[Secure-testing-commits] r3904 - data/CVE
Joey Hess
joeyh at costa.debian.org
Mon May 1 09:14:31 UTC 2006
Author: joeyh
Date: 2006-05-01 09:14:25 +0000 (Mon, 01 May 2006)
New Revision: 3904
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-05-01 09:04:48 UTC (rev 3903)
+++ data/CVE/list 2006-05-01 09:14:25 UTC (rev 3904)
@@ -1,3 +1,119 @@
+CVE-2006-2071 (Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass ...)
+ TODO: check
+CVE-2006-2070 (Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 ...)
+ TODO: check
+CVE-2006-2069 (The recursor in PowerDNS before 3.0.1 allows remote attackers to cause ...)
+ TODO: check
+CVE-2006-2068 (Unspecified vulnerability in Hitachi JP1 products allow remote ...)
+ TODO: check
+CVE-2006-2067 (SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, ...)
+ TODO: check
+CVE-2006-2066 (Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in ...)
+ TODO: check
+CVE-2006-2065 (SQL injection vulnerability in save.php in PHPSurveyor 0.995 and ...)
+ TODO: check
+CVE-2006-2064 (Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 ...)
+ TODO: check
+CVE-2006-2063 (Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full ...)
+ TODO: check
+CVE-2006-2062 (Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, ...)
+ TODO: check
+CVE-2006-2061 (SQL injection vulnerability in lib/func_taskmanager.php in Invision ...)
+ TODO: check
+CVE-2006-2060 (Directory traversal vulnerability in action_admin/paysubscriptions.php ...)
+ TODO: check
+CVE-2006-2059 (action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x ...)
+ TODO: check
+CVE-2006-2058 (Argument injection vulnerability in Avant Browser 10.1 Build 17 allows ...)
+ TODO: check
+CVE-2006-2057 (Argument injection vulnerability in Mozilla Firefox 1.06 allows ...)
+ TODO: check
+CVE-2006-2056 (Argument injection vulnerability in Internet Explorer 6 for Windows XP ...)
+ TODO: check
+CVE-2006-2055 (Argument injection vulnerability in Micrsoft Outlook 2003 SP1 allows ...)
+ TODO: check
+CVE-2006-2054 (3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before ...)
+ TODO: check
+CVE-2006-2053 (Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier ...)
+ TODO: check
+CVE-2006-2052 (Cross-site scripting (XSS) vulnerability in Verosky Media Instant ...)
+ TODO: check
+CVE-2006-2051 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2006-2050 (SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite ...)
+ TODO: check
+CVE-2006-2049 (Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts ...)
+ TODO: check
+CVE-2006-2048 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2006-2047 (Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows ...)
+ TODO: check
+CVE-2006-2046 (Multiple SQL injection vulnerabilities in Application Dynamics ...)
+ TODO: check
+CVE-2006-2045 (The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks ...)
+ TODO: check
+CVE-2006-2044 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default ...)
+ TODO: check
+CVE-2006-2043 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local ...)
+ TODO: check
+CVE-2006-2042
+ RESERVED
+CVE-2006-2041 (PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2006-2040 (Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 ...)
+ TODO: check
+CVE-2006-2039 (Multiple SQL injection vulnerabilities in the osTicket module in Help ...)
+ TODO: check
+CVE-2006-2038 (Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier ...)
+ TODO: check
+CVE-2006-2037 (Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 ...)
+ TODO: check
+CVE-2006-2036 (iOpus Secure Email Attachments (SEA), probably 1.0, does not properly ...)
+ TODO: check
+CVE-2006-2035 (Websense, when configured to permit access to the dynamic content ...)
+ TODO: check
+CVE-2006-2034 (SQL injection vulnerability in function/showprofile.php in FlexBB ...)
+ TODO: check
+CVE-2006-2033 (PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and ...)
+ TODO: check
+CVE-2006-2032 (Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and ...)
+ TODO: check
+CVE-2006-2031 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...)
+ TODO: check
+CVE-2006-2030 (The Allied Telesyn AT-9724TS switch allows remote attackers to cause a ...)
+ TODO: check
+CVE-2006-2029 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog ...)
+ TODO: check
+CVE-2006-2028 (Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy ...)
+ TODO: check
+CVE-2006-2027 (Buffer overflow in Unicode processing in the logging functionality in ...)
+ TODO: check
+CVE-2006-2026 (Double-free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows ...)
+ TODO: check
+CVE-2006-2025 (Integer overflow in the TIFFFetchData function in tif_dirread.c for ...)
+ TODO: check
+CVE-2006-2024 (Multiple vulnerabilities in libtiff before 3.8.1 allow ...)
+ TODO: check
+CVE-2006-2023 (Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c ...)
+ TODO: check
+CVE-2006-2022 (Buffer overflow in the parse_url function in the RTSP module ...)
+ TODO: check
+CVE-2006-2021 (Absolute path traversal vulnerability in recordings/misc/audio.php in ...)
+ TODO: check
+CVE-2006-2020 (Asterisk Recording Interface (ARI) in Asterisk at Home before 2.8 stores ...)
+ TODO: check
+CVE-2006-2019 (Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows ...)
+ TODO: check
+CVE-2005-4791 (Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 ...)
+ TODO: check
+CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and ...)
+ TODO: check
+CVE-2005-4789 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...)
+ TODO: check
+CVE-2005-4788 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...)
+ TODO: check
+CVE-2004-2658 (resmgr in SUSE CORE 9 does not properly identify terminal names, which ...)
+ TODO: check
CVE-2006-XXXX [librsvg2 crash on certain svg files]
- librsvg 2.14.3-2 (bug #361653; bug #361540; medium)
CVE-2006-2018 (** DISPUTED ** ...)
@@ -337,10 +453,9 @@
NOT-FOR-US: Oracle
CVE-2006-1865 (Beagle before 0.2.5 can produce certain insecure command lines to ...)
- beagle <unfixed> (bug #365371; medium)
-CVE-2006-1864
- RESERVED
-CVE-2006-1863 [Don't allow a backslash in a path component]
- RESERVED
+CVE-2006-1864 (Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier ...)
+ TODO: check
+CVE-2006-1863 (Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier ...)
- linux-2.6 2.6.16-10
CVE-2006-1862
RESERVED
@@ -416,6 +531,7 @@
CVE-2006-1828 (SQL injection vulnerability in php121language.php in PHP121 1.4 allows ...)
NOT-FOR-US: PHP121
CVE-2006-1827 (Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and ...)
+ {DSA-1048-1}
- asterisk 1:1.2.7.1.dfsg-1 (bug #364195; medium)
CVE-2005-4786 (Buffer overflow in the archive decompression library (vrAZMain.dll ...)
NOT-FOR-US: HAURI anti-virus
@@ -503,7 +619,6 @@
CVE-2006-XXXX [kphone stores SIP passwords in world readable files]
- kphone 4.2-3 (bug #337830; low)
CVE-2006-XXXX [resmgr access restriction bypass]
- {DSA-1047-1}
- resmgr 1.0-4 (low)
CVE-2006-1789 (Directory traversal vulnerability in pajax_call_dispatcher.php in ...)
NOT-FOR-US: pajax
@@ -908,7 +1023,7 @@
NOT-FOR-US: Chucky A. Ivey N.T.
CVE-2006-1657 (Cross-site scripting (XSS) vulnerability in index.php in Chucky ...)
NOT-FOR-US: Chucky A. Ivey N.T.
-CVE-2005-4772 (Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves ...)
+CVE-2005-4772 (liby2util in Yet another Setup Tool (YaST) in SUSE Linux before ...)
NOT-FOR-US: YaST
CVE-2005-4771 (Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility ...)
NOT-FOR-US: Trusted Mobility Agent
@@ -1269,7 +1384,7 @@
RESERVED
CVE-2006-1525 (ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users ...)
- linux-2.6 2.6.16-9
-CVE-2006-1524 (madvise_remove in Linux kernel 2.4.x and 2.6.x before 2.6.16.6 does ...)
+CVE-2006-1524 (madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow ...)
- linux-2.6 2.6.16-8
CVE-2006-1523 (The __group_complete_signal function in the RCU signal handling ...)
- linux-2.6 2.6.16-7
@@ -1289,8 +1404,7 @@
RESERVED
CVE-2006-1515
RESERVED
-CVE-2006-1514
- RESERVED
+CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in abcmidi ...)
{DSA-1043-1}
- abcmidi <unfixed>
CVE-2006-1513 (Multiple buffer overflows in abc2ps before 1.3.3 allow user-complicit ...)
@@ -2313,7 +2427,7 @@
- curl 7.15.3-1
[woody] - curl <not-affected> (Vulnerable code not present)
[sarge] - curl <not-affected> (Vulnerable code not present)
-CVE-2006-1060 (Heap-based buffer overflow in xzgv allows user-complicit attackers to ...)
+CVE-2006-1060 (Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might ...)
{DSA-1038-1 DSA-1037-1}
- xzgv <unfixed> (bug #362288; medium)
- zgv 5.9-2
@@ -2323,7 +2437,7 @@
[sarge] - samba <not-affected>
CVE-2006-1058 (BusyBox 1.1.1 does not use a salt when generating passwords, which ...)
- busybox <unfixed> (low; bug #360578)
-CVE-2006-1057 (Race condition in gdm before 2.14.1 allows local users to gain ...)
+CVE-2006-1057 (Race condition in daemon/slave.c in gdm before 2.14.1 allows local ...)
{DSA-1040-1}
- gdm 2.14.1-1
CVE-2006-1056 (The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running ...)
@@ -4909,8 +5023,7 @@
CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify non-detached ...)
{DSA-993-2}
- gnupg 1.4.2.2-1 (bug #356125; medium)
-CVE-2006-0048 [tcpick dos]
- RESERVED
+CVE-2006-0048 (Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a ...)
- tcpick 0.2.1-3 (bug #360571; medium)
CVE-2006-0047 (packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause ...)
{DSA-994-1}
@@ -7486,6 +7599,7 @@
CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...)
NOT-FOR-US: Zone Labs
CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 ...)
+ {DSA-1048-1}
- asterisk <unfixed> (bug #338116; medium)
NOTE: Sarge and Woody are affected by this
CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows ...)
@@ -9380,7 +9494,7 @@
NOT-FOR-US: Lotus Domino
CVE-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance allows ...)
NOT-FOR-US: Ensim webppliance
-CVE-2005-3013 (Buffer overflow in YaST for SuSE Linux 9.3 allows local users to ...)
+CVE-2005-3013 (Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE ...)
NOT-FOR-US: YaST
CVE-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...)
NOT-FOR-US: SimpleCDR-X
More information about the Secure-testing-commits
mailing list