Author: jmm-guest Date: 2005-10-27 10:16:28 +0000 (Thu, 27 Oct 2005) New Revision: 2594 Modified: data/CVE/list Log: new ilohamail issue already fixed new dropbear issue already fixed lots of NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-10-27 10:04:50 UTC (rev 2593) +++ data/CVE/list 2005-10-27 10:16:28 UTC (rev 2594) @@ -138,62 +138,61 @@ NOT-FOR-US: DCP-Portal CVE-2004-2511 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...) NOT-FOR-US: DCP-Portal -begin claimed by jmm CVE-2004-2510 (Cross-site scripting (XSS) vulnerability in showflat.php in Infopop ...) - TODO: check + NOT-FOR-US: Infopop UBB.Threads CVE-2004-2509 (Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) ...) - TODO: check + NOT-FOR-US: Infopop UBB.Threads CVE-2004-2508 (Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B ...) - TODO: check + NOT-FOR-US: Linksys hardware CVE-2004-2507 (Absolute path traversal vulnerability in main.cgi in Linksys WVC11B ...) - TODO: check + NOT-FOR-US: Linksys hardware CVE-2004-2506 (Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g ...) - TODO: check + NOT-FOR-US: WIKINDX CVE-2004-2505 (Macromedia ColdFusion MX before 6.1 does not restrict the size of ...) - TODO: check + NOT-FOR-US: ColdFusion CVE-2004-2504 (The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, ...) - TODO: check + NOT-FOR-US: Alt-N Technologies Mdaemon CVE-2004-2503 (INweb Mail Server 2.40 allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Inweb Mail Server CVE-2004-2502 (im-switch before 11.4-46.1 in Fedora Core 2 allows local users to ...) - TODO: check + - im-switch <not-affected> (Debian''s version is somehow derived from RH, but not affected) + TODO: Please double-check CVE-2004-2501 (Buffer overflow in the IMAP service of MailEnable Professional Edition ...) - TODO: check + NOT-FOR-US: MailEnable Professional CVE-2004-2500 (Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown ...) - TODO: check + - ilohamail 0.8.14-0rc1 CVE-2004-2499 (Unspecified vulnerability in Hitachi Web Page Generator and Web Page ...) - TODO: check + NOT-FOR-US: Hitachi Web Page Generator CVE-2004-2498 (Unspecified vulnerability in the error handler in Hitachi Web Page ...) - TODO: check + NOT-FOR-US: Hitachi Web Page Generator CVE-2004-2497 (Cross-site scripting (XSS) vulnerability in the error handler in ...) - TODO: check + NOT-FOR-US: Hitachi Web Page Generator CVE-2004-2496 (The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote ...) - TODO: check + NOT-FOR-US: OpenText FirstClass CVE-2004-2495 (The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail ...) - TODO: check + NOT-FOR-US: Ability Mail Server CVE-2004-2494 (Cross-site scripting (XSS) vulnerability in _error in Ability Mail ...) - TODO: check + NOT-FOR-US: Ability Mail Server CVE-2004-2493 (Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) ...) - TODO: check + NOT-FOR-US: GmaxWWW CVE-2004-2492 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web ...) - TODO: check + NOT-FOR-US: GmaxWWW CVE-2004-2491 (A race condition in Opera web browser 7.53 Build 3850 causes Opera to ...) - TODO: check + NOT-FOR-US: Opera CVE-2004-2490 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and ...) - TODO: check + NOT-FOR-US: Informix Dynamic Server CVE-2004-2489 (Format string vulnerability in IBM Informix Dynamic Server (IDS) ...) - TODO: check + NOT-FOR-US: Informix Dynamic Server CVE-2004-2488 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...) - TODO: check + NOT-FOR-US: Nexgen FTP Server CVE-2004-2487 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...) - TODO: check + NOT-FOR-US: Nexgen FTP Server CVE-2004-2486 (The DSS verification code in Dropbear SSH Server before 0.43 frees ...) - TODO: check + - dropbear 0.43-2 CVE-2004-2485 (Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major ...) - TODO: check + NOT-FOR-US: PHP Live! CVE-2004-2484 (Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 ...) - TODO: check -end claimed by jmm + NOT-FOR-US: PHP Gift Registry CVE-2005-XXXX [kernel: Signedness problems in net/core/filter] - linux-2.6 2.6.12-2 [sarge] - kernel-source-2.4.27 <not-affected>