diff options
Diffstat (limited to 'data/CVE/2005.list')
-rw-r--r-- | data/CVE/2005.list | 39 |
1 files changed, 21 insertions, 18 deletions
diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 200aae0ebe..d5b0e08cad 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -1,3 +1,5 @@ +CVE-2005-10001 + RESERVED CVE-2005-3590 (The getgrouplist function in the GNU C library (glibc) before version ...) - glibc 2.3.5-3 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=661 @@ -17,11 +19,11 @@ CVE-2005-XXXX [more related to CVE-2005-4890] CVE-2005-4895 (Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools bef ...) - google-perftools 0.7-1 CVE-2005-4894 - RESERVED + REJECTED CVE-2005-4893 - RESERVED + REJECTED CVE-2005-4892 - RESERVED + REJECTED CVE-2005-4891 (Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL inje ...) NOT-FOR-US: Simple Machine Forum (SMF) CVE-2005-4890 (There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo ...) @@ -30,7 +32,8 @@ CVE-2005-4890 (There is a possible tty hijacking in shadow 4.x before 4.1.5 and [lenny] - shadow <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=173008 - sudo 1.7.4p4 (low; bug #657784) - NOTE: sudo might be fixed earlier, use_pty present in stable + NOTE: sudo might be fixed earlier, use_pty present in stable. Only since 1.9.6-1~exp2 + NOTE: use_pty is added to default configuration. CVE-2005-4889 (lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of ...) - rpm 4.7.0-1 (bug #584257; unimportant) NOTE: Marking as unimportant since rpm isn't used as a package manager @@ -754,7 +757,7 @@ CVE-2005-4584 (BZFlag server 2.0.4 and earlier allows remote attackers to cause - bzflag 2.0.6.20060412-1 (bug #345245; low) [sarge] - bzflag <no-dsa> (Minor DoS against a game) CVE-2005-4583 (Unspecified vulnerability in the Management Interface in VMware ESX Se ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2005-4582 (Electric Sheep 2.6.3 does not require authentication or integrity chec ...) - electricsheep 2.6.3+cvs20051206-1 (unimportant) NOTE: Even an authenticated server might serve unwanted content, so @@ -1027,7 +1030,7 @@ CVE-2005-4461 (SQL injection vulnerability in index.php in Beehive Forum 0.6.2 a CVE-2005-4460 (Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and ea ...) NOT-FOR-US: Beehive Forum CVE-2005-4459 (Heap-based buffer overflow in the NAT networking components vmnat.exe ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2005-4458 (Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly ...) NOT-FOR-US: Metadot Portal Server CVE-2005-4457 (MailEnable Enterprise 1.1 before patch ME-10009 allows remote attacker ...) @@ -2901,7 +2904,7 @@ CVE-2005-3620 (The management interface for VMware ESX Server 2.0.x before 2.0.2 CVE-2005-3619 (Cross-site scripting (XSS) vulnerability in the management interface f ...) NOT-FOR-US: VMware ESX CVE-2005-3618 (Cross-site request forgery (CSRF) vulnerability in the management inte ...) - NOT-FOR-US: VMWare ESX + NOT-FOR-US: VMware ESX CVE-2005-3617 RESERVED CVE-2005-3616 @@ -3094,9 +3097,9 @@ CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root, allows CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...) NOT-FOR-US: Antville CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remo ...) - NOT-FOR-US: TikiWiki + - tikiwiki <removed> CVE-2005-3528 (Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php ...) - NOT-FOR-US: TikiWiki + - tikiwiki <removed> CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6 allows l ...) - linux-2.6 2.6.14-1 (low) - kernel-source-2.4.27 <not-affected> (Vulnerable code was introduced later) @@ -3718,7 +3721,7 @@ CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in comersus_backoffice_s CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0 ...) NOT-FOR-US: AhnLab CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 al ...) - NOT-FOR-US: TikiWiki + - tikiwiki <removed> CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass authenticati ...) NOT-FOR-US: Splatt Forum CVE-2005-3281 (Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 al ...) @@ -4523,7 +4526,7 @@ CVE-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 U NOT-FOR-US: HP Tru64 CVE-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...) - ncompress <not-affected> (bug #329052; unimportant) - NOTE: see bug close message, Debian's ncompress doesn't expose affected scripts + NOTE: see bug close message, Debian's ncompress doesn't expose affected scripts CVE-2005-2992 (arc 5.21j and earlier allows local users to overwrite arbitrary files ...) {DSA-843-1} - arc 5.21m-1 (low) @@ -4663,7 +4666,7 @@ CVE-2005-2941 CVE-2005-2940 (Unquoted Windows search path vulnerability in Microsoft Antispyware 1. ...) NOT-FOR-US: Microsoft Antispyware CVE-2005-2939 (Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 ...) - NOT-FOR-US: VMWare + NOT-FOR-US: VMware CVE-2005-2938 (Unquoted Windows search path vulnerability in iTunesHelper.exe in iTun ...) NOT-FOR-US: iTunes CVE-2005-2937 @@ -4993,7 +4996,7 @@ CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 an {DSA-809-1} - squid 2.5.10-5 (medium) CVE-2005-2795 - RESERVED + REJECTED CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to c ...) {DSA-809-3 DSA-809-1} - squid 2.5.10-5 (medium) @@ -5176,7 +5179,7 @@ CVE-2005-2711 (ISS BlackIce 3.6, as used in multiple products including BlackICE NOT-FOR-US: ISS CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 allo ...) {DSA-826-1} - NOTE: see http://www.open-security.org/advisories/13 + NOTE: see http://www.open-security.org/advisories/13 - helix-player 1.0.6-1 (bug #330364; high) CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 al ...) {DSA-1018-1 DSA-1017-1} @@ -5725,7 +5728,7 @@ CVE-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain ro {DSA-815-1} - kdebase 4:3.4.2-3 (bug #327039; medium) CVE-2005-2493 - RESERVED + REJECTED CVE-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allow ...) - linux-2.6 2.6.12-7 (bug #327416; medium) CVE-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular Expressi ...) @@ -7129,7 +7132,7 @@ CVE-2005-1927 CVE-2005-1926 RESERVED CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 ...) - NOT-FOR-US: Tikiwiki + - tikiwiki <removed> CVE-2005-1924 (The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote a ...) NOT-FOR-US: External Squirrelmail plugin not packaged in Debian CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, an ...) @@ -10621,7 +10624,7 @@ CVE-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in CVE-2005-0395 REJECTED CVE-2005-0394 - RESERVED + REJECTED CVE-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, w ...) {DSA-733-1} - crip 3.5-1sarge2 (low) @@ -11065,7 +11068,7 @@ CVE-2005-0202 (Directory traversal vulnerability in the true_path function in pr CVE-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a socket ...) - dbus 0.22 CVE-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...) - NOT-FOR-US: TikiWiki + - tikiwiki <removed> CVE-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ngIRC ...) NOT-FOR-US: ngIRCd CVE-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Labe ...) |