Author: joeyh Date: 2005-12-16 04:10:56 +0000 (Fri, 16 Dec 2005) New Revision: 3066 Modified: data/CVE/list Log: processed old CVEs also removed unterminated block claim Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-15 23:18:49 UTC (rev 3065) +++ data/CVE/list 2005-12-16 04:10:56 UTC (rev 3066) @@ -1,4 +1,3 @@ -begin claimed by jmm CVE-2005-4266 (WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a ...) NOT-FOR-US: Alt-N MDaemon and WorldClient CVE-2005-4265 (Alt-N MDaemon and WorldClient 8.1.3 allows remote attackers to cause a ...) @@ -1466,8 +1465,8 @@ CVE-2004-2553 (The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows ...) NOT-FOR-US: ignitionServer CVE-2004-2552 (Buffer overflow in XBoard 4.2.7 and earlier might allow local users to ...) - - xboard <unfixed> (unimportant) - TODO: hardly exploitable, should be fixed anyway + - xboard <unfixed> (bug #343560; unimportant) + NOTE: hardly exploitable, should be fixed anyway CVE-2004-2551 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow ...) NOT-FOR-US: Layton HelpBox CVE-2004-2550 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...) @@ -2027,163 +2026,170 @@ CVE-2002-2205 (Buffer overflow in Webresolve 0.1.0 and earlier allows remote ...) NOT-FOR-US: webresolve CVE-2002-2204 (The default --checksig setting in RPM Package Manager 4.0.4 checks ...) - TODO: check + NOTE: verified with rpm 4.4.1, but this can hardly affect debian at + NOTE: all since it requires rpm be configured to trust some key, + NOTE: which in debian requires a manual and non-documented + NOTE: initialization of the rpm database which is not configured in + NOTE: the package + TODO: file bug? CVE-2002-2203 (Unknown vulnerability in the System Serial Console terminal in Solaris ...) - TODO: check + NOT-FOR-US: Solaris CVE-2002-2202 (Outlook Express 6.0 does not delete messages from dbx files, even when ...) - TODO: check + NOT-FOR-US: Outlook Express CVE-2002-2201 (The Printer Administration module for Webmin 0.990 and earlier allows ...) - TODO: check + - webmin 1.000 (high) CVE-2002-2200 (Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote ...) - TODO: check + NOTE: not-for-us (Benjamin Lefevre Dobermann FORUM) CVE-2002-2199 (The default aide.conf file in Advanced Intrusion Detection Environment ...) - TODO: check + NOTE: freebsd misconfiguration CVE-2002-2198 (Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to ...) - TODO: check + - zmailer 2.99.51_1 (high) CVE-2002-2197 (Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a ...) - TODO: check + NOT-FOR-US: Solaris CVE-2002-2196 (Samba 2.2.5 and earlier does not properly terminate the ...) - TODO: check + - samba 2.2.5 (high) CVE-2002-2195 (Buffer overflow in the version update check for Winamp 2.80 and ...) - TODO: check + NOT-FOR-US: Winamp CVE-2002-2194 (Solaris 8 allows local users to cause a denial of service (kernel ...) - TODO: check + NOT-FOR-US: Solaris CVE-2002-2193 (Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 ...) - TODO: check + NOT-FOR-US: Mojo Mail CVE-2002-2192 (Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 ...) - TODO: check + NOT-FOR-US: Perception LiteServe CVE-2002-2191 (Lotus Domino 5.0.9a and earlier, even when configured with the ...) - TODO: check + NOT-FOR-US: (Lotus Domino CVE-2002-2190 (ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext ...) - TODO: check + NOT-FOR-US: ArtsCore Studios CuteCast Forum CVE-2002-2189 (Cross-site scripting (XSS) vulnerability in ActiveXperts Software ...) - TODO: check + NOT-FOR-US: ActiveXperts Software ActiveWebserver CVE-2002-2188 (OpenBSD before 3.2 allows local users to cause a denial of service ...) - TODO: check + NOT-FOR-US: OpenBSD kernel CVE-2002-2187 (Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, ...) - TODO: check + NOT-FOR-US: Macromedia JRun CVE-2002-2186 (Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the ...) - TODO: check + NOT-FOR-US: Macromedia JRun CVE-2002-2185 (The Internet Group Management Protocol (IGMP) allows local users to ...) + NOTE: fixed in IRIX.. TODO: check CVE-2002-2184 (Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP ...) - TODO: check + NOT-FOR-US: DigiChat CVE-2002-2183 (phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to ...) - TODO: check + NOT-FOR-US: phpShare CVE-2002-2182 (Buffer overflow in Seunghyun Seo''s MSN666 MSN Sniffer 1.0 and 1.0.1 ...) - TODO: check + NOT-FOR-US: MSN666 CVE-2002-2181 (SonicWall Content Filtering allows local users to access prohibited ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2002-2180 (The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not ...) - TODO: check + NOT-FOR-US: OpenBSD kernel CVE-2002-2179 (The dynamic initialization feature of the ClearPath MCP environment ...) - TODO: check + NOT-FOR-US: ClearPath MCP CVE-2002-2178 (Cross-site scripting (XSS) vulnerability in article.php module for ...) - TODO: check + NOT-FOR-US: phpWebSite CVE-2002-2177 (BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP ...) - TODO: check + NOT-FOR-US: BEA CVE-2002-2176 (SQL injection vulnerability in Gender MOD 1.1.3 allows remote ...) - TODO: check + NOT-FOR-US: Gender MOD CVE-2002-2175 (phpSquidPass before 0.2 uses an incomplete regular expression to find ...) - TODO: check + NOT-FOR-US: phpSquidPass CVE-2002-2174 (The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number ...) - TODO: check + NOT-FOR-US: 602Pro LAN SUITE CVE-2002-2173 (Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing ...) - TODO: check + NOT-FOR-US: Trillian CVE-2002-2172 (Informed (1) Designer and (2) Filler 3.05 does not zero out newly ...) - TODO: check + NOT-FOR-US: Informed Designer, Informed Filler CVE-2002-2171 (Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows ...) - TODO: check + NOT-FOR-US: acWEB CVE-2002-2170 (Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 ...) - TODO: check + NOT-FOR-US: BadBlue Enterprise Edition CVE-2002-2169 (Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and ...) - TODO: check + NOT-FOR-US: AIM CVE-2002-2168 (SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 ...) - TODO: check + NOT-FOR-US: 123tkShop CVE-2002-2167 (Directory traversal vulnerability in function_foot_1.inc.php for ...) - TODO: check + NOT-FOR-US: 123tkShop CVE-2002-2166 (Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 ...) - TODO: check + NOT-FOR-US: FuseTalk CVE-2002-2165 (The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER ...) - TODO: check + NOT-FOR-US: IMHO Webmail for Roxen CVE-2002-2164 (Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows ...) - TODO: check + NOT-FOR-US: MSIE CVE-2002-2163 (KvPoll 1.1 allows remote authenticated users to vote more than once by ...) - TODO: check + NOT-FOR-US: KvPoll CVE-2002-2162 (Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) ...) - TODO: check + NOT-FOR-US: Trillian CVE-2002-2161 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Kerio Personal Firewall CVE-2002-2160 (MidiCart (1) PHP, (2) PHP Plus, and (3) PHP Maxi does not restrict ...) - TODO: check + NOT-FOR-US: MidiCart CVE-2002-2159 (Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the ...) - TODO: check + NOT-FOR-US: Linksys hardware CVE-2002-2158 (zenTrack 2.0.3 and earlier allows remote attackers to obtain the full ...) - TODO: check + NOT-FOR-US: zenTrack CVE-2002-2157 (calendar.php in Jelsoft Enterprises vBulletin 2.2.0 and earlier allows ...) - TODO: check + NOT-FOR-US: vBulletin CVE-2002-2156 (Buffer overflow in Trillian 0.73 allows remote IRC servers to execute ...) - TODO: check + NOT-FOR-US: Trillian CVE-2002-2155 (Format string vulnerability in the error handling of IRC invite ...) - TODO: check + NOT-FOR-US: Trillian CVE-2002-2154 (Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows ...) - TODO: check + NOT-FOR-US: Monkey HTTP Daemon CVE-2002-2153 (Format string vulnerability in the administrative pages of the PL/SQL ...) - TODO: check + NOT-FOR-US: Oracle Application Server CVE-2002-2152 (The Czech edition of Software602''s Web Server before 2002.0.02.0916 ...) - TODO: check + NOT-FOR-US: Software602 CVE-2002-2151 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...) - TODO: check + NOT-FOR-US: Search97 CVE-2002-2150 (Firewalls from multiple vendors empty state tables more slowly than ...) - TODO: check + NOTE: SYN floods etc generally filed as issues in linux specifically + NOTE: if it is affected CVE-2002-2149 (Buffer overflow in Lucent Access Point 300, 600, and 1500 Service ...) - TODO: check + NOT-FOR-US: Lucent Access Point CVE-2002-2148 (Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline ...) - TODO: check + NOT-FOR-US: Lucent MAX Router CVE-2002-2147 (Savant Web Server 3.1 and earlier allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Savant Web Server CVE-2002-2146 (cgitest.exe in Savant Web Server 3.1 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Savant Web Server CVE-2002-2145 (Savant Web Server 3.1 and earlier allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: Savant Web Server CVE-2002-2144 (Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows ...) - TODO: check + NOT-FOR-US: BearShare CVE-2002-2143 (The admin.html file in MySimple News 1.0 stores its administrative ...) - TODO: check + NOT-FOR-US: MySimple News CVE-2002-2142 (An undocumented extension for the Servlet mappings in the Servlet 2.3 ...) - TODO: check + NOT-FOR-US: BEA CVE-2002-2141 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets ...) - TODO: check + NOT-FOR-US: BEA CVE-2002-2140 (Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, ...) - TODO: check + NOT-FOR-US: Cisco CVE-2002-2139 (Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not ...) - TODO: check + NOT-FOR-US: Cisco CVE-2002-2138 (RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when ...) - TODO: check + NOT-FOR-US: HP Advanced Server CVE-2002-2137 (GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and ...) - TODO: check + NOT-FOR-US: GlobalSunTech Wireless Access Points CVE-2002-2136 (The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) ...) - TODO: check + NOT-FOR-US: SUNW* CVE-2002-2135 (OnlineJFS and JournalFS.VXFS-BASE-KRN (JFS 3.1) in HP-UX 10.20 through ...) - TODO: check + NOT-FOR-US: HP-UX CVE-2002-2134 (haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP ...) - TODO: check + NOT-FOR-US: PEEL CVE-2002-2133 (Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption ...) - TODO: check + NOT-FOR-US: Telindus 1100 ASDL router CVE-2002-2132 (Windows File Protection (WFP) in Windows 2000 and XP does not remove ...) - TODO: check + NOT-FOR-US: Windows CVE-2002-2131 (Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows ...) - TODO: check + NOT-FOR-US: Perl-HTTPd CVE-2002-2130 (publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to ...) - TODO: check + - gallery 1.3.3 (high) CVE-2002-2129 (Cross-site scripting vulnerability (XSS) in editform.php for w-Agora ...) - TODO: check + NOT-FOR-US: w-Agora CVE-2002-2128 (editform.php in w-Agora 4.1.5 allows local users to execute arbitrary ...) - TODO: check + NOT-FOR-US: w-Agora CVE-2002-2127 (Integrity Protection Driver (IPD) 1.2 and earlier blocks access to ...) - TODO: check + NOT-FOR-US: Integrity Protection Driver (IPD) CVE-2002-2126 (restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver ...) - TODO: check + NOT-FOR-US: Integrity Protection Driver (IPD) CVE-2002-2125 (Internet Explorer 6.0 does not warn users when an expired certificate ...) NOT-FOR-US: MSIE CVE-2000-1238 (BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows ...) @@ -2491,7 +2497,7 @@ CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in ...) NOT-FOR-US: FlatNuke CVE-2005-3360 (The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 ...) - TODO: check + NOT-FOR-US: Trend Micro PC-Cillin Internet Security 2005 CVE-2005-3359 RESERVED CVE-2005-3358 (Linux kernel 2.6.x, possibly before 2.6.11, allows local users to ...) @@ -3303,7 +3309,6 @@ - libnss-ldap 199-1 (bug #169793) CVE-2004-XXXX [Firefox doesn''t clear all cookies] - mozilla-firefox <unfixed> (bug #203034; bug #235932; low) - TODO: Re-check this, most probably fixed by now CVE-2004-XXXX [Insecure temp files in amanda''s chg-manual] - amanda <unfixed> (bug #226139; low) CVE-2004-XXXX [Buffer overflow in wdm''s login]