[Secure-testing-commits] r4548 - data/CVE
Joey Hess
joeyh at costa.debian.org
Thu Aug 10 09:14:51 UTC 2006
Author: joeyh
Date: 2006-08-10 09:14:48 +0000 (Thu, 10 Aug 2006)
New Revision: 4548
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-08-09 21:19:40 UTC (rev 4547)
+++ data/CVE/list 2006-08-10 09:14:48 UTC (rev 4548)
@@ -1,3 +1,93 @@
+CVE-2006-4071 (Sign extension vulnerability in the createBrushIndirect function in ...)
+ TODO: check
+CVE-2006-4070 (Format string vulnerability in Imendio Planner 0.13 allows ...)
+ TODO: check
+CVE-2006-4069 (Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino ...)
+ TODO: check
+CVE-2006-4068 (The pswd.js script relies on the client to calculate whether a ...)
+ TODO: check
+CVE-2006-4067 (Cross-site scripting (XSS) vulnerability in cake/libs/error.php in ...)
+ TODO: check
+CVE-2006-4066 (The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft ...)
+ TODO: check
+CVE-2006-4065 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko ...)
+ TODO: check
+CVE-2006-4064 (SQL injection vulnerability in default.asp in YenerTurk Haber Script ...)
+ TODO: check
+CVE-2006-4063 (Multiple PHP remote file inclusion vulnerabilities in Csaba Godor ...)
+ TODO: check
+CVE-2006-4062 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4061 (PHP remote file inclusion vulnerability in index.php in Thomas Pequet ...)
+ TODO: check
+CVE-2006-4060 (PHP remote file inclusion vulnerability in calendar.php in Visual ...)
+ TODO: check
+CVE-2006-4059 (Multiple PHP remote file inclusion vulnerabilities in USOLVED ...)
+ TODO: check
+CVE-2006-4058 (Cross-site scripting (XSS) vulnerability in archive.php in Simplog ...)
+ TODO: check
+CVE-2006-4057 (Buffer overflow in the preview_create function in gui.cpp in Mitch ...)
+ TODO: check
+CVE-2006-4056 (Multiple SQL injection vulnerabilities in the authentication process ...)
+ TODO: check
+CVE-2006-4055 (Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring ...)
+ TODO: check
+CVE-2006-4054 (Multiple PHP remote file inclusion vulnerabilities in ME Download ...)
+ TODO: check
+CVE-2006-4053 (PHP remote file inclusion vulnerability in templates/header.php in ME ...)
+ TODO: check
+CVE-2006-4052 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
+ TODO: check
+CVE-2006-4051 (PHP remote file inclusion vulnerability in global.php in Turnkey Web ...)
+ TODO: check
+CVE-2006-4050 (PHP remote file inclusion vulnerability in auto_check_renewals.php in ...)
+ TODO: check
+CVE-2006-4049 (Unspecified vulnerability in the utxconfig utility in Sun Ray Server ...)
+ TODO: check
+CVE-2006-4048 (Netious CMS 0.4 initializes session IDs based on the client IP ...)
+ TODO: check
+CVE-2006-4047 (SQL injection vulnerability in index.php in Netious CMS 0.4 and ...)
+ TODO: check
+CVE-2006-4046 (Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 ...)
+ TODO: check
+CVE-2006-4045 (PHP remote file inclusion vulnerability in news.php in Torbstoff News ...)
+ TODO: check
+CVE-2006-4044 (PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad ...)
+ TODO: check
+CVE-2006-4043 (index.php in myWebland myBloggie 2.1.4 and earlier allows remote ...)
+ TODO: check
+CVE-2006-4042 (Multiple SQL injection vulnerabilities in trackback.php in myWebland ...)
+ TODO: check
+CVE-2006-4041 (SQL injection vulnerability in Pike before 7.6.86, when using a ...)
+ TODO: check
+CVE-2006-4040 (PHP remote file inclusion vulnerability in myevent.php in myWebland ...)
+ TODO: check
+CVE-2006-4039 (Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos ...)
+ TODO: check
+CVE-2006-4038 (Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php ...)
+ TODO: check
+CVE-2006-4037 (Unspecified vulnerability in Fenestrae Faxination Server allows remote ...)
+ TODO: check
+CVE-2006-4036 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4035 (SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c ...)
+ TODO: check
+CVE-2006-4034 (PHP remote file inclusion vulnerability in include/html/config.php in ...)
+ TODO: check
+CVE-2006-4033 (Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and ...)
+ TODO: check
+CVE-2006-4032 (Unspecified vulnerability in Cisco IOS CallManager Express (CME) ...)
+ TODO: check
+CVE-2006-4031 (MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to ...)
+ TODO: check
+CVE-2006-4030
+ RESERVED
+CVE-2006-4029 (Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 ...)
+ TODO: check
+CVE-2006-4028 (Multiple unspecified vulnerabilities in WordPress before 2.0.4 have ...)
+ TODO: check
+CVE-2006-4027
+ RESERVED
CVE-2006-XXXX [realtime-lsm-source: wrong permissions might lead to local root]
- realtime-lsm 0.8.7-2 (bug #382161; low)
NOTE: only to user 1017 or group 1001 and only while root is building the module
@@ -19,7 +109,7 @@
- php4 <unfixed> (medium; bug #382261)
CVE-2006-4019
RESERVED
-CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in Clam AntiVirus ...)
+CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in ...)
- clamav 0.88.4-1 (high; bug #382004; bug #382007)
CVE-2006-4017 (Cross-site scripting (XSS) vulnerability in the search module in Inter ...)
NOT-FOR-US: Inter Network Marketing (INM) CMS G3
@@ -97,8 +187,8 @@
NOT-FOR-US: Mambo Gallery Manager for Mambo
CVE-2006-3980 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Mambo Gallery Manager for Mambo
-CVE-2006-3979
- RESERVED
+CVE-2006-3979 (The AdminAPI of ColdFusion MX 7 allows attackers to bypass ...)
+ TODO: check
CVE-2006-3978
RESERVED
CVE-2006-3977 (Unspecified vulnerability in CA eTrust Antivirus WebScan before ...)
@@ -1032,7 +1122,7 @@
NOT-FOR-US: Jetbox CMS
CVE-2006-3584 (Dynamic variable evaluation vulnerability in index.php in Jetbox CMS ...)
NOT-FOR-US: Jetbox CMS
-CVE-2006-3583 (Sessiln fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers ...)
+CVE-2006-3583 (Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote ...)
NOT-FOR-US: Jetbox CMS
CVE-2006-3582 (Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and ...)
- adplug 2.0.1-1 (bug #378279; medium)
@@ -1060,7 +1150,7 @@
NOT-FOR-US: Papoo
CVE-2006-3570 (Cross-site scripting (XSS) vulnerability in the webform module in ...)
- drupal <not-affected> (webform module is not in Debian Drupal 4.5 package)
-CVE-2006-3569 (Unspecified vulnerability in IBM Data ONTAP 7.1 and 7.1.0.1, when used ...)
+CVE-2006-3569 (Unspecified vulnerability in NetApp Data ONTAP 7.0x through 7.0.4P8D9, ...)
NOT-FOR-US: IBM Data ONTAP
CVE-2006-3568 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php ...)
NOT-FOR-US: Fantastic Guestbook
@@ -1260,7 +1350,7 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3470 (The Dell Openmanage CD launches X11 and SSH daemons that do not ...)
NOT-FOR-US: Dell Openmanage CD
-CVE-2006-3469 (Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and ...)
+CVE-2006-3469 (Format string vulnerability in time.cc in MySQL Server 4.1 before ...)
{DSA-1112}
TODO: check
CVE-2006-3468 (Linux kernel 2.6.x, when using both NFS and EXT3, allows remote ...)
@@ -1308,9 +1398,9 @@
NOT-FOR-US: Adobe acrobat
CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure ...)
NOT-FOR-US: Adobe acrobat
-CVE-2006-3451 (Microsoft Internet Explorer does not properly handle chained Cascading Style ...)
+CVE-2006-3451 (Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage ...)
NOT-FOR-US: Microsoft
-CVE-2006-3450 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows ...)
+CVE-2006-3450 (Microsoft Internet Explorer 6 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft
CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, ...)
NOT-FOR-US: Microsoft
@@ -1994,8 +2084,7 @@
CVE-2006-3123 (Multiple integer overflows in the (1) dodecrypt and (2) doencrypt ...)
{DSA-1138-1}
- cfs 1.4.1-17
-CVE-2006-3122
- RESERVED
+CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP server 2.0pl5 ...)
{DSA-1143-1}
CVE-2006-3121
RESERVED
@@ -2077,12 +2166,10 @@
NOT-FOR-US: EZGallery
CVE-2006-3086 (Buffer overflow in Microsoft Hyperlink Object Library (hlink.dll) ...)
NOT-FOR-US: Microsoft
-CVE-2006-3084 [krb5 priviledge escalation]
- RESERVED
+CVE-2006-3084 (The (1) ftpd and (2) ksu programs in MIT Kerberos 5 (krb5) up to 1.5, ...)
{DSA-1146-1}
- krb5 1.4.3-9 (medium)
-CVE-2006-3083 [krb5 priviledge escalation]
- RESERVED
+CVE-2006-3083 (The (1) krshd and (2) v4rcp applications in MIT Kerberos 5 (krb5) up ...)
{DSA-1146-1}
- krb5 1.4.3-9 (medium)
CVE-2006-3082 (parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, ...)
@@ -2226,7 +2313,7 @@
CVE-2006-3018 (Unspecified vulnerability in the session extension functionality in ...)
- php5 5.1.4-0.1 (medium)
- php4 <unfixed> (medium)
-CVE-2006-3017 (zend_hash.c in PHP before 5.1.3 can cause the internal zend_hash_del ...)
+CVE-2006-3017 (zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x ...)
- php5 5.1.4-0.1 (medium)
- php4 <unfixed> (medium; bug #381998)
CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...)
@@ -3507,7 +3594,7 @@
NOT-FOR-US: Squirrelcart
CVE-2006-2482
RESERVED
-CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.3 patch 4 ...)
+CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 ...)
NOT-FOR-US: VMware ESX
CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-complicit ...)
- dia 0.95.0-4 (bug #368202; low)
More information about the Secure-testing-commits
mailing list