[Secure-testing-commits] r4745 - data/CVE
Joey Hess
joeyh at costa.debian.org
Mon Sep 18 21:14:38 UTC 2006
Author: joeyh
Date: 2006-09-18 21:14:36 +0000 (Mon, 18 Sep 2006)
New Revision: 4745
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-18 20:51:00 UTC (rev 4744)
+++ data/CVE/list 2006-09-18 21:14:36 UTC (rev 4745)
@@ -1,3 +1,107 @@
+CVE-2006-4843
+ RESERVED
+CVE-2006-4842
+ RESERVED
+CVE-2006-4841
+ RESERVED
+CVE-2006-4840
+ RESERVED
+CVE-2006-4839
+ RESERVED
+CVE-2006-4838 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE ...)
+ TODO: check
+CVE-2006-4837 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE ...)
+ TODO: check
+CVE-2006-4836 (SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows ...)
+ TODO: check
+CVE-2006-4835 (Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote ...)
+ TODO: check
+CVE-2006-4834 (PHP remote file inclusion vulnerability in index.php in Jule Slootbeek ...)
+ TODO: check
+CVE-2006-4833 (Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx ...)
+ TODO: check
+CVE-2006-4832 (Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT ...)
+ TODO: check
+CVE-2006-4831 (Unspecified vulnerability in IP over DNS is now easy (iodine) before ...)
+ TODO: check
+CVE-2006-4830 (Directory traversal vulnerability in EditBlogTemplatesPlugin.java in ...)
+ TODO: check
+CVE-2006-4829 (Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki ...)
+ TODO: check
+CVE-2006-4828 (PHP remote file inclusion vulnerability in zipndownload.php in ...)
+ TODO: check
+CVE-2006-4827 (Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat ...)
+ TODO: check
+CVE-2006-4826 (PHP remote file inclusion vulnerability in bottom.php in Shadowed ...)
+ TODO: check
+CVE-2006-4825 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2006-4824 (PHP remote file inclusion vulnerability in lib/activeutil.php in ...)
+ TODO: check
+CVE-2006-4823 (PHP remote file inclusion vulnerability in scripts/news_page.php in ...)
+ TODO: check
+CVE-2006-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2006-4821 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview ...)
+ TODO: check
+CVE-2006-4820 (Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and ...)
+ TODO: check
+CVE-2006-4819
+ RESERVED
+CVE-2006-4818
+ RESERVED
+CVE-2006-4817
+ RESERVED
+CVE-2006-4816
+ RESERVED
+CVE-2006-4815
+ RESERVED
+CVE-2006-4814
+ RESERVED
+CVE-2006-4813
+ RESERVED
+CVE-2006-4812
+ RESERVED
+CVE-2006-4811
+ RESERVED
+CVE-2006-4810
+ RESERVED
+CVE-2006-4809
+ RESERVED
+CVE-2006-4808
+ RESERVED
+CVE-2006-4807
+ RESERVED
+CVE-2006-4806
+ RESERVED
+CVE-2006-4805
+ RESERVED
+CVE-2006-4804
+ RESERVED
+CVE-2006-4803 (The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager ...)
+ TODO: check
+CVE-2006-4802 (Format string vulnerability in the Real Time Virus Scan service in ...)
+ TODO: check
+CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and ...)
+ TODO: check
+CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before ...)
+ TODO: check
+CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow ...)
+ TODO: check
+CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string, which ...)
+ TODO: check
+CVE-2006-4797 (Cross-site scripting (XSS) vulnerability in tag.php in CloudNine ...)
+ TODO: check
+CVE-2006-4796 (Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums ...)
+ TODO: check
+CVE-2006-4795 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
+ TODO: check
+CVE-2006-4794 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 ...)
+ TODO: check
+CVE-2006-4793 (Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 ...)
+ TODO: check
+CVE-2004-2665 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
+ TODO: check
CVE-2006-XXXX [linux-ftpd allows chdir to disallowed directories]
- linux-ftpd 0.17-22 (low; bug #384454)
CVE-2006-XXXX [linux-ftpd does not check return code of setuid]
@@ -32,7 +136,7 @@
NOT-FOR-US: Vitrax Premodded phpBB
CVE-2006-4778 (SQL injection vulnerability in Creative Commons Tools ccHost before ...)
NOT-FOR-US: Creative Commons Tools ccHost
-CVE-2006-4777 (Heap-based buffer overflow in the DirectAnimation.PathControl COM ...)
+CVE-2006-4777 (Heap-based buffer overflow in the DirectAnimation Path Control ...)
NOT-FOR-US: DirectAnimation.PathControl
CVE-2006-4776 (Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature ...)
NOT-FOR-US: Cisco
@@ -115,7 +219,7 @@
NOT-FOR-US: Jetbox CMS
CVE-2006-4737 (SQL injection vulnerability in index.php in Jetbox CMS allows remote ...)
NOT-FOR-US: Jetbox CMS
-CVE-2006-4736 (Multiple SQL injection vulnerabilities in index.php in CMS.R. allow ...)
+CVE-2006-4736 (Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 ...)
NOT-FOR-US: CMS.R
CVE-2006-4735 (Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain ...)
- magpierss <unfixed> (unimportant)
@@ -130,7 +234,7 @@
TODO: check
CVE-2000-1241 (Unspecified vulnerability in Haakon Nilsen simple, integrated ...)
TODO: check
-CVE-2006-4731 (Directory traversal vulnerability in login.pl in (1) SQL-Ledger before ...)
+CVE-2006-4731 (Multiple directory traversal vulnerabilities in (1) login.pl and (2) ...)
- sql-ledger 2.6.19-1
CVE-2006-4730
RESERVED
@@ -468,44 +572,38 @@
RESERVED
CVE-2006-4572
RESERVED
-CVE-2006-4571
- RESERVED
+CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, ...)
NOTE: MFSA-2006-64
- mozilla <unfixed> (high)
- firefox 1.5.dfsg+1.5.0.7-1 (high)
- thunderbird 1.5.0.7-1 (high)
[sarge] - mozilla-firefox <unfixed> (high)
[sarge] - mozilla-thunderbird <unfixed> (high)
-CVE-2006-4570
- RESERVED
+CVE-2006-4570 (Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with ...)
NOTE: MFSA-2006-63
- thunderbird 1.5.0.7-1
- mozilla <unfixed>
-CVE-2006-4569 [firefox popup blocker xss]
- RESERVED
+CVE-2006-4569 (The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked ...)
NOTE: MFSA-2006-62
- firefox 1.5.dfsg+1.5.0.7-1 (low)
- xulrunner <unfixed> (low)
- thunderbird 1.5.0.7-1
[sarge] - mozilla-firefox <unfixed> (low)
-CVE-2006-4568
- RESERVED
+CVE-2006-4568 (Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows ...)
NOTE: MFSA-2006-61
- mozilla <unfixed> (low)
- firefox 1.5.dfsg+1.5.0.7-1 (low)
- xulrunner <unfixed> (low)
- thunderbird 1.5.0.7-1
[sarge] - mozilla-firefox <unfixed> (low)
-CVE-2006-4567 [Spoofing in internal auto update]
- RESERVED
+CVE-2006-4567 (Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it ...)
NOTE: MFSA-2006-58
- firefox 1.5.dfsg+1.5.0.7-1 (unimportant)
- thunderbird 1.5.0.7-1 (unimportant)
[sarge] - mozilla-firefox <unfixed> (unimportant)
[sarge] - mozilla-thunderbird <unfixed> (unimportant)
NOTE: The internal update mechanism is disabled in Debian
-CVE-2006-4566
- RESERVED
+CVE-2006-4566 (Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and ...)
NOTE: MFSA-2006-57
- mozilla <unfixed> (high)
- firefox 1.5.dfsg+1.5.0.7-1 (high)
@@ -513,8 +611,7 @@
- xulrunner <unfixed> (high)
[sarge] - mozilla-firefox <unfixed> (high)
[sarge] - mozilla-thunderbird <unfixed> (low)
-CVE-2006-4565
- RESERVED
+CVE-2006-4565 (Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, ...)
NOTE: MFSA-2006-57
- mozilla <unfixed> (high)
- firefox 1.5.dfsg+1.5.0.7-1 (high)
@@ -805,8 +902,8 @@
NOT-FOR-US: Solaris
CVE-2006-4438
RESERVED
-CVE-2006-4437
- RESERVED
+CVE-2006-4437 (Eval injection vulnerability in Tagger LE allows remote attackers to ...)
+ TODO: check
CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote ...)
NOT-FOR-US: Microsoft
CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla ...)
@@ -1017,8 +1114,7 @@
RESERVED
CVE-2006-4341
REJECTED
-CVE-2006-4340
- RESERVED
+CVE-2006-4340 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...)
NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339
- mozilla <unfixed> (high)
- firefox 1.5.dfsg+1.5.0.7-1 (high)
@@ -1216,7 +1312,7 @@
- imp4 4.1.3-1 (low; bug #383416)
CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 ...)
NOT-FOR-US: IBM AIX
-CVE-2006-4253 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a ...)
+CVE-2006-4253 (Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier ...)
NOTE: MFSA-2006-59
- xulrunner <unfixed> (high)
- firefox 1.5.dfsg+1.5.0.7-1 (high)
@@ -1241,7 +1337,7 @@
RESERVED
CVE-2006-4245
RESERVED
-CVE-2006-4244 (Unspecified vulnerability in unspecified versions of SQL-Ledger, ...)
+CVE-2006-4244 (SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that ...)
- sql-ledger 2.6.18-1 (medium; bug #386519)
CVE-2006-4243 [linux vserver priviledge escalation in remount code]
RESERVED
@@ -29865,7 +29961,7 @@
NOT-FOR-US: X-Cart 3.4.3
CVE-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 ...)
NOT-FOR-US: PhotoPost PHP Pro
-CVE-2004-0238 (Buffer overflow in (1) load_cfg and (2) save_cfg in Overkill 0.15pre3 ...)
+CVE-2004-0238 (Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow ...)
- overkill 0.16-7
CVE-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal ...)
NOT-FOR-US: Aprox PHP Portal
More information about the Secure-testing-commits
mailing list