Author: stef-guest
Date: 2006-04-29 15:47:53 +0000 (Sat, 29 Apr 2006)
New Revision: 3893
Modified:
data/CVE/list
Log:
new beagle issue
new linux issue
some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-04-29 07:25:07 UTC (rev 3892)
+++ data/CVE/list 2006-04-29 15:47:53 UTC (rev 3893)
@@ -287,51 +287,51 @@
CVE-2006-1888 (phpGraphy 0.9.11 and earlier allows remote attackers to bypass
...)
TODO: check
CVE-2006-1887 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne
Security ...)
- TODO: check
+ NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2006-1886 (Unspecified vulnerability in the PeopleTools component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1885 (Multiple unspecified vulnerabilities in the Reporting Framework
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1884 (Unspecified vulnerability in the Oracle Thesaurus Management
System ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1883 (Unspecified vulnerability in the Oracle Application Object
Library ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1882 (Multiple unspecified vulnerabilities in Oracle E-Business Suite
and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1881 (Unspecified vulnerability in the Financials for Asia/Pacific
component ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1880 (Multiple unspecified vulnerabilities in Oracle E-Business Suite
and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1879 (Multiple unspecified vulnerabilities in the Email Server
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1878 (Cross-site scripting (XSS) vulnerability in index.php in
phpFaber ...)
- TODO: check
+ NOT-FOR-US: phpFaber TopSites
CVE-2006-1877 (Unspecified vulnerability in Oracle Database Server 8.1.7.4,
9.0.1.5, ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1876 (Unspecified vulnerability in Oracle Database Server 9.2.0.7 and
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1875 (Unspecified vulnerability in Oracle Database Server 9.0.1.5,
9.2.0.7, ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1874 (Unspecified vulnerability in Oracle Database Server 8.1.7.4,
9.0.1.5, ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1873 (Unspecified vulnerability in Oracle Database Server 9.2.0.7,
10.1.0.4, ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1872 (Unspecified vulnerability in Oracle Database Server 9.0.1.5 and
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1871 (SQL injection vulnerability in Oracle Database Server 9.2.0.7
and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1870 (Unspecified vulnerability in Oracle Database Server 8.1.7.4,
9.0.1.5, ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1869 (Unspecified vulnerability in Oracle Database Server 8.1.7.4 and
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1868 (Buffer overflow in the Advanced Replication component in Oracle
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1867 (Unspecified vulnerability in Oracle Database Server 9.2.0.6 has
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1866 (Multiple unspecified vulnerabilities in Oracle Database Server
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1865 (Beagle before 0.2.5 can produce certain insecure command lines
to ...)
- TODO: check
+ - beagle <unfixed> (bug filed; medium)
CVE-2006-1864
RESERVED
CVE-2006-1863 [Don't allow a backslash in a path component]
@@ -354,26 +354,26 @@
CVE-2006-1855
RESERVED
CVE-2006-1854 (Multiple cross-site scripting (XSS) vulnerabilities in BluePay
Manager ...)
- TODO: check
+ NOT-FOR-US: BluePay Manager
CVE-2006-1853 (Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and
earlier ...)
- TODO: check
+ NOT-FOR-US: ModernBill
CVE-2006-1852 (SQL injection vulnerability in category.php in Article
Publisher Pro ...)
- TODO: check
+ NOT-FOR-US: Article Publisher Pro
CVE-2006-1851 (xFlow 5.46.11 and earlier allows remote attackers to determine
the ...)
- TODO: check
+ NOT-FOR-US: xFlow
CVE-2006-1850 (Multiple cross-site scripting (XSS) vulnerabilities in xFlow
5.46.11 ...)
- TODO: check
+ NOT-FOR-US: xFlow
CVE-2006-1849 (Multiple SQL injection vulnerabilities in
members_only/index.cgi in ...)
- TODO: check
+ NOT-FOR-US: xFlow
CVE-2006-1848 (Multiple cross-site scripting (XSS) vulnerabilities in
stats_view.php ...)
- TODO: check
+ NOT-FOR-US: LinPHA
CVE-2006-1847 (SQL injection vulnerability in the Your_Account module in
PHP-Nuke 7.8 ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2006-1846 (Cross-site scripting (XSS) vulnerability in the Your_Account
module in ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2006-1845
REJECTED
- TODO: check
+ NOT-FOR-US: exchange (Duplicate of CVE-2006-0537)
CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2)
base-config ...)
NOTE: seems to be a duplicate of CVE-2006-1376
- shadow 1:4.0.14-9 (bug #358210; bug #356939)
@@ -3014,19 +3014,19 @@
CVE-2006-0740
RESERVED
CVE-2006-0739 (eStara SIP softphone allows remote attackers to cause a denial
of ...)
- TODO: check
+ NOT-FOR-US: eStara SIP softphone
CVE-2006-0738 (Multiple format string vulnerabilities in eStara SIP softphone
allow ...)
- TODO: check
+ NOT-FOR-US: eStara SIP softphone
CVE-2006-0737 (eStara SIP softphone allows remote attackers to cause a denial
of ...)
- TODO: check
+ NOT-FOR-US: eStara SIP softphone
CVE-2006-0736 (Stack-based buffer overflow in the pam_micasa PAM
authentication ...)
- TODO: check
+ NOT-FOR-US: pam_micasa / Novell
CVE-2005-4726 (MUTE 0.4 uses improper flood protection algorithms, which
allows ...)
- TODO: check
+ NOT-FOR-US: MUTE
CVE-2005-4725 (Geeklog before 1.3.11sr3 allows remote attackers to bypass
intended ...)
- TODO: check
+ NOT-FOR-US: Geeklog
CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3
allows ...)
- TODO: check
+ NOT-FOR-US: PhpTagCool
CVE-2006-XXXX [imagemagick: array index overflow in DisplayImageCommand]
- imagemagick 6:6.2.4.5-0.6 (bug #345595)
CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M.
Blom ...)
@@ -3443,9 +3443,9 @@
CVE-2006-0560
RESERVED
CVE-2006-0559 (Format string vulnerability in the SMTP server for McAfee
WebShield ...)
- TODO: check
+ NOT-FOR-US: McAfee WebShield
CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures
allows local ...)
- TODO: check
+ - linux-2.6 <unfixed> (bug filed; low)
CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier
does not ...)
- linux-2.6 <unfixed>
CVE-2006-0556
@@ -3691,15 +3691,15 @@
CVE-2005-4691 (imake in NetBSD before 2.0.3, NetBSD-current before 12
September 2005, ...)
NOT-FOR-US: NetBSD
CVE-2005-4690 (Six Apart Movable Type 3.16 allows local users with
blog-creation ...)
- TODO: check
+ NOT-FOR-US: Six Apart Movable Type
CVE-2005-4689 (Six Apart Movable Type 3.16 stores account names and password
hashes ...)
- TODO: check
+ NOT-FOR-US: Six Apart Movable Type
CVE-2005-4688 (PunBB 1.2.9 does not require password entry when changing the
e-mail ...)
- TODO: check
+ NOT-FOR-US: PunBB
CVE-2005-4687 (PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a
client's ...)
- TODO: check
+ NOT-FOR-US: PunBB
CVE-2005-4686 (PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes
...)
- TODO: check
+ NOT-FOR-US: PunBB
CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple
domains when ...)
TODO: check
CVE-2005-4684 (Konqueror can associate a cookie with multiple domains when the
DNS ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
