by jmm CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP ...) - TODO: check + NOT-FOR-US: NetCache CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple ...) - TODO: check + NOT-FOR-US: phpCodeGenie CVE-2004-2537 (Unspecified vulnerability in SurgeMail before 2.2c10 has unknown ...) - TODO: check + NOT-FOR-US: SurgeMail CVE-2004-2536 (The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 ...) - TODO: check + - linux-2.6 <not-affected> (fixed upstream in 2.6.6) + [sarge] - kernel-source-2.6.8 <not-affected> (fixed upstream in 2.6.6) + TODO: check 2.4.27 + NOTE: Was fixed upstream in 2.6.6 CVE-2004-2535 (The person-to-person secure messaging feature in Sticker before 3.1.0 ...) - TODO: check + NOT-FOR-US: Sticker CVE-2004-2534 (Fastream NETFile Server 7.1.2 does not properly handle keep-alive ...) - TODO: check + NOT-FOR-US: NETFile Server CVE-2004-2533 (Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause ...) - TODO: check + NOT-FOR-US: Serv-U FTP Server CVE-2004-2532 (Serv-U FTP server before 5.1.0.0 has a default account and password ...) - TODO: check + NOT-FOR-US: Serv-U FTP Server CVE-2004-2531 (X.509 Certificate Signature Verification in Gnu transport layer ...) - TODO: check + - gnutls11 <unfixed> (low) + TODO: Check, when this was fixed in gnutls12 CVE-2004-2530 (Visual truncation vulnerability in Gadu-Gadu allows remote attackers ...) TODO: check CVE-2004-2529 (Gadu-Gadu allows remote attackers to bypass the "image send" option by ...) TODO: check CVE-2004-2528 (Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam ...) - TODO: check + NOT-FOR-US: Webcam Watchdog CVE-2004-2527 (The local and remote desktop login screens in Microsoft Windows XP ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2004-2526 (Directory traversal vulnerability in ldacgi.exe in IBM Tivoli ...) - TODO: check + NOT-FOR-US: Tivoli CVE-2004-2525 (Cross-site scripting (XSS) vulnerability in compat.php in Serendipity ...) - TODO: check + - serendipity <itp> (bug #312413) CVE-2004-2524 (clogin.php in Benchmark Designs'' WHM AutoPilot 2.4.5 and earlier ...) - TODO: check + NOT-FOR-US: WHM AutoPilot CVE-2004-2523 (Format string vulnerability in the msg command (cat_message function ...) - TODO: check + NOT-FOR-US: OpenFTPD CVE-2004-2522 (Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server ...) - TODO: check + NOT-FOR-US: Gattaca CVE-2004-2521 (Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Gattaca CVE-2004-2520 (POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote ...) - TODO: check + NOT-FOR-US: Gattaca CVE-2004-2519 (Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Gattaca CVE-2004-2518 (Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: Gattaca CVE-2004-2517 (myServer 0.7.1 allows remote attackers to cause a denial of service ...) - TODO: check + NOT-FOR-US: myServer CVE-2004-2516 (Directory traversal vulnerability in myServer 0.7 allows remote ...) - TODO: check + NOT-FOR-US: myServer CVE-2004-2515 (Format string vulnerability in VMware Workstation 4.5.2 build-8848, if ...) - TODO: check + NOT-FOR-US: VMWare Workstation CVE-2004-2514 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: PowerPortal CVE-2004-2513 (Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 ...) - TODO: check + NOT-FOR-US: Mercury Mail CVE-2004-2512 (CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and ...) - TODO: check + NOT-FOR-US: DCP-Portal CVE-2004-2511 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...) - TODO: check -end claimed by jmm + NOT-FOR-US: DCP-Portal +begin claimed by jmm CVE-2004-2510 (Cross-site scripting (XSS) vulnerability in showflat.php in Infopop ...) TODO: check CVE-2004-2509 (Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) ...) @@ -190,6 +193,7 @@ TODO: check CVE-2004-2484 (Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 ...) TODO: check +end claimed by jmm CVE-2005-XXXX [kernel: Signedness problems in net/core/filter] - linux-2.6 2.6.12-2 [sarge] - kernel-source-2.4.27 <not-affected>