[Secure-testing-commits] r5156 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Thu Dec 21 20:37:37 CET 2006
Author: stef-guest
Date: 2006-12-21 20:37:35 +0100 (Thu, 21 Dec 2006)
New Revision: 5156
Modified:
data/CVE/list
Log:
- CVE-2006-6639: new chetcpasswd issue
- CVE-2006-6628: new openoffice maybe issue
- CVE-2006-6609/6610: new nexuiz issue already fixed
- fai CVEified
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-12-21 18:57:19 UTC (rev 5155)
+++ data/CVE/list 2006-12-21 19:37:35 UTC (rev 5156)
@@ -22,115 +22,115 @@
- typo3 4.0.4+debian-1 (high; bug #403906)
NOTE: http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9
CVE-2006-6659 (The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-6658 (Inktomi Search 4.1.4 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: Inktomi
CVE-2006-6657 (The if_clone_list function in NetBSD-current before 20061027, NetBSD ...)
- TODO: check
+ NOT-FOR-US: NetBSD
CVE-2006-6656 (Unspecified vulnerability in ptrace in NetBSD-current before 20061027, ...)
- TODO: check
+ NOT-FOR-US: NetBSD
CVE-2006-6655 (The procfs implementation in NetBSD-current before 20061023, NetBSD ...)
- TODO: check
+ NOT-FOR-US: NetBSD
CVE-2006-6654 (The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and ...)
- TODO: check
+ NOT-FOR-US: NetBSD
CVE-2006-6653 (The accept function in NetBSD-current before 20061023, NetBSD 3.0 and ...)
- TODO: check
+ NOT-FOR-US: NetBSD
CVE-2006-6652 (Buffer overflow in the glob implementation in libc in NetBSD-current ...)
- TODO: check
+ NOT-FOR-US: NetBSD
CVE-2006-6651 (Race condition in W29N51.SYS in the Intel 2200BG wireless driver ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2006-6650 (PHP remote file inclusion vulnerability in charts_constants.php in the ...)
- TODO: check
+ NOT-FOR-US: mxBB
CVE-2006-6649 (Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 ...)
- TODO: check
+ NOT-FOR-US: HyperVM
CVE-2006-6648 (PHP remote file inclusion vulnerability in main.inc.php in ...)
- TODO: check
+ NOT-FOR-US: RateMe
CVE-2006-6647 (Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before ...)
- TODO: check
+ NOT-FOR-US: MySite for Drupal
CVE-2006-6646 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) ...)
- TODO: check
+ NOT-FOR-US: Drupal Project Issue Tracking
CVE-2006-6645 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Web Links module for mxBB
CVE-2006-6644 (PHP remote file inclusion vulnerability in pages/meeting_constants.php ...)
- TODO: check
+ NOT-FOR-US: Meeting module for mxBB
CVE-2006-6643 (Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Fightersoft Multimedia Star FTP server
CVE-2006-6642 (SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 ...)
- TODO: check
+ NOT-FOR-US: Sistemi
CVE-2006-6641 (Unspecified vulnerability in CA CleverPath Portal before maintenance ...)
- TODO: check
+ NOT-FOR-US: CA CleverPath Portal
CVE-2006-6640 (Multiple cross-site scripting (XSS) vulnerabilities in Omniture ...)
- TODO: check
+ NOT-FOR-US: SiteCatalyst
CVE-2006-6639 (Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local ...)
- TODO: check
+ - chetcpasswd <unfixed> (medium)
CVE-2006-6638 (IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2006-6637 (The Servlet Engine and Web Container in IBM WebSphere Application ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2006-6636 (Unspecified vulnerability in the Utility Classes for IBM WebSphere ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2006-6635 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
- TODO: check
+ NOT-FOR-US: JumbaCMS
CVE-2006-6634 (Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai ...)
- TODO: check
+ NOT-FOR-US: ExtCalThai for Mambo
CVE-2006-6633 (PHP remote file inclusion vulnerability in include/yapbb_session.php ...)
- TODO: check
+ NOT-FOR-US: YapBB
CVE-2006-6632 (PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 ...)
- TODO: check
+ NOT-FOR-US: Genepi
CVE-2006-6631 (PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php ...)
- TODO: check
+ NOT-FOR-US: osprey
CVE-2006-6630 (PHP remote file inclusion vulnerability in ListRecords.php in osprey ...)
- TODO: check
+ NOT-FOR-US: osprey
CVE-2006-6629 (lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) ...)
- TODO: check
+ NOT-FOR-US: WeBWorK
CVE-2006-6628 (Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted ...)
- TODO: check
+ - openoffice.org <unfixed> (bug filed)
CVE-2006-6627 (Integer overflow in the packed PE file parsing implementation in ...)
- TODO: check
+ NOT-FOR-US: BitDefender
CVE-2006-6626 (Cross-site scripting (XSS) vulnerability in an unspecified component ...)
TODO: check
CVE-2006-6625 (Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in ...)
TODO: check
CVE-2006-6624 (The FTP Server in Sambar Server 6.4 allows remote authenticated users ...)
- TODO: check
+ NOT-FOR-US: Sambar
CVE-2006-6623 (Sygate Personal Firewall 5.6.2808 relies on the Process Environment ...)
- TODO: check
+ NOT-FOR-US: Sygate
CVE-2006-6622 (Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the ...)
- TODO: check
+ NOT-FOR-US: Soft4Ever Look 'n' Stop
CVE-2006-6621 (Filseclab Personal Firewall 3.0.0.8686 relies on the Process ...)
- TODO: check
+ NOT-FOR-US: Filseclab Personal Firewall
CVE-2006-6620 (Comodo Personal Firewall 2.3.6.81 relies on the Process Environment ...)
- TODO: check
+ NOT-FOR-US: Comodo Personal Firewall
CVE-2006-6619 (AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment ...)
- TODO: check
+ NOT-FOR-US: AVG Anti-Virus plus Firewall
CVE-2006-6618 (AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block ...)
- TODO: check
+ NOT-FOR-US: AntiHook 3.0.0.23 - Desktop
CVE-2006-6617 (projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-6616 (index.php in w00t Gallery 1.4.0 allows remote authenticated users with ...)
TODO: check
CVE-2006-6615 (PHP remote file inclusion vulnerability in includes/act_constants.php ...)
- TODO: check
+ NOT-FOR-US: Activity Games module for mxBB
CVE-2006-6614 (The save_log_local function in Fully Automatic Installation (FAI) ...)
- TODO: check
+ - fai 3.1.3 (low)
CVE-2006-6613 (Directory traversal vulnerability in language.php in phpAlbum 0.4.1 ...)
- TODO: check
+ NOT-FOR-US: phpAlbum
CVE-2006-6612 (PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms ...)
- TODO: check
+ NOT-FOR-US: PhpMyCms
CVE-2006-6611 (PHP remote file inclusion vulnerability in interface.php in Barman ...)
- TODO: check
+ NOT-FOR-US: Barman
CVE-2006-6610 (clientcommands in Nexuiz before 2.2.1 has unknown impact and remote ...)
- TODO: check
+ - nexuiz 2.2.1-1
CVE-2006-6609 (Nexuiz before 2.2.1 allows remote attackers to cause a denial of ...)
- TODO: check
+ - nexuiz 2.2.1-1
CVE-2006-6608 (Unspecified vulnerability in SSH key based authentication in HP ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2006-6607 (The Java Key Store (JKS) for WebSphere Application Server (WAS) for ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2006-6606 (Multiple SQL injection vulnerabilities in Clarens jclarens before ...)
- TODO: check
+ NOT-FOR-US: jclarens
CVE-2006-6605 (Stack-based buffer overflow in the POP service in MailEnable Standard ...)
- TODO: check
+ NOT-FOR-US: MailEnable
CVE-2006-6604 (Directory traversal vulnerability in downloaddetails.php in ...)
TODO: check
CVE-2006-6603 (Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) ...)
@@ -214,8 +214,6 @@
CVE-2006-XXXX [archivemail insecure temporary file issues]
- archivemail 0.6.2-2
[sarge] - archivemail <no-dsa> (minor issue)
-CVE-2006-XXXX [fai leaves root password hash in world readable logfile]
- - fai 3.1.3 (low)
CVE-2006-XXXX [pythonpaste chroot esacpe]
- paste 1.0.1-1
NOTE: http://pythonpaste.org/archives/message/20061218.050654.e8997561.en.html
More information about the Secure-testing-commits
mailing list