Author: jmm-guest
Date: 2005-10-24 09:54:08 +0000 (Mon, 24 Oct 2005)
New Revision: 2548
Modified:
data/CVE/list
Log:
new phpmyadmin issues, plus a CVEfication
new issue in bmv
one issue in spe not affecting debian
lots of nfus
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-10-24 09:28:04 UTC (rev 2547)
+++ data/CVE/list 2005-10-24 09:54:08 UTC (rev 2548)
@@ -1,55 +1,61 @@
-begin claimed by jmm
CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
- TODO: check
+ TODO: check, which of these issues are covered by #328501
+CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for
...)
+ - phpmyadmin <unfixed> (bug #335306; high)
+CVE-2005-3299 (PHP file inclusion vulnerability in grab_globals.lib.php in
phpMyAdmin ...)
+ - phpmyadmin 4:2.6.4-pl2-1 (bug #333433)
CVE-2005-3298 (Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow
remote ...)
- TODO: check
+ NOT-FOR-US: OpenWBEM
CVE-2005-3297 (Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow
remote ...)
- TODO: check
+ NOT-FOR-US: OpenWBEM
CVE-2005-3296 (The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows
remote ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2005-3295 (Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms
allows ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2005-3294 (Typsoft FTP Server 1.11, with "Sub Directory
Include" enabled, allows ...)
- TODO: check
+ NOT-FOR-US: Typsoft FTP Server
CVE-2005-3293 (Xerver 4.17 allows remote attackers to (1) obtain source code of
...)
- TODO: check
+ NOT-FOR-US: Xerver
CVE-2005-3292 (Multiple cross-site scripting (XSS) vulnerabilities in Xeobook
0.93 ...)
- TODO: check
+ NOT-FOR-US: Xeobook
CVE-2005-3291 (Stani''s Python Editor (SPE) 0.7.5 is installed with
world-writable ...)
- TODO: check
+ - spe <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3290 (SQL injection vulnerability in Accelerated Mortgage Manager
allows ...)
- TODO: check
+ NOT-FOR-US: Accelerated Mortgage manager
CVE-2005-3289 (LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files
securely, ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2005-3288 (Mailsite Express allows remote attackers to upload and execute
files ...)
- TODO: check
+ NOT-FOR-US: Mailsite Express
CVE-2005-3287 (Incomplete blacklist vulnerability in Mailsite Express allows
remote ...)
- TODO: check
+ NOT-FOR-US: Mailsite Express
CVE-2005-3286 (The FWDRV driver in Kerio Personal Firewall 4.2 and Server
Firewall ...)
- TODO: check
+ NOT-FOR-US: Kerio Personal Firewall
CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Comersus Backoffice Plus
CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004
before ...)
- TODO: check
+ NOT-FOR-US: AhnLab
CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before
1.9.1.1 ...)
- TODO: check
+ NOT-FOR-US: TikiWiki
CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Splatt Forum
CVE-2005-3281 (Directory traversal vulnerability in NukeFix 3.1 for PHP-Nuke
7.8 ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke addon
CVE-2005-3280 (Paros 3.2.5 uses a default password for the
"sa" account in the ...)
- TODO: check
+ NOT-FOR-US: Paros
CVE-2005-3279 (Stack-based buffer overflow in the vgasco_printf function in Jan
Kybic ...)
- TODO: check
+ - bmv <unfixed> (bug filed; unimportant)
+ NOTE: Vulnerable code not activated in binary package
CVE-2005-3278 (Integer overflow in the openpsfile function in gsinterf.c for
Jan ...)
- TODO: check
-CVE-2005-3277 (The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows
remote ...)
- TODO: check
-end claimed by jmm
+ - bmv <unfixed> (bug filed; medium)
+CVE-2005-3277 [hpux lpd issue]
+ NOT-FOR-US: HP-UX
CVE-2005-XXXX [adduser''s deluser creates backup files with world
readable permissions]
- adduser 3.77 (bug #331720; low)
+<<<<<<< .mine
+====== CVE-2005-3300 (The register_globals emulation layer in grab_globals.php
for ...)
- phpmyadmin <unfixed> (bug #335306; high)
+>>>>>>> .r2547
CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow]
- pavuk 0.9.33-1 (bug #264684; high)
NOTE: second hole mentioned in bug report
@@ -330,7 +336,6 @@
- polipo <unfixed> (bug #332411; medium)
CVE-2005-3162
REJECTED
- NOT-FOR-US: PHP-Fusion
CVE-2005-3161 (SQL injection vulnerability in PHP-Fusion before 6.00.110 allows
...)
NOT-FOR-US: PHP-Fusion
CVE-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in
...)
@@ -1346,7 +1351,7 @@
CVE-2005-2760
RESERVED
CVE-2005-2759 (** SPLIT ** The jlucaller program in LiveUpdate for Symantec
Norton ...)
- TODO: check
+ NOT-FOR-US: Symantec Antivirus
CVE-2005-2758 (Integer signedness error in the administrative interface for
Symantec ...)
NOT-FOR-US: Symantec Antivirus
CVE-2005-2757
@@ -2465,7 +2470,7 @@
CVE-2005-2470 (Buffer overflow in a "core application
plug-in" for Adobe Reader 5.1 ...)
NOT-FOR-US: Adobe
CVE-2005-2469 (Stack-based buffer overflow in the NMAP Agent for Novell NetMail
3.52C ...)
- TODO: check
+ NOT-FOR-US: Novell NetMail
CVE-2005-2459 (The huft_build function in inflate.c in the zlib routines in the
Linux ...)
{DTSA-16-1}
- linux-2.6 2.6.12-3 (bug #323173)
@@ -4034,7 +4039,7 @@
CVE-2005-2127 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote
attackers ...)
NOT-FOR-US: Windows
CVE-2005-2126 (The FTP client in Windows XP SP1 and Server 2003, and Internet
...)
- TODO: check
+ NOT-FOR-US: Windows
CVE-2005-2125
RESERVED
CVE-2005-2124
@@ -4042,7 +4047,7 @@
CVE-2005-2123
RESERVED
CVE-2005-2122 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2,
and ...)
- TODO: check
+ NOT-FOR-US: Windows
CVE-2005-2121
RESERVED
CVE-2005-2120 (Stack-based buffer overflow in the Plug and Play (PnP) service
...)
@@ -4050,9 +4055,9 @@
CVE-2005-2119 (The MIDL_user_allocate function in the Microsoft Distributed
...)
NOT-FOR-US: Microsoft
CVE-2005-2118 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2,
and ...)
- TODO: check
+ NOT-FOR-US: Windows
CVE-2005-2117 (Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP
SP1 and ...)
- TODO: check
+ NOT-FOR-US: Windows
CVE-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf
as ...)
- cupsys 1.1.20final+rc1-1 (low)
CVE-2005-2116