Author: jmm-guest
Date: 2006-03-17 11:11:18 +0000 (Fri, 17 Mar 2006)
New Revision: 3637
Modified:
data/CVE/list
Log:
unimportant dropbear issue
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-17 11:03:23 UTC (rev 3636)
+++ data/CVE/list 2006-03-17 11:11:18 UTC (rev 3637)
@@ -82,39 +82,40 @@
NOT-FOR-US: Tivoli
CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure
3.0.236 ...)
NOT-FOR-US: Tivoli
-begin claimed by jmm
CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores
sensitive ...)
- TODO: check
+ NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Sergey Korostel PHP Upload Center
CVE-2006-1207 (PHP Upload Center stores password hashes under the web root
with ...)
- TODO: check
+ NOT-FOR-US: PHP Upload Center
CVE-2006-1206 (Matt Johnston Dropbear SSH server 0.47 and earlier, as used in
...)
- TODO: check
+ - dropbear <unfixed> (unimportant)
+ NOTE: By design to protect against DoSing the complete machine, future
versions
+ NOTE: will mitigate by introducing per-IP limits
CVE-2006-1205 (Multiple cross-site scripting (XSS) vulnerabilities in
myWebland ...)
- TODO: check
+ NOT-FOR-US: myBloggie
CVE-2006-1204 (Multiple cross-site scripting (XSS) vulnerabilities in txtForum
...)
- TODO: check
+ NOT-FOR-US: txtForum
CVE-2006-1203 (PHP remote file include vulnerability in common.php in txtForum
...)
- TODO: check
+ NOT-FOR-US: txtForum
CVE-2006-1202 (Multiple cross-site scripting (XSS) vulnerabilities in
textfileBB 1.0 ...)
- TODO: check
+ NOT-FOR-US: textfileBB
CVE-2006-1201 (Directory traversal vulnerability in resetpw.php in eschew.net
...)
- TODO: check
+ NOT-FOR-US: phpBannerExchange
CVE-2006-1200 (Direct static code injection vulnerability in add_link.txt in
daverave ...)
- TODO: check
+ NOT-FOR-US: daverave Link Bank
CVE-2006-1199 (Cross-site scripting (XSS) vulnerability in iframe.php in
daverave ...)
- TODO: check
+ NOT-FOR-US: daverave Link Bank
CVE-2006-1198 (Comvigo IM Lock 2006 uses a simple substitution cipher to
encrypt a ...)
- TODO: check
+ NOT-FOR-US: Comvigo IM Lock
CVE-2006-1197 (SafeDisc installs the driver service for the secdrv.sys driver
with ...)
- TODO: check
+ NOT-FOR-US: SafeDisc
CVE-2006-1196 (Multiple cross-site scripting (XSS) vulnerabilities in
QwikiWiki 1.5 ...)
- TODO: check
+ NOT-FOR-US: QwikiWiki
CVE-2006-1195 (The enet_protocol_handle_send_fragment function in protocol.c
for ENet ...)
- TODO: check
+ NOT-FOR-US: Enet lib (Cube, Sauerbraten)
CVE-2006-1194 (Integer signedness error in the
enet_protocol_handle_incoming_commands ...)
- TODO: check
+ NOT-FOR-US: Enet lib (Cube, Sauerbraten)
CVE-2006-1193
RESERVED
CVE-2006-1192
@@ -136,10 +137,10 @@
CVE-2006-1184
RESERVED
CVE-2006-1183 (The Ubuntu 5.10 installer does not properly clear passwords
from the ...)
- TODO: check
+ - base-config <not-affected> (UBuntu specific)
+ - shadow <not-affected> (UBuntu specific)
CVE-2006-1182 (Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and
Adobe ...)
- TODO: check
-end claimed by jmm
+ NOT-FOR-US: Adobe Graphics Server
CVE-2006-1181
RESERVED
CVE-2006-1180
@@ -170,6 +171,7 @@
RESERVED
CVE-2006-1167
RESERVED
+begin claimed by jmm
CVE-2006-1165 (Cross-site scripting (XSS) vulnerability in the mediamanager
module in ...)
TODO: check
CVE-2006-1164 (Nodez 4.6.1.1 and earlier stores sensitive data in the
list.gtdat file ...)
@@ -210,6 +212,7 @@
TODO: check
CVE-2006-1146 (Stack-based buffer overflow in the Cmd_Say_f function in
g_cmds.c in ...)
TODO: check
+end claimed by jmm
CVE-2006-1145 (Format string vulnerability in the safe_cprintf function in ...)
TODO: check
CVE-2006-1144 (Cross-site scripting (XSS) vulnerability in HitHost 1.0.0
allows ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
