diff options
| author | Joey Hess <joeyh@debian.org> | 2005-12-19 09:14:20 +0000 |
|---|---|---|
| committer | Joey Hess <joeyh@debian.org> | 2005-12-19 09:14:20 +0000 |
| commit | b93e088d7e9f4513d6587f0f0095f2c3ab7e2dba (patch) | |
| tree | a7fe37d820090838c6560aaf42c7779b90be4a55 | |
| parent | ea69d63e82a4c145dcfd4c4b2d8bf789d7c3ff74 (diff) | |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3094 e39458fd-73e7-0310-bf30-c45bca0a0e42
| -rw-r--r-- | data/CVE/1999.list | 2 | ||||
| -rw-r--r-- | data/CVE/2003.list | 4 | ||||
| -rw-r--r-- | data/CVE/2004.list | 4 | ||||
| -rw-r--r-- | data/CVE/2005.list | 185 |
4 files changed, 183 insertions, 12 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list index 49480d13c0..5ed82a4364 100644 --- a/data/CVE/1999.list +++ b/data/CVE/1999.list @@ -3135,5 +3135,5 @@ CVE-1999-0015 (Teardrop IP denial of service. ...) TODO: check CVE-1999-0004 (MIME buffer overflow in email clients, e.g. Solaris mailtool ...) TODO: check -CVE-1999-0001 (Denial of service in BSD-derived TCP/IP implementations, as described ...) +CVE-1999-0001 (ip_input.c in BSD-derived TCP/IP implementations allows remote ...) TODO: check diff --git a/data/CVE/2003.list b/data/CVE/2003.list index 00fb3ea12f..17db495d6b 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -1,3 +1,5 @@ +CVE-2003-1289 (The iBCS2 system call translator for statfs in NetBSD 1.5 through ...) + TODO: check CVE-2003-1288 (Multiple race conditions in Linux-VServer 1.22 with Linux kernel ...) - kernel-patch-ctx 1:1.29-1 CVE-2003-XXXX [Insecure tempfile in x-face-el] @@ -949,7 +951,7 @@ CVE-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 fo CVE-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...) NOT-FOR-US: IBM DB2 CVE-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...) - - mplayer <itp> (bug #113238) + - mplayer <itp> (bug #113238) CVE-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...) NOT-FOR-US: CDE CVE-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...) diff --git a/data/CVE/2004.list b/data/CVE/2004.list index 9dbee226a7..a4f76ae5f7 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -1,3 +1,7 @@ +CVE-2004-2652 (The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when ...) + TODO: check +CVE-2004-2651 (Multiple cross-site scripting (XSS) vulnerabilities in YaCy before ...) + TODO: check CVE-2004-2650 (Spooler in Apache Foundation James 2.2.0 allows local users to cause a ...) NOT-FOR-US: Apache James CVE-2004-2649 (Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in ...) diff --git a/data/CVE/2005.list b/data/CVE/2005.list index c886067b02..39520215fe 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -1,3 +1,168 @@ +CVE-2005-4348 + RESERVED +CVE-2005-4347 + RESERVED +CVE-2005-4346 (SQL injection vulnerability in index.php in phpBB Blog 2.2.2 and ...) + TODO: check +CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password ...) + TODO: check +CVE-2005-4344 (Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the ...) + TODO: check +CVE-2005-4343 (Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and ...) + TODO: check +CVE-2005-4342 (ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, ...) + TODO: check +CVE-2005-4341 (Blackboard Learning and Community Portal System in Academic Suite ...) + TODO: check +CVE-2005-4340 + REJECTED + TODO: check +CVE-2005-4339 (Cross-site scripting (XSS) vulnerability in Blackboard Learning and ...) + TODO: check +CVE-2005-4338 (announcement.pl in Blackboard Learning and Community Portal System in ...) + TODO: check +CVE-2005-4337 (The login page in Blackboard Learning and Community Portal System in ...) + TODO: check +CVE-2005-4336 (Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and ...) + TODO: check +CVE-2005-4335 (ProjectForum 4.7.0 and earlier allows remote attackers to cause a ...) + TODO: check +CVE-2005-4334 (SQL injection vulnerability in ZixForum 1.12 allows remote attackers ...) + TODO: check +CVE-2005-4333 (Multiple cross-site scripting (XSS) vulnerabilities in Binary Board ...) + TODO: check +CVE-2005-4332 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...) + TODO: check +CVE-2005-4331 (SQL injection vulnerability in merchant.ihtml in iHTML Merchant ...) + TODO: check +CVE-2005-4330 (SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall ...) + TODO: check +CVE-2005-4329 (SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB ...) + TODO: check +CVE-2005-4328 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in ...) + TODO: check +CVE-2005-4327 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt ...) + TODO: check +CVE-2005-4326 (The web interface for American Power Conversion (APC) PowerChute ...) + TODO: check +CVE-2005-4325 (Multiple unspecified vulnerabilities in Driverse before 0.56b have ...) + TODO: check +CVE-2005-4324 (Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through ...) + TODO: check +CVE-2005-4323 (Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal ...) + TODO: check +CVE-2005-4322 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...) + TODO: check +CVE-2005-4321 (The Internet Key Exchange version 1 (IKEv1) implementation in Apani ...) + TODO: check +CVE-2005-4320 (Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the ...) + TODO: check +CVE-2005-4319 (Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 ...) + TODO: check +CVE-2005-4318 (SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and ...) + TODO: check +CVE-2005-4317 (Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not ...) + TODO: check +CVE-2005-4316 (HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers ...) + TODO: check +CVE-2005-4315 (SQL injection vulnerability in the search function in Plexum PLEXCART ...) + TODO: check +CVE-2005-4314 (Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal ...) + TODO: check +CVE-2005-4313 (SQL injection vulnerability in index.php in AlmondSoft Almond ...) + TODO: check +CVE-2005-4312 (SQL injection vulnerability in index.php in AlmondSoft Almond ...) + TODO: check +CVE-2005-4311 (Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, ...) + TODO: check +CVE-2005-4310 (SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based ...) + TODO: check +CVE-2005-4309 (SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows ...) + TODO: check +CVE-2005-4308 (index.php in ezUpload Pro 2.2 and earlier allows remote attackers to ...) + TODO: check +CVE-2005-4307 (Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier ...) + TODO: check +CVE-2005-4306 (Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 ...) + TODO: check +CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, ...) + TODO: check +CVE-2005-4304 (index.php in ezDatabase 2.1.2 and earlier allows remote attackers to ...) + TODO: check +CVE-2005-4303 (SQL injection vulnerability in index.php for ezDatabase 2.1.2 and ...) + TODO: check +CVE-2005-4302 (Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and ...) + TODO: check +CVE-2005-4301 (Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and ...) + TODO: check +CVE-2005-4300 (Format string vulnerability in the lire_pop function in pop.c in ...) + TODO: check +CVE-2005-4299 (Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 ...) + TODO: check +CVE-2005-4298 (Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum ...) + TODO: check +CVE-2005-4297 (Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier ...) + TODO: check +CVE-2005-4296 (AppServ Open Project 2.5.3 allows remote attackers to cause a denial ...) + TODO: check +CVE-2005-4295 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...) + TODO: check +CVE-2005-4294 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before ...) + TODO: check +CVE-2005-4293 (Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro ...) + TODO: check +CVE-2005-4292 (Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and ...) + TODO: check +CVE-2005-4291 (Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS ...) + TODO: check +CVE-2005-4290 (Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 ...) + TODO: check +CVE-2005-4289 (Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 ...) + TODO: check +CVE-2005-4288 (Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb ...) + TODO: check +CVE-2005-4287 (PHP remote file include vulnerability in MarmaraWeb E-commerce allows ...) + TODO: check +CVE-2005-4286 (Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote ...) + TODO: check +CVE-2005-4285 (Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick ...) + TODO: check +CVE-2005-4284 (Cross-site scripting (XSS) vulnerability in StaticStore Search Engine ...) + TODO: check +CVE-2005-4283 (Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and ...) + TODO: check +CVE-2005-4282 (Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and ...) + TODO: check +CVE-2005-4281 (Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and ...) + TODO: check +CVE-2005-4280 (Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo ...) + TODO: check +CVE-2005-4279 (Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on ...) + TODO: check +CVE-2005-4278 (Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo ...) + TODO: check +CVE-2005-4277 (Cross-site scripting (XSS) vulnerability in index.php in toendaCMS ...) + TODO: check +CVE-2005-4276 (Westell Versalink 327W allows remote attackers to cause a denial of ...) + TODO: check +CVE-2005-4275 (Scientific Atlanta DPX2100 Cable Modem allows remote attackers to ...) + TODO: check +CVE-2005-4274 (Unspecified vulnerability in Business Objects WebIntelligence 6.5x ...) + TODO: check +CVE-2005-4273 (Multiple unspecified vulnerabilities in (1) getShell and (2) ...) + TODO: check +CVE-2005-4272 (Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote ...) + TODO: check +CVE-2005-4271 (Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local ...) + TODO: check +CVE-2005-4270 (Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows ...) + TODO: check +CVE-2005-4269 (mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer ...) + TODO: check +CVE-2005-4268 (Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a ...) + TODO: check +CVE-2005-4267 + RESERVED CVE-2005-XXXX [SQL Injection in server_privileges.php] - phpmyadmin <unfixed> (bug #343858; high) CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password] @@ -121,7 +286,7 @@ CVE-2005-4208 (Directory traversal vulnerability in Flatnuke 2.5.6 allows remote NOT-FOR-US: Flatnuke CVE-2005-4207 (SQL injection vulnerability in BTGrup Admin WebController Script ...) NOT-FOR-US: BTGrup Admin WebController Script -CVE-2005-4206 (frameset.jsp in Blackboard Learning and Community Port Systems ...) +CVE-2005-4206 (Blackboard Learning and Community Portal System in Academic Suite ...) NOT-FOR-US: Blackboard Learning and Community Port Systems CVE-2005-4205 (Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList ...) NOT-FOR-US: LocazoList @@ -221,7 +386,7 @@ CVE-2005-4161 (Multiple cross-site scripting (XSS) vulnerabilities in MilliScrip NOT-FOR-US: MilliScripts CVE-2005-4160 (Directory traversal vulnerability in getdox.php in Torrential 1.2 ...) NOT-FOR-US: Torrential -CVE-2005-4159 (SQL injection vulnerability in Memberlist.php in Simple Machines Forum ...) +CVE-2005-4159 (** DISPUTED ** ...) NOT-FOR-US: Simple Machines Forum CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear ...) - sudo <unfixed> (bug #342948; medium) @@ -368,7 +533,7 @@ CVE-2005-4089 (Microsoft Internet Explorer allows remote attackers to bypass ... NOT-FOR-US: Microsoft Internet Explorer CVE-2005-4088 (SQL injection vulnerability in index.php in phpForumPro 2.2 allows ...) NOT-FOR-US: phpForumPro -CVE-2005-4087 (PHP remote file inclusion vulnerability in acceptDecline.php in Sugar ...) +CVE-2005-4087 (PHP remote file include vulnerability in acceptDecline.php in Sugar ...) NOT-FOR-US: SugarCRM CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite ...) NOT-FOR-US: SugarCRM @@ -534,7 +699,7 @@ CVE-2005-4009 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Expre NOT-FOR-US: PHP Lite Calender Express CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 ...) NOT-FOR-US: Jax Calendar -CVE-2005-4077 (Multiple off-by-one errors in libcurl 7.11.2 through 7.15.0 and ...) +CVE-2005-4077 (Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 ...) {DSA-919-1} - curl 7.15.1-1 (bug #342339; medium) [sarge] - curl 7.13.2-2sarge4 (medium) @@ -1285,8 +1450,8 @@ CVE-2005-3654 RESERVED CVE-2005-3653 RESERVED -CVE-2005-3652 - RESERVED +CVE-2005-3652 (Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 ...) + TODO: check CVE-2005-3651 (Stack-based buffer overflow in the dissect_ospf_v3_address_prefix ...) {DSA-920-1} - ethereal <unfixed> (bug #342911; medium) @@ -2213,8 +2378,8 @@ CVE-2005-XXXX [libmad: Assertion failed; buffer overflow] CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...) {DSA-889-1} - enigmail 2:0.93-1 (bug #335731; medium) -CVE-2005-3253 - RESERVED +CVE-2005-3253 (Avaya Wireless Access Points (AP) AP-3 through AP-6 2.5 to 2.5.4, and ...) + TODO: check CVE-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for ...) - snort 2.3.3-2 (bug #328134; low) - snort <not-affected> (Vulnerable code was introduced later, see bug #334606) @@ -4326,7 +4491,7 @@ CVE-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, NOT-FOR-US: nbsmtp CVE-2005-2408 RESERVED -CVE-2005-2407 (Unknown vulnerability in Opera 8.01 allows attackers to perform "link ...) +CVE-2005-2407 (A design error in Opera 8.01 and earlier allows user-complicit ...) NOT-FOR-US: Opera CVE-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...) NOT-FOR-US: Opera @@ -8074,7 +8239,7 @@ CVE-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise L - kernel-source-2.4.27 2.4.27-11 (bug #311164) - linux-2.6 <not-affected> (Fixed before upload in archive) TODO: Check, when this was fixed upstream -CVE-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64 ...) +CVE-2005-0756 (ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on ...) {DSA-922-1 DSA-921-1} - kernel-source-2.4.27 2.4.27-11 (medium) - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5) |