diff options
| author | Joey Hess <joeyh@debian.org> | 2006-11-02 08:14:23 +0000 |
|---|---|---|
| committer | Joey Hess <joeyh@debian.org> | 2006-11-02 08:14:23 +0000 |
| commit | dc14c5c7cededc2bd1bcf57076cab512b79a4fae (patch) | |
| tree | d7bd7542ee5e5f29b338928273b9e20aaae35ba4 | |
| parent | f06a8ed633fb632827880106314728ea1fbf2ab4 (diff) | |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4909 e39458fd-73e7-0310-bf30-c45bca0a0e42
| -rw-r--r-- | data/CVE/1999.list | 92 | ||||
| -rw-r--r-- | data/CVE/2000.list | 30 | ||||
| -rw-r--r-- | data/CVE/2001.list | 18 | ||||
| -rw-r--r-- | data/CVE/2002.list | 8 | ||||
| -rw-r--r-- | data/CVE/2003.list | 6 | ||||
| -rw-r--r-- | data/CVE/2004.list | 6 | ||||
| -rw-r--r-- | data/CVE/2006.list | 24 |
7 files changed, 98 insertions, 86 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list index 6c30dc6dbf..0f93e7203f 100644 --- a/data/CVE/1999.list +++ b/data/CVE/1999.list @@ -97,7 +97,7 @@ CVE-1999-1419 (Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2. TODO: check CVE-1999-1414 (IBM Netfinity Remote Control allows local users to gain administrator ...) TODO: check -CVE-1999-1411 (The installation of the fsp package 2.71-10 in Debian Linux 2.0 adds ...) +CVE-1999-1411 (The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 ...) TODO: check CVE-1999-1409 (The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local ...) TODO: check @@ -222,7 +222,7 @@ CVE-1999-1217 (The PATH in Windows NT includes the current working directory (.) TODO: check CVE-1999-1215 (LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes ...) TODO: check -CVE-1999-1214 (Vulnerability in asynchronous I/O facility in 4.4 BSD kernel does not ...) +CVE-1999-1214 (The asynchronous I/O facility in 4.4 BSD kernel does not check user ...) TODO: check CVE-1999-1209 (Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open ...) TODO: check @@ -288,7 +288,7 @@ CVE-1999-1144 (Certain files in MPower in HP-UX 10.x are installed with insecure TODO: check CVE-1999-1143 (Vulnerability in runtime linker program rld in SGI IRIX 6.x and ...) TODO: check -CVE-1999-1142 (SunOS 4.1.2 and earlier allows local users to gain privileges in ...) +CVE-1999-1142 (SunOS 4.1.2 and earlier allows local users to gain privileges via ...) TODO: check CVE-1999-1140 (Buffer overflow in CrackLib 2.5 may allow local users to gain root ...) TODO: check @@ -461,7 +461,7 @@ CVE-1999-0966 (Buffer overflow in Solaris getopt in libc allows local users to g TODO: check CVE-1999-0965 (Race condition in xterm allows local users to modify arbitrary files ...) TODO: check -CVE-1999-0964 (Buffer overflow in FreeBSD setlocale in the libc module. ...) +CVE-1999-0964 (Buffer overflow in FreeBSD setlocale in the libc module allows ...) TODO: check CVE-1999-0963 (FreeBSD mount_union command allows local users to gain root privileges ...) TODO: check @@ -485,7 +485,7 @@ CVE-1999-0954 (WWWBoard has a default username and default password. ...) TODO: check CVE-1999-0953 (WWWBoard stores encrypted passwords in a password file that is ...) TODO: check -CVE-1999-0951 (Buffer overflow in OmniHTTPd CGI program imagemap.cgi allows remote ...) +CVE-1999-0951 (Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote ...) TODO: check CVE-1999-0950 (Buffer overflow in WFTPD FTP server allows remote attackers to gain ...) TODO: check @@ -859,7 +859,7 @@ CVE-1999-0713 (The dtlogin program in Compaq Tru64 UNIX allows local users to ga TODO: check CVE-1999-0711 (The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix ...) TODO: check -CVE-1999-0710 (The RedHat squid program installs cachemgr.cgi in a public web ...) +CVE-1999-0710 (The Squid package in Red Hat Linux 5.2 and 6.0, and other ...) {DSA-576-1} - squid 2.5.7-1 CVE-1999-0708 (Buffer overflow in cfingerd allows local users to gain root privileges ...) @@ -884,7 +884,7 @@ CVE-1999-0699 (The Bluestone Sapphire web server allows session hijacking via ea TODO: check CVE-1999-0697 (SCO Doctor allows local users to gain root privileges through a Tools ...) TODO: check -CVE-1999-0696 (Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd) ...) +CVE-1999-0696 (Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). ...) TODO: check CVE-1999-0695 (The Sybase PowerDynamo personal web server allows attackers to ...) TODO: check @@ -918,7 +918,7 @@ CVE-1999-0680 (Windows NT Terminal Server performs extra work when a client open TODO: check CVE-1999-0679 (Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows ...) TODO: check -CVE-1999-0678 (A default configuration of Apache on Debian Linux sets the ServerRoot ...) +CVE-1999-0678 (A default configuration of Apache on Debian GNU/Linux sets the ...) TODO: check CVE-1999-0676 (sdtcm_convert in Solaris 2.6 allows a local user to overwrite ...) TODO: check @@ -1000,7 +1000,7 @@ CVE-1999-0458 (L0phtcrack 2.5 used temporary files in the system TEMP directory TODO: check CVE-1999-0457 (Linux ftpwatch program allows local users to gain root privileges. ...) TODO: check -CVE-1999-0449 (Denial of service in IIS 4 with scripts from the ExAir sample site. ...) +CVE-1999-0449 (The ExAir sample site in IIS 4 allows remote attackers to cause a ...) NOT-FOR-US: Microsoft CVE-1999-0448 (IIS 4.0 and Apache log HTTP request methods, regardless of how long ...) NOT-FOR-US: Microsoft @@ -1102,7 +1102,7 @@ CVE-1999-0382 (The screen saver in Windows NT does not verify that its security TODO: check CVE-1999-0380 (SLMail 3.1 and 3.2 allows local users to access any file in the NTFS ...) TODO: check -CVE-1999-0379 (Microsoft Taskpads feature allows remote web sites to execute commands ...) +CVE-1999-0379 (Microsoft Taskpads allows remote web sites to execute commands on the ...) NOT-FOR-US: Microsoft CVE-1999-0378 (InterScan VirusWall for Solaris doesn't scan files for viruses when ...) TODO: check @@ -1112,9 +1112,9 @@ CVE-1999-0376 (Local users in Windows NT can obtain administrator privileges by TODO: check CVE-1999-0375 (Buffer overflow in webd in Network Flight Recorder (NFR) ...) TODO: check -CVE-1999-0374 (Debian Linux cfengine package is susceptible to a symlink attack. ...) +CVE-1999-0374 (Debian GNU/Linux cfengine package is susceptible to a symlink attack. ...) TODO: check -CVE-1999-0373 (Buffer overflow in the "Super" utility in Debian Linux and other ...) +CVE-1999-0373 (Buffer overflow in the "Super" utility in Debian GNU/Linux, and other ...) TODO: check CVE-1999-0372 (The installer for BackOffice Server includes account names and ...) TODO: check @@ -1136,7 +1136,7 @@ CVE-1999-0362 (WS_FTP server remote denial of service through cwd command. ...) TODO: check CVE-1999-0358 (Digital Unix 4.0 has a buffer overflow in the inc program of the mh ...) TODO: check -CVE-1999-0357 (Denial of service in Windows systems using malformed oshare packets. ...) +CVE-1999-0357 (Windows 98 and other operating systems allows remote attackers to ...) TODO: check CVE-1999-0355 (Local or remote users can force ControlIT 4.5 to reboot or force a ...) TODO: check @@ -1168,7 +1168,7 @@ CVE-1999-0338 (AIX Licensed Program Product performance tools allow local users NOT-FOR-US: AIX CVE-1999-0337 (AIX batch queue (bsh) allows local and remote users to gain additional ...) NOT-FOR-US: AIX -CVE-1999-0335 (Buffer overflow in BSD and linux lpr command allows local users to ...) +CVE-1999-0335 (DEPRECATED. This entry has been deprecated. It is a duplicate of ...) TODO: check CVE-1999-0334 (In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local ...) TODO: check @@ -1200,9 +1200,9 @@ CVE-1999-0316 (Buffer overflow in Linux splitvt command gives root access to loc TODO: check CVE-1999-0315 (Buffer overflow in Solaris fdformat command gives root access to local ...) TODO: check -CVE-1999-0314 (IRIX ioconfig program allows local users to gain root access ...) +CVE-1999-0314 (ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to ...) TODO: check -CVE-1999-0313 (IRIX disk_bandwidth program allows local users to gain root access ...) +CVE-1999-0313 (disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local ...) TODO: check CVE-1999-0312 (HP ypbind allows attackers with root privileges to modify NIS data. ...) TODO: check @@ -1214,7 +1214,7 @@ CVE-1999-0309 (HP-UX vgdisplay program gives root access to local users. ...) TODO: check CVE-1999-0308 (HP-UX gwind program allows users to modify arbitrary files. ...) TODO: check -CVE-1999-0305 (BSD sysctl control does not properly restrict source routing. ...) +CVE-1999-0305 (The system configuration control (sysctl) facility in BSD based ...) TODO: check CVE-1999-0304 (mmap function in BSD allows local attackers in the kmem group to ...) TODO: check @@ -1246,7 +1246,7 @@ CVE-1999-0290 (The WinGate telnet proxy allows remote attackers to cause a denia TODO: check CVE-1999-0289 (The Apache web server for Win32 may provide access to restricted ...) TODO: check -CVE-1999-0288 (Denial of service in WINS with malformed data to port 137 (NETBIOS ...) +CVE-1999-0288 (The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote ...) TODO: check CVE-1999-0281 (Denial of service in IIS using long URLs. ...) NOT-FOR-US: Microsoft @@ -1268,11 +1268,11 @@ CVE-1999-0273 (Denial of service through Solaris 2.5.1 telnet by sending ^D char TODO: check CVE-1999-0272 (Denial of service in Slmail v2.5 through the POP3 port. ...) TODO: check -CVE-1999-0270 (pfdispaly CGI program for SGI's Performer API Search Tool allows read ...) +CVE-1999-0270 (Directory traversal vulnerability in pfdispaly.cgi program (sometimes ...) TODO: check CVE-1999-0269 (Netscape Enterprise servers may list files through the PageServices query. ...) TODO: check -CVE-1999-0268 (MetaInfo MetaWeb web server allows users to upload and execute scripts. ...) +CVE-1999-0268 (MetaInfo MetaWeb web server allows users to upload, execute, and read ...) TODO: check CVE-1999-0267 (Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. ...) TODO: check @@ -1284,7 +1284,7 @@ CVE-1999-0264 (htmlscript CGI program allows remote read access to files. ...) TODO: check CVE-1999-0263 (Solaris SUNWadmap can be exploited to obtain root access. ...) TODO: check -CVE-1999-0262 (faxsurvey CGI script on Linux allows remote command execution via ...) +CVE-1999-0262 (Hylafax faxsurvey CGI script on Linux allows remote attackers to ...) TODO: check CVE-1999-0260 (The jj CGI program allows command execution via shell metacharacters. ...) TODO: check @@ -1312,7 +1312,7 @@ CVE-1999-0236 (ScriptAlias directory in NCSA and Apache httpd allowed attackers TODO: check CVE-1999-0234 (Bash treats any character with a value of 255 as a command separator. ...) TODO: check -CVE-1999-0233 (IIS allows users to execute arbitrary commands using .bat or .cmd ...) +CVE-1999-0233 (IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd ...) NOT-FOR-US: Microsoft CVE-1999-0230 (Buffer overflow in Cisco 7xx routers through the telnet service. ...) NOT-FOR-US: Cisco @@ -1328,7 +1328,7 @@ CVE-1999-0223 (Solaris syslogd crashes when receiving a message from a host that TODO: check CVE-1999-0221 (Denial of service of Ascend routers through port 150 (remote ...) TODO: check -CVE-1999-0219 (Buffer overflow in Serv-U FTP server when user performs a cwd to a ...) +CVE-1999-0219 (Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to ...) TODO: check CVE-1999-0218 (Livingston portmaster machines could be rebooted via a series ...) TODO: check @@ -1360,7 +1360,7 @@ CVE-1999-0202 (The GNU tar command, when used in FTP sessions, may allow an atta TODO: check CVE-1999-0201 (A quote cwd command on FTP servers can reveal the full path of the ...) TODO: check -CVE-1999-0196 (The websendmail program in the Webgais program allows a remote user to ...) +CVE-1999-0196 (websendmail in Webgais 1.0 allows a remote user to access arbitrary ...) TODO: check CVE-1999-0194 (Denial of service in in.comsat allows attackers to generate messages. ...) TODO: check @@ -1388,7 +1388,7 @@ CVE-1999-0180 (in.rshd allows users to login with a NULL username and execute co TODO: check CVE-1999-0179 (Windows NT crashes or locks up when a Samba client executes a "cd .." ...) TODO: check -CVE-1999-0178 (The win-c-sample program in the WebSite web server has a buffer ...) +CVE-1999-0178 (Buffer overflow in the win-c-sample program (win-c-sample.exe) in the ...) TODO: check CVE-1999-0177 (The uploader program in the WebSite web server allows a remote ...) TODO: check @@ -1464,7 +1464,7 @@ CVE-1999-0134 (vold in Solaris 2.x allows local users to gain root access. ...) TODO: check CVE-1999-0133 (fm_fls license server for Adobe Framemaker allows local users to ...) TODO: check -CVE-1999-0132 (Expreserve, used in vi and ex, allows local users to overwrite ...) +CVE-1999-0132 (Expreserve, as used in vi and ex, allows local users to overwrite ...) TODO: check CVE-1999-0131 (Buffer overflow and denial of service in Sendmail 8.7.5 and ...) TODO: check @@ -1494,11 +1494,11 @@ CVE-1999-0115 (AIX bugfiler program allows local users to gain root access. ...) NOT-FOR-US: AIX CVE-1999-0113 (Some implementations of rlogin allow root access if given a ...) TODO: check -CVE-1999-0112 (Buffer overflow in AIX dtterm program for the CDE ...) +CVE-1999-0112 (Buffer overflow in AIX dtterm program for the CDE. ...) NOT-FOR-US: AIX CVE-1999-0111 (RIP v1 is susceptible to spoofing. ...) TODO: check -CVE-1999-0109 (Buffer overflow in ffbconfig in Solaris 2.5.1 ...) +CVE-1999-0109 (Buffer overflow in ffbconfig in Solaris 2.5.1. ...) TODO: check CVE-1999-0108 (The printers program in IRIX has a buffer overflow that gives root ...) TODO: check @@ -1514,7 +1514,7 @@ CVE-1999-0099 (Buffer overflow in syslog utility allows local or remote attacker TODO: check CVE-1999-0097 (The AIX FTP client can be forced to execute commands from a malicious ...) NOT-FOR-US: AIX -CVE-1999-0096 (Sendmail decode alias can be used to overwrite sensitive files ...) +CVE-1999-0096 (Sendmail decode alias can be used to overwrite sensitive files. ...) TODO: check CVE-1999-0095 (The debug command in Sendmail is enabled, allowing attackers to ...) TODO: check @@ -1528,17 +1528,17 @@ CVE-1999-0090 (Buffer overflow in AIX rcp command allows local users to obtain . NOT-FOR-US: AIX CVE-1999-0087 (Denial of service in AIX telnet can freeze a system and prevent ...) NOT-FOR-US: AIX -CVE-1999-0085 (rwhod buffer overflow in AIX ...) +CVE-1999-0085 (Buffer overflow in rwhod on AIX and other operating systems allows ...) NOT-FOR-US: AIX -CVE-1999-0084 (NFS mknod bug ...) +CVE-1999-0084 (Certain NFS servers allow users to use mknod to gain privileges by ...) TODO: check -CVE-1999-0083 (getcwd() file descriptor leak in FTP ...) +CVE-1999-0083 (getcwd() file descriptor leak in FTP. ...) TODO: check CVE-1999-0082 (CWD ~root command in ftpd allows root access. ...) TODO: check CVE-1999-0081 (wu-ftp allows files to be overwritten via the rnfr command. ...) TODO: check -CVE-1999-0080 (wu-ftp FTP server allows root access via "site exec" command. ...) +CVE-1999-0080 (Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH ...) TODO: check CVE-1999-0079 (Remote attackers can cause a denial of service in FTP by issuing ...) TODO: check @@ -1554,15 +1554,15 @@ CVE-1999-0072 (Buffer overflow in AIX xdat gives root access to local users. ... NOT-FOR-US: AIX CVE-1999-0071 (Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. ...) TODO: check -CVE-1999-0070 (test-cgi program allows an attacker to list files on the server ...) +CVE-1999-0070 (test-cgi program allows an attacker to list files on the server. ...) TODO: check CVE-1999-0069 (Solaris ufsrestore buffer overflow. ...) TODO: check CVE-1999-0068 (CGI PHP mylog script allows an attacker to read any file on the ...) TODO: check -CVE-1999-0067 (CGI phf program allows remote command execution through shell ...) +CVE-1999-0067 (phf CGI program allows remote command execution through shell ...) TODO: check -CVE-1999-0066 (AnyForm CGI remote execution ...) +CVE-1999-0066 (AnyForm CGI remote execution. ...) TODO: check CVE-1999-0065 (Multiple buffer overflows in how dtmail handles attachments allows a ...) TODO: check @@ -1586,13 +1586,13 @@ CVE-1999-0055 (Buffer overflows in Sun libnsl allow root access. ...) TODO: check CVE-1999-0054 (Sun's ftpd daemon can be subjected to a denial of service. ...) TODO: check -CVE-1999-0053 (TCP RST denial of service in FreeBSD ...) +CVE-1999-0053 (TCP RST denial of service in FreeBSD. ...) TODO: check CVE-1999-0052 (IP fragmentation denial of service in FreeBSD allows a remote attacker ...) TODO: check CVE-1999-0051 (Arbitrary file creation and program execution using FLEXlm ...) TODO: check -CVE-1999-0050 (Buffer overflow in HP-UX newgrp program ...) +CVE-1999-0050 (Buffer overflow in HP-UX newgrp program. ...) TODO: check CVE-1999-0049 (Csetup under IRIX allows arbitrary file creation or overwriting. ...) TODO: check @@ -1602,7 +1602,7 @@ CVE-1999-0047 (MIME conversion buffer overflow in sendmail versions 8.8.3 and 8. TODO: check CVE-1999-0046 (Buffer overflow of rlogin program using TERM environmental variable. ...) TODO: check -CVE-1999-0045 (List of arbitrary files on Web host via nph-test-cgi script ...) +CVE-1999-0045 (List of arbitrary files on Web host via nph-test-cgi script. ...) TODO: check CVE-1999-0044 (fsdump command in IRIX allows local users to obtain root access ...) TODO: check @@ -1610,11 +1610,11 @@ CVE-1999-0043 (Command execution via shell metachars in INN daemon (innd) 1.5 .. TODO: check CVE-1999-0042 (Buffer overflow in University of Washington's implementation of ...) TODO: check -CVE-1999-0041 (Buffer overflow in NLS (Natural Language Service) ...) +CVE-1999-0041 (Buffer overflow in NLS (Natural Language Service). ...) TODO: check CVE-1999-0040 (Buffer overflow in Xt library of X Windowing System allows local ...) TODO: check -CVE-1999-0039 (Arbitrary command execution using webdist CGI program in IRIX. ...) +CVE-1999-0039 (webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers ...) TODO: check CVE-1999-0038 (Buffer overflow in xlock program allows local users to execute ...) TODO: check @@ -1624,9 +1624,9 @@ CVE-1999-0036 (IRIX login program with a nonzero LOCKOUT parameter allows creati TODO: check CVE-1999-0035 (Race condition in signal handling routine in ftpd, allowing read/write ...) TODO: check -CVE-1999-0034 (Buffer overflow in suidperl (sperl), Perl 4.x and 5.x ...) +CVE-1999-0034 (Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. ...) TODO: check -CVE-1999-0032 (Buffer overflow in BSD-based lpr package allows local users to gain ...) +CVE-1999-0032 (Buffer overflow in lpr, as used in BSD-based systems including Linux, ...) TODO: check CVE-1999-0031 (JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and ...) NOT-FOR-US: Microsoft @@ -1654,7 +1654,7 @@ CVE-1999-0018 (Buffer overflow in statd allows root privileges. ...) TODO: check CVE-1999-0017 (FTP servers can allow an attacker to connect to arbitrary ports on ...) TODO: check -CVE-1999-0016 (Land IP denial of service ...) +CVE-1999-0016 (Land IP denial of service. ...) TODO: check CVE-1999-0014 (Unauthorized privileged access or denial of service via dtappgather ...) TODO: check @@ -1668,9 +1668,9 @@ CVE-1999-0010 (Denial of Service vulnerability in BIND 8 Releases via maliciousl TODO: check CVE-1999-0009 (Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. ...) TODO: check -CVE-1999-0008 (Buffer overflow in NIS+, in Sun's rpc.nisd program ...) +CVE-1999-0008 (Buffer overflow in NIS+, in Sun's rpc.nisd program. ...) TODO: check -CVE-1999-0007 (Information from SSL-encrypted sessions via PKCS #1 ...) +CVE-1999-0007 (Information from SSL-encrypted sessions via PKCS #1. ...) TODO: check CVE-1999-0006 (Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows ...) TODO: check diff --git a/data/CVE/2000.list b/data/CVE/2000.list index ed5f1c89a9..40978a67f7 100644 --- a/data/CVE/2000.list +++ b/data/CVE/2000.list @@ -80,7 +80,7 @@ CVE-2000-1182 (WatchGuard Firebox II allows remote attackers to cause a denial o TODO: check CVE-2000-1181 (Real Networks RealServer 7 and earlier allows remote attackers to ...) TODO: check -CVE-2000-1180 (Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control ...) +CVE-2000-1180 (Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control ...) TODO: check CVE-2000-1179 (Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to ...) TODO: check @@ -128,9 +128,9 @@ CVE-2000-1139 (The installation of Microsoft Exchange 2000 before Rev. A creates NOT-FOR-US: Microsoft CVE-2000-1137 (GNU ed before 0.2-18.1 allows local users to overwrite the files of ...) TODO: check -CVE-2000-1136 (elvis-tiny before 1.4-10 in Debian Linux, and possibly other Linux ...) +CVE-2000-1136 (elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux ...) TODO: check -CVE-2000-1135 (fshd (fsh daemon) in Debian Linux allows local users to overwrite ...) +CVE-2000-1135 (fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite ...) TODO: check CVE-2000-1132 (DCForum cgforum.cgi CGI script allows remote attackers to read ...) TODO: check @@ -242,11 +242,11 @@ CVE-2000-1034 (Buffer overflow in the System Monitor ActiveX control in Windows NOT-FOR-US: Microsoft CVE-2000-1032 (The client authentication interface for Check Point Firewall-1 4.0 and ...) TODO: check -CVE-2000-1031 (Buffer overflow in dtterm in HP-UX 11.0 allows a local user to gain ...) +CVE-2000-1031 (Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through ...) TODO: check CVE-2000-1027 (Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine ...) NOT-FOR-US: Cisco -CVE-2000-1026 (Multiple buffer overflows in LBNL tcpdump allows remote attackers to ...) +CVE-2000-1026 (Multiple buffer overflows in LBNL tcpdump allow remote attackers to ...) TODO: check CVE-2000-1024 (eWave ServletExec 3.0C and earlier does not restrict access to the ...) TODO: check @@ -348,7 +348,7 @@ CVE-2000-0959 (glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG . TODO: check CVE-2000-0958 (HotJava Browser 3.0 allows remote attackers to access the DOM of a web ...) TODO: check -CVE-2000-0957 (The pluggable authentication module for msql (pam_mysql) before 0.4.7 ...) +CVE-2000-0957 (The pluggable authentication module for mysql (pam_mysql) before 0.4.7 ...) TODO: check CVE-2000-0956 (cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify ...) TODO: check @@ -770,7 +770,7 @@ CVE-2000-0640 (Guild FTPd allows remote attackers to determine the existence of TODO: check CVE-2000-0639 (The default configuration of Big Brother 1.4h2 and earlier does not ...) TODO: check -CVE-2000-0638 (Big Brother 1.4h1 and earlier allows remote attackers to read ...) +CVE-2000-0638 (bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers ...) TODO: check CVE-2000-0637 (Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary ...) NOT-FOR-US: Microsoft @@ -1170,7 +1170,7 @@ CVE-2000-0376 (Buffer overflow in the HTTP proxy server for the i-drive Filo sof TODO: check CVE-2000-0375 (The kernel in FreeBSD 3.2 follows symbolic links when it creates core ...) TODO: check -CVE-2000-0374 (The default configuration of kdm in Caldera Linux allows XDMCP ...) +CVE-2000-0374 (The default configuration of kdm in Caldera and Mandrake Linux, and ...) TODO: check CVE-2000-0373 (Vulnerabilities in the KDE kvt terminal program allow local users to ...) TODO: check @@ -1184,9 +1184,9 @@ CVE-2000-0369 (The IDENT server in Caldera Linux 2.3 creates multiple threads fo TODO: check CVE-2000-0368 (Classic Cisco IOS 9.1 and later allows attackers with access to the ...) NOT-FOR-US: Cisco -CVE-2000-0367 (Vulnerability in eterm 0.8.8 in Debian Linux allows an attacker to ...) +CVE-2000-0367 (Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to ...) TODO: check -CVE-2000-0366 (dump in Debian Linux 2.1 does not properly restore symlinks, which ...) +CVE-2000-0366 (dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which ...) TODO: check CVE-2000-0363 (Linux cdwtools 093 and earlier allows local users to gain root ...) TODO: check @@ -1490,11 +1490,11 @@ CVE-2000-0159 (HP Ignite-UX does not save /etc/passwd when it creates an image o TODO: check CVE-2000-0157 (NetBSD ptrace call on VAX allows local users to gain privileges by ...) TODO: check -CVE-2000-0156 (Internet Explorer 4.x and 5.x allow a remote web server to access ...) +CVE-2000-0156 (Internet Explorer 4.x and 5.x allows remote web servers to access ...) NOT-FOR-US: Microsoft CVE-2000-0152 (Remote attackers can cause a denial of service in Novell BorderManager ...) TODO: check -CVE-2000-0150 (Firewall-1 allows remote attackers to bypass port access restrictions ...) +CVE-2000-0150 (Check Point Firewall-1 allows remote attackers to bypass port access ...) TODO: check CVE-2000-0149 (Zeus web server allows remote attackers to view the source code for ...) TODO: check @@ -1502,7 +1502,7 @@ CVE-2000-0148 (MySQL 3.22 allows remote attackers to bypass password authenticat TODO: check CVE-2000-0146 (The Java Server in the Novell GroupWise Web Access Enhancement Pack ...) TODO: check -CVE-2000-0145 (The libguile.so library file used by gnucash in Debian Linux is ...) +CVE-2000-0145 (The libguile.so library file used by gnucash in Debian GNU/Linux is ...) TODO: check CVE-2000-0144 (Axis 700 Network Scanner does not properly restrict access to ...) TODO: check @@ -1530,7 +1530,7 @@ CVE-2000-0116 (Firewall-1 does not properly filter script tags, which allows rem TODO: check CVE-2000-0113 (The SyGate Remote Management program does not properly restrict access ...) TODO: check -CVE-2000-0112 (The default installation of Debian Linux uses an insecure Master Boot ...) +CVE-2000-0112 (The default installation of Debian GNU/Linux uses an insecure Master ...) TODO: check CVE-2000-0111 (The RightFax web client uses predictable session numbers, which allows ...) TODO: check @@ -1666,7 +1666,7 @@ CVE-2000-0004 (ZBServer Pro allows remote attackers to read source code for ...) TODO: check CVE-2000-0003 (Buffer overflow in UnixWare rtpm program allows local users to gain ...) TODO: check -CVE-2000-0002 (Buffer overflow in ZBServer Pro allows remote attackers to execute ...) +CVE-2000-0002 (Buffer overflow in ZBServer Pro 1.50 allows remote attackers to ...) TODO: check CVE-2000-0001 (RealMedia server allows remote attackers to cause a denial of service ...) TODO: check diff --git a/data/CVE/2001.list b/data/CVE/2001.list index 993c9df412..242316514e 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -423,7 +423,7 @@ CVE-2001-1301 (rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions TODO: check CVE-2001-1299 (Zorbat Zorbstats PHP script before 0.9 allows remote attackers to ...) TODO: check -CVE-2001-1297 (Actionpoll PHP script before 1.1.2 allows remote attackers to include ...) +CVE-2001-1297 (PHP remote file inclusion vulnerability in Actionpoll PHP script ...) TODO: check CVE-2001-1296 (More.groupware PHP script allows remote attackers to include arbitrary ...) TODO: check @@ -459,7 +459,7 @@ CVE-2001-1235 (pSlash PHP script 0.7 and earlier allows remote attackers to exec TODO: check CVE-2001-1234 (Bharat Mediratta Gallery PHP script before 1.2.1 allows remote ...) TODO: check -CVE-2001-1231 (GroupWise 5.5 and 6 running in live remove or smart caching mode ...) +CVE-2001-1231 (GroupWise 5.5 and 6 running in live remote or smart caching mode ...) TODO: check CVE-2001-1227 (Zope before 2.2.4 allows partially trusted users to bypass security ...) TODO: check @@ -523,7 +523,7 @@ CVE-2001-1132 (Mailman 2.0.x before 2.0.6 allows remote attackers to gain access TODO: check CVE-2001-1130 (Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to ...) TODO: check -CVE-2001-1121 (Cross-site scripting (CSS) vulnerability in JRun 3.0 and 2.3.3 allows ...) +CVE-2001-1121 (DEPRECATED. This entry has been deprecated. It is a duplicate of ...) TODO: check CVE-2001-1119 (cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to ...) TODO: check @@ -557,7 +557,7 @@ CVE-2001-1088 (Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earl NOT-FOR-US: Microsoft CVE-2001-1085 (Lmail 2.7 and earlier allows local users to overwrite arbitrary files ...) TODO: check -CVE-2001-1084 (Cross-site scripting vulnerability in Allaire JRun 3.1 and earlier ...) +CVE-2001-1084 (Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 ...) TODO: check CVE-2001-1083 (Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file ...) TODO: check @@ -849,7 +849,7 @@ CVE-2001-0751 (Cisco switches and routers running CBOS 2.3.8 and earlier use ... NOT-FOR-US: Cisco CVE-2001-0750 (Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial ...) NOT-FOR-US: Cisco -CVE-2001-0749 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attacker to ...) +CVE-2001-0749 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to ...) TODO: check CVE-2001-0748 (Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other ...) NOT-FOR-US: Cisco @@ -959,7 +959,7 @@ CVE-2001-0646 (Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote att TODO: check CVE-2001-0644 (Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in ...) TODO: check -CVE-2001-0643 (A type-check flaw in Internet Explorer 5.5 does not display the Class ...) +CVE-2001-0643 (Internet Explorer 5.5 does not display the Class ID (CLSID) when it is ...) NOT-FOR-US: Microsoft CVE-2001-0641 (Buffer overflow in man program in various distributions of Linux ...) TODO: check @@ -1301,7 +1301,7 @@ CVE-2001-0274 (kicq IRC client 1.0.0, and possibly later versions, allows remote TODO: check CVE-2001-0269 (pam_ldap authentication module in Solaris 8 allows remote attackers to ...) TODO: check -CVE-2001-0268 (NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, allow local users ...) +CVE-2001-0268 (The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD ...) TODO: check CVE-2001-0267 (NM debug in HP MPE/iX 6.5 and earlier does not properly handle ...) TODO: check @@ -1361,7 +1361,7 @@ CVE-2001-0197 (Format string vulnerability in print_client in icecast 1.3.8beta2 TODO: check CVE-2001-0196 (inetd ident server in FreeBSD 4.x and earlier does not properly set ...) TODO: check -CVE-2001-0195 (sash before 3.4-4 in Debian Linux does not properly clone /etc/shadow, ...) +CVE-2001-0195 (sash before 3.4-4 in Debian GNU/Linux does not properly clone ...) TODO: check CVE-2001-0194 (Buffer overflow in httpGets function in CUPS 1.1.5 allows remote ...) TODO: check @@ -1517,7 +1517,7 @@ CVE-2001-0072 (gpg (aka GnuPG) 1.0.4 and other versions imports both public and TODO: check CVE-2001-0071 (gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached ...) TODO: check -CVE-2001-0069 (dialog before 0.9a-20000118-3bis in Debian Linux allows local users to ...) +CVE-2001-0069 (dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local ...) TODO: check CVE-2001-0066 (Secure Locate (slocate) allows local users to corrupt memory via a ...) TODO: check diff --git a/data/CVE/2002.list b/data/CVE/2002.list index 0d9db234ab..be48ffe61a 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -2569,7 +2569,7 @@ CVE-2002-1477 (graphs.php in Cacti before 0.6.8 allows remote authenticated Cact - cacti 0.6.8a-2 CVE-2002-1476 (Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and ...) NOT-FOR-US: NetBSD -CVE-2002-1472 (libX11.so in xfree86, when used in setuid or setgid programs, allows ...) +CVE-2002-1472 (Untrusted search path vulnerability in libX11.so in xfree86, when used ...) - xfree86 4.2.1-1 (bug #280872) CVE-2002-1471 (The camel component for Ximian Evolution 1.0.x and earlier does not ...) - evolution 1.2.0-1 (bug #280883) @@ -3011,7 +3011,7 @@ CVE-2002-1079 (Directory traversal vulnerability in Abyss Web Server 1.0.3 allow NOT-FOR-US: Abyss Web Server CVE-2002-1076 (Buffer overflow in the Web Messaging daemon for Ipswitch IMail before ...) NOT-FOR-US: Ipswitch IMail -CVE-2002-1060 (Cross-site scripting (XSS) vulnerability in CacheFlow CacheOS 4.1.06 ...) +CVE-2002-1060 (Cross-site scripting (XSS) vulnerability in Blue Coat Systems ...) NOT-FOR-US: CacheFlow CacheOS CVE-2002-1059 (Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x ...) NOT-FOR-US: Van Dyke SecureCRT SSH client @@ -3373,7 +3373,7 @@ CVE-2002-0662 (scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local us CVE-2002-0658 (OSSP mm library (libmm) before 1.2.0 allows the local Apache user to ...) {DSA-137} - mm 1.1.3-7 -CVE-2002-0653 (Off-by-one buffer overflow in rewrite_command hook for mod_ssl Apache ...) +CVE-2002-0653 (Off-by-one buffer overflow in the ssl_compat_directive function, as ...) {DSA-135} - libapache-mod-ssl 2.8.9-2 CVE-2002-0651 (Buffer overflow in the DNS resolver code used in libc, glibc, and ...) @@ -3633,7 +3633,7 @@ CVE-2002-0292 (Cross-site scripting vulnerability in Slash before 2.2.5, as used TODO: check CVE-2002-0290 (Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows ...) NOT-FOR-US: WebNews -CVE-2002-0287 (pforum 1.14 and earlier does no explicitly enable PHP magic quotes, ...) +CVE-2002-0287 (pforum 1.14 and earlier does not explicitly enable PHP magic quotes, ...) NOT-FOR-US: pforum CVE-2002-0276 (Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, ...) TODO: check diff --git a/data/CVE/2003.list b/data/CVE/2003.list index 08acc15371..39ac3720e3 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -2793,7 +2793,7 @@ CVE-2003-0991 (Unknown vulnerability in the mail command handler in Mailman befo NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable CVE-2003-0988 (Buffer overflow in the VCF file information reader for KDE Personal ...) - kdepim 4:3.1.5-1 -CVE-2003-0985 (The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21 ...) +CVE-2003-0985 (The mremap system call (do_mremap) in Linux kernel 2.4.x before ...) {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.24-rc1) CVE-2003-0969 (mpg321 0.2.10 allows remote attackers to overwrite memory and possibly ...) @@ -2818,7 +2818,7 @@ CVE-2003-0143 (The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not nu - qpopper 4.0.4-9 CVE-2003-0125 (Buffer overflow in the web interface for SOHO Routefinder 550 before ...) NOT-FOR-US: SOHO Routefinder -CVE-2003-0124 (man before 1.51 allows attackers to execute arbitrary code via a ...) +CVE-2003-0124 (man before 1.5l allows attackers to execute arbitrary code via a ...) NOT-FOR-US: man before 1.51 CVE-2003-0123 (Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 ...) NOT-FOR-US: lotus notes @@ -2959,7 +2959,7 @@ CVE-2003-0017 (Apache 2.0 before 2.0.44 on Windows platforms allows remote attac NOT-FOR-US: apache on windows CVE-2003-0016 (Apache before 2.0.44, when running on unpatched Windows 9x and Me ...) NOT-FOR-US: apache on windows -CVE-2003-0015 (Double-free vulnerabiity in CVS 1.11.4 and earlier allows remote ...) +CVE-2003-0015 (Double-free vulnerability in CVS 1.11.4 and earlier allows remote ...) {DSA-233} - cvs 1.11.2-5.1 CVE-2003-0013 (The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, ...) diff --git a/data/CVE/2004.list b/data/CVE/2004.list index a32203402a..7e60116c0e 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -5902,7 +5902,7 @@ CVE-2004-0131 (The rad_print_request function in logger.c for GNU Radius daemon NOT-FOR-US: gnu radiusd, not in debian CVE-2004-0129 (Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 ...) - phpmyadmin 2:2.6.0-pl2 -CVE-2004-0128 (PHP remote code injection vulnerability in the GEDCOM configuration ...) +CVE-2004-0128 (PHP remote file inclusion vulnerability in the GEDCOM configuration ...) NOT-FOR-US: phpgedview, not in debian CVE-2004-0126 (The jail_attach system call in FreeBSD 5.1 and 5.2 changes the ...) NOT-FOR-US: freebsd @@ -5952,9 +5952,9 @@ CVE-2004-0075 (The Vicam USB driver in Linux before 2.4.25 does not use the ...) - kernel-source-2.4.24 2.4.24-3 NOTE: fixed in 2.4.26-pre3 TODO: test -CVE-2004-0070 (PHP remote code injection vulnerability in module.php for ezContents ...) +CVE-2004-0070 (PHP remote file inclusion vulnerability in module.php for ezContents ...) NOT-FOR-US: ezcontents, commercial -CVE-2004-0068 (PHP remote code injection vulnerability in config.php for PhpDig 1.6.5 ...) +CVE-2004-0068 (PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 ...) NOT-FOR-US: phpdig, not in debian CVE-2004-0063 (The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, ...) NOT-FOR-US: ncipher hsm diff --git a/data/CVE/2006.list b/data/CVE/2006.list index d69698833c..20c033b3ad 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -1,3 +1,15 @@ +CVE-2006-5649 + RESERVED +CVE-2006-5648 + RESERVED +CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for ...) + TODO: check +CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security ...) + TODO: check +CVE-2006-5645 (Unspecified vulnerability in Sophos Anti-Virus and Endpoint Security ...) + TODO: check +CVE-2006-5644 + RESERVED CVE-2006-5643 (Cross-site scripting (XSS) vulnerability in search_de.html in foresite ...) TODO: check CVE-2006-5642 (Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown ...) @@ -1670,8 +1682,8 @@ CVE-2006-4841 RESERVED CVE-2006-4840 REJECTED -CVE-2006-4839 - RESERVED +CVE-2006-4839 (Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of ...) + TODO: check CVE-2006-4838 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE ...) NOT-FOR-US: DCP-Portal CVE-2006-4837 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE ...) @@ -1951,8 +1963,8 @@ CVE-2006-4706 (Cross-site scripting (XSS) vulnerability in inc/functions_post.ph NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and Dominic ...) NOT-FOR-US: Timesheet (aka Timesheet.php) -CVE-2006-4704 - RESERVED +CVE-2006-4704 (Unspecified vulnerability in the WMI Object Broker ActiveX control ...) + TODO: check CVE-2006-4703 RESERVED CVE-2006-4702 @@ -2391,8 +2403,8 @@ CVE-2006-4519 RESERVED CVE-2006-4518 RESERVED -CVE-2006-4517 - RESERVED +CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a ...) + TODO: check CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local users to ...) TODO: check CVE-2006-4515 |