[Secure-testing-commits] r4538 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Wed Aug 9 17:00:40 UTC 2006
Author: stef-guest
Date: 2006-08-09 17:00:33 +0000 (Wed, 09 Aug 2006)
New Revision: 4538
Modified:
data/CVE/list
Log:
- new realtime-lsm-source issue
- samba issue fixed
- egroupware bugnum
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-08-09 16:34:45 UTC (rev 4537)
+++ data/CVE/list 2006-08-09 17:00:33 UTC (rev 4538)
@@ -1,3 +1,6 @@
+CVE-2006-XXXX [realtime-lsm-source: wrong permissions might lead to local root]
+ - realtime-lsm 0.8.7-2 (bug #382161; low)
+ NOTE: only to user 1017 or group 1001 and only while root is building the module
CVE-2006-4026 (PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows ...)
NOT-FOR-US: SAPID CMS
CVE-2006-4025 (SQL injection vulnerability in profile.php in XennoBB 2.1.0 and ...)
@@ -71,7 +74,7 @@
CVE-2006-3991 (PHP remote file inclusion vulnerability in index.php in Vlad Vostrykh ...)
NOT-FOR-US: Voodoo chat
CVE-2006-3990 (Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones ...)
- - egroupware <unfixed> (bug filed; medium)
+ - egroupware <unfixed> (bug #382207; medium)
CVE-2006-3989 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
NOT-FOR-US: Knusperleicht
CVE-2006-3988 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
@@ -895,13 +898,13 @@
CVE-2006-3641
RESERVED
CVE-2006-3640 (Microsoft Internet Explorer 5.01 and 6 allows certain script to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3639 (Microsoft Internet Explorer 5.01 and 6 does not properly identify the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3638 (Microsoft Internet Explorer 5.01 and 6 does not properly handle ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3637 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3636
RESERVED
CVE-2006-3635
@@ -909,7 +912,7 @@
CVE-2006-3634 (The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic ...)
TODO: check
CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users to ...)
- TODO: check
+ NOT-FOR-US: shiela
CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 ...)
{DSA-1127}
- ethereal <removed> (bug #378745; high)
@@ -1021,13 +1024,13 @@
CVE-2006-3587 (Unspecified vulnerability in Macromedia Flash Player 8.0.24.0 allows ...)
NOT-FOR-US: Macromedia Flash Player 8
CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote ...)
- TODO: check
+ NOT-FOR-US: Jetbox CMS
CVE-2006-3585 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 ...)
- TODO: check
+ NOT-FOR-US: Jetbox CMS
CVE-2006-3584 (Dynamic variable evaluation vulnerability in index.php in Jetbox CMS ...)
- TODO: check
+ NOT-FOR-US: Jetbox CMS
CVE-2006-3583 (Sessiln fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Jetbox CMS
CVE-2006-3582 (Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and ...)
- adplug 2.0.1-1 (bug #378279; medium)
CVE-2006-3581 (Multiple stack-based buffer overflows in Audacious AdPlug 2.0 and ...)
@@ -1135,7 +1138,7 @@
CVE-2006-3530 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: PccookBook Component for Mambo and Joomla
CVE-2003-1304 (EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under ...)
- TODO: check
+ NOT-FOR-US: EarlyImpact ProductCart
CVE-2006-3529 (Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, ...)
NOT-FOR-US: Juniper JUNOS
CVE-2006-3528 (Multiple PHP remote file inclusion vulnerabilities in Simpleboard ...)
@@ -1185,27 +1188,27 @@
CVE-2006-3506
RESERVED
CVE-2006-3505 (WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS
CVE-2006-3504 (The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS
CVE-2006-3503 (Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS
CVE-2006-3502 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS
CVE-2006-3501 (Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS
CVE-2006-3500 (The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS
CVE-2006-3499 (The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS
CVE-2006-3498 (Stack-based buffer overflow in bootpd in the DHCP component for Apple ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS
CVE-2006-3497 (Unspecified vulnerability in the "compression state handling" in Bom ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS
CVE-2006-3496 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS
CVE-2006-3495 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS
CVE-2006-3494 (Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone ...)
NOT-FOR-US: Buddy Zone
CVE-2006-3493 (Buffer overflow in LsCreateLine function (mso_203) in mso.dll and ...)
@@ -1291,7 +1294,7 @@
[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
NOTE: Only DoS possible, only root can trigger this -> non-issue
CVE-2006-3457 (Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2006-3456
RESERVED
CVE-2006-3455
@@ -1303,11 +1306,11 @@
CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure ...)
NOT-FOR-US: Adobe acrobat
CVE-2006-3451 (Microsoft Internet Explorer does not properly handle chained Cascading Style ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3450 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3448
RESERVED
CVE-2006-3447
@@ -1317,19 +1320,19 @@
CVE-2006-3445
RESERVED
CVE-2006-3444 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3443 (Untrusted search path vulnerability in Winlogon in Microsoft Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3442
RESERVED
CVE-2006-3441 (Buffer overflow in the DNS Client service in Microsoft Windows 2000 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3440 (Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3439 (Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3438 (Unspecified vulnerability in Microsoft Hyperlink Object Library ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3437
RESERVED
CVE-2006-3436
@@ -1398,7 +1401,7 @@
NOT-FOR-US: QTOFileManager
CVE-2006-3403 (The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote ...)
{DSA-1110}
- - samba <unfixed>
+ - samba 3.0.23a-1 (bug #378070)
CVE-2006-3402 (SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers ...)
NOT-FOR-US: VirtuaStore
CVE-2006-3401 (Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: ...)
@@ -1472,15 +1475,15 @@
CVE-2006-3368 (Efone 20000723 stores config.inc under the web document root with ...)
NOT-FOR-US: Efone
CVE-2006-3367 (Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web ...)
- TODO: check
+ NOT-FOR-US: Mp3NetBox
CVE-2006-3366 (Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow ...)
- TODO: check
+ NOT-FOR-US: V3 Chat
CVE-2006-3365 (mail/index.php in V3 Chat allows remote attackers to obtain the ...)
- TODO: check
+ NOT-FOR-US: V3 Chat
CVE-2006-3364 (SQL injection vulnerability in index.php in the NP_SEO plugin in ...)
- TODO: check
+ NOT-FOR-US: BLOG:CMS
CVE-2006-3363 (PHP remote file inclusion vulnerability in index.php in the Glossaire ...)
- TODO: check
+ NOT-FOR-US: Glossaire for Xoops
CVE-2006-3362 (connectors/php/connector.php in FCKeditor mcpuk file manager, as used ...)
- knowledgeroot <unfixed> (bug #381912)
CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and ...)
@@ -2010,7 +2013,7 @@
CVE-2006-3115 (SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly ...)
NOT-FOR-US: phpRaid
CVE-2006-3114 (PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the ...)
- TODO: check
+ NOT-FOR-US: PC Tools AntiVirus
CVE-2006-3113 (Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
NOTE: MFSA-2006-46
- mozilla <not-affected> (mozilla 1.7 not affected)
@@ -6027,9 +6030,9 @@
CVE-2006-1474 (Cross-site scripting (XSS) vulnerability in the "failed" functionality ...)
NOT-FOR-US: Raindance Web Conferencing Pro
CVE-2006-1473 (Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-1472 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-1471 (Format string vulnerability in the CF_syslog function launchd in Apple ...)
NOT-FOR-US: Apple
CVE-2006-1470 (OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers ...)
@@ -8596,9 +8599,9 @@
CVE-2006-0394
REJECTED
CVE-2006-0393 (OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0392 (Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0391 (Directory traversal vulnerability in the BOM framework in Mac OS X ...)
NOT-FOR-US: Apple
CVE-2006-0390
@@ -14715,7 +14718,7 @@
CVE-2005-2739 (Keychain Access in Mac OS X 10.4.2 and earlier keeps a password ...)
NOT-FOR-US: Mac OS X
CVE-2005-2738 (Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple ...)
- TODO: check
+ NOT-FOR-US: Java / Apple
CVE-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 ...)
NOT-FOR-US: PhotoPost
CVE-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier ...)
@@ -15638,13 +15641,13 @@
{DSA-851-1}
- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2530 (Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Java / Apple
CVE-2005-2529 (Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac ...)
- TODO: check
+ NOT-FOR-US: Java / Apple
CVE-2005-2528
RESERVED
CVE-2005-2527 (Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Java / Apple
CVE-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a ...)
NOT-FOR-US: MacOS X
CVE-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file ...)
@@ -17125,7 +17128,7 @@
CVE-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote attackers ...)
NOT-FOR-US: Apple Darwin Streaming Server
CVE-2005-2194 (Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2005-2193 (SQL injection vulnerability in the user profile edit module in ...)
NOT-FOR-US: PunBB
CVE-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...)
More information about the Secure-testing-commits
mailing list