[Secure-testing-commits] r3418 - data/CVE
Micah Anderson
micah at costa.debian.org
Sat Feb 4 05:35:25 UTC 2006
Author: micah
Date: 2006-02-04 05:35:17 +0000 (Sat, 04 Feb 2006)
New Revision: 3418
Modified:
data/CVE/list
Log:
bunch of NFUs and 3 spip issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-02-04 04:44:55 UTC (rev 3417)
+++ data/CVE/list 2006-02-04 05:35:17 UTC (rev 3418)
@@ -1,34 +1,42 @@
begin claim by micah
CVE-2006-0530 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 ...)
- TODO: check
+ NOT-FOR-US: CA Message Queuing
+ NOTE: CA Message Queuing is embeded in a lot of products, but they all seem
+ NOTE: to be commercial products (see list in referenced URL)
CVE-2006-0529 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 ...)
- TODO: check
+ NOT-FOR-US: CA Message Queuing
+ NOTE: CA Message Queuing is embeded in a lot of products, but they all seem
+ NOTE: to be commercial products (see list in referenced URL)
CVE-2006-0528 (GNOME Evolution allows remote attackers to cause a denial of service ...)
- TODO: check
+ - evolution 2.2.3-4 (low)
+ [sarge] - evolution <not-affected> (Vulnerability was apparantly introduced in 2.3.1)
+ [woody] - evolution <not-affected> (Vulnerability was apparantly introduced in 2.3.1)
CVE-2006-0527 (Unspecified vulnerability in Berkeley Internet Name Domain (BIND) on ...)
- TODO: check
+ NOTE: CVE says, "due to the lack of relevant details from the vendor, it is not
+ NOTE: known whether this is a duplicate of an existing CVE or a brand-new issue that
+ NOTE: applies to BIND on other operating systems."
CVE-2006-0526 (The default configuration of the America Online (AOL) client software ...)
- TODO: check
+ NOT-FOR-US: AOL
CVE-2006-0525 (Multiple unspecified Adobe products install a large number of .EXE and ...)
- TODO: check
+ NOT-FOR-US: Windows issue
CVE-2006-0524 (Cross-site scripting (XSS) vulnerability in ashnews.php in Derek ...)
- TODO: check
+ NOT-FOR-US: Derek Ashauer ashnews
CVE-2006-0523 (SQL injection vulnerability in global.php in MyBB before 1.03 allows ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2006-0522 (SQL injection vulnerability in the Authentication Servlet in Symantec ...)
- TODO: check
+ NOT-FOR-US: Symantec Sygate Management Server
CVE-2006-0521 (Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM ...)
- TODO: check
+ NOT-FOR-US: Browser CRM
CVE-2006-0520 (SQL injection vulnerability index.php in Dragoran Portal module 1.3 ...)
- TODO: check
+ NOT-FOR-US: Invision Power Board
CVE-2006-0519 (SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows ...)
- TODO: check
+ - spip <unfixed> (medium; bug #351336)
CVE-2006-0518 (Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e ...)
- TODO: check
+ - spip <unfixed> (medium; bug #351335)
CVE-2006-0517 (Multiple SQL injection vulnerabilities in ...)
- TODO: check
+ - spip <unfixed> (medium; bug #351334)
CVE-2006-0516 (Unspecified vulnerability in the kernel processing in Solaris 10 64 ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2006-0515
RESERVED
CVE-2006-0514
@@ -36,23 +44,23 @@
CVE-2006-0513
RESERVED
CVE-2006-0512 (PADL MigrationTools 46 creates temporary files insecurely, which ...)
- TODO: check
+ NOT-FOR-US: PADL MigrationTools
CVE-2006-0511 (** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not ...)
- TODO: check
+ NOT-FOR-US: Blackboard Academic Suite
CVE-2006-0510 (SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 ...)
- TODO: check
+ NOT-FOR-US: Daffodil
CVE-2006-0509 (Multiple cross-site scripting (XSS) vulnerabilities in clients.php in ...)
- TODO: check
+ NOT-FOR-US: Cerberus Helpdesk
CVE-2006-0508 (Easy CMS stores the images directory under the web document root with ...)
- TODO: check
+ NOT-FOR-US: Easy CMS
CVE-2006-0507 (Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow ...)
- TODO: check
+ NOT-FOR-US: Easy CMS
CVE-2006-0506 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN ...)
- TODO: check
+ NOT-FOR-US: Nuked-klaN
CVE-2006-0505 (zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Zbattle
CVE-2006-0504 (Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 ...)
- TODO: check
+ NOT-FOR-US: MailEnable Enterprise Edition
end claimed by micah
CVE-2006-0503 (IMAP service in MailEnable Professional Edition before 1.72 allows ...)
TODO: check
More information about the Secure-testing-commits
mailing list