[Secure-testing-commits] r5130 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Sat Dec 16 01:09:44 CET 2006
Author: jmm-guest
Date: 2006-12-16 01:09:40 +0100 (Sat, 16 Dec 2006)
New Revision: 5130
Modified:
data/CVE/list
Log:
proftpd CVEfied
net-snmp not-affected
new kernel issue not-affected
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-12-15 21:56:19 UTC (rev 5129)
+++ data/CVE/list 2006-12-16 00:09:40 UTC (rev 5130)
@@ -19,7 +19,8 @@
CVE-2006-6564 (FileZilla Server before 0.9.22 allows remote attackers to cause a ...)
TODO: check
CVE-2006-6563 (Stack-based buffer overflow in the pr_ctrls_recv_request function in ...)
- TODO: check
+ - proftpd-dfsg 1.3.0-17 (medium)
+ [sarge] - proftpd <not-affected> (Vulnerable code not activated in binary build)
CVE-2006-6562
RESERVED
CVE-2006-6561 (Unspecified vulnerability in Microsoft Word allows user-assisted ...)
@@ -155,9 +156,6 @@
RESERVED
CVE-2006-6496 (The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus ...)
TODO: check
-CVE-2006-XXXX [proftpd mod_ctrls local root]
- - proftpd-dfsg 1.3.0-17 (medium)
- [sarge] - proftpd <not-affected> (Vulnerable code not activated in binary build)
CVE-2006-6495 (Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 ...)
NOT-FOR-US: Solaris
CVE-2006-6494 (Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and ...)
@@ -541,70 +539,69 @@
CVE-2006-6307 (srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote ...)
NOT-FOR-US: Novell Netware
CVE-2006-6306 (Format string vulnerability in Novell Modular Authentication Services ...)
- TODO: check
+ NOT-FOR-US: Novell Netware
CVE-2006-6305 (Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when ...)
- TODO: check
+ - net-snmp <not-affected> (Only affects version 5.3.0)
CVE-2006-6304 (The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets ...)
- TODO: check
+ - linux-2.6 <not-affected> (Only affects plain 2.6.19)
CVE-2006-6303 (The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not ...)
NOTE: http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
- ruby1.8 1.8.5-4 (low)
- TODO: check other ruby versions
CVE-2006-6300 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...)
- TODO: check
+ NOT-FOR-US: CuteNews
CVE-2006-6299 (Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management ...)
- TODO: check
+ NOT-FOR-US: Novell ZENworks
CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul ...)
- TODO: check
+ NOT-FOR-US: Metyus Okul Yonetim Sistemi
CVE-2006-6297 (Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, ...)
- kdegraphics <unfixed> (unimportant)
NOTE: Generic bug, treating it as a security problem is quite a stretch
CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-6295 (PHP remote file inclusion vulnerability in includes/mx_common.php in ...)
- TODO: check
+ NOT-FOR-US: MxBB Portal
CVE-2006-6294 (Multiple unspecified vulnerabilities in FRISK Software F-Prot ...)
NOT-FOR-US: F-Prot Antivirus
CVE-2006-6293 (Heap-based buffer overflow in FRISK Software F-Prot Antivirus before ...)
NOT-FOR-US: F-Prot Antivirus
CVE-2006-6292 (Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 allows remote ...)
- TODO: check
+ NOT-FOR-US: Apple Airport
CVE-2006-6291 (Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable ...)
- TODO: check
+ NOT-FOR-US: MailEnable Professional
CVE-2006-6290 (Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) ...)
- TODO: check
+ NOT-FOR-US: MailEnable
CVE-2006-6289 (Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset ...)
- TODO: check
+ NOT-FOR-US: Woltlab Burning Board
CVE-2006-6288 (Multiple buffer overflows in Niek Albers CoolPlayer 215 and earlier ...)
- TODO: check
+ NOT-FOR-US: Niek Albers CoolPlayer
CVE-2006-6287 (Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: AtomixMP3
CVE-2006-6286 (Palm Desktop 4.1.4 and earlier stores user data with weak permissions ...)
- TODO: check
+ NOT-FOR-US: Palm Desktop
CVE-2006-6285 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Kai Blankenhorn Bitfolge
CVE-2006-6284 (Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 ...)
- TODO: check
+ NOT-FOR-US: Vikingboard
CVE-2006-6283 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...)
- TODO: check
+ NOT-FOR-US: Vikingboard
CVE-2006-6282 (members.php in Vikingboard 0.1.2 allows remote attackers to trigger a ...)
- TODO: check
+ NOT-FOR-US: Vikingboard
CVE-2006-6281 (PHP remote file inclusion vulnerability in check_status.php in ...)
- TODO: check
+ NOT-FOR-US: dicshunary
CVE-2006-6280 (SQL injection vulnerability in viewthread.php in Oxygen (O2PHP ...)
- TODO: check
+ NOT-FOR-US: Oxygen (O2PHP Bulletin Board)
CVE-2006-6279 (index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: @lex Guestbook
CVE-2006-6278 (Cross-site scripting (XSS) vulnerability in index.php in @lex ...)
- TODO: check
+ NOT-FOR-US: @lex Guestbook
CVE-2006-6277 (Directory traversal vulnerability in admin/FileServer.php in ...)
- TODO: check
+ NOT-FOR-US: ContentServ
CVE-2006-6276 (HTTP request smuggling vulnerability in Sun Java System Proxy Server ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Proxy Server
CVE-2006-6275 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net iNews (1) ...)
- TODO: check
+ NOT-FOR-US: Expinion.net iNews
CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs file, which ...)
- fail2ban <not-affected> (looks fixed in 0.6)
CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which allows remote ...)
More information about the Secure-testing-commits
mailing list