[Secure-testing-commits] r4379 - data/CVE
Joey Hess
joeyh at costa.debian.org
Wed Jul 12 21:14:23 UTC 2006
Author: joeyh
Date: 2006-07-12 21:14:21 +0000 (Wed, 12 Jul 2006)
New Revision: 4379
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-07-12 20:54:31 UTC (rev 4378)
+++ data/CVE/list 2006-07-12 21:14:21 UTC (rev 4379)
@@ -1,4 +1,144 @@
-CVE-2006-3486 [mysql off-by-one non-issue]
+CVE-2006-3529 (Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, ...)
+ TODO: check
+CVE-2006-3528 (Multiple PHP remote file inclusion vulnerabilities in Simpleboard ...)
+ TODO: check
+CVE-2006-3527 (Multiple PHP remote file inclusion vulnerabilities in BosClassifieds ...)
+ TODO: check
+CVE-2006-3526 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php ...)
+ TODO: check
+CVE-2006-3525 (SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final ...)
+ TODO: check
+CVE-2006-3524 (Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows ...)
+ TODO: check
+CVE-2006-3523 (Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote ...)
+ TODO: check
+CVE-2006-3522 (Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for ...)
+ TODO: check
+CVE-2006-3521 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2006-3520 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-3519 (Multiple cross-site scripting (XSS) vulnerabilities in The Banner ...)
+ TODO: check
+CVE-2006-3518 (SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal ...)
+ TODO: check
+CVE-2006-3517 (PHP remote file inclusion vulnerability in stats.php in RW::Download, ...)
+ TODO: check
+CVE-2006-3516 (Multiple SQL injection vulnerabilities in FreeHost allow remote ...)
+ TODO: check
+CVE-2006-3515 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...)
+ TODO: check
+CVE-2006-3514 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2006-3513 (danim.dll in Microsoft Internet Explorer 6 allows remote attackers to ...)
+ TODO: check
+CVE-2006-3512 (Internet Explorer 6 on Windows XP allows remote attackers to cause a ...)
+ TODO: check
+CVE-2006-3511 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause ...)
+ TODO: check
+CVE-2006-3510 (The Remote Data Service Object (RDS.DataControl) in Microsoft Internet ...)
+ TODO: check
+CVE-2006-3509
+ RESERVED
+CVE-2006-3508
+ RESERVED
+CVE-2006-3507
+ RESERVED
+CVE-2006-3506
+ RESERVED
+CVE-2006-3505
+ RESERVED
+CVE-2006-3504
+ RESERVED
+CVE-2006-3503
+ RESERVED
+CVE-2006-3502
+ RESERVED
+CVE-2006-3501
+ RESERVED
+CVE-2006-3500
+ RESERVED
+CVE-2006-3499
+ RESERVED
+CVE-2006-3498
+ RESERVED
+CVE-2006-3497
+ RESERVED
+CVE-2006-3496
+ RESERVED
+CVE-2006-3495
+ RESERVED
+CVE-2006-3494 (Multiple SQL injection vulnerabilities in Buddy Zone 1.0.1 allow ...)
+ TODO: check
+CVE-2006-3493 (Buffer overflow in LsCreateLine function (mso_203) in mso.dll and ...)
+ TODO: check
+CVE-2006-3492 (The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in MICO ...)
+ TODO: check
+CVE-2006-3491 (Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows ...)
+ TODO: check
+CVE-2006-3490 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet ...)
+ TODO: check
+CVE-2006-3489 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet ...)
+ TODO: check
+CVE-2006-3488 (Absolute path traversal vulnerability in administrador.asp in ...)
+ TODO: check
+CVE-2006-3487 (VirtuaStore 2.0 stores sensitive files under the web root with ...)
+ TODO: check
+CVE-2006-3485 (Multiple SQL injection vulnerabilities in AstroDog Press Some Chess ...)
+ TODO: check
+CVE-2006-3484 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor before ...)
+ TODO: check
+CVE-2006-3483 (PHPMailList 1.8.0 stores sensitive information under the web document ...)
+ TODO: check
+CVE-2006-3482 (Cross-site scripting (XSS) vulnerability in maillist.php in ...)
+ TODO: check
+CVE-2006-3481 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow ...)
+ TODO: check
+CVE-2006-3480 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
+ TODO: check
+CVE-2006-3479 (Cross-site request forgery (CSRF) vulnerability in the del_block ...)
+ TODO: check
+CVE-2006-3478 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-3477 (Unspecified vulnerability in the POP service in Stalker CommuniGate ...)
+ TODO: check
+CVE-2006-3476 (Cross-site scripting (XSS) vulnerability in comments.php in ...)
+ TODO: check
+CVE-2006-3475 (Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 ...)
+ TODO: check
+CVE-2006-3474 (Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO ...)
+ TODO: check
+CVE-2006-3473 (CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 ...)
+ TODO: check
+CVE-2006-3472 (Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to ...)
+ TODO: check
+CVE-2006-3471 (Microsoft Internet Explorer 6 on Windows XP allows remote attackers to ...)
+ TODO: check
+CVE-2006-3470 (The Dell Openmanage CD launches X11 and SSH daemons that do not ...)
+ TODO: check
+CVE-2006-3469
+ RESERVED
+CVE-2006-3468
+ RESERVED
+CVE-2006-3467
+ RESERVED
+CVE-2006-3466
+ RESERVED
+CVE-2006-3465
+ RESERVED
+CVE-2006-3464
+ RESERVED
+CVE-2006-3463
+ RESERVED
+CVE-2006-3462
+ RESERVED
+CVE-2006-3461
+ RESERVED
+CVE-2006-3460
+ RESERVED
+CVE-2006-3459
+ RESERVED
+CVE-2006-3486 (Off-by-one buffer overflow in the ...)
- mysql-dfsg-5.0 <unfixed> (unimportant)
[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable code not present)
[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
@@ -512,7 +652,7 @@
NOT-FOR-US: cjGuestbook
CVE-2006-3211 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook ...)
NOT-FOR-US: cjGuestbook
-CVE-2006-3210 (Ralf Image Gallery (RIG) 0.7.4 and earlier, when register_globals is ...)
+CVE-2006-3210 (Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when ...)
NOT-FOR-US: Ralf Image Gallery
CVE-2006-3209 (** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP ...)
NOT-FOR-US: Microsoft Windows
@@ -769,6 +909,7 @@
CVE-2006-3083
RESERVED
CVE-2006-3082 (parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, ...)
+ {DSA-1107}
- gnupg 1.4.3-2 (bug #375052; low)
- gnupg2 1.9.20-1.1 (bug #375053; low)
CVE-2006-3081 (mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x ...)
@@ -1082,8 +1223,8 @@
RESERVED
CVE-2006-2937
RESERVED
-CVE-2006-2936
- RESERVED
+CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up ...)
+ TODO: check
CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in ...)
TODO: check
CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux ...)
@@ -1123,8 +1264,8 @@
NOT-FOR-US: Microsoft
CVE-2006-2918 (The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores ...)
TODO: check
-CVE-2006-2917
- RESERVED
+CVE-2006-2917 (Directory traversal vulnerability in the IMAP server in WinGate ...)
+ TODO: check
CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or later ...)
- arts 1.5.3-2 (bug #374003; low)
[sarge] - arts <not-affected> (Not setuid root in Debian)
@@ -2345,8 +2486,8 @@
NOT-FOR-US: EMC Retrospect
CVE-2006-2390 (Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows ...)
NOT-FOR-US: OZJournals
-CVE-2006-2389
- RESERVED
+CVE-2006-2389 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
+ TODO: check
CVE-2006-2388
RESERVED
CVE-2006-2387
@@ -2379,8 +2520,8 @@
NOT-FOR-US: Microsoft
CVE-2006-2373 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft ...)
NOT-FOR-US: Microsoft
-CVE-2006-2372
- RESERVED
+CVE-2006-2372 (Buffer overflow in the DHCP Client service for Microsoft Windows 2000 ...)
+ TODO: check
CVE-2006-2371 (Buffer overflow in the Remote Access Connection Manager service ...)
NOT-FOR-US: Microsoft
CVE-2006-2370 (Buffer overflow in the Routing and Remote Access service (RRAS) in ...)
@@ -2805,6 +2946,7 @@
{DSA-1099-1 DSA-1098-1}
- horde3 3.1.1-3
CVE-2006-2194 (The winbind plugin in pppd for ppp 2.4.4 and earlier does not check ...)
+ {DSA-1106}
- ppp 2.4.4rel-1 (medium)
CVE-2006-2193 (Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff ...)
{DSA-1091-1}
@@ -5016,12 +5158,12 @@
RESERVED
CVE-2006-1317
RESERVED
-CVE-2006-1316
- RESERVED
-CVE-2006-1315
- RESERVED
-CVE-2006-1314
- RESERVED
+CVE-2006-1316 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
+ TODO: check
+CVE-2006-1315 (The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP ...)
+ TODO: check
+CVE-2006-1314 (Heap-based buffer overflow in the Server Service (SRV.SYS driver) in ...)
+ TODO: check
CVE-2006-1313 (Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on ...)
NOT-FOR-US: Microsoft JScript
CVE-2006-1312
@@ -5048,8 +5190,8 @@
RESERVED
CVE-2006-1301
RESERVED
-CVE-2006-1300
- RESERVED
+CVE-2006-1300 (Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, ...)
+ TODO: check
CVE-2006-1299
RESERVED
CVE-2006-1298 (Format string vulnerability in the Job Engine service (bengine.exe) in ...)
@@ -6364,7 +6506,7 @@
NOT-FOR-US: MusOX DF
CVE-2006-0726 (Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke ...)
NOT-FOR-US: CPG-Nuke
-CVE-2006-0725 (PHP remote file include vulnerability in prepend.php in Plume CMS ...)
+CVE-2006-0725 (PHP remote file inclusion vulnerability in prepend.php in Plume CMS ...)
NOT-FOR-US: Plume CMS
CVE-2006-0724 (profile.php in Reamday Enterprises Magic News Lite 1.2.3, when ...)
NOT-FOR-US: Reamday Enterprises Magic News Lite
@@ -9704,8 +9846,8 @@
- perl 5.8.7-9 (bug #341542; medium)
CVE-2006-0034 (Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext ...)
NOT-FOR-US: Microsoft
-CVE-2006-0033
- RESERVED
+CVE-2006-0033 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
+ TODO: check
CVE-2006-0032
RESERVED
CVE-2006-0031 (Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, ...)
@@ -9718,8 +9860,8 @@
NOT-FOR-US: Microsoft
CVE-2006-0027 (Unspecified vulnerability in Microsoft Exchange allows remote ...)
NOT-FOR-US: Microsoft
-CVE-2006-0026
- RESERVED
+CVE-2006-0026 (Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, ...)
+ TODO: check
CVE-2006-0025 (Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 ...)
NOT-FOR-US: Microsoft Windows Media Player
CVE-2006-0024 (Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 ...)
@@ -10518,8 +10660,8 @@
NOT-FOR-US: Microsoft
CVE-2006-0008 (The ShellAbout API call in Korean Input Method Editor (IME) in Korean ...)
NOT-FOR-US: Microsoft
-CVE-2006-0007
- RESERVED
+CVE-2006-0007 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
+ TODO: check
CVE-2006-0006 (Heap-based buffer overflow in the bitmap processing routine in ...)
NOT-FOR-US: Microsoft
CVE-2006-0005 (Buffer overflow in the plug-in for Microsoft Windows Media Player ...)
More information about the Secure-testing-commits
mailing list