[Secure-testing-commits] r3275 - data/CVE
Joey Hess
joeyh at costa.debian.org
Thu Jan 12 09:14:26 UTC 2006
Author: joeyh
Date: 2006-01-12 09:14:20 +0000 (Thu, 12 Jan 2006)
New Revision: 3275
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-12 08:52:45 UTC (rev 3274)
+++ data/CVE/list 2006-01-12 09:14:20 UTC (rev 3275)
@@ -1,3 +1,68 @@
+CVE-2006-0187 (By design, Microsoft Visual Studio 2005 automatically executes code in ...)
+ TODO: check
+CVE-2006-0186 (Multiple SQL injection vulnerabilities in MusicBox 2.3 and earlier ...)
+ TODO: check
+CVE-2006-0185 (Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) ...)
+ TODO: check
+CVE-2006-0184 (Multiple SQL injection vulnerabilities in AspTopSites allow remote ...)
+ TODO: check
+CVE-2006-0183 (Direct static code injection vulnerability in edit.php in ACal ...)
+ TODO: check
+CVE-2006-0182 (login.php in ACal Calendar Project 2.2.5 allows remote attackers to ...)
+ TODO: check
+CVE-2006-0181 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
+ TODO: check
+CVE-2006-0180 (Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 ...)
+ TODO: check
+CVE-2006-0179 (The Cisco IP Phone 7940 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2006-0178 (Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local ...)
+ TODO: check
+CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local ...)
+ TODO: check
+CVE-2006-0176 (Buffer overflow in certain functions in src/fileio.c and ...)
+ TODO: check
+CVE-2006-0175 (Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz ...)
+ TODO: check
+CVE-2006-0174 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) ...)
+ TODO: check
+CVE-2006-0173 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) ...)
+ TODO: check
+CVE-2006-0172 (Cross-site scripting (XSS) vulnerability in the file manager utility ...)
+ TODO: check
+CVE-2006-0171 (PHP remote file include vulnerability in index.php in OrjinWeb ...)
+ TODO: check
+CVE-2006-0170
+ REJECTED
+ TODO: check
+CVE-2006-0169 (addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, ...)
+ TODO: check
+CVE-2006-0168 (Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows ...)
+ TODO: check
+CVE-2006-0167 (SQL injection vulnerability in MyPhPim 01.05 allows remote attackers ...)
+ TODO: check
+CVE-2006-0166 (Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 ...)
+ TODO: check
+CVE-2006-0165 (Cross-site scripting (XSS) vulnerability in the DataForm Entries ...)
+ TODO: check
+CVE-2006-0164 (phgstats.inc.php in phgstats before 0.5.1, if register_globals is ...)
+ TODO: check
+CVE-2006-0163 (SQL injection vulnerability in the search module ...)
+ TODO: check
+CVE-2006-0161 (Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown ...)
+ TODO: check
+CVE-2005-4647 (Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 ...)
+ TODO: check
+CVE-2005-4646 (Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 ...)
+ TODO: check
+CVE-2005-4645 (SQL injection vulnerability in index.php in 3CFR allows remote ...)
+ TODO: check
+CVE-2005-4644 (Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in ...)
+ TODO: check
+CVE-2005-4643 (SQL injection vulnerability in index.php in Antharia OnContent // CMS ...)
+ TODO: check
+CVE-2005-4642 (Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 ...)
+ TODO: check
CVE-2006-XXXX [xmame buffer overflows]
- xmame <unfixed>
NOTE: Only xmame-svgalib is vulnerable, the xmame-x package has a debconf
@@ -37,7 +102,7 @@
TODO: check
CVE-2006-0145 (The lseek system call in kernfs in NetBSD 1.6 through 2.1 does not ...)
TODO: check
-CVE-2006-0144 (Unspecified vulnerability in go-pear.php in PHP PEAR 0.2.2 allows ...)
+CVE-2006-0144 (The proxy server feature in go-pear.php in PHP PEAR 0.2.2 allows ...)
TODO: check
CVE-2006-0143 (Microsoft Windows Graphics Rendering Engine (GRE) allows remote ...)
TODO: check
@@ -65,7 +130,7 @@
NOTE: If the admin doesn't web browsing, why is one installed/enabled?
CVE-2004-2653 (Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows ...)
TODO: check
-CVE-2006-0162 [clamav upx heap overflow]
+CVE-2006-0162 (Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus ...)
- clamav 0.88-1
end claimed by jmm
CVE-2006-0138 (aMSN (aka Alvaro's Messenger) allows remote attackers to cause a ...)
@@ -133,8 +198,7 @@
NOT-FOR-US: Timecan CMS
CVE-2006-0107 (SQL injection vulnerability in Timecan CMS allows remote attackers to ...)
NOT-FOR-US: Timecan CMS
-CVE-2006-0105 [Windows-only DoS vulnerability affecting the postmaster process]
- RESERVED
+CVE-2006-0105 (PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on ...)
NOT-FOR-US: PostgreSQL on Windows
CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and earlier ...)
NOT-FOR-US: TinyPHPForum
@@ -217,7 +281,7 @@
NOT-FOR-US: WinRAR
CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...)
NOT-FOR-US: phpoutsourcing Zorum Forum
-CVE-2005-4618 (Off-by-one buffer overflow in sysctl in the Linux Kernel 2.6 before ...)
+CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows ...)
- linux-2.6 <unfixed>
NOTE: Added patch tracker template
CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server Tools ...)
@@ -322,10 +386,10 @@
RESERVED
CVE-2006-0056
RESERVED
-CVE-2006-0055
- RESERVED
-CVE-2006-0054
- RESERVED
+CVE-2006-0055 (The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable ...)
+ TODO: check
+CVE-2006-0054 (The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to ...)
+ TODO: check
CVE-2005-4604 (Buffer overflow in MTink in the printer-filters-utils package allows ...)
- mtink <not-affected> (mtink not installed SUID root)
CVE-2005-4603 (Cross-site scripting (XSS) vulnerability in printthread.php in MyBB ...)
@@ -645,8 +709,8 @@
- linux-2.6 <unfixed>
[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
-CVE-2006-0035
- RESERVED
+CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.15 ...)
+ TODO: check
CVE-2006-0019
RESERVED
CVE-2005-4474 (Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows ...)
@@ -1383,9 +1447,11 @@
TODO: Once dislosed, check, whether this affects Helix
CVE-2005-4129
REJECTED
-CVE-2005-4128 (** UNVERIFIABLE, PRERELEASE ** ...)
+CVE-2005-4128
+ REJECTED
NOT-FOR-US: Apple Quicktime
-CVE-2005-4127 (** UNVERIFIABLE, PRERELEASE ** ...)
+CVE-2005-4127
+ REJECTED
NOT-FOR-US: iTunes
CVE-2005-4126 (** UNVERIFIABLE, PRERELEASE ** ...)
TODO: Once dislosed, check, whether this affects Helix
@@ -1457,7 +1523,7 @@
NOT-FOR-US: DoceboLMS
CVE-2005-4093 (Unspecified vulnerability in Check Point VPN-1 SecureClient NG with ...)
NOT-FOR-US: Check Point
-CVE-2005-4092 (Heap-based buffer overflow in Apple QuickTime Player 7.0.3 and iTunes ...)
+CVE-2005-4092 (Multiple heap-based buffer overflows in QuickTime.qts in Apple ...)
NOT-FOR-US: Apple QuickTime
CVE-2005-4091 (Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script ...)
NOT-FOR-US: 1-Script 1-Search
@@ -1849,8 +1915,8 @@
RESERVED
CVE-2006-0021
RESERVED
-CVE-2006-0020
- RESERVED
+CVE-2006-0020 (An unspecified Microsoft WMF parsing application allows attackers to ...)
+ TODO: check
CVE-2006-0018
REJECTED
CVE-2005-3961 (WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar ...)
@@ -2612,8 +2678,8 @@
RESERVED
CVE-2006-0011
RESERVED
-CVE-2006-0010
- RESERVED
+CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 ...)
+ TODO: check
CVE-2006-0009
RESERVED
CVE-2006-0008
@@ -2628,26 +2694,26 @@
RESERVED
CVE-2006-0003
RESERVED
-CVE-2006-0002
- RESERVED
+CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 200 through 2003, ...)
+ TODO: check
CVE-2006-0001
RESERVED
CVE-2005-3714 (The network interface for Apple AirPort Express 6.x before Firmware ...)
NOT-FOR-US: Apple AirPort
-CVE-2005-3713
- RESERVED
+CVE-2005-3713 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows ...)
+ TODO: check
CVE-2005-3712
RESERVED
-CVE-2005-3711
- RESERVED
-CVE-2005-3710
- RESERVED
-CVE-2005-3709
- RESERVED
-CVE-2005-3708
- RESERVED
-CVE-2005-3707
- RESERVED
+CVE-2005-3711 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...)
+ TODO: check
+CVE-2005-3710 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...)
+ TODO: check
+CVE-2005-3709 (Integer underflow in Apple Quicktime before 7.0.4 allows remote ...)
+ TODO: check
+CVE-2005-3708 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...)
+ TODO: check
+CVE-2005-3707 (Buffer overflow in Apple Quicktime before 7.0.4 allows remote ...)
+ TODO: check
CVE-2005-3706
RESERVED
CVE-2005-3705 (Heap-based buffer overflow in WebKit in Mac OS X and OS X Server ...)
@@ -4784,7 +4850,7 @@
NOT-FOR-US: YaST
CVE-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...)
NOT-FOR-US: SimpleCDR-X
-CVE-2005-3011 (texindex in texinfo 4.8 and earlier allows local users to overwrite ...)
+CVE-2005-3011 (The sort_offline function for texindex in texinfo 4.8 and earlier ...)
- texinfo 4.8-1 (bug #328365; low)
CVE-2005-3010 (Direct static code injection vulnerability in the flood protection ...)
NOT-FOR-US: CuteNews
@@ -6943,8 +7009,8 @@
TODO: check
CVE-2005-2341 (Heap-based buffer overflow in Research in Motion (RIM) BlackBerry ...)
TODO: check
-CVE-2005-2340
- RESERVED
+CVE-2005-2340 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows ...)
+ TODO: check
CVE-2005-2339 (Cross-site scripting (XSS) vulnerability in the Unicode version of ...)
NOT-FOR-US: unicode msearch
CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP ...)
@@ -15182,7 +15248,7 @@
NOT-FOR-US: ReviewPost
CVE-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP ...)
NOT-FOR-US: ReviewPost
-CVE-2005-0269 (The file extention check in GNUBoard 3.40 and earlier only verifies ...)
+CVE-2005-0269 (The file extension check in GNUBoard 3.40 and earlier only verifies ...)
NOT-FOR-US: GNUBoard
CVE-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows remote ...)
NOT-FOR-US: FlatNuke
@@ -17447,8 +17513,7 @@
CVE-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast ...)
{DSA-541}
- icecast-server 1:1.3.12-8
-CVE-2004-0780 [CLI buffer overflow in /usr/bin/uustat on Solaris 8 and 9]
- RESERVED
+CVE-2004-0780 (Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to ...)
NOT-FOR-US: Solaris
CVE-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...)
- mozilla 2:1.7
More information about the Secure-testing-commits
mailing list