[Secure-testing-commits] r3355 - data/CVE
Joey Hess
joeyh at costa.debian.org
Tue Jan 24 09:14:27 UTC 2006
Author: joeyh
Date: 2006-01-24 09:14:21 +0000 (Tue, 24 Jan 2006)
New Revision: 3355
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-23 23:11:58 UTC (rev 3354)
+++ data/CVE/list 2006-01-24 09:14:21 UTC (rev 3355)
@@ -1,3 +1,117 @@
+CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager ...)
+ TODO: check
+CVE-2006-0377
+ RESERVED
+CVE-2006-0376 (The 802.11 wireless client in certain operating systems including ...)
+ TODO: check
+CVE-2006-0375 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 ...)
+ TODO: check
+CVE-2006-0374 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 ...)
+ TODO: check
+CVE-2006-0373 (Cross-site scripting (XSS) vulnerability in register.aspx in Douran ...)
+ TODO: check
+CVE-2006-0372 (Multiple SQL injection vulnerabilities in config.php in Insane Visions ...)
+ TODO: check
+CVE-2006-0371 (Directory traversal vulnerability in index.php in Noah Medling RCBlog ...)
+ TODO: check
+CVE-2006-0370 (Noah Medling RCBlog 1.03 stores the data and config directories under ...)
+ TODO: check
+CVE-2006-0369 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-0368 (Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before ...)
+ TODO: check
+CVE-2006-0367 (Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 ...)
+ TODO: check
+CVE-2006-0366 (Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) ...)
+ TODO: check
+CVE-2006-0365 (Cross-site scripting (XSS) vulnerability in XMB (aka extreme message ...)
+ TODO: check
+CVE-2006-0364 (Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) ...)
+ TODO: check
+CVE-2006-0363 (The "Remember my Password" feature in MSN Messenger 7.5 stores ...)
+ TODO: check
+CVE-2006-0362 (TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, ...)
+ TODO: check
+CVE-2006-0361 (Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 ...)
+ TODO: check
+CVE-2006-0360 (MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to ...)
+ TODO: check
+CVE-2006-0359 (Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote ...)
+ TODO: check
+CVE-2006-0358 (Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 ...)
+ TODO: check
+CVE-2006-0357 (Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, ...)
+ TODO: check
+CVE-2006-0356 (Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause ...)
+ TODO: check
+CVE-2006-0355 (Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers ...)
+ TODO: check
+CVE-2006-0354 (Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) ...)
+ TODO: check
+CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs ...)
+ TODO: check
+CVE-2006-0351 (Unspecified "critical denial-of-service vulnerability" in MyDNS before ...)
+ TODO: check
+CVE-2006-0350 (Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote ...)
+ TODO: check
+CVE-2006-0349 (SQL injection vulnerability in eggblog 2.0 allows remote attackers to ...)
+ TODO: check
+CVE-2006-0348 (Format string vulnerability in the write_logfile function in ELOG ...)
+ TODO: check
+CVE-2006-0347 (Directory traversal vulnerability in ELOG before 2.6.1 allows remote ...)
+ TODO: check
+CVE-2006-0346 (Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows ...)
+ TODO: check
+CVE-2006-0345 (Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote ...)
+ TODO: check
+CVE-2006-0344 (Directory traversal vulnerability in Intervations FileCOPA FTP Server ...)
+ TODO: check
+CVE-2006-0343 (Unspecified vulnerability in the Port Discovery Standard and Advanced ...)
+ TODO: check
+CVE-2006-0342 (MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows remote ...)
+ TODO: check
+CVE-2006-0341 (Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe ...)
+ TODO: check
+CVE-2006-0340 (Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) ...)
+ TODO: check
+CVE-2006-0339 (Buffer overflow in BitComet Client 0.60 allows remote attackers to ...)
+ TODO: check
+CVE-2006-0338 (Multiple F-Secure Anti-Virus products and versions for Windows and ...)
+ TODO: check
+CVE-2006-0337 (Buffer overflow in multiple F-Secure Anti-Virus products and versions ...)
+ TODO: check
+CVE-2006-0336 (Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause ...)
+ TODO: check
+CVE-2006-0335 (Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before ...)
+ TODO: check
+CVE-2006-0334 (Cross-site scripting (XSS) vulnerability in search.php in My Amazon ...)
+ TODO: check
+CVE-2006-0333 (Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote ...)
+ TODO: check
+CVE-2006-0332 (Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments ...)
+ TODO: check
+CVE-2006-0331 (Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin ...)
+ TODO: check
+CVE-2006-0330 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 ...)
+ TODO: check
+CVE-2006-0329 (SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, ...)
+ TODO: check
+CVE-2006-0328 (Format string vulnerability in Tftpd32 2.81 allows remote attackers to ...)
+ TODO: check
+CVE-2006-0327 (TYPO3 3.7.1 allows remote attackers to obtain sensitive information ...)
+ TODO: check
+CVE-2006-0326
+ RESERVED
+CVE-2006-0325 (Etomite Content Management System 0.6, and possibly earlier versions, ...)
+ TODO: check
+CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows remote ...)
+ TODO: check
+CVE-2006-0323
+ RESERVED
+CVE-2006-0322 (Unspecified vulnerability the edit comment formatting functionality in ...)
+ TODO: check
+CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 ...)
+ TODO: check
CVE-2006-XXXX [mydns remote DoS]
- mydns 1.1.0+pre-3 (medium)
CVE-2006-XXXX [tor discovery of hidden services]
@@ -2,7 +116,7 @@
- tor <unfixed> (bug #349283)
-CVE-2006-0353 [fd leak in lsh]
+CVE-2006-0353 (unix_random.c in lsh before 2.0.1 leaks file descriptors related to ...)
- lsh-utils 2.0.1cdbs-4 (low)
CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, ...)
NOT-FOR-US: Oracle
-CVE-2006-0321 [fetchmail: segfault after bouncing a message]
+CVE-2006-0321 (fetchmail 6.3.0 and other versions before 6.3.2 allows remote ...)
- fetchmail <unfixed> (bug #348747; low)
@@ -74,7 +188,7 @@
NOT-FOR-US: Oracle
CVE-2006-0289 (Multiple unspecified vulnerabilities in Oracle Application Server ...)
NOT-FOR-US: Oracle
-CVE-2006-0288 (Unspecified vulnerability in the Oracle Reports Developer component of ...)
+CVE-2006-0288 (Multiple unspecified vulnerabilities in the Oracle Reports Developer ...)
NOT-FOR-US: Oracle
CVE-2006-0287 (Unspecified vulnerability in the Oracle HTTP Server component of ...)
NOT-FOR-US: Oracle
@@ -783,8 +897,7 @@
RESERVED
CVE-2006-0046
RESERVED
-CVE-2006-0045
- RESERVED
+CVE-2006-0045 (crawl before 4.0.0 does not securely call programs when saving and ...)
{DSA-949-1}
- crawl 1:4.0.0beta26-7 (medium)
CVE-2006-0044 (Unspecified vulnerability in context.py in Albatross web application ...)
@@ -1044,20 +1157,17 @@
RESERVED
CVE-2006-0038
RESERVED
-CVE-2006-0037 [another netfilter ip_nat_helper_pptp dos]
- RESERVED
+CVE-2006-0037 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...)
- linux-2.6 2.6.15-3
[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
-CVE-2006-0036 [netfilter ip_nat_helper_pptp dos]
- RESERVED
+CVE-2006-0036 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...)
- linux-2.6 2.6.15-3
[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
-CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.15 ...)
+CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 ...)
- linux-2.6 2.6.15-3
-CVE-2006-0019 [kjs heap overflow]
- RESERVED
+CVE-2006-0019 (Heap-based buffer overflow in the encodeURI and decodeURI functions in ...)
{DSA-948-1}
- kdelibs <unfixed> (medium)
CVE-2005-4474 (Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows ...)
@@ -1941,7 +2051,7 @@
NOT-FOR-US: rwAuction
CVE-2005-4059 (SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and ...)
NOT-FOR-US: LocazoList
-CVE-2005-4058 (SQL injection vulnerability in saralblog v.1 and earlier allows remote ...)
+CVE-2005-4058 (SQL injection vulnerability in saralblog 1 and earlier allows remote ...)
NOT-FOR-US: saralblog
CVE-2005-4057 (Cross-site scripting (XSS) vulnerability in search.php in PluggedOut ...)
NOT-FOR-US: PluggedOut Nexus
@@ -3110,8 +3220,8 @@
NOT-FOR-US: Novell Open Enterprise Server
CVE-2005-3654 (Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to ...)
NOT-FOR-US: Blue Coat WinProxy
-CVE-2005-3653
- RESERVED
+CVE-2005-3653 (Heap-based buffer overflow in the iGateway service for various ...)
+ TODO: check
CVE-2005-3652 (Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 ...)
NOT-FOR-US: Citrix
CVE-2005-3651 (Stack-based buffer overflow in the dissect_ospf_v3_address_prefix ...)
@@ -3163,8 +3273,7 @@
RESERVED
CVE-2005-3629
RESERVED
-CVE-2005-3628 [further xpdf overflow check]
- RESERVED
+CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...)
{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
- kdegraphics 3.5.0-3
- gpdf 2.10.0-2 (bug #342286)
@@ -4083,8 +4192,7 @@
TODO: check 2.4
CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...)
- apache2 2.0.55-4
-CVE-2005-3356 [kernel DoS, see patch-tracking for details]
- RESERVED
+CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations, ...)
- linux-2.6 <unfixed>
CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has ...)
{DSA-901-1}
@@ -18374,8 +18482,8 @@
TODO: DSA claims PHP3 is vulnerable, but this is not mentioned in the changelog.
CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...)
NOT-FOR-US: Sygate Enforcer
-CVE-2004-0592
- RESERVED
+CVE-2004-0592 (The tcp_find_option function of the netfilter subsystem for IPv6 in ...)
+ TODO: check
CVE-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...)
{DSA-533}
- courier 0.45.4-4
@@ -21836,8 +21944,8 @@
RESERVED
CVE-2002-1572
RESERVED
-CVE-2002-1571
- RESERVED
+CVE-2002-1571 (The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction ...)
+ TODO: check
CVE-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and ...)
- ucd-snmp 4.2.3-2
CVE-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ...)
More information about the Secure-testing-commits
mailing list