[Secure-testing-commits] r3637 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Fri Mar 17 11:11:25 UTC 2006
Author: jmm-guest
Date: 2006-03-17 11:11:18 +0000 (Fri, 17 Mar 2006)
New Revision: 3637
Modified:
data/CVE/list
Log:
unimportant dropbear issue
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-17 11:03:23 UTC (rev 3636)
+++ data/CVE/list 2006-03-17 11:11:18 UTC (rev 3637)
@@ -82,39 +82,40 @@
NOT-FOR-US: Tivoli
CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 ...)
NOT-FOR-US: Tivoli
-begin claimed by jmm
CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive ...)
- TODO: check
+ NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Sergey Korostel PHP Upload Center
CVE-2006-1207 (PHP Upload Center stores password hashes under the web root with ...)
- TODO: check
+ NOT-FOR-US: PHP Upload Center
CVE-2006-1206 (Matt Johnston Dropbear SSH server 0.47 and earlier, as used in ...)
- TODO: check
+ - dropbear <unfixed> (unimportant)
+ NOTE: By design to protect against DoSing the complete machine, future versions
+ NOTE: will mitigate by introducing per-IP limits
CVE-2006-1205 (Multiple cross-site scripting (XSS) vulnerabilities in myWebland ...)
- TODO: check
+ NOT-FOR-US: myBloggie
CVE-2006-1204 (Multiple cross-site scripting (XSS) vulnerabilities in txtForum ...)
- TODO: check
+ NOT-FOR-US: txtForum
CVE-2006-1203 (PHP remote file include vulnerability in common.php in txtForum ...)
- TODO: check
+ NOT-FOR-US: txtForum
CVE-2006-1202 (Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 ...)
- TODO: check
+ NOT-FOR-US: textfileBB
CVE-2006-1201 (Directory traversal vulnerability in resetpw.php in eschew.net ...)
- TODO: check
+ NOT-FOR-US: phpBannerExchange
CVE-2006-1200 (Direct static code injection vulnerability in add_link.txt in daverave ...)
- TODO: check
+ NOT-FOR-US: daverave Link Bank
CVE-2006-1199 (Cross-site scripting (XSS) vulnerability in iframe.php in daverave ...)
- TODO: check
+ NOT-FOR-US: daverave Link Bank
CVE-2006-1198 (Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a ...)
- TODO: check
+ NOT-FOR-US: Comvigo IM Lock
CVE-2006-1197 (SafeDisc installs the driver service for the secdrv.sys driver with ...)
- TODO: check
+ NOT-FOR-US: SafeDisc
CVE-2006-1196 (Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 ...)
- TODO: check
+ NOT-FOR-US: QwikiWiki
CVE-2006-1195 (The enet_protocol_handle_send_fragment function in protocol.c for ENet ...)
- TODO: check
+ NOT-FOR-US: Enet lib (Cube, Sauerbraten)
CVE-2006-1194 (Integer signedness error in the enet_protocol_handle_incoming_commands ...)
- TODO: check
+ NOT-FOR-US: Enet lib (Cube, Sauerbraten)
CVE-2006-1193
RESERVED
CVE-2006-1192
@@ -136,10 +137,10 @@
CVE-2006-1184
RESERVED
CVE-2006-1183 (The Ubuntu 5.10 installer does not properly clear passwords from the ...)
- TODO: check
+ - base-config <not-affected> (UBuntu specific)
+ - shadow <not-affected> (UBuntu specific)
CVE-2006-1182 (Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe ...)
- TODO: check
-end claimed by jmm
+ NOT-FOR-US: Adobe Graphics Server
CVE-2006-1181
RESERVED
CVE-2006-1180
@@ -170,6 +171,7 @@
RESERVED
CVE-2006-1167
RESERVED
+begin claimed by jmm
CVE-2006-1165 (Cross-site scripting (XSS) vulnerability in the mediamanager module in ...)
TODO: check
CVE-2006-1164 (Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file ...)
@@ -210,6 +212,7 @@
TODO: check
CVE-2006-1146 (Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in ...)
TODO: check
+end claimed by jmm
CVE-2006-1145 (Format string vulnerability in the safe_cprintf function in ...)
TODO: check
CVE-2006-1144 (Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows ...)
More information about the Secure-testing-commits
mailing list