diff options
author | Stefan Fritsch <sf@sfritsch.de> | 2005-11-23 20:38:00 +0000 |
---|---|---|
committer | Stefan Fritsch <sf@sfritsch.de> | 2005-11-23 20:38:00 +0000 |
commit | 0b58654e63846347278c90f0ee6d3bc4b84c6cb7 (patch) | |
tree | fb00ab9121ea88dcbfae62ed77706327b1bd1266 /data/CVE | |
parent | 0e1740ee4c17cdf456ff814142df61698b2e9c54 (diff) |
php5
egroupware-fudforum
helix-player
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2845 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2000.list | 2 | ||||
-rw-r--r-- | data/CVE/2002.list | 4 | ||||
-rw-r--r-- | data/CVE/2004.list | 2 | ||||
-rw-r--r-- | data/CVE/2005.list | 8 |
4 files changed, 9 insertions, 7 deletions
diff --git a/data/CVE/2000.list b/data/CVE/2000.list index f44a6a59dd..4089bbff42 100644 --- a/data/CVE/2000.list +++ b/data/CVE/2000.list @@ -1,5 +1,5 @@ CVE-2000-1238 (BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows ...) - TODO: check + NOT-FOR-US: BEA Weblogic CVE-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving an ...) NOT-FOR-US: FTGate CVE-2000-1236 (SQL injection vulnerability in mod_sql in Oracle Internet Application ...) diff --git a/data/CVE/2002.list b/data/CVE/2002.list index d1ac73f876..61325ab15d 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -3,7 +3,7 @@ CVE-2002-2207 (Buffer overflow in ssldump 0.9b2 and earlier, when running in ... CVE-2002-2206 (The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows ...) NOT-FOR-US: Norton AntiVirus CVE-2002-2205 (Buffer overflow in Webresolve 0.1.0 and earlier allows remote ...) - TODO: check + NOT-FOR-US: webresolve CVE-2002-2204 (The default --checksig setting in RPM Package Manager 4.0.4 checks ...) TODO: check CVE-2002-2203 (Unknown vulnerability in the System Serial Console terminal in Solaris ...) @@ -163,7 +163,7 @@ CVE-2002-2127 (Integrity Protection Driver (IPD) 1.2 and earlier blocks access t CVE-2002-2126 (restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver ...) TODO: check CVE-2002-2125 (Internet Explorer 6.0 does not warn users when an expired certificate ...) - TODO: check + NOT-FOR-US: MSIE CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv ...) NOT-FOR-US: nylon CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries] diff --git a/data/CVE/2004.list b/data/CVE/2004.list index c2985edec4..3311bd911a 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -62,7 +62,7 @@ CVE-2004-2531 (X.509 Certificate Signature Verification in Gnu transport layer . - gnutls11 <unfixed> (bug #336006; low) TODO: Check, when this was fixed in gnutls12 CVE-2004-2530 (Visual truncation vulnerability in Gadu-Gadu allows remote attackers ...) - TODO: check + NOT-FOR-US: Gadu-Gadu CVE-2004-2529 (Gadu-Gadu allows remote attackers to bypass the "image send" option by ...) TODO: check CVE-2004-2528 (Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam ...) diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 0afccfd59f..13fa2dce1a 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -93,7 +93,7 @@ CVE-2005-3678 (Google Talk before 1.0.0.76, with email notification enabled, all NOT-FOR-US: Google Talk CVE-2005-3677 (Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote ...) NOT-FOR-US: RealPlayer - TODO: check Helix, some past issues affected it as well + - helixplayer <not-affected> CVE-2005-3676 (SQL injection vulnerability in download.php in PhpWebThings 1.4.4 ...) NOT-FOR-US: PhpWebThings CVE-2005-3675 (The Transmission Control Protocol (TCP) allows remote attackers to ...) @@ -736,9 +736,11 @@ CVE-2005-3393 (Format string vulnerability in the foreign_option function in ... CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...) - php4 <unfixed> (bug #336645; unknown) TODO: check PHP5 + NOTE: pinged maintainers CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...) - php4 <unfixed> (bug #336645; unknown) TODO: check PHP5 + NOTE: pinged maintainers CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ...) - php4 <unfixed> (bug #336645; high) - php5 <unfixed> (bug #336654; high) @@ -829,7 +831,7 @@ CVE-2005-3354 (Stack-based buffer overflow in the ldif_get_line function in ldif - sylpheed-claws-gtk2 1.9.100-1 (bug #339529; medium) CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before 4.4.1 ...) - php4 <unfixed> (bug #339577; medium) - TODO: Check php5 + - php5 <unfixed> (bug #336654; medium) CVE-2005-3352 RESERVED CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...) @@ -2241,7 +2243,7 @@ CVE-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for NOT-FOR-US: AutoLinks Pro CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...) - phpgroupware <unfixed> (bug #340094; medium) - TODO: check, whether egroupware-fudforum is affected + - egroupware <unfixed> (bug #340495; medium) CVE-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...) NOT-FOR-US: Land Down Under CVE-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...) |