[Secure-testing-commits] r2544 - data/CVE

Joey Hess Mon, 24 Oct 2005 02:14:59 -0700

Author: joeyh
Date: 2005-10-24 09:14:21 +0000 (Mon, 24 Oct 2005)
New Revision: 2544


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2005-10-24 08:47:17 UTC (rev 2543)
+++ data/CVE/list       2005-10-24 09:14:21 UTC (rev 2544)
@@ -1,3 +1,53 @@
+CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in 
phpMyAdmin ...)
+       TODO: check
+CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for 
...)
+       TODO: check
+CVE-2005-3299 (PHP file inclusion vulnerability in grab_globals.lib.php in 
phpMyAdmin ...)
+       TODO: check
+CVE-2005-3298 (Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow 
remote ...)
+       TODO: check
+CVE-2005-3297 (Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow 
remote ...)
+       TODO: check
+CVE-2005-3296 (The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows 
remote ...)
+       TODO: check
+CVE-2005-3295 (Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms 
allows ...)
+       TODO: check
+CVE-2005-3294 (Typsoft FTP Server 1.11, with &quot;Sub Directory Include&quot; 
enabled, allows ...)
+       TODO: check
+CVE-2005-3293 (Xerver 4.17 allows remote attackers to (1) obtain source code 
of ...)
+       TODO: check
+CVE-2005-3292 (Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 
0.93 ...)
+       TODO: check
+CVE-2005-3291 (Stani's Python Editor (SPE) 0.7.5 is installed with 
world-writable ...)
+       TODO: check
+CVE-2005-3290 (SQL injection vulnerability in Accelerated Mortgage Manager 
allows ...)
+       TODO: check
+CVE-2005-3289 (LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files 
securely, ...)
+       TODO: check
+CVE-2005-3288 (Mailsite Express allows remote attackers to upload and execute 
files ...)
+       TODO: check
+CVE-2005-3287 (Incomplete blacklist vulnerability in Mailsite Express allows 
remote ...)
+       TODO: check
+CVE-2005-3286 (The FWDRV driver in Kerio Personal Firewall 4.2 and Server 
Firewall ...)
+       TODO: check
+CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in ...)
+       TODO: check
+CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 
before ...)
+       TODO: check
+CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before 
1.9.1.1 ...)
+       TODO: check
+CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass ...)
+       TODO: check
+CVE-2005-3281 (Directory traversal vulnerability in NukeFix 3.1 for PHP-Nuke 
7.8 ...)
+       TODO: check
+CVE-2005-3280 (Paros 3.2.5 uses a default password for the &quot;sa&quot; 
account in the ...)
+       TODO: check
+CVE-2005-3279 (Stack-based buffer overflow in the vgasco_printf function in 
Jan Kybic ...)
+       TODO: check
+CVE-2005-3278 (Integer overflow in the openpsfile function in gsinterf.c for 
Jan ...)
+       TODO: check
+CVE-2005-3277 (The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows 
remote ...)
+       TODO: check
 CVE-2005-XXXX [adduser's deluser creates backup files with world readable 
permissions]
        - adduser 3.77 (bug #331720; low)
 CVE-2005-XXXX [yet another local file inclusion vulnverability in phpmyadmin]
@@ -28,7 +78,7 @@
 CVE-2005-3267
        RESERVED
 CVE-2005-3266
-       RESERVED
+       REJECTED
 CVE-2005-3265
        RESERVED
 CVE-2005-3264 (Cross-site scripting (XSS) vulnerability in thread.php for 
Zeroblog ...)
@@ -248,7 +298,7 @@
        - xloadimage 4.1-15 (bug #332524; medium)
        - xli 1.17.0-20 (medium)
        NOTE: xli couldn't load the provided test images when I checked?
-CVE-2005-3302 [Arbitrary command execution in import script for bvh files in 
Blender]
+CVE-2005-3302 (Eval injection vulnerability in bvh_import.py in Blender 2.36 
allows ...)
        - blender <unfixed> (bug #330895; medium)
 CVE-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for 
SP4, ...)
        NOT-FOR-US: Microsoft
@@ -280,7 +330,8 @@
        NOT-FOR-US: Hitachi Cosminexus Application Server
 CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows 
attackers ...)
        - polipo <unfixed> (bug #332411; medium)
-CVE-2005-3162 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.109 
allow ...)
+CVE-2005-3162
+       REJECTED
        NOT-FOR-US: PHP-Fusion
 CVE-2005-3161 (SQL injection vulnerability in PHP-Fusion before 6.00.110 
allows ...)
        NOT-FOR-US: PHP-Fusion
@@ -822,8 +873,7 @@
        RESERVED
        - linux-2.6 <unfixed>
        NOTE: Pinged Horms as usual
-CVE-2005-2972 [Further RTF buffer overflows in abiword]
-       RESERVED
+CVE-2005-2972 (Multiple stack-based buffer overflows in the RTF import feature 
in ...)
        - abiword 2.4.1-1 (bug #333740; medium)
 CVE-2005-2971 (Heap-based buffer overflow in the KWord RTF importer for 
KOffice 1.2.0 ...)
        - koffice 1:1.3.5-5 (bug #333497; medium)
@@ -3971,7 +4021,7 @@
        NOT-FOR-US: EtoShop
 CVE-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 
allow ...)
        NOT-FOR-US: NetBSD
-CVE-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CAN-2005-1915.  
Reason: ...)
+CVE-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2005-1915.  
Reason: ...)
        NOT-FOR-US: log4sh
 CVE-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, 
and ...)
        NOT-FOR-US: SCO UnixWare
@@ -3985,26 +4035,26 @@
        NOT-FOR-US: Windows
 CVE-2005-2127 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote 
attackers ...)
        NOT-FOR-US: Windows
-CVE-2005-2126
-       RESERVED
+CVE-2005-2126 (The FTP client in Windows XP SP1 and Server 2003, and Internet 
...)
+       TODO: check
 CVE-2005-2125
        RESERVED
 CVE-2005-2124
        RESERVED
 CVE-2005-2123
        RESERVED
-CVE-2005-2122
-       RESERVED
+CVE-2005-2122 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, 
and ...)
+       TODO: check
 CVE-2005-2121
        RESERVED
 CVE-2005-2120 (Stack-based buffer overflow in the Plug and Play (PnP) service 
...)
        NOT-FOR-US: Windows
 CVE-2005-2119 (The MIDL_user_allocate function in the Microsoft Distributed 
...)
        NOT-FOR-US: Microsoft
-CVE-2005-2118
-       RESERVED
-CVE-2005-2117
-       RESERVED
+CVE-2005-2118 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, 
and ...)
+       TODO: check
+CVE-2005-2117 (Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP 
SP1 and ...)
+       TODO: check
 CVE-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf 
as ...)
        - cupsys 1.1.20final+rc1-1 (low)
 CVE-2005-2116


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r2544 - data/CVE

Reply via email to