thr3ads.net - Secure testing commits - [Secure-testing-commits] r2909

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Dec-02 20:12 UTC
[Secure-testing-commits] r2909 - data/CVE

Author: joeyh
Date: 2005-12-01 09:14:19 +0000 (Thu, 01 Dec 2005)
New Revision: 2909

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-12-01 09:07:09 UTC (rev 2908)
+++ data/CVE/list	2005-12-01 09:14:19 UTC (rev 2909)
@@ -1,3 +1,191 @@
+CVE-2006-0034
+	RESERVED
+CVE-2006-0033
+	RESERVED
+CVE-2006-0032
+	RESERVED
+CVE-2006-0031
+	RESERVED
+CVE-2006-0030
+	RESERVED
+CVE-2006-0029
+	RESERVED
+CVE-2006-0028
+	RESERVED
+CVE-2006-0027
+	RESERVED
+CVE-2006-0026
+	RESERVED
+CVE-2006-0025
+	RESERVED
+CVE-2006-0024
+	RESERVED
+CVE-2006-0023
+	RESERVED
+CVE-2006-0022
+	RESERVED
+CVE-2006-0021
+	RESERVED
+CVE-2006-0020
+	RESERVED
+CVE-2006-0018
+	REJECTED
+	TODO: check
+CVE-2005-3961 (WebCalendar 1.0.1 allows remote attackers to overwrite
WebCalendar ...)
+	TODO: check
+CVE-2005-3960 (Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a
denial of ...)
+	TODO: check
+CVE-2005-3959 (Multiple cross-site scripting (XSS) vulnerabilities in
FreeWebStat 1.0 ...)
+	TODO: check
+CVE-2005-3958 (SQL injection vulnerability in index.php in Entergal MX 2.0
allows ...)
+	TODO: check
+CVE-2005-3957 (Unspecified vulnerability in the Trackback functionality in
DotClear ...)
+	TODO: check
+CVE-2005-3956 (Multiple SQL injection vulnerabilities in index.php in DMANews
0.904 ...)
+	TODO: check
+CVE-2005-3955 (Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS
7.1, ...)
+	TODO: check
+CVE-2005-3954 (Cross-site scripting (XSS) vulnerability in blogBuddies 0.3
allows ...)
+	TODO: check
+CVE-2005-3953 (SQL injection vulnerability in Bedeng PSP 1.1 allows remote
attackers ...)
+	TODO: check
+CVE-2005-3952 (SQL injection vulnerability in PHP Labs Top Auction allows
remote ...)
+	TODO: check
+CVE-2005-3951 (SQL injection vulnerability in survey.php in PHP Labs Survey
Wizard ...)
+	TODO: check
+CVE-2005-3950 (nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated
users ...)
+	TODO: check
+CVE-2005-3949 (Multiple SQL injection vulnerabilities in WebCalendar 1.0.1
allow ...)
+	TODO: check
+CVE-2005-3948 (Directory traversal vulnerability in main.php in PHPAlbum 0.2.3
and ...)
+	TODO: check
+CVE-2005-3947 (Directory traversal vulnerability in index.php in PHP Upload
Center ...)
+	TODO: check
+CVE-2005-3946 (Opera 8.50 allows remote attackers to cause a denial of service
...)
+	TODO: check
+CVE-2005-3945 (The SynAttackProtect protection in Microsoft Windows 2003 before
SP1 ...)
+	TODO: check
+CVE-2005-3944 (SQL injection vulnerability in survey.php in ilyav Survey System
1.1 ...)
+	TODO: check
+CVE-2005-3943 (Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1
and ...)
+	TODO: check
+CVE-2005-3942 (SQL injection vulnerability in knowledgebase-control.php in Orca
...)
+	TODO: check
+CVE-2005-3941 (SQL injection vulnerability in blog.php in Orca Blog 1.3b and
earlier ...)
+	TODO: check
+CVE-2005-3940 (SQL injection vulnerability in ringmaker.php in Orca Ringmaker
2.3c ...)
+	TODO: check
+CVE-2005-3939 (Multiple SQL injection vulnerabilities in WSN Knowledge Base
1.2.0 and ...)
+	TODO: check
+CVE-2005-3938 (SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler
...)
+	TODO: check
+CVE-2005-3937 (SQL injection vulnerability in Softbiz B2B Trading Marketplace
Script ...)
+	TODO: check
+CVE-2005-3936 (PHP file include vulnerability in SocketKB 1.1.0 and earlier
allows ...)
+	TODO: check
+CVE-2005-3935 (SQL injection vulnerability in SocketKB 1.1.0 and earlier allows
...)
+	TODO: check
+CVE-2005-3934 (Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all
other ...)
+	TODO: check
+CVE-2005-3933 (SQL injection vulnerability in index.php in 88Script''s
Event Calendar ...)
+	TODO: check
+CVE-2005-3932 (SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3
and ...)
+	TODO: check
+CVE-2005-3931 (SQL injection vulnerability in default.asp in ASP-Rider 1.6
allows ...)
+	TODO: check
+CVE-2005-3930 (SQL injection vulnerability in index.php in N-13 News 1.2 allows
...)
+	TODO: check
+CVE-2005-3929 (Directory traversal vulnerability in the create function in ...)
+	TODO: check
+CVE-2005-3928 (Buffer overflow in phgrafx in QNX 6.3.0 allows local users to
execute ...)
+	TODO: check
+CVE-2005-3927 (Multiple directory traversal vulnerabilities in GuppY 4.5.9 and
...)
+	TODO: check
+CVE-2005-3926 (Direct static code injection vulnerability in error.php in GuppY
4.5.9 ...)
+	TODO: check
+CVE-2005-3925 (Multiple SQL injection vulnerabilities in Central Manchester CLC
...)
+	TODO: check
+CVE-2005-3924 (SQL injection vulnerability in themes/kategorie/index.php in
Randshop ...)
+	TODO: check
+CVE-2005-3923 (NetObjects Fusion 9 (NOF9) allows remote attackers to obtain
sensitive ...)
+	TODO: check
+CVE-2005-3922 (Heap-based buffer overflow in pskcmp.dll in Panda Software
Antivirus ...)
+	TODO: check
+CVE-2005-3921 (Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server
for ...)
+	TODO: check
+CVE-2005-3920 (SQL injection vulnerability in Babe Logger 2 allows remote
attackers ...)
+	TODO: check
+CVE-2005-3919 (Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows
remote ...)
+	TODO: check
+CVE-2005-3918 (** DISPUTED ** ...)
+	TODO: check
+CVE-2005-3917 (SQL injection vulnerability in usersession in CommodityRentals
2.0 ...)
+	TODO: check
+CVE-2005-3916 (SQL injection vulnerability in memberlist.php in WSN Forum 1.21
allows ...)
+	TODO: check
+CVE-2005-3915 (The Internet Key Exchange version 1 (IKEv1) implementation in
...)
+	TODO: check
+CVE-2005-3914 (Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4
allow ...)
+	TODO: check
+CVE-2005-3913 (Unspecified vulnerability in the domain alias management in
Virtual ...)
+	TODO: check
+CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in
Webmin ...)
+	TODO: check
+CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in
BosDates 4.0 ...)
+	TODO: check
+CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier,
with ...)
+	TODO: check
+CVE-2005-3909 (SQL injection vulnerability in merchants/index.php in Post
Affiliate ...)
+	TODO: check
+CVE-2005-3908 (Cross-site scripting (XSS) vulnerability in search.php in ...)
+	TODO: check
+CVE-2005-3907 (Unspecified vulnerability in Java Runtime Environment in Java
JDK and ...)
+	TODO: check
+CVE-2005-3906 (Multiple unspecified vulnerabilities in reflection APIs in Java
SDK ...)
+	TODO: check
+CVE-2005-3905 (Unspecified vulnerability in reflection APIs in Java SDK and JRE
...)
+	TODO: check
+CVE-2005-3904 (Unspecified vulnerability in Java Management Extensions (JMX) in
Java ...)
+	TODO: check
+CVE-2005-3903
+	RESERVED
+CVE-2005-3902 (Cross-site scripting (XSS) vulnerability in
gui/errordocs/index.php in ...)
+	TODO: check
+CVE-2005-3901 (Macromedia Flash Communication Server MX 1.0 and 1.5 does not
...)
+	TODO: check
+CVE-2005-3900 (Macromedia Breeze Communication Server and Breeze Live Server
does 5.1 ...)
+	TODO: check
+CVE-2005-3899 (The automatic update feature in Google Talk allows remote
attackers to ...)
+	TODO: check
+CVE-2005-3898
+	REJECTED
+	TODO: check
+CVE-2005-3897 (Apple Safari 2.0.2 allows remote attackers to cause a denial of
...)
+	TODO: check
+CVE-2005-3896 (Mozilla allows remote attackers to cause a denial of service
(CPU ...)
+	TODO: check
+CVE-2005-3895 (Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0
...)
+	TODO: check
+CVE-2005-3894 (Multiple cross-site scripting (XSS) vulnerabilities in index.pl
in ...)
+	TODO: check
+CVE-2005-3893 (Multiple SQL injection vulnerabilities in index.pl in Open
Ticket ...)
+	TODO: check
+CVE-2005-3892 (Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user
via a ...)
+	TODO: check
+CVE-2005-3891 (Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote
attackers ...)
+	TODO: check
+CVE-2005-3890 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CVE-2005-3889 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CVE-2005-3888 (Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a
...)
+	TODO: check
+CVE-2005-3887 (Gadu-Gadu 7.20 does not properly handle MS-DOS device names in
...)
+	TODO: check
+CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0
and ...)
+	TODO: check
+CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape
before ...)
+	TODO: check
 CVE-2005-XXXX [webmin format string vulnerability]
 	- webmin <unfixed> (bug #341394; medium)
 	TODO: This sounds as if perl needed to be fixed as well,
@@ -650,18 +838,18 @@
 	RESERVED
 CVE-2005-3706
 	RESERVED
-CVE-2005-3705
-	RESERVED
-CVE-2005-3704
-	RESERVED
+CVE-2005-3705 (Heap-based buffer overflow in WebKit in Mac OS X and OS X Server
...)
+	TODO: check
+CVE-2005-3704 (System log server in Mac OS X and OS X Server 10.4 through
10.4.3 ...)
+	TODO: check
 CVE-2005-3703
 	RESERVED
-CVE-2005-3702
-	RESERVED
-CVE-2005-3701
-	RESERVED
-CVE-2005-3700
-	RESERVED
+CVE-2005-3702 (Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows
remote ...)
+	TODO: check
+CVE-2005-3701 (Unspecified vulnerability in passwordserver in Mac OS X Server
10.3.9 ...)
+	TODO: check
+CVE-2005-3700 (Unknown vulnerability in iodbcadmintool in the ODBC
Administrator ...)
+	TODO: check
 CVE-2005-3664 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as
used in ...)
 	NOT-FOR-US: Kaspersky AV
 CVE-2005-3663 (Untrusted Windows search path vulnerability in Kaspersky
Anti-Virus ...)
@@ -852,7 +1040,7 @@
 	NOT-FOR-US: DB2
 CVE-2005-3568 (db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10
...)
 	NOT-FOR-US: DB2
-CVE-2005-3567 (slapd daemon in IBM Tivoli Directory Server 5.2.0 and 6.0.0
binds ...)
+CVE-2005-3567 (slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and
6.0.0 ...)
 	NOT-FOR-US: Tivoli
 CVE-2005-3566 (Buffer overflow in various ha commands of VERITAS Cluster Server
for ...)
 	NOT-FOR-US: VERITAS Cluster Server
@@ -1298,7 +1486,7 @@
 CVE-2005-3807 (Memory leak in the VFS file lease handling in locks.c in Linux
kernels ...)
 	- linux-2.6 <unfixed>
 	- kernel-source-2.4.27 <not-affected>
-CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before
2.6.15 ...)
+CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before
...)
 	- linux-2.6 <unfixed>
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-XXXX [Insecure temp file usage in migrationtools]
@@ -2131,7 +2319,7 @@
 CVE-2005-3187
 	RESERVED
 CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering
library in ...)
-	{DSA-911-1}
+	{DSA-913-1 DSA-911-1}
 	- gtk+2.0 2.6.10-2 (bug #339431; medium)
 	- gdk-pixbuf 0.22.0-11 (bug #339431; bug #339458; medium)
 CVE-2005-3184 (Buffer overflow vulnerability in the unicode_to_bytes in the
Service ...)
@@ -2737,10 +2925,10 @@
 	[sarge] - pam <not-affected> (Does not contain SELinux support)
 	[woody] - pam <not-affected> (Does not contain SELinux support)
 CVE-2005-2976 (Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before
2.8.7 ...)
-	{DSA-911-1}
+	{DSA-913-1 DSA-911-1}
 	- gdk-pixbuf 0.22.0-11 (bug #339431; medium)
 CVE-2005-2975 (io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+
before ...)
-	{DSA-911-1}
+	{DSA-913-1 DSA-911-1}
 	- gdk-pixbuf 0.22.0-11 (bug #339431; low)
 	- gtk+2.0 2.6.10-2 (bug #339431; low)
 CVE-2005-2974 (libungif library before 4.1.0 allows attackers to cause a denial
of ...)
@@ -3241,8 +3429,8 @@
 	NOT-FOR-US: Symantec Antivirus
 CVE-2005-2758 (Integer signedness error in the administrative interface for
Symantec ...)
 	NOT-FOR-US: Symantec Antivirus
-CVE-2005-2757
-	RESERVED
+CVE-2005-2757 (Heap-based buffer overflow in CoreFoundation in Mac OS X and OS
X ...)
+	TODO: check
 CVE-2005-2756 (Apple QuickTime before 7.0.3 allows user-complicit attackers to
...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2005-2755 (Apple QuickTime Player before 7.0.3 allows user-complicit
attackers to ...)
@@ -5937,10 +6125,10 @@
 	NOT-FOR-US: Windows
 CVE-2005-2125
 	RESERVED
-CVE-2005-2124
-	RESERVED
-CVE-2005-2123
-	RESERVED
+CVE-2005-2124 (Unspecified vulnerability in the Graphics Rendering Engine
(GDI32.DLL) ...)
+	TODO: check
+CVE-2005-2123 (Multiple integer overflows in the Graphics Rendering Engine ...)
+	TODO: check
 CVE-2005-2122 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2,
and ...)
 	NOT-FOR-US: Windows
 CVE-2005-2121
@@ -18950,7 +19138,6 @@
 CVE-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not
properly ...)
 	NOT-FOR-US: BEA WebLogic Server
 CVE-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and
allows ...)
-	{DSA-303}
 	TODO: not sure if this is fixed
 CVE-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...)
 	NOT-FOR-US: McAfee ePolicy Orchestrator
Secure testing commits - Dec 2005 - r2909 - data/CVE

[Secure-testing-commits] r2909 - data/CVE
