[Secure-testing-commits] r3932 - data/CVE
Joey Hess
joeyh at costa.debian.org
Wed May 10 09:14:28 UTC 2006
Author: joeyh
Date: 2006-05-10 09:14:23 +0000 (Wed, 10 May 2006)
New Revision: 3932
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-05-09 21:14:24 UTC (rev 3931)
+++ data/CVE/list 2006-05-10 09:14:23 UTC (rev 3932)
@@ -1,3 +1,59 @@
+CVE-2006-2297 (Heap-based buffer overflow in Microsoft Infotech Storage System ...)
+ TODO: check
+CVE-2006-2296 (SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0 ...)
+ TODO: check
+CVE-2006-2295 (Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote ...)
+ TODO: check
+CVE-2006-2294 (Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows ...)
+ TODO: check
+CVE-2006-2293 (SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 ...)
+ TODO: check
+CVE-2006-2292 (Multiple SQL injection vulnerabilities in IA-Calendar allow remote ...)
+ TODO: check
+CVE-2006-2291 (Cross-site scripting (XSS) vulnerability in calendar_new.asp in ...)
+ TODO: check
+CVE-2006-2290 (Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php ...)
+ TODO: check
+CVE-2006-2289 (Buffer overflow in avahi-core in Avahi before 0.6.10 allows local ...)
+ TODO: check
+CVE-2006-2288 (Avahi before 0.6.10 allows local users to cause a denial of service ...)
+ TODO: check
+CVE-2006-2287 (Multiple cross-site scripting (XSS) vulnerabilities in Vision Source ...)
+ TODO: check
+CVE-2006-2286 (Multiple PHP remote file inclusion vulnerabilities in ...)
+ TODO: check
+CVE-2006-2285 (PHP remote file inclusion vulnerability in authldap.php in Dokeos ...)
+ TODO: check
+CVE-2006-2284 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 ...)
+ TODO: check
+CVE-2006-2283 (Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid ...)
+ TODO: check
+CVE-2006-2282 (Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier ...)
+ TODO: check
+CVE-2006-2281 (X-Scripts X-Poll 2.30 allows remote attackers to execute arbitrary PHP ...)
+ TODO: check
+CVE-2006-2280 (Directory traversal vulnerability in website.php in openEngine 1.8 ...)
+ TODO: check
+CVE-2006-2279 (Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote ...)
+ TODO: check
+CVE-2006-2278 (SaphpLesson 3.0 does not initialize array variables, which allows ...)
+ TODO: check
+CVE-2006-2277 (Multiple Apple Mac OS X 10.4 applications might allow ...)
+ TODO: check
+CVE-2006-2276 (bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to ...)
+ TODO: check
+CVE-2006-2275 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2006-2274 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2006-2273
+ RESERVED
+CVE-2006-2272 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2006-2271 (The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows ...)
+ TODO: check
+CVE-2005-4798 (Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to ...)
+ TODO: check
CVE-2006-2270 (PHP remote file inclusion vulnerability in includes/config.php in ...)
TODO: check
CVE-2006-2269 (Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 ...)
@@ -395,8 +451,8 @@
- rsync 2.6.8-1 (bug #365614; high)
[sarge] - rsync <not-affected> (xattr patch appeared in 2.6.7)
[woody] - rsync <not-affected> (xattr patch appeared in 2.6.7)
-CVE-2006-2082
- RESERVED
+CVE-2006-2082 (Directory traversal vulnerability in Quake 3 engine, as used in ...)
+ TODO: check
CVE-2006-2081 (Oracle Database Server 10g Release 2 allows local users to execute ...)
NOT-FOR-US: Oracle
CVE-2006-2080 (SQL injection vulnerability in portfolio_photo_popup.php in Verosky ...)
@@ -481,8 +537,8 @@
TODO: check
CVE-2006-2043 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local ...)
TODO: check
-CVE-2006-2042
- RESERVED
+CVE-2006-2042 (Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that ...)
+ TODO: check
CVE-2006-2041 (PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain ...)
TODO: check
CVE-2006-2040 (Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 ...)
@@ -714,7 +770,7 @@
NOT-FOR-US: SibSoft CommuniMail
CVE-2006-1943 (Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts ...)
NOT-FOR-US: Smarter Scripts IntelliLink Pro
-CVE-2006-1942 (Mozilla Firefox 1.5.0.2 allows user-complicit remote attackers to open ...)
+CVE-2006-1942 (Mozilla Firefox 1.5.0.2, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon ...)
TODO: check
NOTE: pkg-mozilla-maintainers are preparing a big security release, I've pinged them
NOTE: to ask about this issue
@@ -2608,8 +2664,8 @@
NOT-FOR-US: Microsoft
CVE-2006-1185 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through ...)
NOT-FOR-US: Microsoft
-CVE-2006-1184
- RESERVED
+CVE-2006-1184 (Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT ...)
+ TODO: check
CVE-2006-1183 (The Ubuntu 5.10 installer does not properly clear passwords from the ...)
- base-config <not-affected> (UBuntu specific)
- shadow <not-affected> (UBuntu specific)
@@ -3022,10 +3078,10 @@
- php5 <unfixed> (bug #361914)
CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions ...)
NOT-FOR-US: EMC Dantz Retrospect
-CVE-2006-0994
- RESERVED
-CVE-2006-0993
- RESERVED
+CVE-2006-0994 (Multiple Sophos Anti-Virus products, including Anti-Virus for Windows ...)
+ TODO: check
+CVE-2006-0993 (The web management interface in 3Com TippingPoint SMS Server before ...)
+ TODO: check
CVE-2006-0992 (Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 ...)
NOT-FOR-US: Novell GroupWise
CVE-2006-0991 (Buffer overflow in the NetBackup Sharepoint Services server daemon ...)
@@ -4004,8 +4060,8 @@
NOT-FOR-US: PluggedOut Blog
CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut ...)
NOT-FOR-US: PluggedOut Blog
-CVE-2006-0561
- RESERVED
+CVE-2006-0561 (Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS ...)
+ TODO: check
CVE-2006-0560
RESERVED
CVE-2006-0559 (Format string vulnerability in the SMTP server for McAfee WebShield ...)
@@ -6936,8 +6992,8 @@
CVE-2005-3962 (Integer overflow in the format string functionality (Perl_sv_vcatpvfn) ...)
{DSA-943-1}
- perl 5.8.7-9 (bug #341542; medium)
-CVE-2006-0034
- RESERVED
+CVE-2006-0034 (Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext ...)
+ TODO: check
CVE-2006-0033
RESERVED
CVE-2006-0032
@@ -6950,8 +7006,8 @@
NOT-FOR-US: Microsoft
CVE-2006-0028 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
NOT-FOR-US: Microsoft
-CVE-2006-0027
- RESERVED
+CVE-2006-0027 (Unspecified vulnerability in Microsoft Exchange allows remote ...)
+ TODO: check
CVE-2006-0026
RESERVED
CVE-2006-0025
@@ -11143,7 +11199,7 @@
- phpgroupware 0.9.16.008-1 (bug #323929; medium)
CVE-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial ...)
NOT-FOR-US: Hummingbird FTP for Connectivity
-CVE-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos (formerly ...)
+CVE-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos 1.6 and ...)
NOT-FOR-US: Dokeos
CVE-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its installation ...)
NOT-FOR-US: AOL Client
@@ -15556,7 +15612,7 @@
RESERVED
CVE-2005-1533
RESERVED
-CVE-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...)
+CVE-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly ...)
{DSA-781-1}
- mozilla-firefox 1.0.4
- mozilla 2:1.7.8
@@ -16669,13 +16725,13 @@
- lam <not-affected> (Mandrake specific packaging flaw)
CVE-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...)
NOT-FOR-US: phpbb mod
-CVE-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline (aka ...)
+CVE-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline 1.5.3 ...)
NOT-FOR-US: Claroline
CVE-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...)
NOT-FOR-US: Claroline
-CVE-2005-1375 (Multiple SQL injection vulnerabilities in Claroline (aka Dokeos) 1.5.3 ...)
+CVE-2005-1375 (Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 ...)
NOT-FOR-US: Claroline
-CVE-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline (aka ...)
+CVE-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 ...)
NOT-FOR-US: Claroline
CVE-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi ...)
NOT-FOR-US: Koobi CMS
More information about the Secure-testing-commits
mailing list