[Secure-testing-commits] r4651 - data/CVE
Joey Hess
joeyh at costa.debian.org
Tue Aug 29 09:14:25 UTC 2006
Author: joeyh
Date: 2006-08-29 09:14:22 +0000 (Tue, 29 Aug 2006)
New Revision: 4651
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-08-28 19:48:27 UTC (rev 4650)
+++ data/CVE/list 2006-08-29 09:14:22 UTC (rev 4651)
@@ -1,13 +1,219 @@
-CVE-2006-4333 [several issues fixed in wireshark 0.99.3: SSCOP dissector]
+CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates ...)
+ TODO: check
+CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...)
+ TODO: check
+CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows remote ...)
+ TODO: check
+CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...)
+ TODO: check
+CVE-2006-4432 (Directory traversal vulnerability in Zend Platform 2.2.1 and earlier ...)
+ TODO: check
+CVE-2006-4431 (Multiple buffer overflows in the (a) Session Clustering Daemon and the ...)
+ TODO: check
+CVE-2006-4430 (The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows ...)
+ TODO: check
+CVE-2006-4429 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-4428 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-4427 (index.php in eFiction before 2.0.7 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2006-4426 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4425 (Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 ...)
+ TODO: check
+CVE-2006-4424 (PHP remote file inclusion vulnerability in coin_includes/constants.php ...)
+ TODO: check
+CVE-2006-4423 (Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 ...)
+ TODO: check
+CVE-2006-4422 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4421 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2006-4420 (Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 ...)
+ TODO: check
+CVE-2006-4419 (SQL injection vulnerability in note.php in ProManager 0.73 allows ...)
+ TODO: check
+CVE-2006-4418 (Directory traversal vulnerability in index.php for Wikepage 2006.2a ...)
+ TODO: check
+CVE-2006-4417 (SQL injection vulnerability in edituser.php in Xoops before 2.0.15 ...)
+ TODO: check
+CVE-2006-4416 (Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 ...)
+ TODO: check
+CVE-2006-4415
+ RESERVED
+CVE-2006-4414
+ RESERVED
+CVE-2006-4413
+ RESERVED
+CVE-2006-4412
+ RESERVED
+CVE-2006-4411
+ RESERVED
+CVE-2006-4410
+ RESERVED
+CVE-2006-4409
+ RESERVED
+CVE-2006-4408
+ RESERVED
+CVE-2006-4407
+ RESERVED
+CVE-2006-4406
+ RESERVED
+CVE-2006-4405
+ RESERVED
+CVE-2006-4404
+ RESERVED
+CVE-2006-4403
+ RESERVED
+CVE-2006-4402
+ RESERVED
+CVE-2006-4401
+ RESERVED
+CVE-2006-4400
+ RESERVED
+CVE-2006-4399
+ RESERVED
+CVE-2006-4398
+ RESERVED
+CVE-2006-4397
+ RESERVED
+CVE-2006-4396
+ RESERVED
+CVE-2006-4395
+ RESERVED
+CVE-2006-4394
+ RESERVED
+CVE-2006-4393
+ RESERVED
+CVE-2006-4392
+ RESERVED
+CVE-2006-4391
+ RESERVED
+CVE-2006-4390
+ RESERVED
+CVE-2006-4389
+ RESERVED
+CVE-2006-4388
+ RESERVED
+CVE-2006-4387
+ RESERVED
+CVE-2006-4386
+ RESERVED
+CVE-2006-4385
+ RESERVED
+CVE-2006-4384
+ RESERVED
+CVE-2006-4383
+ RESERVED
+CVE-2006-4382
+ RESERVED
+CVE-2006-4381
+ RESERVED
+CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of service ...)
+ TODO: check
+CVE-2006-4379
+ RESERVED
+CVE-2006-4378 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-4377 (Multiple SQL injection vulnerabilities in Guder und Koch ...)
+ TODO: check
+CVE-2006-4376 (Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch ...)
+ TODO: check
+CVE-2006-4375 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-4374 (IrfanView 3.98 (with plugins) allows user-assisted attackers to cause ...)
+ TODO: check
+CVE-2006-4373 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4372 (PHP remote file inclusion vulnerability in admin.lurm_constructor.php ...)
+ TODO: check
+CVE-2006-4371 (Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 ...)
+ TODO: check
+CVE-2006-4370 (Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and ...)
+ TODO: check
+CVE-2006-4369 (Absolute path traversal vulnerability in includes/functions_portal.php ...)
+ TODO: check
+CVE-2006-4368 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4367 (SQL injection vulnerability in alltopics.php in the All Topics Hack ...)
+ TODO: check
+CVE-2006-4366 (PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 ...)
+ TODO: check
+CVE-2006-4365 (Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 ...)
+ TODO: check
+CVE-2006-4364 (Multiple heap-based buffer overflows in the POP3 server in Alt-N ...)
+ TODO: check
+CVE-2006-4363 (PHP remote file inclusion vulnerability in admin.cropcanvas.php in the ...)
+ TODO: check
+CVE-2006-4362 (Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid ...)
+ TODO: check
+CVE-2006-4361 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2006-4360 (Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal ...)
+ TODO: check
+CVE-2006-4359 (Stack-based buffer overflow in Trident Software PowerZip 7.06 Build ...)
+ TODO: check
+CVE-2006-4358 (Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay ...)
+ TODO: check
+CVE-2006-4357 (PHP remote file inclusion vulnerability in clients/index.php in Diesel ...)
+ TODO: check
+CVE-2006-4356 (SQL injection vulnerability in Drupal Easylinks Module ...)
+ TODO: check
+CVE-2006-4355 (Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module ...)
+ TODO: check
+CVE-2006-4354 (PHP remote file inclusion vulnerability in e/class/CheckLevel.php in ...)
+ TODO: check
+CVE-2006-4353 (Unspecified vulnerability in Sun Java System Content Delivery Server ...)
+ TODO: check
+CVE-2006-4352 (The ArrowPoint cookie functionality for Cisco 11000 series Content ...)
+ TODO: check
+CVE-2006-4351 (Cross-site scripting (XSS) vulnerability in index.php in OneOrZero ...)
+ TODO: check
+CVE-2006-4350 (SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows ...)
+ TODO: check
+CVE-2006-4349 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-4348 (PHP remote file inclusion vulnerability in config.kochsuite.php in the ...)
+ TODO: check
+CVE-2006-4347 (SQL injection vulnerability in user logon authentication request ...)
+ TODO: check
+CVE-2006-4346 (Asterisk 1.2.10 supports the use of client-controlled variables to ...)
+ TODO: check
+CVE-2006-4345 (Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in ...)
+ TODO: check
+CVE-2006-4344 (CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) ...)
+ TODO: check
+CVE-2006-4343
+ RESERVED
+CVE-2006-4342
+ RESERVED
+CVE-2006-4341
+ RESERVED
+CVE-2006-4340
+ RESERVED
+CVE-2006-4339
+ RESERVED
+CVE-2006-4338
+ RESERVED
+CVE-2006-4337
+ RESERVED
+CVE-2006-4336
+ RESERVED
+CVE-2006-4335
+ RESERVED
+CVE-2006-4334
+ RESERVED
+CVE-2006-4333 (The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows ...)
- wireshark <unfixed> (low; bug #384529)
- ethereal <removed> (low; bug #384528)
-CVE-2006-4332 [several issues fixed in wireshark 0.99.3: DHCP dissector]
+CVE-2006-4332 (Unspecified vulnerability in the DHCP dissector in Wireshark (formerly ...)
- wireshark <not-affected> (windows only)
- ethereal <not-affected> (windows only)
-CVE-2006-4331 [several issues fixed in wireshark 0.99.3: ESP preference parser]
+CVE-2006-4331 (Multiple off-by-one errors in the IPSec ESP preference parser in ...)
- wireshark <unfixed> (medium; bug #384529)
- ethereal <not-affected> (only wireshark 0.99.2 affected)
-CVE-2006-4330 [several issues fixed in wireshark 0.99.3: SCSI dissector]
+CVE-2006-4330 (Unspecified vulnerability in the SCSI dissector in Wireshark (formerly ...)
- wireshark <unfixed> (medium; bug #384529)
- ethereal <not-affected> (only wireshark 0.99.2 affected)
CVE-2006-XXXX [asterisk MGCP AUEP Response Handling Buffer Overflow]
@@ -73,7 +279,7 @@
NOT-FOR-US: Solaris
CVE-2006-4305
RESERVED
-CVE-2006-4304 (Buffer overflow in the ppp driver in FreeBSD 4.11 to 6.1 and NetBSD ...)
+CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1 and ...)
NOT-FOR-US: FreeBSD NetBSD
CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun ...)
NOT-FOR-US: Solaris
@@ -87,7 +293,7 @@
- tikiwiki 1.9.4+dfsg2-2 (low; bug #384796)
CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in ...)
NOT-FOR-US: osCommerce
-CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce 2.2 ...)
+CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce before ...)
NOT-FOR-US: osCommerce
CVE-2006-4296 (PHP remote file inclusion vulnerability in classes/Tar.php in ...)
NOT-FOR-US: bigAPE-Backup component (com_babackup) for Mambo
@@ -135,7 +341,8 @@
TODO: check
CVE-2006-4275 (PHP remote file inclusion vulnerability in catalogshop.php in the ...)
TODO: check
-CVE-2006-4274 (Unknown vulnerability in Microsoft PowerPoint allows user-assisted ...)
+CVE-2006-4274
+ REJECTED
NOT-FOR-US: Microsoft
CVE-2006-4273 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 ...)
TODO: check
@@ -155,7 +362,7 @@
NOT-FOR-US: Symantec
CVE-2006-4265 (Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows ...)
NOT-FOR-US: Kaspersky
-CVE-2006-4264 (Multiple PHP remote file inclusion vulnerabilities in the ...)
+CVE-2006-4264 (** DISPUTED ** ...)
TODO: check
CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the Product ...)
TODO: check
@@ -240,7 +447,8 @@
CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when ...)
- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
- mysql-dfsg <unfixed> (low)
-CVE-2006-4225 (Multiple SQL injection vulnerabilities in war.php in Virtual War ...)
+CVE-2006-4225
+ REJECTED
NOT-FOR-US: Virtual War
CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in Virtual ...)
NOT-FOR-US: Virtual War
@@ -258,7 +466,8 @@
NOT-FOR-US: Zen Cart
CVE-2006-4217 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: WEBInsta CMS
-CVE-2006-4216 (PHP remote file inclusion vulnerability in Chaussette 080706 and ...)
+CVE-2006-4216
+ REJECTED
NOT-FOR-US: Chaussette
CVE-2006-4215 (PHP remote file inclusion vulnerability in index.php in Zen Cart ...)
NOT-FOR-US: Zen Cart
@@ -1007,7 +1216,7 @@
RESERVED
CVE-2006-3870
RESERVED
-CVE-2006-3869 (Buffer overflow in Microsoft Internet Explorer 6 SP1 on Windows 2000 ...)
+CVE-2006-3869 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...)
TODO: check
CVE-2006-3868
RESERVED
@@ -1345,14 +1554,12 @@
{DSA-1141-1 DSA-1140-1}
- gnupg 1.4.5-1 (medium)
- gnupg2 1.9.20-2 (medium)
-CVE-2006-3745 (Unspecified vulnerability in the SCTP implementation in Linux 2.6.9, ...)
+CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function in the ...)
- linux-2.6 2.6.17-7
- linux-2.6.16 <unfixed>
-CVE-2006-3744 [imagemagick XCF and Sun Rasterfile Buffer Overflows]
- RESERVED
+CVE-2006-3744 (Multiple integer overflows in ImageMagick before 6.2.9 allows ...)
- imagemagick <unfixed> (bug #385062)
-CVE-2006-3743 [imagemagick XCF and Sun Rasterfile Buffer Overflows]
- RESERVED
+CVE-2006-3743 (Multiple buffer overflows in ImageMagick before 6.2.9 allow ...)
- imagemagick <unfixed> (bug #385062)
CVE-2006-3742
RESERVED
@@ -2676,16 +2883,15 @@
TODO: check
CVE-2006-3125
RESERVED
-CVE-2006-3124 [streamripper buffer overflow]
- RESERVED
+CVE-2006-3124 (Buffer overflow in the HTTP header parsing in Streamripper before ...)
{DSA-1158}
- streamripper 1.61.25-2
CVE-2006-3123 (Multiple integer overflows in the (1) dodecrypt and (2) doencrypt ...)
{DSA-1138-1}
- cfs 1.4.1-17
-CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP server 2.0pl5 ...)
+CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP (dhcpd) server ...)
{DSA-1143-1}
-CVE-2006-3121 (The heartbeat subsystem in High-Availability Linux before 1.2.5 and ...)
+CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat ...)
{DSA-1151-1}
- heartbeat-2 2.0.6-2
- heartbeat 1.2.4-14
@@ -3106,7 +3312,7 @@
- linux-2.6.16 2.6.16-17
CVE-2006-2933 (kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat ...)
[sarge] - kdebase <not-affected> (Only KDE < 3.2 vulnerable)
-CVE-2006-2932 (Unspecified vulnerability in the restore_all code path of the 4/4GB ...)
+CVE-2006-2932 (A regression error in the restore_all code path of the 4/4GB split ...)
TODO: check
CVE-2006-2931 (CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, ...)
NOT-FOR-US: CMS Mundo
@@ -5020,10 +5226,10 @@
NOT-FOR-US: SWS
CVE-2006-2114 (Buffer overflow in SWS web Server 0.1.7 allows remote attackers to ...)
NOT-FOR-US: SWS
-CVE-2006-2113
- RESERVED
-CVE-2006-2112
- RESERVED
+CVE-2006-2113 (The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print ...)
+ TODO: check
+CVE-2006-2112 (Fuji Xerox Printing Systems (FXPS) print engine, as used in products ...)
+ TODO: check
CVE-2006-2111 (Microsoft Internet Explorer 6.0 on Windows XP SP2, and possibly other ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-2110 (Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x ...)
More information about the Secure-testing-commits
mailing list