[Secure-testing-commits] r3976 - data/CVE
Joey Hess
joeyh at costa.debian.org
Fri May 19 09:14:29 UTC 2006
Author: joeyh
Date: 2006-05-19 09:14:24 +0000 (Fri, 19 May 2006)
New Revision: 3976
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-05-19 06:27:25 UTC (rev 3975)
+++ data/CVE/list 2006-05-19 09:14:24 UTC (rev 3976)
@@ -1,3 +1,209 @@
+CVE-2006-2458 (Multiple heap-based buffer overflows in Libextractor 0.5.13 and ...)
+ TODO: check
+CVE-2006-2457
+ RESERVED
+CVE-2006-2456
+ RESERVED
+CVE-2006-2455
+ RESERVED
+CVE-2006-2454
+ RESERVED
+CVE-2006-2453
+ RESERVED
+CVE-2006-2452
+ RESERVED
+CVE-2006-2451
+ RESERVED
+CVE-2006-2450
+ RESERVED
+CVE-2006-2449
+ RESERVED
+CVE-2006-2448
+ RESERVED
+CVE-2006-2447
+ RESERVED
+CVE-2006-2446
+ RESERVED
+CVE-2006-2445
+ RESERVED
+CVE-2006-2444
+ RESERVED
+CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable permissions, which ...)
+ TODO: check
+CVE-2006-2439
+ RESERVED
+CVE-2006-2438 (Directory traversal vulnerability in the viewfile servlet in the ...)
+ TODO: check
+CVE-2006-2437 (The viewfile servlet in the documentation package (resin-doc) for ...)
+ TODO: check
+CVE-2006-2436 (WebSphere Application Server 5.0.2 (or any earlier cumulative fix) ...)
+ TODO: check
+CVE-2006-2435 (Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 ...)
+ TODO: check
+CVE-2006-2434 (Unspecified vulnerability in WebSphere 5.1.1 (or any earlier ...)
+ TODO: check
+CVE-2006-2433 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, ...)
+ TODO: check
+CVE-2006-2432 (IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) ...)
+ TODO: check
+CVE-2006-2431 (Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 ...)
+ TODO: check
+CVE-2006-2430 (IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, ...)
+ TODO: check
+CVE-2006-2429 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, ...)
+ TODO: check
+CVE-2006-2428 (add.asp in DUware DUbanner 3.1 allows remote attackers to execute ...)
+ TODO: check
+CVE-2006-2427 (freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h ...)
+ TODO: check
+CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 ...)
+ TODO: check
+CVE-2006-2425 (Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in ...)
+ TODO: check
+CVE-2006-2424 (PHP remote file inclusion vulnerability in ezUserManager 1.6 and ...)
+ TODO: check
+CVE-2006-2423 (Cross-site scripting (XSS) vulnerability in ftplogin/index.php in ...)
+ TODO: check
+CVE-2006-2422 (phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, ...)
+ TODO: check
+CVE-2006-2421 (Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows ...)
+ TODO: check
+CVE-2006-2420 (Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows ...)
+ TODO: check
+CVE-2006-2419 (Cross-site scripting (XSS) vulnerability in index.php in Directory ...)
+ TODO: check
+CVE-2006-2418 (Cross-site scripting (XSS) vulnerabilities in certain versions of ...)
+ TODO: check
+CVE-2006-2417 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before ...)
+ TODO: check
+CVE-2006-2416 (SQL injection vulnerability in class2.php in e107 0.7.2 and earlier ...)
+ TODO: check
+CVE-2006-2415 (Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 ...)
+ TODO: check
+CVE-2006-2414 (Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows ...)
+ TODO: check
+CVE-2006-2413 (GNUnet before SVN revision 2781 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2006-2412 (The raydium_network_read function in network.c in Raydium SVN revision ...)
+ TODO: check
+CVE-2006-2411 (Buffer overflow in raydium_network_read function in network.c in ...)
+ TODO: check
+CVE-2006-2410 (raydium_network_netcall_exec function in network.c in Raydium SVN ...)
+ TODO: check
+CVE-2006-2409 (Format string vulnerability in the raydium_console_line_add function ...)
+ TODO: check
+CVE-2006-2408 (Multiple buffer overflows in Raydium before SVN revision 310 allow ...)
+ TODO: check
+CVE-2006-2407 (Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX ...)
+ TODO: check
+CVE-2006-2406 (Directory traversal vulnerability in bb_lib/abbc.css.php in ...)
+ TODO: check
+CVE-2006-2405 (Directory traversal vulnerability in unb_lib/abbc.conf.php in ...)
+ TODO: check
+CVE-2006-2404 (Directory traversal vulnerability in popup.php in RadScripts RadLance ...)
+ TODO: check
+CVE-2006-2403 (Buffer overflow in FileZilla before 2.2.23 allows remote attackers to ...)
+ TODO: check
+CVE-2006-2402 (Buffer overflow in the changeRegistration function in servernet.cpp ...)
+ TODO: check
+CVE-2006-2401 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ...)
+ TODO: check
+CVE-2006-2400 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ...)
+ TODO: check
+CVE-2006-2399 (Stack-based buffer overflow in the ...)
+ TODO: check
+CVE-2006-2398 (Directory traversal vulnerability in index.php in GPhotos 1.5 and ...)
+ TODO: check
+CVE-2006-2397 (Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and ...)
+ TODO: check
+CVE-2006-2396 (Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote ...)
+ TODO: check
+CVE-2006-2395 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-2394 (Cross-site scripting (XSS) vulnerability in chat.php in PHP Live ...)
+ TODO: check
+CVE-2006-2393 (The client_cmd function in Empire 4.3.2 and earlier allows remote ...)
+ TODO: check
+CVE-2006-2392 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-2391 (Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote ...)
+ TODO: check
+CVE-2006-2390 (Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows ...)
+ TODO: check
+CVE-2006-2389
+ RESERVED
+CVE-2006-2388
+ RESERVED
+CVE-2006-2387
+ RESERVED
+CVE-2006-2386
+ RESERVED
+CVE-2006-2385
+ RESERVED
+CVE-2006-2384
+ RESERVED
+CVE-2006-2383
+ RESERVED
+CVE-2006-2382
+ RESERVED
+CVE-2006-2381
+ RESERVED
+CVE-2006-2380
+ RESERVED
+CVE-2006-2379
+ RESERVED
+CVE-2006-2378
+ RESERVED
+CVE-2006-2377
+ RESERVED
+CVE-2006-2376
+ RESERVED
+CVE-2006-2375
+ RESERVED
+CVE-2006-2374
+ RESERVED
+CVE-2006-2373
+ RESERVED
+CVE-2006-2372
+ RESERVED
+CVE-2006-2371
+ RESERVED
+CVE-2006-2370
+ RESERVED
+CVE-2006-2369 (RealVNC 4.1.1, and other products that use RealVNC such as AdderLink ...)
+ TODO: check
+CVE-2006-2368 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...)
+ TODO: check
+CVE-2006-2367 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...)
+ TODO: check
+CVE-2006-2366 (ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r ...)
+ TODO: check
+CVE-2006-2365 (Cross-site scripting (XSS) vulnerability in a_login.php in Vizra ...)
+ TODO: check
+CVE-2006-2364 (Cross-site scripting (XSS) vulnerability in the validation feature in ...)
+ TODO: check
+CVE-2006-2363 (SQL injection vulnerability in the weblinks option (weblinks.html.php) ...)
+ TODO: check
+CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software ...)
+ TODO: check
+CVE-2006-2361 (PHP remote file inclusion vulnerability in pafiledb_constants.php in ...)
+ TODO: check
+CVE-2006-2360 (SQL injection vulnerability in charts.php in the Chart mod for phpBB ...)
+ TODO: check
+CVE-2006-2359 (Cross-site scripting (XSS) vulnerability in charts.php in the Chart ...)
+ TODO: check
+CVE-2006-2192
+ RESERVED
+CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary files ...)
+ TODO: check
+CVE-2005-4802 (Flexbackup 1.2.1 and earlier allows local users to overwrite files and ...)
+ TODO: check
+CVE-2005-4801 (Multiple cross-site request forgery (CSRF) vulnerabilities in Yet ...)
+ TODO: check
+CVE-2005-4800 (Direct static code injection vulnerability in Yet Another PHP Image ...)
+ TODO: check
+CVE-2005-4799 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP ...)
+ TODO: check
CVE-2006-XXXX [vnc server authentication bypass]
- vnc4 4.1.1+X4.3.0-10 (high)
NOTE: mail to bugtraq implies 4.0 is not vulnerable
@@ -420,7 +626,7 @@
CVE-2006-2162 (Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before ...)
- nagios 2:1.4-1 (bug #366682; bug #366803; medium)
- nagios2 2.3-1 (bug #366683; medium)
-CVE-2006-2161 (Buffer overflow in TZipBuilder 1.79.03.01 allows remote attackers to ...)
+CVE-2006-2161 (Buffer overflow in (1) TZipBuilder 1.79.03.01 and (2) Abakt 0.9.2 and ...)
TODO: check
CVE-2006-2160 (Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp ...)
TODO: check
@@ -891,8 +1097,8 @@
NOT-FOR-US: RechnungsZentrale
CVE-2006-1954 (SQL injection vulnerability in authent.php4 in Nicolas Fischer (aka ...)
NOT-FOR-US: RechnungsZentrale
-CVE-2006-1953
- RESERVED
+CVE-2006-1953 (Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 ...)
+ TODO: check
CVE-2006-1952 (Directory traversal vulnerability in WinAgents TFTP Server for Windows ...)
NOT-FOR-US: WinAgents TFTP Server for Windows
CVE-2006-1951 (Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and ...)
@@ -1130,8 +1336,8 @@
RESERVED
CVE-2006-1856
RESERVED
-CVE-2006-1855
- RESERVED
+CVE-2006-1855 (choose_new_parent in Linux kernel before 2.6.11.12 includes certain ...)
+ TODO: check
CVE-2006-1854 (** DISPUTED ** ...)
NOT-FOR-US: BluePay Manager
CVE-2006-1853 (Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier ...)
@@ -2048,8 +2254,8 @@
NOTE: MFSA2006-20 says exploitability has not been confirmed.
NOTE: Thunderbird is potentially affected as well, but not in the
NOTE: default configuration.
-CVE-2006-1528
- RESERVED
+CVE-2006-1528 (Linux kernel before 2.6.13 allows local users to cause a denial of ...)
+ TODO: check
CVE-2006-1527 (The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote ...)
- linux-2.6 2.6.16-12 (low)
CVE-2006-1526 (Buffer overflow in the X render (Xrender) extension in X.org X server ...)
@@ -2670,7 +2876,7 @@
- sa-exim 4.2.1-1 (bug #345071; bug #356301)
CVE-2006-1250 (Unspecified vulnerability in the Webmail module in Winmail before 4.3 ...)
NOT-FOR-US: Winmail
-CVE-2006-1249 (** UNVERIFIABLE, PRERELEASE ** ...)
+CVE-2006-1249 (Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes ...)
NOT-FOR-US: Apple Quicktime
CVE-2006-1248 (Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and ...)
NOT-FOR-US: HP-UX
@@ -3840,7 +4046,7 @@
NOT-FOR-US: Geeklog
CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows ...)
NOT-FOR-US: PhpTagCool
-CVE-2006-2440 [imagemagick: array index overflow in DisplayImageCommand]
+CVE-2006-2440 (Heap-based buffer overflow in the libMagick componet of ImageMagick ...)
- imagemagick 6:6.2.4.5-0.6 (bug #345595)
CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom ...)
NOT-FOR-US: My Blog
@@ -4069,7 +4275,7 @@
CVE-2006-XXXX [dpkg-sig: insecure temp file bug]
- dpkg-sig 0.13 (bug #352723; low)
[sarge] - dpkg-sig <no-dsa> (Only affected in debug mode)
-CVE-2006-2441 [pioneers meta-server DoS]
+CVE-2006-2441 (Pioneers meta-server before 0.9.55, when the server-console is not ...)
- pioneers 0.9.55-1 (bug #351986; medium)
[sarge] - gnocatan <not-affected> (Not exploitable in Sarge per maintainer)
CVE-2006-0644 (Multiple directory traversal vulnerabilities in install.php in ...)
@@ -5248,7 +5454,7 @@
NOT-FOR-US: Illustrate dBpowerAMP Music Converter
CVE-2003-1290 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI ...)
NOT-FOR-US: BEA WebLogic Server
-CVE-2006-2443 [knowledgetree information disclosure]
+CVE-2006-2443 (The Debian package of knowledgetree 2.0.7 creates environment.php with ...)
- knowledgetree <unfixed> (bug #348306; medium)
CVE-2006-XXXX [php5 response splitting]
- php5 5.1.2-1 (bug #347894)
@@ -10314,7 +10520,8 @@
CVE-2005-2967 (Format string vulnerability in input_cdda.c in xine-lib 1-beta through ...)
{DSA-863-1}
- xine-lib 1.0.1-1.4 (bug #332919; bug #333682; medium)
-CVE-2005-2965 (graphviz before 2.2.1 allows local users to overwrite arbitrary files ...)
+CVE-2005-2965
+ REJECTED
{DSA-857-1}
- graphviz 2.2.1-1sarge1 (bug #336985; low)
CVE-2005-2964 (Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers ...)
@@ -10576,7 +10783,7 @@
NOT-FOR-US: Rediff BOL)
CVE-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server as an ...)
NOT-FOR-US: Free SMTP Server
-CVE-2005-2856 (Stack-based buffer overflow in WinACE UNACEV2.DLL third-party ...)
+CVE-2005-2856 (Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party ...)
NOT-FOR-US: ALZip
CVE-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard ...)
NOT-FOR-US: Unclassified Newsboard
More information about the Secure-testing-commits
mailing list