Author: jmm-guest Date: 2005-08-05 09:44:05 +0000 (Fri, 05 Aug 2005) New Revision: 1528 Modified: data/CAN/list Log: new kernel vuln tiff does only affect Woody ekg dos already fixed tdiary already fixed clamav CANified Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-08-05 09:20:37 UTC (rev 1527) +++ data/CAN/list 2005-08-05 09:44:05 UTC (rev 1528) @@ -4,112 +4,110 @@ - tor 0.1.0.13-1 (medium) CAN-2005-2457 NOTE: reserved -begin claimed by jmm CAN-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...) - TODO: check + - linux-2.6 (unfixed; bug filed; medium) CAN-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...) - TODO: check + NOTE: not-for-us (Greasemonkey) CAN-2005-2454 NOTE: reserved CAN-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...) - TODO: check + NOTE: not-for-us (NetworkActiv Web Server) CAN-2005-2452 (libtiff 4.0 allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: CVE description is broken, this only affects 3.6, it''s been fixed in 3.7 + - tiff 3.7.0-1 CAN-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, ...) - TODO: check + NOTE: not-for-us (IOS) CAN-2005-2450 (Multipl integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file ...) - TODO: check + - clamav 0.86.2-1 (medium) CAN-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create ...) - TODO: check + NOTE: not-for-us (sandbox) CAN-2005-2448 (Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow ...) - TODO: check + - ekg 1:1.5+20050718+1.6rc3-1 (low) CAN-2005-2447 NOTE: rejected - TODO: check CAN-2005-2446 NOTE: rejected - TODO: check CAN-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows ...) - TODO: check + NOTE: not-for-us (Product Cart) CAN-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the ...) - TODO: check + NOTE: not-for-us (Trillian) CAN-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document root ...) - TODO: check + NOTE: not-for-us (KShout) CAN-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics ...) - TODO: check + NOTE: not-for-us (SPI Dynamics Web Inspect) CAN-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow ...) - TODO: check + NOTE: not-for-us (VBzoom) CAN-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill Vantage ...) - TODO: check + NOTE: not-for-us (Thomson Web Skill Vantage Manager) CAN-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when ...) - TODO: check + NOTE: not-for-us (UseBB) CAN-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier ...) - TODO: check + NOTE: not-for-us (UseBB) CAN-2005-2436 (browse.php in Website Baker Project allows remote attackers to obtain ...) - TODO: check + NOTE: not-for-us (Website Baker) CAN-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website ...) - TODO: check + NOTE: not-for-us (Website Baker) CAN-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ...) - TODO: check + NOTE: not-for-us (Linksys hardware) CAN-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a ...) - TODO: check + NOTE: not-for-us (PhpList) CAN-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...) - TODO: check + NOTE: not-for-us (PhpList) CAN-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...) - TODO: check + TODO: check, whether these apply to 3.1 as well CAN-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...) - TODO: check + TODO: check, whether these apply to 3.1 as well CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...) - TODO: check + NOTE: not-for-us (Firefox on Windows) CAN-2005-2428 (Lotus Domino R5 and R6 WebMail stores data in hidden form fields in ...) - TODO: check + NOTE: not-for-us (Lotus Domino) CAN-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...) - TODO: check + NOTE: not-for-us (CartWIZ) CAN-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause a ...) - TODO: check + NOTE: not-for-us (FTPshell Server) CAN-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote ...) - TODO: check + NOTE: not-for-us (Ares FileShare) CAN-2005-2424 (The management interface for Siemens SANTIS 50 running firmware ...) - TODO: check + NOTE: not-for-us (Siemens hardware) CAN-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive information ...) - TODO: check + NOTE: not-for-us (Beehive) CAN-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum ...) - TODO: check + NOTE: not-for-us (Beehive) CAN-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other pages in ...) - TODO: check + NOTE: not-for-us (Beehive) CAN-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute ...) - TODO: check + NOTE: not-for-us (FtpLocate) CAN-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication ...) - TODO: check + NOTE: not-for-us (hardware issue) CAN-2005-2418 (Realchat 3.5.1b allows remote attackers to gain privileges by ...) - TODO: check + NOTE: not-for-us (Realchat) CAN-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...) - TODO: check + NOTE: not-for-us (Contrexx) CAN-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...) - TODO: check + NOTE: not-for-us (Contrexx) CAN-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...) - TODO: check + NOTE: not-for-us (Contrexx) CAN-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...) + NOTE: This is pretty obscure TODO: check CAN-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in ...) - TODO: check + NOTE: not-for-us (Atomic Photo Album) CAN-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP FirstPost ...) - TODO: check + NOTE: not-for-us (First Post) CAN-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and ...) - TODO: check + - tdiary 2.0.2-1 (medium) CAN-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...) - TODO: check + NOTE: not-for-us (Network Manager) CAN-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, ...) - TODO: check + NOTE: not-for-us (nbsmtp) CAN-2005-2408 NOTE: reserved CAN-2005-2407 (Unknown vulnerability in Opera 8.01 allows attackers to perform "link ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2005-2405 (Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (Opera) CAN-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to ...) TODO: check CAN-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke 6.0 to ...) @@ -555,8 +553,6 @@ - netdiag 0.7-7.1 (bug #206905; low) CAN-2005-XXXX [Integer overflow in ffmpeg''s MPEG encoding] - ffmpeg (unfixed; bug #320150; medium) -CAN-2005-XXXX [Multiple integer overflows in clamav] - - clamav 0.86.2-1 (medium) CAN-2005-XXXX [netpbm: arbitrary postscript code execution] - netpbm (unfixed; bug #319757; low) CAN-2005-XXXX [Further minor security issues in phpbb]