diff options
| author | Joey Hess <joeyh@debian.org> | 2005-11-18 09:14:18 +0000 |
|---|---|---|
| committer | Joey Hess <joeyh@debian.org> | 2005-11-18 09:14:18 +0000 |
| commit | 8eb4197e9bd690105af0b861c7b218b44ef25b2f (patch) | |
| tree | e749dd3ffa1b31b58a69bfff3fa2459b7d491321 /data/CVE | |
| parent | 604dcaaa145cca18315f664e4f9bbff6f23ded77 (diff) | |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2779 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
| -rw-r--r-- | data/CVE/2000.list | 2 | ||||
| -rw-r--r-- | data/CVE/2002.list | 166 | ||||
| -rw-r--r-- | data/CVE/2003.list | 100 | ||||
| -rw-r--r-- | data/CVE/2004.list | 2 | ||||
| -rw-r--r-- | data/CVE/2005.list | 490 | ||||
| -rw-r--r-- | data/CVE/2006.list | 34 |
6 files changed, 733 insertions, 61 deletions
diff --git a/data/CVE/2000.list b/data/CVE/2000.list index efb9194477..f44a6a59dd 100644 --- a/data/CVE/2000.list +++ b/data/CVE/2000.list @@ -1,3 +1,5 @@ +CVE-2000-1238 (BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows ...) + TODO: check CVE-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving an ...) NOT-FOR-US: FTGate CVE-2000-1236 (SQL injection vulnerability in mod_sql in Oracle Internet Application ...) diff --git a/data/CVE/2002.list b/data/CVE/2002.list index a92a67ad6e..19fcea9311 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -1,3 +1,169 @@ +CVE-2002-2207 (Buffer overflow in ssldump 0.9b2 and earlier, when running in ...) + TODO: check +CVE-2002-2206 (The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows ...) + TODO: check +CVE-2002-2205 (Buffer overflow in Webresolve 0.1.0 and earlier allows remote ...) + TODO: check +CVE-2002-2204 (The default --checksig setting in RPM Package Manager 4.0.4 checks ...) + TODO: check +CVE-2002-2203 (Unknown vulnerability in the System Serial Console terminal in Solaris ...) + TODO: check +CVE-2002-2202 (Outlook Express 6.0 does not delete messages from dbx files, even when ...) + TODO: check +CVE-2002-2201 (The Printer Administration module for Webmin 0.990 and earlier allows ...) + TODO: check +CVE-2002-2200 (Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote ...) + TODO: check +CVE-2002-2199 (The default aide.conf file in Advanced Intrusion Detection Environment ...) + TODO: check +CVE-2002-2198 (Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to ...) + TODO: check +CVE-2002-2197 (Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a ...) + TODO: check +CVE-2002-2196 (Samba 2.2.5 and earlier does not properly terminate the ...) + TODO: check +CVE-2002-2195 (Buffer overflow in the version update check for Winamp 2.80 and ...) + TODO: check +CVE-2002-2194 (Solaris 8 allows local users to cause a denial of service (kernel ...) + TODO: check +CVE-2002-2193 (Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 ...) + TODO: check +CVE-2002-2192 (Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 ...) + TODO: check +CVE-2002-2191 (Lotus Domino 5.0.9a and earlier, even when configured with the ...) + TODO: check +CVE-2002-2190 (ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext ...) + TODO: check +CVE-2002-2189 (Cross-site scripting (XSS) vulnerability in ActiveXperts Software ...) + TODO: check +CVE-2002-2188 (OpenBSD before 3.2 allows local users to cause a denial of service ...) + TODO: check +CVE-2002-2187 (Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, ...) + TODO: check +CVE-2002-2186 (Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the ...) + TODO: check +CVE-2002-2185 (The Internet Group Management Protocol (IGMP) allows local users to ...) + TODO: check +CVE-2002-2184 (Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP ...) + TODO: check +CVE-2002-2183 (phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to ...) + TODO: check +CVE-2002-2182 (Buffer overflow in Seunghyun Seo's MSN666 MSN Sniffer 1.0 and 1.0.1 ...) + TODO: check +CVE-2002-2181 (SonicWall Content Filtering allows local users to access prohibited ...) + TODO: check +CVE-2002-2180 (The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not ...) + TODO: check +CVE-2002-2179 (The dynamic initialization feature of the ClearPath MCP environment ...) + TODO: check +CVE-2002-2178 (Cross-site scripting (XSS) vulnerability in article.php module for ...) + TODO: check +CVE-2002-2177 (BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP ...) + TODO: check +CVE-2002-2176 (SQL injection vulnerability in Gender MOD 1.1.3 allows remote ...) + TODO: check +CVE-2002-2175 (phpSquidPass before 0.2 uses an incomplete regular expression to find ...) + TODO: check +CVE-2002-2174 (The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number ...) + TODO: check +CVE-2002-2173 (Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing ...) + TODO: check +CVE-2002-2172 (Informed (1) Designer and (2) Filler 3.05 does not zero out newly ...) + TODO: check +CVE-2002-2171 (Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows ...) + TODO: check +CVE-2002-2170 (Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 ...) + TODO: check +CVE-2002-2169 (Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and ...) + TODO: check +CVE-2002-2168 (SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 ...) + TODO: check +CVE-2002-2167 (Directory traversal vulnerability in function_foot_1.inc.php for ...) + TODO: check +CVE-2002-2166 (Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 ...) + TODO: check +CVE-2002-2165 (The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER ...) + TODO: check +CVE-2002-2164 (Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows ...) + TODO: check +CVE-2002-2163 (KvPoll 1.1 allows remote authenticated users to vote more than once by ...) + TODO: check +CVE-2002-2162 (Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) ...) + TODO: check +CVE-2002-2161 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...) + TODO: check +CVE-2002-2160 (MidiCart (1) PHP, (2) PHP Plus, and (3) PHP Maxi does not restrict ...) + TODO: check +CVE-2002-2159 (Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the ...) + TODO: check +CVE-2002-2158 (zenTrack 2.0.3 and earlier allows remote attackers to obtain the full ...) + TODO: check +CVE-2002-2157 (calendar.php in Jelsoft Enterprises vBulletin 2.2.0 and earlier allows ...) + TODO: check +CVE-2002-2156 (Buffer overflow in Trillian 0.73 allows remote IRC servers to execute ...) + TODO: check +CVE-2002-2155 (Format string vulnerability in the error handling of IRC invite ...) + TODO: check +CVE-2002-2154 (Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows ...) + TODO: check +CVE-2002-2153 (Format string vulnerability in the administrative pages of the PL/SQL ...) + TODO: check +CVE-2002-2152 (The Czech edition of Software602's Web Server before 2002.0.02.0916 ...) + TODO: check +CVE-2002-2151 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...) + TODO: check +CVE-2002-2150 (Firewalls from multiple vendors empty state tables more slowly than ...) + TODO: check +CVE-2002-2149 (Buffer overflow in Lucent Access Point 300, 600, and 1500 Service ...) + TODO: check +CVE-2002-2148 (Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline ...) + TODO: check +CVE-2002-2147 (Savant Web Server 3.1 and earlier allows remote attackers to cause a ...) + TODO: check +CVE-2002-2146 (cgitest.exe in Savant Web Server 3.1 and earlier allows remote ...) + TODO: check +CVE-2002-2145 (Savant Web Server 3.1 and earlier allows remote attackers to bypass ...) + TODO: check +CVE-2002-2144 (Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows ...) + TODO: check +CVE-2002-2143 (The admin.html file in MySimple News 1.0 stores its administrative ...) + TODO: check +CVE-2002-2142 (An undocumented extension for the Servlet mappings in the Servlet 2.3 ...) + TODO: check +CVE-2002-2141 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets ...) + TODO: check +CVE-2002-2140 (Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, ...) + TODO: check +CVE-2002-2139 (Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not ...) + TODO: check +CVE-2002-2138 (RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when ...) + TODO: check +CVE-2002-2137 (GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and ...) + TODO: check +CVE-2002-2136 (The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) ...) + TODO: check +CVE-2002-2135 (OnlineJFS and JournalFS.VXFS-BASE-KRN (JFS 3.1) in HP-UX 10.20 through ...) + TODO: check +CVE-2002-2134 (haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP ...) + TODO: check +CVE-2002-2133 (Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption ...) + TODO: check +CVE-2002-2132 (Windows File Protection (WFP) in Windows 2000 and XP does not remove ...) + TODO: check +CVE-2002-2131 (Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows ...) + TODO: check +CVE-2002-2130 (publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to ...) + TODO: check +CVE-2002-2129 (Cross-site scripting vulnerability (XSS) in editform.php for w-Agora ...) + TODO: check +CVE-2002-2128 (editform.php in w-Agora 4.1.5 allows local users to execute arbitrary ...) + TODO: check +CVE-2002-2127 (Integrity Protection Driver (IPD) 1.2 and earlier blocks access to ...) + TODO: check +CVE-2002-2126 (restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver ...) + TODO: check +CVE-2002-2125 (Internet Explorer 6.0 does not warn users when an expired certificate ...) + TODO: check CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv ...) NOT-FOR-US: nylon CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries] diff --git a/data/CVE/2003.list b/data/CVE/2003.list index cb77112097..194396c4b1 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -1,3 +1,103 @@ +CVE-2003-1283 (KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet ...) + TODO: check +CVE-2003-1282 (IBM Net.Data allows remote attackers to obtain sensitive information ...) + TODO: check +CVE-2003-1281 (cgihtml 1.69 allows local users to overwrite arbitrary files via a ...) + TODO: check +CVE-2003-1280 (Directory traversal vulnerability in cgihtml 1.69 allows remote ...) + TODO: check +CVE-2003-1279 (S-PLUS 6.0 allows local users to overwrite arbitrary files and ...) + TODO: check +CVE-2003-1278 (Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows ...) + TODO: check +CVE-2003-1277 (Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin ...) + TODO: check +CVE-2003-1276 (Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's ...) + TODO: check +CVE-2003-1275 (Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a ...) + TODO: check +CVE-2003-1274 (Winamp 3.0 allows remote attackers to cause a denial of service ...) + TODO: check +CVE-2003-1273 (Winamp 3.0 allows remote attackers to cause a denial of service ...) + TODO: check +CVE-2003-1272 (Multiple buffer overflows in Winamp 3.0 allow remote attackers to ...) + TODO: check +CVE-2003-1271 (Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows ...) + TODO: check +CVE-2003-1270 (AN HTTP 1.41e allows remote attackers to cause a denial of service ...) + TODO: check +CVE-2003-1269 (AN HTTP 1.41e allows remote attackers to obtain the root web server ...) + TODO: check +CVE-2003-1268 (Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) ...) + TODO: check +CVE-2003-1267 (GuildFTPd 0.999 allows remote attackers to cause a denial of service ...) + TODO: check +CVE-2003-1266 (The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 ...) + TODO: check +CVE-2003-1265 (Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the ...) + TODO: check +CVE-2003-1264 (TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, ...) + TODO: check +CVE-2003-1263 (ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of ...) + TODO: check +CVE-2003-1262 (Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and ...) + TODO: check +CVE-2003-1261 (Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a ...) + TODO: check +CVE-2003-1260 (Buffer overflow in CuteFTP 5.0 allows remote attackers to execute ...) + TODO: check +CVE-2003-1259 (Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to ...) + TODO: check +CVE-2003-1258 (activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows ...) + TODO: check +CVE-2003-1257 (find_theni_home.php in E-theni allows remote attackers to obtain ...) + TODO: check +CVE-2003-1256 (aff_liste_langue.php in E-theni allows remote attackers to execute ...) + TODO: check +CVE-2003-1255 (add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote ...) + TODO: check +CVE-2003-1254 (Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute ...) + TODO: check +CVE-2003-1253 (Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code ...) + TODO: check +CVE-2003-1252 (register.php in S8Forum 3.0 allows remote attackers to execute ...) + TODO: check +CVE-2003-1251 (The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php ...) + TODO: check +CVE-2003-1250 (Efficient Networks 5861 DSL router, when running firmware 5.3.80 ...) + TODO: check +CVE-2003-1249 (WebIntelligence 2.7.1 uses guessable user session cookies, which ...) + TODO: check +CVE-2003-1248 (H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary ...) + TODO: check +CVE-2003-1247 (Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote ...) + TODO: check +CVE-2003-1246 (NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver ...) + TODO: check +CVE-2003-1245 (index2.php in Mambo 4.0.12 allows remote attackers to gain ...) + TODO: check +CVE-2003-1244 (SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and ...) + TODO: check +CVE-2003-1243 (Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote ...) + TODO: check +CVE-2003-1242 (Sage 1.0 b3 allows remote attackers to obtain the root web server path ...) + TODO: check +CVE-2003-1241 (Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) ...) + TODO: check +CVE-2003-1240 (CuteNews 0.88 allows remote attackers to execute arbitrary PHP code by ...) + TODO: check +CVE-2003-1239 (Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 ...) + TODO: check +CVE-2003-1238 (Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and ...) + TODO: check +CVE-2003-1237 (Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and ...) + TODO: check +CVE-2003-1236 (Multiple format string vulnerabilities in the logger function in ...) + TODO: check +CVE-2003-1235 (BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server ...) + TODO: check +CVE-2003-1234 (Integer overflow in the f_count counter in FreeBSD before 4.2 through ...) + TODO: check CVE-2003-1233 (Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier ...) NOT-FOR-US: Integrity Protection Driver CVE-2003-XXXX [Incomplete reporting of failed logins in login] diff --git a/data/CVE/2004.list b/data/CVE/2004.list index bb854cd557..af107b39a9 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -1,3 +1,5 @@ +CVE-2004-2540 (readObject in (1) Java Runtime Environment (JRE) and (2) Software ...) + TODO: check CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP ...) NOT-FOR-US: NetCache CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple ...) diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 17427a82f1..1d31eb5b15 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -1,11 +1,391 @@ -CVE-2005-3621 [phpmyadmin HTTP response splitting] +CVE-2005-3714 + RESERVED +CVE-2005-3713 + RESERVED +CVE-2005-3712 + RESERVED +CVE-2005-3711 + RESERVED +CVE-2005-3710 + RESERVED +CVE-2005-3709 + RESERVED +CVE-2005-3708 + RESERVED +CVE-2005-3707 + RESERVED +CVE-2005-3706 + RESERVED +CVE-2005-3705 + RESERVED +CVE-2005-3704 + RESERVED +CVE-2005-3703 + RESERVED +CVE-2005-3702 + RESERVED +CVE-2005-3701 + RESERVED +CVE-2005-3700 + RESERVED +CVE-2005-3664 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in ...) + TODO: check +CVE-2005-3663 (Untrusted Windows search path vulnerability in Kaspersky Anti-Virus ...) + TODO: check +CVE-2005-3662 (Off-by-one buffer overflow in pnmtopng before 2.39, when using the ...) + TODO: check +CVE-2005-3661 + RESERVED +CVE-2005-3660 + RESERVED +CVE-2005-3659 + RESERVED +CVE-2005-3658 + RESERVED +CVE-2005-3657 + RESERVED +CVE-2005-3656 + RESERVED +CVE-2005-3655 + RESERVED +CVE-2005-3654 + RESERVED +CVE-2005-3653 + RESERVED +CVE-2005-3652 + RESERVED +CVE-2005-3651 + RESERVED +CVE-2005-3650 (CodeSupport.ocx ActiveX control, as used by Sony to uninstall the ...) + TODO: check +CVE-2005-3649 (jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users ...) + TODO: check +CVE-2005-3648 (Multiple SQL injection vulnerabilities in the get_record function in ...) + TODO: check +CVE-2005-3647 (Folder Guard allows local users to bypass protections by running from ...) + TODO: check +CVE-2005-3646 (Multiple SQL injection vulnerabilities in lib-sessions.inc.php in ...) + TODO: check +CVE-2005-3645 (phpAdsNew 2.0.6 and possibly earlier versions allows remote attackers ...) + TODO: check +CVE-2005-3644 (upnp_getdevicelist in UPnP for Windows 2000 Server SP3 and earlier, ...) + TODO: check +CVE-2005-3643 (IBM DB2 Database server running on Windows XP with Simple File Sharing ...) + TODO: check +CVE-2005-3642 (IBM Informix Dynamic Database server running on Windows XP with Simple ...) + TODO: check +CVE-2005-3641 (Oracle Databases running on Windows XP with Simple File Sharing ...) + TODO: check +CVE-2005-3640 (Multiple buffer overflows in the IMAP Groupware Mail server of ...) + TODO: check +CVE-2005-3639 (PHP file inclusion vulnerability in the osTicket module in Help Center ...) + TODO: check +CVE-2005-3638 (Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow ...) + TODO: check +CVE-2005-3637 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...) + TODO: check +CVE-2005-3636 (Cross-site scripting (XSS) vulnerability in SAP Web Application Server ...) + TODO: check +CVE-2005-3635 (Multiple cross-site scripting (XSS) vulnerabilities in SAP Web ...) + TODO: check +CVE-2005-3634 (frameset.htm in the BSP runtime in SAP Web Application Server (WAS) ...) + TODO: check +CVE-2005-3633 (HTTP response splitting vulnerability in frameset.htm in SAP Web ...) + TODO: check +CVE-2005-3632 + RESERVED +CVE-2005-3631 + RESERVED +CVE-2005-3630 + RESERVED +CVE-2005-3629 + RESERVED +CVE-2005-3628 + RESERVED +CVE-2005-3627 + RESERVED +CVE-2005-3626 + RESERVED +CVE-2005-3625 + RESERVED +CVE-2005-3624 + RESERVED +CVE-2005-3623 + RESERVED +CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain ...) + TODO: check +CVE-2005-3620 + RESERVED +CVE-2005-3619 + RESERVED +CVE-2005-3618 + RESERVED +CVE-2005-3617 + RESERVED +CVE-2005-3616 + RESERVED +CVE-2005-3615 + RESERVED +CVE-2005-3614 + RESERVED +CVE-2005-3613 + RESERVED +CVE-2005-3612 + RESERVED +CVE-2005-3611 + RESERVED +CVE-2005-3610 + RESERVED +CVE-2005-3609 + RESERVED +CVE-2005-3608 + RESERVED +CVE-2005-3607 + RESERVED +CVE-2005-3606 + RESERVED +CVE-2005-3605 + RESERVED +CVE-2005-3604 + RESERVED +CVE-2005-3603 + RESERVED +CVE-2005-3602 + RESERVED +CVE-2005-3601 + RESERVED +CVE-2005-3600 + RESERVED +CVE-2005-3599 + RESERVED +CVE-2005-3598 + RESERVED +CVE-2005-3597 + RESERVED +CVE-2005-3596 (SQL injection vulnerability in ASPKnowledgebase allows remote ...) + TODO: check +CVE-2005-3595 (By default Microsoft Windows XP Home Edition installs with a blank ...) + TODO: check +CVE-2005-3594 (game_score.php in e107 allows remote attackers to insert high scores ...) + TODO: check +CVE-2005-3592 (index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain ...) + TODO: check +CVE-2005-3591 (Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier ...) + TODO: check +CVE-2005-3589 (Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote ...) + TODO: check +CVE-2005-3588 (SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 ...) + TODO: check +CVE-2005-3587 (Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before ...) + TODO: check +CVE-2005-3586 (content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to ...) + TODO: check +CVE-2005-3585 (SQL injection vulnerability in forum.php in PhpWebThings 0.4.4 allows ...) + TODO: check +CVE-2005-3584 (Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings ...) + TODO: check +CVE-2005-3583 ((1) Java Runtime Environment (JRE) and (2) Software Development Kit ...) + TODO: check +CVE-2005-3582 (ImageMagick before 6.2.4.2-r1 allows local users in the portage group ...) + TODO: check +CVE-2005-3581 (GDAL before 1.3.0-r1 allows local users in the portage group to ...) + TODO: check +CVE-2005-3580 (QDBM before 1.8.33-r2 allows local users in the portage group to ...) + TODO: check +CVE-2005-3579 (ts.cgi in Walla TeleSite 3.0 and earlier allows remote attackers to ...) + TODO: check +CVE-2005-3578 (SQL injection vulnerability in ts.exe in Walla TeleSite 3.0 and ...) + TODO: check +CVE-2005-3577 (Cross-site scripting vulnerability (XSS) in ts.exe in Walla TeleSite ...) + TODO: check +CVE-2005-3576 (ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to ...) + TODO: check +CVE-2005-3575 (SQL injection vulnerability in show.php in Cyphor 0.19 and earlier ...) + TODO: check +CVE-2005-3574 (PHP file inclusion vulnerability in index.php of iCMS allows remote ...) + TODO: check +CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character ...) + TODO: check +CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7 ...) + TODO: check +CVE-2005-3571 (PHP file inclusion vulnerability in protection.php in CodeGrrl (a) ...) + TODO: check +CVE-2005-3570 (Unknown cross-site scripting (XSS) vulnerability in Horde before 2.2.9 ...) + TODO: check +CVE-2005-3569 (INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX ...) + TODO: check +CVE-2005-3568 (db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 ...) + TODO: check +CVE-2005-3567 (slapd daemon in IBM Tivoli Directory Server 5.2.0 and 6.0.0 binds ...) + TODO: check +CVE-2005-3566 (Buffer overflow in the ha command of VERITAS Cluster Server for UNIX ...) + TODO: check +CVE-2005-3565 (Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and ...) + TODO: check +CVE-2005-3564 (envd daemon in HP-UX B.11.00 through B.11.11 allows local users to ...) + TODO: check +CVE-2005-3563 (ATutor 1.5.1 stores temporary chat logs as world readable under the ...) + TODO: check +CVE-2005-3562 (Direct code injection vulnerability in ATutor 1.5.1 allows remote ...) + TODO: check +CVE-2005-3561 (SQL injection vulnerability in password_reminder.php in ATutor before ...) + TODO: check +CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...) + TODO: check +CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 ...) + TODO: check +CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows ...) + TODO: check +CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in PHPlist ...) + TODO: check +CVE-2005-3556 (Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 ...) + TODO: check +CVE-2005-3555 (Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier ...) + TODO: check +CVE-2005-3554 (Multiple direct code injection vulnerabilities in the help function in ...) + TODO: check +CVE-2005-3553 (Multiple SQL injection vulnerabilities include.php in PHPKIT 1.6.1 R2 ...) + TODO: check +CVE-2005-3552 (Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 ...) + TODO: check +CVE-2005-3551 (toendaCMS before 0.6.2 stores user account and session data in the web ...) + TODO: check +CVE-2005-3550 (Directory traversal vulnerability in admin.php in toendaCMS before ...) + TODO: check +CVE-2005-3549 (Direct code injection vulnerability in Task Manager in Invision Power ...) + TODO: check +CVE-2005-3548 (Directory traversal vulnerability in Task Manager in Invision Power ...) + TODO: check +CVE-2005-3547 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 ...) + TODO: check +CVE-2005-3546 (suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before ...) + TODO: check +CVE-2005-3545 (SQL injection vulnerability in index.php of the report module in ...) + TODO: check +CVE-2005-3544 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 ...) + TODO: check +CVE-2005-3543 (SQL injection vulnerability in search.php in Phorum 5.0.0alpha through ...) + TODO: check +CVE-2005-3542 (SQL injection vulnerability in showGallery.php in Tonio Gallery 2.4 ...) + TODO: check +CVE-2005-3541 + RESERVED +CVE-2005-3540 + RESERVED +CVE-2005-3539 + RESERVED +CVE-2005-3538 + RESERVED +CVE-2005-3537 + RESERVED +CVE-2005-3536 + RESERVED +CVE-2005-3535 + RESERVED +CVE-2005-3534 + RESERVED +CVE-2005-3533 + RESERVED +CVE-2005-3532 + RESERVED +CVE-2005-3531 + RESERVED +CVE-2005-3530 + RESERVED +CVE-2005-3529 + RESERVED +CVE-2005-3528 + RESERVED +CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6 allows ...) + TODO: check +CVE-2005-3526 + RESERVED +CVE-2005-3525 + RESERVED +CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine ...) + TODO: check +CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617 through ...) + TODO: check +CVE-2005-3520 (Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 ...) + TODO: check +CVE-2005-3519 (Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow ...) + TODO: check +CVE-2005-3518 (SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 ...) + TODO: check +CVE-2005-3517 (Chipmunk Scripts Guestbook allows remote attackers to obtain the ...) + TODO: check +CVE-2005-3516 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk ...) + TODO: check +CVE-2005-3515 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk ...) + TODO: check +CVE-2005-3514 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum ...) + TODO: check +CVE-2005-3513 (index.php in VUBB alpha rc1 allows remote attackers to obtain the ...) + TODO: check +CVE-2005-3512 (Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha ...) + TODO: check +CVE-2005-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS ...) + TODO: check +CVE-2005-3510 (Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a ...) + TODO: check +CVE-2005-3509 (Multiple SQL injection vulnerabilities in JPortal allow remote ...) + TODO: check +CVE-2005-3508 (SQL injection vulnerability in showGallery.php in Gallery (Galerie) ...) + TODO: check +CVE-2005-3507 (Directory traversal vulnerability in CuteNews 1.4.1 allows remote ...) + TODO: check +CVE-2005-3506 (Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server ...) + TODO: check +CVE-2005-3505 (Cross-site scripting (XSS) vulnerability in the Entropy Chat script in ...) + TODO: check +CVE-2005-3504 (Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is ...) + TODO: check +CVE-2005-3503 (chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other ...) + TODO: check +CVE-2005-3502 (attachment_send.php in Cerberus Helpdesk allows remote attackers to ...) + TODO: check +CVE-2005-3499 (Frisk F-Prot Antivirus allows remote attackers to bypass protection ...) + TODO: check +CVE-2005-3498 (IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before ...) + TODO: check +CVE-2005-3497 (SQL injection vulnerability in process_signup.php in PHP Handicapper ...) + TODO: check +CVE-2005-3496 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Handicapper ...) + TODO: check +CVE-2005-3495 (Ar-blog 5.2 and earlier allows remote attackers to bypass ...) + TODO: check +CVE-2005-3494 (Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier ...) + TODO: check +CVE-2005-3493 (Battle Carry .005 and earlier allows remote attackers to cause a ...) + TODO: check +CVE-2005-3492 (FlatFrag 0.3 and earlier allows remote attackers to cause a denial of ...) + TODO: check +CVE-2005-3491 (Multiple buffer overflows in the receiver function in loop.c in ...) + TODO: check +CVE-2005-3490 (Directory traversal vulnerability in the web server in Asus Video ...) + TODO: check +CVE-2005-3489 (Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using ...) + TODO: check +CVE-2005-3488 (Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a ...) + TODO: check +CVE-2005-3487 (Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow ...) + TODO: check +CVE-2005-3486 (Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and ...) + TODO: check +CVE-2005-3485 (Buffer overflow in Glider Collect'n kill 1.0.0.0 allows remote ...) + TODO: check +CVE-2005-3484 (Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier ...) + TODO: check +CVE-2005-3483 (Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows ...) + TODO: check +CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows ...) - phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium) CVE-2005-XXXX [openswan isakmp dos] - openswan 1:2.4.3-1 (bug #339082; medium) TODO: Keep an eye on ipsec-tools's upstream, it's potentially affected as well CVE-2005-XXXX [Two unspecified issues in non-free rar] - rar <unfixed> (bug #339077; unknown) -CVE-2005-3524 [Remotely exploitable buffer overflow in linux-ftpd-ssl] +CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd ...) {DSA-896-1} - linux-ftpd-ssl <unfixed> (bug #339074; high) CVE-2005-XXXX [kernel: NFS leases mem leak] @@ -31,15 +411,15 @@ CVE-2005-XXXX [Information disclosure in Asterisk's voice mail system] - asterisk <unfixed> (bug #338116; medium) CVE-2005-XXXX [webcalendar's password visible to local users through debconf] - webcalendar <unfixed> (bug #337624) -CVE-2005-3523 [Format string vulnerability in gpsdrive] +CVE-2005-3523 (Format string vulnerability in friendsd2 in GpsDrive allows remote ...) {DSA-891-1} - gpsdrive 2.09-2sarge1 (bug #337495; medium) CVE-2005-XXXX [Insecure temp files in note] - note 1.3.1-3 (bug #337492; low) -CVE-2005-3500 [clamav: DoS in CAB parsing] +CVE-2005-3500 (The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) ...) {DSA-887-1 DTSA-21-1} - clamav 0.87.1-1 (medium) -CVE-2005-3501 [clamav: DoS in mspack parsing] +CVE-2005-3501 (The cabd_find function in cabd.c of the the libmspack library (mspack) ...) {DSA-887-1 DTSA-21-1} - clamav 0.87.1-1 (medium) CVE-2005-XXXX [Multiple security issues in Scorched 3D] @@ -330,21 +710,18 @@ CVE-2005-3352 CVE-2005-3351 [spamassassin/perl dos] RESERVED - spamassassin <unfixed> (bug #339526; medium) -CVE-2005-3350 [libungif buffer overflows] - RESERVED +CVE-2005-3350 (libungif library before 4.1.0 allows attackers to corrupt memory and ...) {DSA-890-1} - libungif4 4.1.3-4 (bug #337972; high) CVE-2005-3349 RESERVED -CVE-2005-3348 [phpsysinfo http response splitting] - RESERVED - {DSA-898-1 DSA-897-1} +CVE-2005-3348 (HTTP response splitting vulnerability in phpgroupware 0.9.16 and ...) + {DSA-899-1 DSA-898-1 DSA-897-1} - phpsysinfo 2.3-7 (bug #339079) - egroupware 1.0.0.009.dfsg-3-3 - phpgroupware 0.9.16.008-2 -CVE-2005-3347 [phpsysinfo file inclusion issue] - RESERVED - {DSA-898-1 DSA-897-1} +CVE-2005-3347 (PHP file inclusion vulnerability in phpgroupware 0.9.16 and earlier ...) + {DSA-899-1 DSA-898-1 DSA-897-1} - phpsysinfo 2.3-7 (bug #339079) - egroupware 1.0.0.009.dfsg-3-3 - phpgroupware 0.9.16.008-2 @@ -353,8 +730,7 @@ CVE-2005-3346 [osh: Local root exploit due to incorrect env var handling] - osh 1.7-15 (bug #338312; medium) CVE-2005-3345 RESERVED -CVE-2005-3344 [Insecure default configuration in Debian's horde3] - RESERVED +CVE-2005-3344 (The default installation of Horde 3.0.4 contains an administrative ...) {DSA-884-1} - horde3 3.0.5-2 (bug #332290; bug #332289; medium) CVE-2005-3343 [Insecure temp files in tkdiff] @@ -460,8 +836,7 @@ CVE-2005-3305 (Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow re NOT-FOR-US: Nuked Klan CVE-2005-3304 (Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote ...) NOT-FOR-US: PHP-Nuke -CVE-2005-3303 [Heap overflow in ClamAV's FSG module] - RESERVED +CVE-2005-3303 (The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 ...) {DSA-887-1 DTSA-21-1} - clamav 0.87.1-1 (high) CVE-2005-XXXX [kernel: Signedness problems in net/core/filter] @@ -723,14 +1098,13 @@ CVE-2005-3191 RESERVED CVE-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 ...) NOT-FOR-US: iGateway -CVE-2005-3189 - RESERVED +CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP Server ...) + TODO: check CVE-2005-3188 RESERVED CVE-2005-3187 RESERVED -CVE-2005-3186 [Integer overflow in GTK's XPM code] - RESERVED +CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in ...) - gtk+2.0 2.6.10-2 (bug #339431; medium) - gdk-pixbuf 0.22.0-11 (bug #339431; medium) CVE-2005-3184 (Buffer overflow vulnerability in the unicode_to_bytes in the Service ...) @@ -748,7 +1122,7 @@ CVE-2005-XXXX [centericq remote dos by special nmap scan] CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...) - wget 1.10.2-1 (medium) - curl 7.15.0-1 (bug #333734; medium) -CVE-2005-3239 (The OLE2 unpacker in clamd in ClamAV 0.87-1 allows remote attackers to ...) +CVE-2005-3239 (The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows ...) {DSA-887-1 DTSA-21-1} - clamav 0.87.1-1 (bug #333566; medium) CVE-2005-3181 (The audit system in Linux kernel before 2.6.13.4, when ...) @@ -888,8 +1262,7 @@ CVE-2005-3126 RESERVED CVE-2005-3125 RESERVED -CVE-2005-3124 [Insecure temp file in thttpd] - RESERVED +CVE-2005-3124 (syslogtocern in Acme thttpd before 2.23 allows local users to write ...) {DSA-883-1} - thttpd 2.23beta1-4 CVE-2005-3123 (Directory traversal vulnerability in GNUMP3D before 2.9.6 allows ...) @@ -911,8 +1284,8 @@ CVE-2005-3118 (Mason before 1.0.0 does not install the init script after the use - mason 1.0.0-3 CVE-2005-3117 REJECTED -CVE-2005-3116 - RESERVED +CVE-2005-3116 (Stack-based buffer overflow in a shared library as used by the Volume ...) + TODO: check CVE-2005-3115 (mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, ...) NOT-FOR-US: mpeg-tools CVE-2005-3114 (Buffer overflow in the ActiveX control for NateOn Messenger ...) @@ -1073,7 +1446,7 @@ CVE-2005-3068 (Unspecified vulnerability in Eric Integrated Development Environm - eric 3.7.2-1 (bug #330608; medium) CVE-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver ...) NOT-FOR-US: PerlDiver -CVE-2005-3066 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. ...) +CVE-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver ...) NOT-FOR-US: PerlDiver CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers cause a ...) NOT-FOR-US: MultiTheftAuto @@ -1287,15 +1660,12 @@ CVE-2005-2977 (The SELinux version of PAM before 0.78 r3 allows local users to . - pam <unfixed> (bug #336344; medium) [sarge] - pam <not-affected> (Does not contain SELinux support) [woody] - pam <not-affected> (Does not contain SELinux support) -CVE-2005-2976 [integer overflow in "pixels" calculation of gdk-pixbuf] - RESERVED +CVE-2005-2976 (Integer overflow in gdk-pixbuf 0.22.0 allows attackers to cause a ...) - gdk-pixbuf 0.22.0-11 (bug #339431; medium) -CVE-2005-2975 [dos in xpm processing of gdk-pixbuf] - RESERVED +CVE-2005-2975 (The GTK+ gdk-pixbuf XPM image rendering library allows attackers to ...) - gdk-pixbuf 0.22.0-11 (bug #339431; low) - gtk+2.0 2.6.10-2 (bug #339431; low) -CVE-2005-2974 [libungif null pointer deref dos] - RESERVED +CVE-2005-2974 (libungif library before 4.1.0 allows attackers to cause a denial of ...) {DSA-890-1} - libungif4 4.1.3-4 (bug #337972; medium) CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, ...) @@ -1348,7 +1718,7 @@ CVE-2005-2960 (cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitra - cfengine <unfixed> (bug #332433; low) - cfengine2 <unfixed> (bug #332432; low) NOTE: maintainer does not think it's a hole, script is unused/broken -CVE-2005-2959 (sudo 1.6.8 and earlier does not clear the (1) SHELLOPTS and (2) PS4 ...) +CVE-2005-2959 (Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows ...) {DSA-870-1} - sudo 1.6.8p9-3 (medium) CVE-2005-2958 (Multiple format string vulnerabilities in the GNOME Data Access ...) @@ -1388,16 +1758,17 @@ CVE-2005-2942 REJECTED CVE-2005-2941 RESERVED -CVE-2005-2940 - RESERVED -CVE-2005-2939 - RESERVED -CVE-2005-2938 - RESERVED -CVE-2005-2937 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in ...) +CVE-2005-2940 (Untrusted Windows search path vulnerability in Microsoft Antispyware ...) + TODO: check +CVE-2005-2939 (Untrusted Windows search path vulnerability in VMWare Workstation ...) + TODO: check +CVE-2005-2938 (Untrusted Windows search path vulnerability in iTunesHelper.exe in ...) + TODO: check +CVE-2005-2937 + REJECTED NOT-FOR-US: Kaspersky -CVE-2005-2936 - RESERVED +CVE-2005-2936 (Untrusted Windows search path vulnerability in RealNetworks RealPlayer ...) + TODO: check CVE-2005-2935 (AntiSpywareMain.exe in Microsoft AntiSpyware does not quote the C ...) NOT-FOR-US: Microsoft AntiSpyware CVE-2005-2934 @@ -1409,8 +1780,7 @@ CVE-2005-2932 RESERVED CVE-2005-2931 RESERVED -CVE-2005-2929 [lynx arbitrary code execution through insecure default configuration wrt CGI] - RESERVED +CVE-2005-2929 (Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote ...) - lynx <not-affected> (Debian's default config is not vulnerable) CVE-2005-2928 RESERVED @@ -1796,14 +2166,14 @@ CVE-2005-2758 (Integer signedness error in the administrative interface for Syma NOT-FOR-US: Symantec Antivirus CVE-2005-2757 RESERVED -CVE-2005-2756 - RESERVED -CVE-2005-2755 - RESERVED -CVE-2005-2754 - RESERVED -CVE-2005-2753 - RESERVED +CVE-2005-2756 (Apple QuickTime before 7.0.3 allows user-complicit attackers to ...) + TODO: check +CVE-2005-2755 (Apple QuickTime Player before 7.0.3 allows user-complicit attackers to ...) + TODO: check +CVE-2005-2754 (Integer overflow in Apple QuickTime before 7.0.3 allows user-complicit ...) + TODO: check +CVE-2005-2753 (Integer overflow in Apple QuickTime before 7.0.3 allows user-complicit ...) + TODO: check CVE-2005-2752 (An unspecified kernel interface in Mac OS X 10.4.2 and earlier does ...) NOT-FOR-US: Mac OS X CVE-2005-2751 (memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not ...) @@ -2047,8 +2417,7 @@ CVE-2005-2661 (Format string vulnerability in the ParseBannerAndCapability funct CVE-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows local ...) {DSA-839-1} - apachetop 0.12.5-3 (unknown) -CVE-2005-2659 [Buffer overflow in chmlib's LZX decompressor] - RESERVED +CVE-2005-2659 (Buffer overflow in LZX decompression in CHM Lib (chmlib) 0.35 with ...) {DSA-886-1} - chmlib 0.37-2 (medium) CVE-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...) @@ -2127,8 +2496,7 @@ CVE-2005-2630 RESERVED CVE-2005-2629 RESERVED -CVE-2005-2628 [Buffer overflow in non-free Flash plugin] - RESERVED +CVE-2005-2628 (Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to ...) - flashplugin-nonfree <unfixed> (bug #339290; high) CVE-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...) {DSA-788-1 DTSA-1-1} @@ -2190,7 +2558,7 @@ CVE-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers CVE-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...) NOT-FOR-US: MidiCart CVE-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled, as used in other products ...) - {DSA-798-1} + {DSA-899-1 DSA-798-1} - egroupware 1.0.0.009.dfsg-3-2 (bug #323928; medium) - phpgroupware 0.9.16.008-1 (bug #323929; medium) CVE-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial ...) @@ -3792,8 +4160,8 @@ CVE-2005-1927 RESERVED CVE-2005-1926 RESERVED -CVE-2005-1925 - RESERVED +CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 ...) + TODO: check CVE-2005-1924 RESERVED CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...) @@ -6214,7 +6582,7 @@ CVE-2005-0872 (Cross-site scripting (XSS) vulnerability in calendar_scheduler.ph CVE-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...) NOT-FOR-US: Topic Calendar phpbb2 plugin CVE-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...) - {DSA-898-1 DSA-897-1 DSA-724-1} + {DSA-899-1 DSA-898-1 DSA-897-1 DSA-724-1} NOTE: Fix in phpsysinfo 2.3-3 was apparently incomplete. - phpsysinfo 2.3-7 - egroupware 1.0.0.009.dfsg-3-3 diff --git a/data/CVE/2006.list b/data/CVE/2006.list new file mode 100644 index 0000000000..678b3ceeb3 --- /dev/null +++ b/data/CVE/2006.list @@ -0,0 +1,34 @@ +CVE-2006-0017 + RESERVED +CVE-2006-0016 + RESERVED +CVE-2006-0015 + RESERVED +CVE-2006-0014 + RESERVED +CVE-2006-0013 + RESERVED +CVE-2006-0012 + RESERVED +CVE-2006-0011 + RESERVED +CVE-2006-0010 + RESERVED +CVE-2006-0009 + RESERVED +CVE-2006-0008 + RESERVED +CVE-2006-0007 + RESERVED +CVE-2006-0006 + RESERVED +CVE-2006-0005 + RESERVED +CVE-2006-0004 + RESERVED +CVE-2006-0003 + RESERVED +CVE-2006-0002 + RESERVED +CVE-2006-0001 + RESERVED |