[Secure-testing-commits] r4494 - data/CVE
Joey Hess
joeyh at costa.debian.org
Thu Aug 3 21:14:27 UTC 2006
Author: joeyh
Date: 2006-08-03 21:14:24 +0000 (Thu, 03 Aug 2006)
New Revision: 4494
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-08-03 14:11:15 UTC (rev 4493)
+++ data/CVE/list 2006-08-03 21:14:24 UTC (rev 4494)
@@ -1,3 +1,269 @@
+CVE-2006-3970 (PHP remote file inclusion vulnerability in lmo.php in the LMO ...)
+ TODO: check
+CVE-2006-3969 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-3968 (The crypto provider in Sun Solaris 10 3/05 HW2 without patch ...)
+ TODO: check
+CVE-2006-3967 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-3966 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-3965 (Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web ...)
+ TODO: check
+CVE-2006-3964 (PHP remote file inclusion vulnerability in members.php in Banex PHP ...)
+ TODO: check
+CVE-2006-3963 (Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner ...)
+ TODO: check
+CVE-2006-3962 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-3961 (Unspecified vulnerability in McAfee Internet Security Suite 2006, ...)
+ TODO: check
+CVE-2006-3960 (SQL injection vulnerability in top.php in X-Scripts X-Poll 1.10 allows ...)
+ TODO: check
+CVE-2006-3959 (SQL injection vulnerability in protect.php in X-Scripts X-Protection ...)
+ TODO: check
+CVE-2006-3958 (Multiple unspecified cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2006-3957 (PHP remote file inclusion vulnerability in payment.php in BosDev ...)
+ TODO: check
+CVE-2006-3956 (Multiple cross-site scripting (XSS) vulnerabilities in contact.php in ...)
+ TODO: check
+CVE-2006-3955 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...)
+ TODO: check
+CVE-2006-3954 (Directory traversal vulnerability in usercp.php in MyBB (aka ...)
+ TODO: check
+CVE-2006-3953 (Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka ...)
+ TODO: check
+CVE-2006-3952 (Stack-based buffer overflow in EFS Software Easy File Sharing FTP ...)
+ TODO: check
+CVE-2006-3951 (PHP remote file inclusion vulnerability in moodle.php in Mam-moodle ...)
+ TODO: check
+CVE-2006-3950 (SQL injection vulnerability in x-statistics.php in X-Scripts ...)
+ TODO: check
+CVE-2006-3949 (PHP remote file inclusion vulnerability in artlinks.dispnew.php in the ...)
+ TODO: check
+CVE-2006-3948 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...)
+ TODO: check
+CVE-2006-3947 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-3946 (The KHTMLParser::popOneBlock function in Apple Safari 2.0.4 on Mac OS ...)
+ TODO: check
+CVE-2006-3945 (The CSS functionality in Opera 9 on Windows XP SP2 allows remote ...)
+ TODO: check
+CVE-2006-3944 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
+ TODO: check
+CVE-2006-3943 (Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet ...)
+ TODO: check
+CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows 2000 SP4, Server 2003 ...)
+ TODO: check
+CVE-2006-3941 (Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 ...)
+ TODO: check
+CVE-2006-3940 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...)
+ TODO: check
+CVE-2006-3939 (ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform ...)
+ TODO: check
+CVE-2006-3938 (DotClear allows remote attackers to obtain sensitive information via a ...)
+ TODO: check
+CVE-2006-3937 (post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2006-3936 (system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 ...)
+ TODO: check
+CVE-2006-3935 (system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before ...)
+ TODO: check
+CVE-2006-3934 (Absolute path traversal vulnerability in downloadTrigger.jsp in ...)
+ TODO: check
+CVE-2006-3933 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before ...)
+ TODO: check
+CVE-2006-3932 (SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 ...)
+ TODO: check
+CVE-2006-3931 (Buffer overflow in the daemon function in midirecord.cc in Tuomas ...)
+ TODO: check
+CVE-2006-3930 (PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php ...)
+ TODO: check
+CVE-2006-3929 (Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin ...)
+ TODO: check
+CVE-2006-3928 (PHP remote file inclusion vulnerability in index.php in WMNews 0.2a ...)
+ TODO: check
+CVE-2006-3927 (Cross-site scripting (XSS) vulnerability in auctionsearch.php in ...)
+ TODO: check
+CVE-2006-3926 (Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote ...)
+ TODO: check
+CVE-2006-3925 (Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control ...)
+ TODO: check
+CVE-2006-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before ...)
+ TODO: check
+CVE-2006-3923 (Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse ...)
+ TODO: check
+CVE-2006-3922 (PHP remote file inclusion vulnerability in mod_membre/inscription.php ...)
+ TODO: check
+CVE-2006-3921 (Sun Java System Application Server (SJSAS) 7 through 8.1 and Web ...)
+ TODO: check
+CVE-2006-3920 (The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 ...)
+ TODO: check
+CVE-2006-3919 (SQL injection vulnerability in index.php in SD Studio CMS allows ...)
+ TODO: check
+CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 ...)
+ TODO: check
+CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in R. ...)
+ TODO: check
+CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka ...)
+ TODO: check
+CVE-2006-3915 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
+ TODO: check
+CVE-2006-3914 (Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite ...)
+ TODO: check
+CVE-2006-3913 (Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul ...)
+ TODO: check
+CVE-2006-3912 (Stack-based buffer overflow in the SFX module in WinRAR before 3.60 ...)
+ TODO: check
+CVE-2006-3911 (PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 ...)
+ TODO: check
+CVE-2006-3910 (Internet Explorer 6 on Windows XP SP2, when Outlook is installed, ...)
+ TODO: check
+CVE-2006-3909 (Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads ...)
+ TODO: check
+CVE-2006-3908 (Format string vulnerability in the flush_output function in ...)
+ TODO: check
+CVE-2006-3907 (Siemens SpeedStream 2624 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2006-3906 (Internet Key Exchange (IKE) version 1 protocol, as implemented on ...)
+ TODO: check
+CVE-2006-3905 (SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote ...)
+ TODO: check
+CVE-2006-3904 (SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 ...)
+ TODO: check
+CVE-2006-3903 (CRLF injection vulnerability in (1) index.php and (2) admin.php in ...)
+ TODO: check
+CVE-2006-3902 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber ...)
+ TODO: check
+CVE-2006-3901 (Multiple stack-based buffer overflows in Tumbleweed Email Firewall ...)
+ TODO: check
+CVE-2006-3900 (Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book ...)
+ TODO: check
+CVE-2006-3899 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote ...)
+ TODO: check
+CVE-2006-3898 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote ...)
+ TODO: check
+CVE-2006-3897 (Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows ...)
+ TODO: check
+CVE-2006-3896
+ RESERVED
+CVE-2006-3895
+ RESERVED
+CVE-2006-3894
+ RESERVED
+CVE-2006-3893
+ RESERVED
+CVE-2006-3892
+ RESERVED
+CVE-2006-3891
+ RESERVED
+CVE-2006-3890
+ RESERVED
+CVE-2006-3889
+ RESERVED
+CVE-2006-3888
+ RESERVED
+CVE-2006-3887
+ RESERVED
+CVE-2006-3886 (SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier ...)
+ TODO: check
+CVE-2006-3885 (Directory traversal vulnerability in Check Point Firewall-1 R55W ...)
+ TODO: check
+CVE-2006-3884 (Multiple SQL injection vulnerabilities in links.php in Gonafish ...)
+ TODO: check
+CVE-2006-3883 (Multiple cross-site scripting (XSS) vulnerabilities in Gonafish ...)
+ TODO: check
+CVE-2006-3882 (Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain ...)
+ TODO: check
+CVE-2006-3881 (Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and ...)
+ TODO: check
+CVE-2006-3880 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-3879 (Integer overflow in the loadChunk function in loaders/load_gt2.c in ...)
+ TODO: check
+CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql ...)
+ TODO: check
+CVE-2006-3877
+ RESERVED
+CVE-2006-3876
+ RESERVED
+CVE-2006-3875
+ RESERVED
+CVE-2006-3874
+ RESERVED
+CVE-2006-3873
+ RESERVED
+CVE-2006-3872
+ RESERVED
+CVE-2006-3871
+ RESERVED
+CVE-2006-3870
+ RESERVED
+CVE-2006-3869
+ RESERVED
+CVE-2006-3868
+ RESERVED
+CVE-2006-3867
+ RESERVED
+CVE-2006-3866
+ RESERVED
+CVE-2006-3865
+ RESERVED
+CVE-2006-3864
+ RESERVED
+CVE-2006-3863
+ RESERVED
+CVE-2006-3862
+ RESERVED
+CVE-2006-3861
+ RESERVED
+CVE-2006-3860
+ RESERVED
+CVE-2006-3859
+ RESERVED
+CVE-2006-3858
+ RESERVED
+CVE-2006-3857
+ RESERVED
+CVE-2006-3856
+ RESERVED
+CVE-2006-3855
+ RESERVED
+CVE-2006-3854
+ RESERVED
+CVE-2006-3853
+ RESERVED
+CVE-2006-3852 (Cross-site scripting (XSS) vulnerability in index.php in Micro ...)
+ TODO: check
+CVE-2006-3851 (SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and ...)
+ TODO: check
+CVE-2006-3850 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-3849 (Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection ...)
+ TODO: check
+CVE-2006-3848 (Cross-site scripting (XSS) vulnerability in CGI wrapper for IP ...)
+ TODO: check
+CVE-2006-3847 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-3846 (PHP remote file inclusion vulnerability in extadminmenus.class.php in ...)
+ TODO: check
+CVE-2006-3845 (Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 ...)
+ TODO: check
+CVE-2006-3844 (Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote ...)
+ TODO: check
+CVE-2006-3843 (PHP remote file inclusion vulnerability in com_calendar.php in ...)
+ TODO: check
+CVE-2006-3842 (Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 ...)
+ TODO: check
+CVE-2006-3841 (Cross-site scripting (XSS) vulnerability in WebScarab before ...)
+ TODO: check
+CVE-2006-3840 (The SMB Mailslot parsing functionality in PAM in multiple ISS products ...)
+ TODO: check
+CVE-2006-3839
+ RESERVED
+CVE-2006-3838 (Multiple stack-based buffer overflows in eIQnetworks Enterprise ...)
+ TODO: check
CVE-2006-XXXX [syslog-ng dos]
- syslog-ng 2.0rc1-2
CVE-2006-XXXX [courier-authdaemon: wrong socket permissions may lead to password disclosure]
@@ -10,8 +276,8 @@
CVE-2006-XXXX [gjay buffer overrun]
- gjay 0.2.8.3-5 (bug #361056)
CVE-2006-XXXX [Webalizer buffer overflows]
- - webalizer <unfixed> (unknown)
- NOTE: 11_various_buffer_overflows should be reviewed for exploitability
+ - webalizer <unfixed> (unknown)
+ NOTE: 11_various_buffer_overflows should be reviewed for exploitability
CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes the ...)
NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia Chameleon ...)
@@ -49,22 +315,22 @@
NOT-FOR-US: ATutor
CVE-2006-3820 (Cross-site scripting (XSS) vulnerability in loudblog/index.php in ...)
NOT-FOR-US: Loudblog
-CVE-2006-3819
- RESERVED
+CVE-2006-3819 (Eval injection vulnerability in the configure script in TWiki 4.0.0 ...)
+ TODO: check
CVE-2006-3818
RESERVED
CVE-2006-3817
RESERVED
CVE-2006-3816 (Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote ...)
- krusader <not-affected> (bug #380063; file in directory with 0700 permissions)
-CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in an ...)
+CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a ...)
+ {DSA-1128}
- heartbeat 1.2.4-13 (bug #379904)
CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal function in ...)
- cheesetracker 0.9.9-6 (bug #380364; low)
CVE-2006-3813
RESERVED
-CVE-2006-3812 [firefox/mozilla chrome: scheme loading remote content]
- RESERVED
+CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
NOTE: MFSA-2006-56
- mozilla <unfixed> (medium)
- xulrunner <unfixed> (medium)
@@ -72,8 +338,7 @@
- firefox 1.5.dfsg+1.5.0.5-1 (medium)
- thunderbird <unfixed> (unimportant)
- mozilla-thunderbird <removed> (unimportant)
-CVE-2006-3811 [firefox/mozilla Crashes with evidence of memory corruption (rv:1.8.0.5)]
- RESERVED
+CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...)
NOTE: MFSA-2006-55
- mozilla <unfixed> (high)
- xulrunner <unfixed> (high)
@@ -81,8 +346,7 @@
- firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird <unfixed> (medium)
- mozilla-thunderbird <removed> (medium)
-CVE-2006-3810 [firefox/mozilla XSS with XPCNativeWrapper(window).Function(...)]
- RESERVED
+CVE-2006-3810 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ...)
NOTE: MFSA-2006-54
- mozilla <not-affected> (mozilla 1.7 not affected)
- xulrunner <unfixed> (high)
@@ -90,8 +354,7 @@
- firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird <unfixed> (medium)
- mozilla-thunderbird <not-affected>
-CVE-2006-3809 [firefox/mozilla UniversalBrowserRead privilege escalation]
- RESERVED
+CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
NOTE: MFSA-2006-53
- mozilla <unfixed> (medium)
- xulrunner <unfixed> (medium)
@@ -99,15 +362,13 @@
- firefox 1.5.dfsg+1.5.0.5-1 (medium)
- thunderbird <unfixed> (medium)
- mozilla-thunderbird <removed> (medium)
-CVE-2006-3808 [firefox/mozilla PAC privilege escalation using Function.prototype.call]
- RESERVED
+CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...)
NOTE: MFSA-2006-52
- mozilla <unfixed> (medium)
- xulrunner <unfixed> (medium)
- mozilla-firefox <removed> (medium)
- firefox 1.5.dfsg+1.5.0.5-1 (medium)
-CVE-2006-3807 [firefox/mozilla Privilege escalation using named-functions and redefined "new Object()"]
- RESERVED
+CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
NOTE: MFSA-2006-51
- mozilla <unfixed> (high)
- xulrunner <unfixed> (high)
@@ -115,8 +376,7 @@
- firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird <unfixed> (medium)
- mozilla-thunderbird <removed> (medium)
-CVE-2006-3806 [firefox/mozilla JavaScript engine vulnerabilities]
- RESERVED
+CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla Firefox ...)
NOTE: MFSA-2006-50
- mozilla <unfixed> (high)
- xulrunner <unfixed> (high)
@@ -124,8 +384,7 @@
- firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird <unfixed> (medium)
- mozilla-thunderbird <removed> (medium)
-CVE-2006-3805 [firefox/mozilla JavaScript engine vulnerabilities]
- RESERVED
+CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird ...)
NOTE: MFSA-2006-50
- mozilla <unfixed> (high)
- xulrunner <unfixed> (high)
@@ -133,14 +392,12 @@
- firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird <unfixed> (medium)
- mozilla-thunderbird <removed> (medium)
-CVE-2006-3804 [thunderbird/mozilla Heap buffer overwrite on malformed VCard]
- RESERVED
+CVE-2006-3804 (Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and ...)
NOTE: MFSA-2006-49
- mozilla <unfixed> (high)
- thunderbird <unfixed> (high)
- mozilla-thunderbird <removed> (high)
-CVE-2006-3803 [firefox/mozilla JavaScript new Function race condition]
- RESERVED
+CVE-2006-3803 (Race condition in the JavaScript garbage collection in Mozilla Firefox ...)
NOTE: MFSA-2006-48
- mozilla <not-affected> (mozilla 1.7 not affected)
- xulrunner <unfixed> (high)
@@ -148,8 +405,7 @@
- firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird <unfixed> (medium)
- mozilla-thunderbird <not-affected>
-CVE-2006-3802 [firefox/mozilla Native DOM methods can be hijacked across domains]
- RESERVED
+CVE-2006-3802 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
NOTE: MFSA-2006-47
- mozilla <not-affected> (mozilla 1.7 not affected)
- xulrunner <unfixed> (medium)
@@ -157,8 +413,7 @@
- firefox 1.5.dfsg+1.5.0.5-1 (medium)
- thunderbird <unfixed> (medium)
- mozilla-thunderbird <not-affected>
-CVE-2006-3801 [firefox/mozilla Code execution through deleted frame reference]
- RESERVED
+CVE-2006-3801 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not ...)
NOTE: MFSA-2006-44
- mozilla-firefox <not-affected> (only firefox >= 1.5)
- mozilla-thunderbird <not-affected> (only firefox >= 1.5)
@@ -178,7 +433,7 @@
NOT-FOR-US: DeluxeBB
CVE-2006-3795 (Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before ...)
NOT-FOR-US: DeluxeBB
-CVE-2006-3794 (SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart ...)
+CVE-2006-3794 (** DISPUTED ** ...)
NOT-FOR-US: AFCommerce
CVE-2006-3793 (PHP remote file inclusion vulnerability in constants.php in SiteDepth ...)
NOT-FOR-US: SiteDepth
@@ -230,10 +485,10 @@
TODO: check
CVE-2006-3769 (Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and ...)
TODO: check
-CVE-2006-3768
- RESERVED
-CVE-2006-3767 (Cross-site scripting (XSS) vulnerability in Darren's $5 Script Archive ...)
+CVE-2006-3768 (Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before ...)
TODO: check
+CVE-2006-3767 (Cross-site scripting (XSS) vulnerability in showprofile.php in ...)
+ TODO: check
CVE-2006-3766 (Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to ...)
TODO: check
CVE-2006-3765 (Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher ...)
@@ -272,12 +527,11 @@
TODO: check
CVE-2006-3748 (PHP remote file inclusion vulnerability in ...)
TODO: check
-CVE-2006-3747 [apache mod_rewrite off-by-one bug]
- RESERVED
+CVE-2006-3747 (Off-by-one error in the the ldap scheme handling in the Rewrite module ...)
+ {DSA-1132-1 DSA-1131-1}
- apache <unfixed> (medium)
- apache2 <unfixed> (medium; bug #380182)
-CVE-2006-3746
- RESERVED
+CVE-2006-3746 (Buffer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote ...)
- gnupg 1.4.5-1 (medium)
- gnupg2 (medium)
CVE-2006-3745
@@ -312,7 +566,7 @@
NOT-FOR-US: Mail2Forum
CVE-2006-3734 (Multiple unspecified vulnerabilities in the Command Line Interface ...)
NOT-FOR-US: CS-MARS
-CVE-2006-3733 (Unspecified vulnerability in a component of the JBoss web application ...)
+CVE-2006-3733 (jmx-console/HtmlAdaptor in the jmx-console in the JBoss web ...)
NOT-FOR-US: Cisco / JBoss
CVE-2006-3732 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
NOT-FOR-US: CS-MARS
@@ -399,13 +653,13 @@
- ruby1.9 1.9.0+20060609-1 (medium)
CVE-2006-3693 (Rocks Clusters 4.1 and earlier allows local users to gain privileges ...)
NOT-FOR-US: Rocks Clusters
-CVE-2006-3692 (PHP remote file inclusion vulnerability in enduser/listmessenger.php ...)
+CVE-2006-3692 (** DISPUTED ** ...)
NOT-FOR-US: ListMessenger
CVE-2006-3691 (Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier ...)
NOT-FOR-US: VBZooM
CVE-2006-3690 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...)
NOT-FOR-US: MiniBB
-CVE-2006-3689 (PHP remote file inclusion vulnerability in user-func.php in Codeworks ...)
+CVE-2006-3689 (** DISPUTED ** ...)
NOT-FOR-US: Codeworks Gnomedia SubberZ[Lite]
CVE-2006-3688 (SQL injection vulnerability in Room.php in Francisco Charrua ...)
NOT-FOR-US: Francisco Charrua Photo-Gallery
@@ -427,10 +681,9 @@
NOT-FOR-US: Photocycle
CVE-2006-3679 (FatWire Content Server 5.5.0 allows remote attackers to bypass access ...)
NOT-FOR-US: FatWire Content Server
-CVE-2006-3678
- RESERVED
-CVE-2006-3677 [mozilla/firefox Javascript navigator Object Vulnerability]
- RESERVED
+CVE-2006-3678 (TippingPoint IPS running the TippingPoint Operating System (TOS) ...)
+ TODO: check
+CVE-2006-3677 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...)
NOTE: MFSA-2006-45
- mozilla <not-affected> (mozilla 1.7 not affected)
- xulrunner <unfixed> (high)
@@ -440,8 +693,8 @@
- mozilla-thunderbird <not-affected>
CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote ...)
TODO: check
-CVE-2006-3675
- RESERVED
+CVE-2006-3675 (Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the ...)
+ TODO: check
CVE-2006-3674 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...)
- armagetron <unfixed> (bug #379062; medium)
CVE-2006-3673 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...)
@@ -456,6 +709,7 @@
CVE-2006-3669 (Mercury Messenger, possibly 1.7.1.1 and other versions, when running ...)
NOT-FOR-US: Mercury Messenger
CVE-2006-3668 (Heap-based buffer overflow in the it_read_envelope function in Dynamic ...)
+ {DSA-1123}
- libdumb 1:0.9.3-5 (bug #379064; medium)
CVE-2006-3667 (Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking ...)
NOT-FOR-US: Sybase/Financial Fusion Consumer Banking Suite
@@ -526,21 +780,26 @@
RESERVED
CVE-2006-3634
RESERVED
-CVE-2006-3633
- RESERVED
+CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users to ...)
+ TODO: check
CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 ...)
+ {DSA-1127}
- ethereal <removed> (bug #378745; high)
- wireshark 0.99.2-1 (high)
CVE-2006-3631 (Unspecified vulnerability in the SSH dissector in Wireshark (aka ...)
+ {DSA-1127}
- ethereal <removed> (bug #378745; high)
- wireshark 0.99.2-1 (high)
CVE-2006-3630 (Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to ...)
+ {DSA-1127}
- ethereal <removed> (bug #378745; high)
- wireshark 0.99.2-1 (high)
CVE-2006-3629 (Unspecified vulnerability in the MOUNT dissector in Wireshark ...)
+ {DSA-1127}
- ethereal <removed> (bug #378745; high)
- wireshark 0.99.2-1 (high)
CVE-2006-3628 (Multiple format string vulnerabilities in Wireshark (aka Ethereal) ...)
+ {DSA-1127}
- ethereal <removed> (bug #378745; high)
- wireshark 0.99.2-1 (high)
CVE-2006-3627 (Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark ...)
@@ -559,8 +818,8 @@
NOT-FOR-US: Koobi Pro CMS
CVE-2006-3620 (Cross-site scripting (XSS) vulnerability in the showtopic module in ...)
NOT-FOR-US: Koobi Pro CMS
-CVE-2006-3619
- RESERVED
+CVE-2006-3619 (Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC ...)
+ TODO: check
CVE-2006-3618 (SQL injection vulnerability in pblguestbook.php in Pixelated By Lev ...)
NOT-FOR-US: Pixelated By Lev (PBL) Guestbook
CVE-2006-3617 (Cross-site scripting (XSS) vulnerability in pblguestbook.php in ...)
@@ -599,6 +858,7 @@
CVE-2006-3601 (** UNVERIFIABLE ** ...)
NOT-FOR-US: DotNetNuke
CVE-2006-3600 (Multiple stack-based buffer overflows in the LookupTRM::lookup ...)
+ {DSA-1135-1}
- libtunepimp 0.4.2-3.0etch1 (bug #378091; medium)
CVE-2006-3599 (SQL injection vulnerability in the Nuke Advanced Classifieds module ...)
NOT-FOR-US: Nuke Advanced Classifieds module for PHP-Nuke
@@ -640,9 +900,9 @@
RESERVED
CVE-2006-3583
RESERVED
-CVE-2006-3582 (Multiple stack-based buffer overflows in AdPlug 2.0 and earlier allow ...)
+CVE-2006-3582 (Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and ...)
- adplug 2.0.1-1 (bug #378279; medium)
-CVE-2006-3581 (Multiple stack-based buffer overflows in AdPlug 2.0 and earlier allow ...)
+CVE-2006-3581 (Multiple stack-based buffer overflows in Audacious AdPlug 2.0 and ...)
- adplug 2.0.1-1 (bug #378279; medium)
CVE-2006-3580 (SQL injection vulnerability in pages.asp in ASP Stats Generator before ...)
NOT-FOR-US: ASP Stats Generator
@@ -878,24 +1138,31 @@
REJECTED
CVE-2006-3465 [libtiff: flaw in custom tag support]
RESERVED
+ {DSA-1137-1}
- tiff 3.8.2-6
CVE-2006-3464 [libtiff: insufficient range checking]
RESERVED
+ {DSA-1137-1}
- tiff 3.8.2-6
CVE-2006-3463 [libtiff: infinite loop was discovered in EstimateStripByteCounts()]
RESERVED
+ {DSA-1137-1}
- tiff 3.8.2-6
CVE-2006-3462 [libtiff: NeXT RLE decoder heap overflow]
RESERVED
+ {DSA-1137-1}
- tiff 3.8.2-6
CVE-2006-3461 [libtiff: heap overflow exists in the PixarLog decoder]
RESERVED
+ {DSA-1137-1}
- tiff 3.8.2-6
CVE-2006-3460 [libtiff: heap overflow vulnerability was discovered in the jpeg decoder]
RESERVED
+ {DSA-1137-1}
- tiff 3.8.2-6
CVE-2006-3459 [libtiff: stack buffer overflow via TIFFFetchShortPair()]
RESERVED
+ {DSA-1137-1}
- tiff 3.8.2-6
CVE-2006-3486 (** DISPUTED ** ...)
- mysql-dfsg-5.0 5.0.22-4 (unimportant)
@@ -1126,8 +1393,8 @@
CVE-2006-3404 (Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c ...)
{DSA-1116}
- gimp 2.2.11-3.1 (bug #377049; medium)
-CVE-2006-3350
- RESERVED
+CVE-2006-3350 (Stack-based buffer overflow in AutoVue SolidModel Professional Desktop ...)
+ TODO: check
CVE-2006-3349 (Multiple SQL injection vulnerabilities in SmS Script allow remote ...)
NOT-FOR-US: SmS Script
CVE-2006-3348 (Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 ...)
@@ -1189,6 +1456,7 @@
CVE-2006-3321 (Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp ...)
NOT-FOR-US: OpenForum
CVE-2006-3320 (Cross-site scripting (XSS) vulnerability in command.php in SiteBar ...)
+ {DSA-1130-1}
- sitebar 3.3.8-1.1 (bug #377299; low)
CVE-2006-3319 (Cross-site scripting (XSS) vulnerability in rss/index.php in PHP ...)
NOT-FOR-US: PHP iCalendar
@@ -1595,16 +1863,17 @@
RESERVED
CVE-2006-3123 [cfs integer overflow]
RESERVED
+ {DSA-1138-1}
- cfs 1.4.1-17
CVE-2006-3122
RESERVED
CVE-2006-3121
RESERVED
-CVE-2006-3120 [osiris arbitrary code execution]
- RESERVED
+CVE-2006-3120 (Format string vulnerability in Brian Wotring Osiris before 4.2.1 ...)
+ {DSA-1129}
- osiris 4.2.0-2 (medium)
-CVE-2006-3119
- RESERVED
+CVE-2006-3119 (The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a ...)
+ {DSA-1124}
CVE-2006-3118 (spread uses a temporary file with a static filename based on the port ...)
- spread <unfixed> (bug #375617; low)
[sarge] - spread <no-dsa> (Minimal security implications)
@@ -1617,8 +1886,7 @@
NOT-FOR-US: phpRaid
CVE-2006-3114
RESERVED
-CVE-2006-3113 [mozilla/firefox Memory corruption with simultaneous events]
- RESERVED
+CVE-2006-3113 (Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
NOTE: MFSA-2006-46
- mozilla <not-affected> (mozilla 1.7 not affected)
- xulrunner <unfixed> (high)
@@ -2007,8 +2275,7 @@
CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux ...)
- linux-2.6 2.6.17-3
- linux-2.6.16 2.6.16-17
-CVE-2006-2933 [kdm dos]
- RESERVED
+CVE-2006-2933 (kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat ...)
[sarge] - kdebase <not-affected> (Only KDE < 3.2 vulnerable)
CVE-2006-2932
RESERVED
@@ -2085,6 +2352,7 @@
CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions before ...)
NOT-FOR-US: ESTsoft InternetDISK
CVE-2006-2898 (The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 ...)
+ {DSA-1126}
- asterisk 1:1.2.10.dfsg-2 (bug #380054)
- iax 0.2.2-5
- iaxmodem 0.1.8.dfsg-2
@@ -2217,10 +2485,13 @@
CVE-2006-2834 (PHP remote file inclusion vulnerability in includes/common.php in ...)
NOT-FOR-US: gnopaste
CVE-2006-2833 (Cross-site scripting (XSS) vulnerability in the taxonomy module in ...)
+ {DSA-1125}
- drupal 4.5.8-1.1 (medium)
CVE-2006-2832 (Cross-site scripting (XSS) vulnerability in the upload module ...)
+ {DSA-1125}
- drupal 4.5.8-1.1 (medium)
CVE-2006-2831 (Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under ...)
+ {DSA-1125}
NOTE: Although not in the changelog, sesse@ (responsible for 4.5.8-1.1)
NOTE: says he pulled in the entire patch for DRUPAL-SA-2006-007, which
NOTE: fixes CVE-2006-2831.
@@ -2342,7 +2613,7 @@
CVE-2006-2788 (Double-free vulnerability in the getRawDER function for nsIX509Cert in ...)
TODO: check
CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...)
- {DSA-1120 DSA-1118}
+ {DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-31
- firefox 1.5.dfsg+1.5.0.4-1 (medium)
- thunderbird 1.5.0.4-1 (medium)
@@ -2350,7 +2621,7 @@
- mozilla 1.7.13-0.3 (medium)
- xulruner 1.8.0.4-1 (medium)
CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and ...)
- {DSA-1120 DSA-1118}
+ {DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-33
- firefox 1.5.dfsg+1.5.0.4-1 (medium)
- thunderbird 1.5.0.4-1 (medium)
@@ -2358,20 +2629,20 @@
- mozilla 1.7.13-0.3 (medium)
- xulruner 1.8.0.4-1 (medium)
CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
- {DSA-1120 DSA-1118}
+ {DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-34
- firefox 1.5.dfsg+1.5.0.4-1 (medium)
- mozilla 1.7.13-0.3 (medium)
- xulruner 1.8.0.4-1 (medium)
CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows ...)
- {DSA-1120 DSA-1118}
+ {DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-36
- firefox 1.5.dfsg+1.5.0.4-1 (medium)
[sarge] - mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- xulruner 1.8.0.4-1 (medium)
CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strips the Unicode ...)
- {DSA-1120 DSA-1118}
+ {DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-42
- firefox 1.5.dfsg+1.5.0.4-1 (medium)
- thunderbird 1.5.0.4-1 (medium)
@@ -2379,21 +2650,21 @@
- mozilla 1.7.13-0.3 (medium)
- xulruner 1.8.0.4-1 (medium)
CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
- {DSA-1120 DSA-1118}
+ {DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-41
- firefox 1.5.dfsg+1.5.0.4-1 (medium)
[sarge] - mozilla-thunderbird <unfixed> (medium)
- mozilla 1.7.13-0.3 (medium)
- xulruner 1.8.0.4-1 (medium)
CVE-2006-2781 (Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4 and ...)
- {DSA-1118}
+ {DSA-1134-1 DSA-1118}
NOTE: MFSA-2006-40
- thunderbird 1.5.0.4-1 (high)
[sarge] - mozilla-thunderbird <unfixed> (high)
- mozilla 1.7.13-0.3 (high)
- xulruner <unfixed> (high)
CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 ...)
- {DSA-1120 DSA-1118}
+ {DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-32
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
@@ -2401,7 +2672,7 @@
- mozilla 1.7.13-0.3 (high)
- xulruner 1.8.0.4-1 (high)
CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ...)
- {DSA-1120 DSA-1118}
+ {DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-32
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
@@ -2409,7 +2680,7 @@
- mozilla 1.7.13-0.3 (high)
- xulruner <unfixed> (high)
CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird before ...)
- {DSA-1120 DSA-1118}
+ {DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-38
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
@@ -2417,13 +2688,13 @@
- mozilla 1.7.13-0.3 (high)
- xulruner 1.8.0.4-1 (high)
CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and ...)
- {DSA-1120 DSA-1118}
+ {DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-43
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- mozilla 1.7.13-0.3 (high)
- xulruner <unfixed> (high)
CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird before ...)
- {DSA-1120 DSA-1118}
+ {DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-37
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
@@ -2431,7 +2702,7 @@
- mozilla 1.7.13-0.3 (high)
- xulruner 1.8.0.4-1 (high)
CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL ...)
- {DSA-1120 DSA-1118}
+ {DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-35
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
@@ -2501,8 +2772,10 @@
CVE-2006-2744 (PHP remote file inclusion vulnerability in p-popupgallery.php in ...)
NOT-FOR-US: F at cile
CVE-2006-2743 (Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with ...)
+ {DSA-1125}
- drupal 4.5.8-1.1 (bug #368835; medium)
CVE-2006-2742 (SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 ...)
+ {DSA-1125}
- drupal 4.5.8-1.1 (medium)
CVE-2006-2741 (Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 ...)
NOT-FOR-US: tinyBB
@@ -3083,8 +3356,8 @@
NOT-FOR-US: Squirrelcart
CVE-2006-2482
RESERVED
-CVE-2006-2481
- RESERVED
+CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.3 patch 4 ...)
+ TODO: check
CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-complicit ...)
- dia 0.95.0-4 (bug #368202; low)
[sarge] - dia <no-dsa> (Hardly exploitable, would require obviously malformed file names)
@@ -4300,7 +4573,7 @@
CVE-2006-1943 (Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts ...)
NOT-FOR-US: Smarter Scripts IntelliLink Pro
CVE-2006-1942 (Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, ...)
- {DSA-1120 DSA-1118}
+ {DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-39
- firefox 1.5.dfsg+1.5.0.4-1 (low)
- thunderbird <unfixed> (low)
@@ -4867,7 +5140,7 @@
NOTE: exploitable in the default configuration.
- xulrunner 1.8.0.1-9
CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla ...)
- {DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ {DSA-1134-1 DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla 2:1.7.13-0.1 (medium)
@@ -5286,6 +5559,7 @@
CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital Library ...)
NOT-FOR-US: Keystone Digital Library Suite
CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ {DSA-1133-1}
[woody] - mantis <not-affected> (Vulnerable code not present)
- mantis 0.19.4-3.1 (bug #361138)
CVE-2006-1576 (Direct static code injection vulnerability in QLnews 1.2 allows remote ...)
@@ -6276,8 +6550,8 @@
RESERVED
CVE-2006-1179
RESERVED
-CVE-2006-1178
- RESERVED
+CVE-2006-1178 (Tamarack MMSd before 7.992 allows remote attackers to cause a denial ...)
+ TODO: check
CVE-2006-1177
RESERVED
CVE-2006-1176 (Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl ...)
@@ -7029,8 +7303,10 @@
CVE-2006-0842 (Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows ...)
NOT-FOR-US: Calacode @Mail
CVE-2006-0841 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 ...)
+ {DSA-1133-1}
- mantis 0.19.4-3.1 (bug #378353)
CVE-2006-0840 (manage_user_page.php in Mantis 1.00rc4 and earlier does not properly ...)
+ {DSA-944-1}
- mantis <unfixed>
CVE-2006-0839 (The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly ...)
- snort <not-affected> (frag3 is only in 2.4, currently there is 2.3.3 in sid)
@@ -7444,9 +7720,11 @@
CVE-2006-0666 (Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels ...)
NOT-FOR-US: AIX
CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) ...)
+ {DSA-1133-1}
- mantis 0.19.4-3
[woody] - mantis <not-affected> (Complete rewrite in 0.19)
CVE-2006-0664 (Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in ...)
+ {DSA-1133-1}
- mantis 0.19.4-3
[woody] - mantis <not-affected> (Complete rewrite in 0.19)
CVE-2006-0663 (Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino ...)
@@ -10487,7 +10765,8 @@
NOT-FOR-US: WinEggDropShell
CVE-2005-3991 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat ...)
NOT-FOR-US: phpMyChat
-CVE-2005-3990 (Directory traversal vulnerability in FastJar 0.93 allows remote ...)
+CVE-2005-3990
+ REJECTED
- gcc-4.1 <unfixed> (bug #368397; low)
CVE-2005-3989 (Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack ...)
NOT-FOR-US: Avaya hardware
@@ -11642,12 +11921,12 @@
- linux-2.6 2.6.14-7
CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain ...)
- phpmyadmin <unfixed> (unimportant)
-CVE-2005-3620
- RESERVED
+CVE-2005-3620 (The management interface for VMware ESX Server 2.0.x before 2.0.2 ...)
+ TODO: check
CVE-2005-3619 (Cross-site scripting (XSS) vulnerability in the management interface ...)
NOT-FOR-US: VMware ESX
-CVE-2005-3618
- RESERVED
+CVE-2005-3618 (Cross-site request forgery (CSRF) vulnerability in the management ...)
+ TODO: check
CVE-2005-3617
RESERVED
CVE-2005-3616
@@ -17029,7 +17308,7 @@
NOTE: 2.6.8 and 2.4.27 not affected
- linux-2.6 2.6.12-3 (bug #323039; medium)
CVE-2005-2097 (xpdf and kpdf do not properly validate the "loca" table in PDF files, ...)
- {DSA-984-1 DSA-982-1 DSA-936-1 DSA-780-1 DTSA-28-1}
+ {DSA-1136-1 DSA-984-1 DSA-982-1 DSA-936-1 DSA-780-1 DTSA-28-1}
- kdegraphics 4:3.4.2-1 (bug #322458; low)
- xpdf 3.00-15 (bug #322462; low)
[woody] - tetex-bin <not-affected> (pdftex doesn't include or use the vulnerable code)
@@ -21093,6 +21372,7 @@
CVE-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow ...)
NOT-FOR-US: VHCS
CVE-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 ...)
+ {DSA-1122 DSA-1121}
- libnet-server-perl 0.89-1
NOTE: This was already fixed in 0.87-1, although the changelog doesn't mention
NOTE: the security implication, which was noticed later. I've verified both fixes
@@ -22721,7 +23001,7 @@
NOT-FOR-US: Painkiller
CVE-2004-1744 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to ...)
NOT-FOR-US: ESF Webserver
-CVE-2004-1743 (Easy File Sharing (ESF) Webserver 1.25 allows remote attackers to view ...)
+CVE-2004-1743 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view ...)
NOT-FOR-US: ESF Webserver
CVE-2004-1742 (Directory traversal vulnerability in WebAPP 0.9.9 allows remote ...)
NOT-FOR-US: WebAPP
More information about the Secure-testing-commits
mailing list