Author: joeyh
Date: 2005-12-15 21:14:22 +0000 (Thu, 15 Dec 2005)
New Revision: 3062
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-12-15 18:51:01 UTC (rev 3061)
+++ data/CVE/list 2005-12-15 21:14:22 UTC (rev 3062)
@@ -1,3 +1,71 @@
+CVE-2005-4266 (WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a
...)
+ TODO: check
+CVE-2005-4265 (Alt-N MDaemon and WorldClient 8.1.3 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2005-4264 (Multiple SQL injection vulnerabilities in index.php in PHP
Support ...)
+ TODO: check
+CVE-2005-4263 (SQL injection vulnerability in the News module in Envolution
allows ...)
+ TODO: check
+CVE-2005-4262 (Cross-site scripting (XSS) vulnerability in the News module in
...)
+ TODO: check
+CVE-2005-4261 (Unspecified vulnerability in Positive Software Corporation CP+
...)
+ TODO: check
+CVE-2005-4260 (Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9
and ...)
+ TODO: check
+CVE-2005-4259 (Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote
...)
+ TODO: check
+CVE-2005-4258 (Unspecified Cisco Catalyst Switches allow remote attackers to
cause a ...)
+ TODO: check
+CVE-2005-4257 (Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a
denial ...)
+ TODO: check
+CVE-2005-4256 (Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV
XM ...)
+ TODO: check
+CVE-2005-4255 (Cross-site scripting (XSS) vulnerability in TextSearch in
WikkaWiki ...)
+ TODO: check
+CVE-2005-4254 (SQL injection vulnerability in view_Results.php in DreamLevels
...)
+ TODO: check
+CVE-2005-4253 (Cross-site scripting (XSS) vulnerability in getdox.php in
Torrential ...)
+ TODO: check
+CVE-2005-4252 (Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2
and ...)
+ TODO: check
+CVE-2005-4251 (Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and
...)
+ TODO: check
+CVE-2005-4250 (Directory traversal vulnerability in mcGallery PRO 2.2 and
earlier ...)
+ TODO: check
+CVE-2005-4249 (ADP Forum 2.0 through 2.0.3 stores sensitive information in
plaintext ...)
+ TODO: check
+CVE-2005-4248 (Multiple cross-site scripting (XSS) vulnerabilities in
QuickPayPro 3.1 ...)
+ TODO: check
+CVE-2005-4247 (Cross-site scripting (XSS) vulnerability in index.php in Plogger
Beta ...)
+ TODO: check
+CVE-2005-4246 (SQL injection vulnerability in Plogger Beta 2 and earlier allows
...)
+ TODO: check
+CVE-2005-4245 (Cross-site scripting (XSS) vulnerability in search.php in Snipe
...)
+ TODO: check
+CVE-2005-4244 (SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier
allows ...)
+ TODO: check
+CVE-2005-4243 (Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow
remote ...)
+ TODO: check
+CVE-2005-4241 (Cross-site scripting (XSS) vulnerability in the category page in
...)
+ TODO: check
+CVE-2005-4240 (SQL injection vulnerability in search.php in VCD-db 0.98 and
earlier ...)
+ TODO: check
+CVE-2005-4239 (Cross-site scripting (XSS) vulnerability in
Search/DisplayResults.php ...)
+ TODO: check
+CVE-2005-4238 (Cross-site scripting (XSS) vulnerability in
view_filters_page.php in ...)
+ TODO: check
+CVE-2005-4237 (Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0
and ...)
+ TODO: check
+CVE-2005-4236 (Cross-site scripting (XSS) vulnerability in search.php in CKGOLD
...)
+ TODO: check
+CVE-2005-4235 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in
...)
+ TODO: check
+CVE-2005-4234 (SQL injection vulnerability in gallery.php in EncapsGallery
1.0.0 and ...)
+ TODO: check
+CVE-2005-4233 (SQL injection vulnerability in advertiser_statistic.php in Ad
Manager ...)
+ TODO: check
+CVE-2005-4232 (SQL injection vulnerability in index.php in Jamit Job Board
2.4.1 and ...)
+ TODO: check
CVE-2005-4231 (Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and
...)
NOT-FOR-US: Link Up Gold
CVE-2005-4230 (SQL injection vulnerability in poll.php in Link Up Gold 2.5 and
...)
@@ -32,7 +100,7 @@
NOT-FOR-US: Macromedia Flash Media Server
CVE-2005-4215 (Motorola SB5100E Cable Modem allows remote attackers to cause a
denial ...)
NOT-FOR-US: Motorola hardware
-CVE-2005-4214 (phpCOIN 1.2.2 allows remote attackers obtain the installation
path via ...)
+CVE-2005-4214 (phpCOIN 1.2.2 allows remote attackers to obtain the installation
path ...)
NOT-FOR-US: phpCOIN
CVE-2005-4213 (SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows
remote ...)
NOT-FOR-US: phpCOIN
@@ -76,13 +144,13 @@
NOT-FOR-US: Sights ''n Sounds Streaming Media Server
CVE-2005-4193 (Cross-site scripting (XSS) vulnerability in UseBB before 0.7
allows ...)
NOT-FOR-US: UseBB
-CVE-2005-4242 [XSS in Turba]
+CVE-2005-4242 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
Turba H3 ...)
- turba2 <unfixed> (bug #342946; medium)
CVE-2005-4192 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- mnemo2 <unfixed> (bug #342944; medium)
CVE-2005-4191 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- nag2 <unfixed> (bug #342945; medium)
-CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
Framework ...)
+CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
...)
- horde3 <unfixed> (bug #342942; medium)
CVE-2005-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
Kronolith ...)
- kronolith <unfixed> (bug #342943; medium)
@@ -2419,12 +2487,12 @@
REJECTED
CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in
...)
NOT-FOR-US: FlatNuke
-CVE-2005-3360
- RESERVED
+CVE-2005-3360 (The installation of Trend Micro PC-Cillin Internet Security 2005
12.00 ...)
+ TODO: check
CVE-2005-3359
RESERVED
-CVE-2005-3358
- RESERVED
+CVE-2005-3358 (Linux kernel 2.6.x, possibly before 2.6.11, allows local users
to ...)
+ TODO: check
CVE-2005-3357
RESERVED
CVE-2005-3356
@@ -2772,23 +2840,28 @@
- pound 1.9.4-1 (low)
NOTE: see
http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6
before ...)
+ {DSA-922-1}
- linux-2.6 2.6.12-2
- kernel-source-2.4.27 <not-affected>
CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c
in ...)
- {DSA-921-1}
+ {DSA-922-1 DSA-921-1}
- linux-2.6 2.6.13-1 (low)
- kernel-source-2.4.27 2.4.27-11 (low)
CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13
and 2.4 ...)
+ {DSA-922-1}
- linux-2.6 2.6.13-1 (low)
TODO: Check, whether the 2.4 fix was included in the DSA
[sarge] - kernel-source-2.4.27 2.4.27-10sarge1 (low)
CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for Radionet Open
Source ...)
+ {DSA-922-1}
- linux-2.6 2.6.12-1
- kernel-source-2.4.27 <not-affected>
CVE-2005-3272 (Linux kernel before 2.6.12 allows remote attackers to poison the
...)
+ {DSA-922-1}
- linux-2.6 2.6.12-1
- kernel-source-2.4.27 <not-affected>
CVE-2005-3271 (Exec in Linux kernel 2.6 does not properly clear posix-timers in
...)
+ {DSA-922-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
- kernel-source-2.4.27 <not-affected>
CVE-2005-3270 (Untrusted search path vulnerability in DiskMountNotify for
Symantec ...)
@@ -2856,7 +2929,7 @@
RESERVED
CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket
Option ...)
NOT-FOR-US: Solaris
-CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12 allows
local ...)
+CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and
...)
- linux-2.6 2.6.14-4 (bug #334113; medium)
- kernel-source-2.4.27 <unfixed> (medium)
CVE-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows
remote ...)
@@ -3172,20 +3245,26 @@
CVE-2005-3112 (The "reset password" feature in Macromedia
Breeze 5.0 stores passwords ...)
NOT-FOR-US: Macromedia Breeze
CVE-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in
Linux 2.6, ...)
+ {DSA-922-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.11)
- kernel-source-2.4.27 <not-affected>
CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers
to ...)
+ {DSA-922-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
- kernel-source-2.4.27 <unfixed> (low)
CVE-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local
users to ...)
+ {DSA-922-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
- kernel-source-2.4.27 <not-affected>
CVE-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another
thread that ...)
+ {DSA-922-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; in 2.6.11)
- kernel-source-2.4.27 <not-affected>
CVE-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory
mapping ...)
+ {DSA-922-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64
Montecito ...)
+ {DSA-922-1}
- kernel-source-2.4.27 <unfixed> (bug #332569; medium)
- linux-2.6 2.6.12-1
CVE-2005-XXXX [Minor local DoS as libldap]
@@ -4258,7 +4337,7 @@
{DSA-793-1}
- courier 0.47-8 (medium; bug #325631)
CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel
2.6 ...)
- {DSA-921-1}
+ {DSA-922-1 DSA-921-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
TODO: When was this fixed in sid for 2.4?
CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel
2.6.12 and ...)
@@ -4268,7 +4347,7 @@
NOTE: Dave Miller didn''t like the proposed fix and considers a
complete rewrite
NOTE: of ipt_recent the best solution, which seems to occur soon
CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel
before ...)
- {DSA-921-1}
+ {DSA-922-1 DSA-921-1}
- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
- linux-2.6 2.6.12-1
CVE-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare
0.9.16.000 ...)
@@ -5152,7 +5231,7 @@
- linux-2.6 2.6.12-7 (bug #327416; medium)
- kernel-source-2.6.8 2.6.8-16sarge2
CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file
functions ...)
- {DTSA-16-1}
+ {DSA-922-1 DTSA-16-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, when this was fixed upstream
- kernel-source-2.4.27 <not-affected>
@@ -5170,7 +5249,7 @@
NOTE: unknown if really a bug; if it is it''s different than the
previous ssh delay bugs
- ssh <unfixed> (bug #314645; low)
CVE-2005-2548 (vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote
...)
- {DTSA-16-1}
+ {DSA-922-1 DTSA-16-1}
NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2
- kernel-source-2.6.8 2.6.8-16sarge1 (bug #309308; low)
NOTE: 2.6.12-1 contained a partially broken fix
@@ -5221,11 +5300,11 @@
CVE-2005-2469 (Stack-based buffer overflow in the NMAP Agent for Novell NetMail
3.52C ...)
NOT-FOR-US: Novell NetMail
CVE-2005-2459 (The huft_build function in inflate.c in the zlib routines in the
Linux ...)
- {DSA-921-1 DTSA-16-1}
+ {DSA-922-1 DSA-921-1 DTSA-16-1}
- linux-2.6 2.6.12-3 (bug #323173)
- kernel-source-2.4.27 2.4.27-12 (medium)
CVE-2005-2458 (inflate.c in the zlib routines in the Linux kernel before
2.6.12.5 ...)
- {DSA-921-1 DTSA-16-1}
+ {DSA-922-1 DSA-921-1 DTSA-16-1}
- linux-2.6 2.6.12-3 (bug #323173; medium)
- kernel-source-2.4.27 2.4.27-12 (medium)
CVE-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of
...)
@@ -5376,7 +5455,7 @@
[sarge] - kernel-source-2.6.8 2.6.8-16sarge2 (medium)
[sarge] - kernel-source-2.4.27 2.4.27-10sarge2 (medium)
CVE-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in
...)
- {DSA-921-1 DTSA-16-1}
+ {DSA-922-1 DSA-921-1 DTSA-16-1}
- linux-2.6 2.6.12-2 (bug #321401; medium)
- kernel-source-2.4.27 2.4.27-11 (medium)
CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read
...)
@@ -7990,12 +8069,12 @@
CVE-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of
service ...)
{DSA-734-1}
- gaim 1:1.3.1-1 (bug #315356; low)
-CVE-2005-1930
- RESERVED
-CVE-2005-1929
- RESERVED
-CVE-2005-1928
- RESERVED
+CVE-2005-1930 (Directory traversal vulnerability in the Crystal Report
component ...)
+ TODO: check
+CVE-2005-1929 (Multiple heap-based buffer overflows in (1) isaNVWRequest.dll
and (2) ...)
+ TODO: check
+CVE-2005-1928 (Trend Micro ServerProtect EarthAgent for Windows Management
Console ...)
+ TODO: check
CVE-2005-1927
RESERVED
CVE-2005-1926
@@ -8364,7 +8443,7 @@
{DSA-921-1}
- kernel-source-2.4.27 2.4.27-11 (medium; bug #319629)
CVE-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack
segment ...)
- {DSA-921-1}
+ {DSA-922-1 DSA-921-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Add which revision fixed this
- kernel-source-2.4.27 2.4.27-11 (unknown)
@@ -8374,20 +8453,21 @@
NOTE: Helix Player is affected according to:
NOTE: <http://service.real.com/help/faq/security/050623_player/EN/>
CVE-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64
platform, ...)
- {DTSA-16-1}
+ {DSA-922-1 DTSA-16-1}
- linux-2.6 2.6.12-1 (medium)
- kernel-source-2.4.27 <not-affected>
CVE-2005-1764 (Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a
guard ...)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
- kernel-source-2.4.27 <not-affected>
CVE-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit
architectures ...)
+ {DSA-922-1}
- linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.12-rc5)
CVE-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the
AMD64 ...)
- {DSA-921-1 DTSA-16-1}
+ {DSA-922-1 DSA-921-1 DTSA-16-1}
- linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.12-rc5)
- kernel-source-2.4.27 2.4.27-11
CVE-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local
users ...)
- {DTSA-16-1}
+ {DSA-922-1 DTSA-16-1}
- linux-2.6 2.6.12-1 (medium)
- kernel-source-2.4.27 <unfixed> (low)
CVE-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date
file in ...)
@@ -10425,6 +10505,7 @@
{DSA-736-2 DSA-736-1}
- spamassassin 3.0.4-1 (bug #314447; medium)
CVE-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to
create ...)
+ {DSA-922-1}
TODO: This needs to be double-checked, added to the kernel tracker
CVE-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the
wrong ...)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.10)
@@ -11827,12 +11908,12 @@
- gzip 1.3.5-10
- bzip2 1.0.2-8.1 (bug #321286; medium)
CVE-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise
Linux ...)
- {DSA-921-1}
+ {DSA-922-1 DSA-921-1}
- kernel-source-2.4.27 2.4.27-11 (bug #311164)
- linux-2.6 <not-affected> (Fixed before upload in archive)
TODO: Check, when this was fixed upstream
CVE-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64
...)
- {DSA-921-1}
+ {DSA-922-1 DSA-921-1}
- kernel-source-2.4.27 2.4.27-11 (medium)
- linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.12-rc5)
CVE-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix
Player ...)