[Secure-testing-commits] r4099 - data/CVE

Joey Hess joeyh at costa.debian.org
Tue May 30 21:14:26 UTC 2006 

Author: joeyh
Date: 2006-05-30 21:14:23 +0000 (Tue, 30 May 2006)
New Revision: 4099

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-05-30 07:45:41 UTC (rev 4098)
+++ data/CVE/list	2006-05-30 21:14:23 UTC (rev 4099)
@@ -1,3 +1,79 @@
+CVE-2006-2643 (Cross-site scripting (XSS) vulnerability in index.php in Monster Top ...)
+	TODO: check
+CVE-2006-2642 (** UNVERIFIABLE ** ...)
+	TODO: check
+CVE-2006-2641 (** UNVERIFIABLE ** ...)
+	TODO: check
+CVE-2006-2640 (Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA ...)
+	TODO: check
+CVE-2006-2639 (Cross-site scripting (XSS) vulnerability in the input forms in ...)
+	TODO: check
+CVE-2006-2638 (SQL injection vulnerability in member.asp in qjForum allows remote ...)
+	TODO: check
+CVE-2006-2637 (Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) ...)
+	TODO: check
+CVE-2006-2636 (newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to ...)
+	TODO: check
+CVE-2006-2635 (Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka ...)
+	TODO: check
+CVE-2006-2634 (Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under ...)
+	TODO: check
+CVE-2006-2633 (Absolute path traversal vulnerability in the copy action in index.php ...)
+	TODO: check
+CVE-2006-2632 (Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard ...)
+	TODO: check
+CVE-2006-2631 (phpFoX allows remote authenticated users to modify arbitrary accounts ...)
+	TODO: check
+CVE-2006-2630 (Stack-based buffer overflow in Symantec Antivirus 10.1 and Client ...)
+	TODO: check
+CVE-2006-2629 (Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP ...)
+	TODO: check
+CVE-2006-2628
+	RESERVED
+CVE-2006-2627
+	RESERVED
+CVE-2006-2626
+	RESERVED
+CVE-2006-2625
+	RESERVED
+CVE-2006-2624
+	RESERVED
+CVE-2006-2623
+	RESERVED
+CVE-2006-2622
+	RESERVED
+CVE-2006-2621
+	RESERVED
+CVE-2006-2620
+	RESERVED
+CVE-2006-2619
+	RESERVED
+CVE-2006-2618 (Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host ...)
+	TODO: check
+CVE-2006-2617 ((1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost ...)
+	TODO: check
+CVE-2006-2616 (SQL injection vulnerability in the search script in (1) AlstraSoft Web ...)
+	TODO: check
+CVE-2006-2615 (ping.php in Russcom.Ping allows remote attackers to execute arbitrary ...)
+	TODO: check
+CVE-2006-2614 (Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 ...)
+	TODO: check
+CVE-2006-2613 (Mozilla Suite 1.7.13, Mozilla Firefox before 1.8.0, and Netscape 7.2 ...)
+	TODO: check
+CVE-2006-2612 (Novell Client for Windows 4.8 and 4.9 does not restrict access to the ...)
+	TODO: check
+CVE-2006-2611 (Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in ...)
+	TODO: check
+CVE-2006-2610 (Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 ...)
+	TODO: check
+CVE-2006-2609 (artmedic newsletter 4.1.2 and possibly other versions, when ...)
+	TODO: check
+CVE-2006-2608 (artmedic newsletter 4.1 and possibly other versions, when ...)
+	TODO: check
+CVE-2004-2660 (Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows ...)
+	TODO: check
+CVE-2003-1301 (Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x ...)
+	TODO: check
 CVE-2006-XXXX [mono xsp file disclosure]
 	- xsp 1.1.15-1 (medium)
 CVE-2006-2607 (do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return ...)
@@ -94,8 +170,8 @@
 	TODO: check
 CVE-2006-2564 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
 	TODO: check
-CVE-2006-2563
-	RESERVED
+CVE-2006-2563 (The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ...)
+	TODO: check
 CVE-2006-2562 (ZyXEL P-335WT router allows remote attackers to bypass access ...)
 	TODO: check
 CVE-2006-2561 (Edimax BR-6104K router allows remote attackers to bypass access ...)
@@ -339,8 +415,8 @@
 	RESERVED
 CVE-2006-2454
 	RESERVED
-CVE-2006-2453
-	RESERVED
+CVE-2006-2453 (Multiple unspecified format string vulnerabilities in Dia have ...)
+	TODO: check
 CVE-2006-2452
 	RESERVED
 CVE-2006-2451
@@ -426,7 +502,7 @@
 	NOT-FOR-US: Raydium
 CVE-2006-2410 (raydium_network_netcall_exec function in network.c in Raydium SVN ...)
 	NOT-FOR-US: Raydium
-CVE-2006-2409 (Format string vulnerability in the raydium_console_line_add function ...)
+CVE-2006-2409 (Format string vulnerability in the raydium_log function in console.c ...)
 	NOT-FOR-US: Raydium
 CVE-2006-2408 (Multiple buffer overflows in Raydium before SVN revision 310 allow ...)
 	NOT-FOR-US: Raydium
@@ -1537,7 +1613,7 @@
 	NOTE: the fix is definitely not in 1.8.2-7sarge2	
 	- ruby1.8 1.8.3
 	[sarge] - ruby1.8 <unfixed> (bug #365520)
-CVE-2006-1930 (Multiple SQL injection vulnerabilities in userscript.php in Green ...)
+CVE-2006-1930 (** DISPUTED ** ...)
 	NOT-FOR-US: Green Minute
 CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php in ...)
 	NOT-FOR-US: I-Rater Platinum
@@ -2276,7 +2352,7 @@
 	- linphone 1.3.5-1 (bug #361913)
 CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root when the ...)
 	- util-vserver 0.30.210-1 (bug #360438; unimportant)
-CVE-2006-1655 (Unspecified vulnerability in mpg123 0.59r allows user-complicit ...)
+CVE-2006-1655 (Multiple buffer overflows in mpg123 0.59r allow user-complicit ...)
 	{DSA-1074-1}
 	- mpg123 0.59r-22 (bug #361863; unknown)
 CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 ...)
@@ -3444,8 +3520,8 @@
 	RESERVED
 CVE-2006-1175
 	RESERVED
-CVE-2006-1174
-	RESERVED
+CVE-2006-1174 (useradd in shadow-utils before 4.0.3 does not provide a required ...)
+	TODO: check
 CVE-2006-1173
 	RESERVED
 CVE-2006-1172 (Stack-based buffer overflow in the createPKCS10 function in ...)
@@ -3708,7 +3784,7 @@
 CVE-2006-1055 (The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 ...)
 	- linux-2.6 2.6.16-6
 CVE-2006-1054
-	RESERVED
+	REJECTED
 CVE-2006-1053
 	RESERVED
 CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows ...)
@@ -20267,7 +20343,7 @@
 	NOT-FOR-US: Privateer's Bounty: Age of Sail II
 CVE-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a ...)
 	NOT-FOR-US: Tonecast
-CVE-2004-1617 (Lynx allows remote attackers to cause a denial of service (infinite ...)
+CVE-2004-1617 (Lynx and lynx-ssl allow remote attackers to cause a denial of service ...)
 	{DSA-1077-1 DSA-1076-1}
 	- lynx 2.8.5-2sarge2 (bug #296340; low)
 	- lynx-cur 2.8.6-6 (low)

More information about the Secure-testing-commits mailing list