[Secure-testing-commits] r3655 - data/CVE

Joey Hess Tue, 21 Mar 2006 01:15:22 -0800

Author: joeyh
Date: 2006-03-21 09:14:27 +0000 (Tue, 21 Mar 2006)
New Revision: 3655


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-03-21 08:57:53 UTC (rev 3654)
+++ data/CVE/list       2006-03-21 09:14:27 UTC (rev 3655)
@@ -1,3 +1,83 @@
+CVE-2006-1341 (SQL injection vulnerability in events.php in Maian Events 1.0 
allows ...)
+       TODO: check
+CVE-2006-1340 (CuteNews 1.4.1 and possibly other versions allows remote 
attackers to ...)
+       TODO: check
+CVE-2006-1339 (Directory traversal vulnerability in inc/functions.inc.php in 
CuteNews ...)
+       TODO: check
+CVE-2006-1338 (Webmail in MailEnable Professional Edition before 1.73 and 
Enterprise ...)
+       TODO: check
+CVE-2006-1337 (Unspecified vulnerability in the POP service in MailEnable 
Standard ...)
+       TODO: check
+CVE-2006-1336 (Cross-site scripting vulnerability in calendar.php in 
ExtCalendar 1.0 ...)
+       TODO: check
+CVE-2006-1335 (gnome screensaver before 2.14, when running on an X server with 
...)
+       TODO: check
+CVE-2006-1334 (Multiple SQL injection vulnerabilities in Maian Weblog 2.0 
allow ...)
+       TODO: check
+CVE-2006-1333 (Multpile SQL injection vulnerabilities in BetaParticle Blog 6.0 
and ...)
+       TODO: check
+CVE-2006-1332 (Noah's Classifieds 1.3 and earlier allows remote attackers to 
obtain ...)
+       TODO: check
+CVE-2006-1331 (Multiple cross-site scripting (XSS) vulnerabilities in 
index.php in ...)
+       TODO: check
+CVE-2006-1330 (Multiple SQL injection vulnerabilities in phpWebsite allow 
remote ...)
+       TODO: check
+CVE-2006-1329 (The SASL negotiation in Jabber Studio jabberd before 2.0s11 
allows ...)
+       TODO: check
+CVE-2006-1328 (SQL injection vulnerability in count.php in Skull-Splitter PHP 
...)
+       TODO: check
+CVE-2006-1327 (SQL injection vulnerability in reg.php in SoftBB 0.1 allows 
remote ...)
+       TODO: check
+CVE-2006-1326 (Multiple cross-site scripting (XSS) vulnerabilities in Invision 
Power ...)
+       TODO: check
+CVE-2006-1325 (Cross-site scripting (XSS) vulnerability in Streber 0.055 
allows ...)
+       TODO: check
+CVE-2006-1324 (Cross-site scripting (XSS) vulnerability in 
acp/lib/class_db_mysql.php ...)
+       TODO: check
+CVE-2006-1323 (Directory traversal vulnerability in WinHKI 1.6 and earlier 
allows ...)
+       TODO: check
+CVE-2006-1322 (Novell Netware NWFTPD 5.06.05 allows remote attackers to cause 
a ...)
+       TODO: check
+CVE-2006-1318
+       RESERVED
+CVE-2006-1317
+       RESERVED
+CVE-2006-1316
+       RESERVED
+CVE-2006-1315
+       RESERVED
+CVE-2006-1314
+       RESERVED
+CVE-2006-1313
+       RESERVED
+CVE-2006-1312
+       RESERVED
+CVE-2006-1311
+       RESERVED
+CVE-2006-1310
+       RESERVED
+CVE-2006-1309
+       RESERVED
+CVE-2006-1308
+       RESERVED
+CVE-2006-1307
+       RESERVED
+CVE-2006-1306
+       RESERVED
+CVE-2006-1305
+       RESERVED
+CVE-2006-1304
+       RESERVED
+CVE-2006-1303
+       RESERVED
+CVE-2006-1302
+       RESERVED
+CVE-2006-1301
+       RESERVED
+CVE-2006-1300
+       RESERVED
+CVE-2006-1299
+       RESERVED
 CVE-2006-1298 (Format string vulnerability in the Job Engine service 
(bengine.exe) in ...)
        TODO: check
 CVE-2006-1297 (Unspecified vulnerability in Veritas Backup Exec for Windows 
Server ...)
@@ -534,8 +614,7 @@
 CVE-2006-1062 (Unspecified vulnerability in lurker.cgi for Lurker 2.0 and 
earlier ...)
        {DSA-999-1}
        - lurker 2.1-1
-CVE-2006-1061 [curl tftp buffer overflow]
-       RESERVED
+CVE-2006-1061 (Heap-based buffer overflow in cURL and libcURL 7.15.0 through 
7.15.2 ...)
        - curl 7.15.3-1 
        [woody] - curl <not-affected> (Vulnerable code not present)
        [sarge] - curl <not-affected> (Vulnerable code not present)
@@ -563,7 +642,7 @@
        TODO: check
 CVE-2005-4728 (Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on 
Debian ...)
        - amaya 9.4-1 (bug #341424)
-CVE-2006-1319 [runit local privilege escalation]
+CVE-2006-1319 (chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on 
little ...)
        - runit <unfixed> (bug #356016; medium)
        [sarge] - runit <not-affected>
 CVE-2006-1049 (Multiple SQL injection vulnerabilities in Joomla! 1.0.7 and 
earlier ...)
@@ -799,13 +878,13 @@
        TODO: check
 CVE-2006-0938 (Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 
and ...)
        TODO: check
-CVE-2006-1320 [minor bypass of rssh sanitising]
+CVE-2006-1320 (util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to 
make a ...)
        - rssh 2.3.0-1.1 (bug #346322; low)
        [sarge] - rssh <not-affected> (Problem has been introduced in 2.3.0)
 CVE-2006-XXXX [buffer overflow in netcat example]
        - netcat 1.10-31 (bug #352369; unimportant)
        NOTE: Only an example, not in the binary package
-CVE-2006-1321 [webcheck XSS]
+CVE-2006-1321 (Cross-site scripting (XSS) vulnerability in webcheck before 
1.9.6 ...)
        - webcheck 1.9.6
 CVE-2006-0937 (U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive 
...)
        TODO: check
@@ -1212,8 +1291,7 @@
        {DSA-1008-1}
        - kdegraphics 3.5.0-3
        NOTE: Only affected the 3.3.2 KDE backport
-CVE-2006-0745 [local root exploit in x.org]
-       RESERVED
+CVE-2006-0745 (X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and 
X11R7.0 ...)
        - xorg-x11 <unfixed>
        - xfree86 <not-affected>
 CVE-2006-0744
@@ -1728,7 +1806,7 @@
        NOT-FOR-US: CA Message Queuing
        NOTE: CA Message Queuing is embeded in a lot of products, but they all 
seem
        NOTE: to be commercial products (see list in referenced URL)
-CVE-2006-0528 (GNOME Evolution allows remote attackers to cause a denial of 
service ...)
+CVE-2006-0528 (The cairo library (libcairo), as used in GNOME Evolution and 
possibly ...)
        - evolution 2.2.3-4 (low)
        [sarge] - evolution <not-affected> (Vulnerability was apparantly 
introduced in 2.3.1)
        [woody] - evolution <not-affected> (Vulnerability was apparantly 
introduced in 2.3.1)
@@ -2067,6 +2145,7 @@
 CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, 
and 7.0 ...)
        NOT-FOR-US: BEA WebLogic
 CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-complicit 
...)
+       {DSA-1012-1}
        - unzip 5.52-7 (low; bug #349794)
 CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and 
5.1 ...)
        NOT-FOR-US: 123 Flash Chat Server
@@ -3651,9 +3730,11 @@
        - fetchmail 6.3.1-1 (bug #343836; bug #345944; low)
 CVE-2005-4418 [Default policy in util-vserver prior to 0.30.208 trusted 
unknown capabilities]
        RESERVED
+       {DSA-1011-1}
        - util-vserver 0.30.208-1
 CVE-2005-4347 [Improper barrier code allows for chroot escape]
        RESERVED
+       {DSA-1011-1}
        - util-vserver 0.30.208-1 (bug #329090; medium)
        - kernel-patch-vserver 2.3 (bug #329087; medium)
        NOTE: both util-vserver and the kernel-patch-vserver need to be 
upgraded to fix this vulnerability


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3655 - data/CVE

Reply via email to