diff options
| author | Joey Hess <joeyh@debian.org> | 2005-11-01 09:14:55 +0000 |
|---|---|---|
| committer | Joey Hess <joeyh@debian.org> | 2005-11-01 09:14:55 +0000 |
| commit | c8172ed8b519756a6ba8d36e895f55ca6ad98d31 (patch) | |
| tree | 26957b2ea11761a71d3356013083cca488e79b45 /data | |
| parent | caf7b76e7e0c64bbce8bdede671676a9d5afb772 (diff) | |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2631 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/1999.list | 2 | ||||
| -rw-r--r-- | data/CVE/2002.list | 2 | ||||
| -rw-r--r-- | data/CVE/2003.list | 6 | ||||
| -rw-r--r-- | data/CVE/2004.list | 2 | ||||
| -rw-r--r-- | data/CVE/2005.list | 169 |
5 files changed, 140 insertions, 41 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list index 7c493e0950..1de8c7ac6b 100644 --- a/data/CVE/1999.list +++ b/data/CVE/1999.list @@ -2900,7 +2900,7 @@ CVE-1999-0359 (ptylogin in Unix systems allows users to perform a denial of serv CVE-1999-0356 (ControlIT v4.5 and earlier uses weak encryption to store ...) CVE-1999-0354 (Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution ...) CVE-1999-0352 (ControlIT 4.5 and earlier (aka Remotely Possible) has weak password ...) -CVE-1999-0347 (Javascript bug in Internet Explorer 4.01 by adding %01URL allows ...) +CVE-1999-0347 (Internet Explorer 4.01 allows remote attackers to read local files and ...) CVE-1999-0345 (Jolt ICMP attack causes a denial of service in Windows 95 and Windows ...) CVE-1999-0336 (Buffer overflow in mstm in HP-UX allows local users to gain root ...) CVE-1999-0333 (HP OpenView Omniback allows remote execution of commands as root via ...) diff --git a/data/CVE/2002.list b/data/CVE/2002.list index 02bceee828..b76a62153a 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -1,3 +1,5 @@ +CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv ...) + TODO: check CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries] - libnss-ldap 199-1 (bug #169793) CVE-2002-XXXX [sanitizer bypassal through quoted file names] diff --git a/data/CVE/2003.list b/data/CVE/2003.list index 10f2d24518..8a240d880f 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -1,3 +1,5 @@ +CVE-2003-1233 (Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier ...) + TODO: check CVE-2003-XXXX [Incomplete reporting of failed logins in login] - login 1:4.0.3-36 (bug #192849) CVE-2003-XXXX [fuzz: Insecure temp file usage] @@ -695,8 +697,8 @@ CVE-2003-0889 RESERVED CVE-2003-0888 RESERVED -CVE-2003-0887 - RESERVED +CVE-2003-0887 (ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache ...) + TODO: check CVE-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...) {DSA-401} CVE-2003-0885 diff --git a/data/CVE/2004.list b/data/CVE/2004.list index 8ffd6f8fa6..9cf2f3b555 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -3459,7 +3459,7 @@ CVE-2004-0945 (The web management interface for Mitel 3300 Integrated Communicat CVE-2004-0944 (The web management interface for Mitel 3300 Integrated Communications ...) NOT-FOR-US: Mitel 3300 Integrated Communications Platform CVE-2004-0943 - RESERVED + REJECTED CVE-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...) - apache2 2.0.52-2 CVE-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 ...) diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 422d5fe591..40a2580425 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -1,3 +1,113 @@ +CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows remote ...) + TODO: check +CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard forum ...) + TODO: check +CVE-2005-3393 (Format string vulnerability in the foreign_option function in ...) + TODO: check +CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...) + TODO: check +CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...) + TODO: check +CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ...) + TODO: check +CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, ...) + TODO: check +CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...) + TODO: check +CVE-2005-3387 (The startup script in packages/RedHat/ntop.init in ntop before 3.2, ...) + TODO: check +CVE-2005-3386 (SQL injection vulnerability in Techno Dreams Web Directory script ...) + TODO: check +CVE-2005-3385 (SQL injection vulnerability in Techno Dreams Mailing List script ...) + TODO: check +CVE-2005-3384 (SQL injection vulnerability in Techno Dreams Guest Book script allows ...) + TODO: check +CVE-2005-3383 (SQL injection vulnerability in Techno Dreams Announcement script ...) + TODO: check +CVE-2005-3382 (Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine ...) + TODO: check +CVE-2005-3381 (Multiple interpretation error in Ukrainian National Antivirus (UNA) ...) + TODO: check +CVE-2005-3380 (Multiple interpretation error in Panda Titanium 2005 4.02.01 allows ...) + TODO: check +CVE-2005-3379 (Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 ...) + TODO: check +CVE-2005-3378 (Multiple interpretation error in Norman 5.81 with the 5.83.02 engine ...) + TODO: check +CVE-2005-3377 (Multiple interpretation error in (1) McAfee Internet Security Suite ...) + TODO: check +CVE-2005-3376 (Multiple interpretation error in Kaspersky 5.0.372 allows remote ...) + TODO: check +CVE-2005-3375 (Multiple interpretation error in Ikarus demo version allows remote ...) + TODO: check +CVE-2005-3374 (Multiple interpretation error in F-Prot 3.16c allows remote attackers ...) + TODO: check +CVE-2005-3373 (Multiple interpretation error in Dr.Web 4.32b allows remote attackers ...) + TODO: check +CVE-2005-3372 (Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 ...) + TODO: check +CVE-2005-3371 (Multiple interpretation error in AVG 7 7.0.323 allows remote attackers ...) + TODO: check +CVE-2005-3370 (Multiple interpretation error in ArcaVir 2005 package 2005-06-21 ...) + TODO: check +CVE-2005-3369 (Multiple SQL injection vulnerabilities in the Info-DB module ...) + TODO: check +CVE-2005-3368 (Cross-site scripting (XSS) vulnerability in the Search_Enhanced module ...) + TODO: check +CVE-2005-3367 (Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog ...) + TODO: check +CVE-2005-3366 (PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 ...) + TODO: check +CVE-2005-3365 (Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier ...) + TODO: check +CVE-2005-3364 (Multiple SQL injection vulnerabilities in DboardGear allow remote ...) + TODO: check +CVE-2005-3363 (SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 ...) + TODO: check +CVE-2005-3362 (myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a ...) + TODO: check +CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in ...) + TODO: check +CVE-2005-3360 + RESERVED +CVE-2005-3359 + RESERVED +CVE-2005-3358 + RESERVED +CVE-2005-3357 + RESERVED +CVE-2005-3356 + RESERVED +CVE-2005-3355 + RESERVED +CVE-2005-3354 + RESERVED +CVE-2005-3353 + RESERVED +CVE-2005-3352 + RESERVED +CVE-2005-3351 + RESERVED +CVE-2005-3350 + RESERVED +CVE-2005-3349 + RESERVED +CVE-2005-3348 + RESERVED +CVE-2005-3347 + RESERVED +CVE-2005-3346 + RESERVED +CVE-2005-3345 + RESERVED +CVE-2005-3344 + RESERVED +CVE-2005-3343 + RESERVED +CVE-2005-3342 + RESERVED +CVE-2005-3340 + RESERVED CVE-2005-XXXX [Remotely exploitable format string vulnerability in openvpn] - openvpn <unfixed> (bug filed; medium) CVE-2005-XXXX [generic XSS vulnerability in PHP's phpinfo function] @@ -26,6 +136,7 @@ CVE-2005-XXXX [ntop format string vulnerability] CVE-2005-XXXX [Firefox IFRAME buffer overflow] - mozilla-firefox <unfixed> (bug #336171; medium) CVE-2005-3341 [Insecure temp files in dhis-tools-dns] + RESERVED - dhis-tools-dns 5.0-5 CVE-2005-XXXX [xdm: full-force SAINT attack crashes xdm] - xorg-x11 <unfixed> (bug #24706; low) @@ -56,7 +167,7 @@ CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2 allows remote attackers - wordpress <unfixed> (bug #335817; high) CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication Agent ...) NOT-FOR-US: RSA Authentication Agent -CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php PunBB 1.1.2 ...) +CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 ...) NOT-FOR-US: PunBB CVE-2005-3327 (Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators ...) NOT-FOR-US: Data ONTAP @@ -84,12 +195,11 @@ CVE-2005-3317 (Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and NOT-FOR-US: ZipGenius CVE-2005-3316 (The installation of ON Symantec Discovery 4.5.x and Symantec Discovery ...) NOT-FOR-US: Symantec Discovery -CVE-2005-3315 - RESERVED +CVE-2005-3315 (Multiple SQL injection vulnerabilities in Novell ZENworks Patch ...) + TODO: check CVE-2005-3314 RESERVED -CVE-2005-3313 [ethereal: DoS in IRC dissector] - RESERVED +CVE-2005-3313 (The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers ...) - ethereal <unfixed> (bug #334880; medium) TODO: This supposedly fixed after the 13 release, separate bug might be necessary CVE-2005-3312 (The HTML rendering engine in Microsoft Internet Explorer 6.0 allows ...) @@ -208,7 +318,7 @@ CVE-2005-3269 (Unspecified "security exposure" in the HTTP Admin inter NOT-FOR-US: Sun Java System Directory Server CVE-2005-3268 (yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and ...) - yiff 2.14.2-8 (bug #334616; low) -CVE-2005-3267 (Heap-based buffer overflow in Skype client before 1.4.x.84 on Windows, ...) +CVE-2005-3267 (Integer overflow in Skype client before 1.4.x.84 on Windows, before ...) TODO: check CVE-2005-3266 REJECTED @@ -246,32 +356,23 @@ CVE-2005-3251 (Directory traversal vulnerability in the gallery script in Galler - gallery 2.0.1-1 (medium) CVE-2005-3250 (Unknown vulnerability in Solaris 10 allows local users to cause a ...) NOT-FOR-US: Solaris -CVE-2005-3249 [ethereal: lots of vulnerabilities] - RESERVED +CVE-2005-3249 (Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to ...) - ethereal <unfixed> (bug #334880; medium) -CVE-2005-3248 [ethereal: lots of vulnerabilities] - RESERVED +CVE-2005-3248 (Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and ...) - ethereal <unfixed> (bug #334880; medium) -CVE-2005-3247 [ethereal: lots of vulnerabilities] - RESERVED +CVE-2005-3247 (The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause ...) - ethereal <unfixed> (bug #334880; medium) -CVE-2005-3246 [ethereal: lots of vulnerabilities] - RESERVED +CVE-2005-3246 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...) - ethereal <unfixed> (bug #334880; medium) -CVE-2005-3245 [ethereal: lots of vulnerabilities] - RESERVED +CVE-2005-3245 (Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 ...) - ethereal <unfixed> (bug #334880; medium) -CVE-2005-3244 [ethereal: lots of vulnerabilities] - RESERVED +CVE-2005-3244 (The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote ...) - ethereal <unfixed> (bug #334880; medium) -CVE-2005-3243 [ethereal: Buffer overflows in SLIM3 and AgentX dissectors] - RESERVED +CVE-2005-3243 (Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow ...) - ethereal <unfixed> (bug #334880; medium) -CVE-2005-3242 [ethereal: lots of vulnerabilities] - RESERVED +CVE-2005-3242 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...) - ethereal <unfixed> (bug #334880; medium) -CVE-2005-3241 [ethereal: lots of vulnerabilities] - RESERVED +CVE-2005-3241 (Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote ...) - ethereal <unfixed> (bug #334880; medium) CVE-2005-3240 RESERVED @@ -541,12 +642,10 @@ CVE-2005-3125 RESERVED CVE-2005-3124 RESERVED -CVE-2005-3123 [Directory traversal in gnump3d] - RESERVED +CVE-2005-3123 (Directory traversal vulnerability in GNUMP3D before 2.9.6 allows ...) {DSA-877-1} - gnump3d 2.9.6-1 (medium) -CVE-2005-3122 [XSS in gnump3d's 404 page] - RESERVED +CVE-2005-3122 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 ...) {DSA-877-1} - gnump3d 2.9.6-1 (low) CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary file ...) @@ -675,8 +774,7 @@ CVE-2005-3090 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_page. - mantis 0.19.2-4 (bug #330682; medium) CVE-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service (crash) ...) TODO: file a bug, it's not really clear, whether this has security implications -CVE-2005-3088 [Insecure file creation in fetchmailconf may expose sensitive data] - RESERVED +CVE-2005-3088 (fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 ...) - fetchmail <unfixed> (bug #336096; low) CVE-2005-3111 (The handler code for backupninja 0.8 and earlier creates temporary ...) {DSA-827-1} @@ -940,8 +1038,7 @@ CVE-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah's CVE-2005-2978 (pnmtopng in netpbm before 10.25, when using the -trans option, uses ...) {DSA-878-1} - netpbm-free 2:10.0-10 -CVE-2005-2977 [pam vulnerable to brute force attacks when using SELinux] - RESERVED +CVE-2005-2977 (The SELinux version of PAM before 0.78 r3 allows local users to ...) - pam <unfixed> (bug #336344; medium) [sarge] - pam <not-affected> (Does not contain SELinux support) [woody] - pam <not-affected> (Does not contain SELinux support) @@ -951,8 +1048,7 @@ CVE-2005-2975 RESERVED CVE-2005-2974 RESERVED -CVE-2005-2973 [Kernel 2.6 ipv6 local DoS vulnerability] - RESERVED +CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, ...) - linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low) - kernel-source-2.4.27 <unfixed> TODO: Check, whether this is fixed in sid's 2.4.27 @@ -1202,8 +1298,7 @@ CVE-2005-2871 (Buffer overflow in the International Domain Name (IDN) support in - mozilla 2:1.7.12-1 (bug #327455; medium) NOTE: epiphany-browser is apparently fixed fix the mozilla-browser NOTE: upload; see bug #327366 -CVE-2005-2930 [several buffer overflows in MS CHM library before version 0.36] - RESERVED +CVE-2005-2930 (Stack-based buffer overflow in the _chm_find_in_PMGL function in ...) - chmlib 0.36-1 (bug #327431) CVE-2005-2802 REJECTED @@ -3305,7 +3400,7 @@ CVE-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allo NOT-FOR-US: MSIE CVE-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...) NOT-FOR-US: MSIE -CVE-2005-1987 (Collaboration Data Objects (CDO), as used in Microsoft Windows and ...) +CVE-2005-1987 (Buffer overflow in Collaboration Data Objects (CDO), as used in ...) NOT-FOR-US: Microsoft CVE-2005-1986 RESERVED |