Author: joeyh
Date: 2006-08-07 21:14:31 +0000 (Mon, 07 Aug 2006)
New Revision: 4519
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-08-07 19:12:16 UTC (rev 4518)
+++ data/CVE/list 2006-08-07 21:14:31 UTC (rev 4519)
@@ -1,3 +1,97 @@
+CVE-2006-4017 (Cross-site scripting (XSS) vulnerability in the search module
in Inter ...)
+ TODO: check
+CVE-2006-4016 (Cross-site scripting (XSS) vulnerability in /toendaCMS in
toendaCMS ...)
+ TODO: check
+CVE-2006-4015 (Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl
switches with ...)
+ TODO: check
+CVE-2006-4014 (Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the
Control ...)
+ TODO: check
+CVE-2006-4013 (Multiple directory traversal vulnerabilities in Symantec
Brightmail ...)
+ TODO: check
+CVE-2006-4012 (Multiple PHP remote file inclusion vulnerabilities in circeOS
SaveWeb ...)
+ TODO: check
+CVE-2006-4011 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4010 (SQL injection vulnerability in war.php in Virtual War (Vwar)
1.5.0 and ...)
+ TODO: check
+CVE-2006-4009 (Cross-site scripting (XSS) vulnerability in war.php in Virtual
War ...)
+ TODO: check
+CVE-2006-4008 (PHP remote file inclusion vulnerability in index.php in
Knusperleicht ...)
+ TODO: check
+CVE-2006-4007 (PHP remote file inclusion vulnerability in index.php in
Knusperleicht ...)
+ TODO: check
+CVE-2006-4006 (The do_gameinfo functionin BomberClone 0.11.6 and earlier, and
...)
+ TODO: check
+CVE-2006-4005 (BomberClone 0.11.6 and earlier allows remote attackers to cause
a ...)
+ TODO: check
+CVE-2006-4004 (Directory traversal vulnerability in index.php in vbPortal
3.0.2 ...)
+ TODO: check
+CVE-2006-4003 (The config method in Henrik Storner Hobbit monitor before
4.1.2p2 ...)
+ TODO: check
+CVE-2006-4002 (Cross-site scripting (XSS) vulnerability in user.module in
Drupal 4.6 ...)
+ TODO: check
+CVE-2006-4001 (Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through
...)
+ TODO: check
+CVE-2006-4000 (Directory traversal vulnerability in cgi-bin/preview_email.cgi
in ...)
+ TODO: check
+CVE-2006-3999 (ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly
earlier ...)
+ TODO: check
+CVE-2006-3998 (PHP remote file inclusion vulnerability in conf.php in
WoWRoster (aka ...)
+ TODO: check
+CVE-2006-3997 (PHP remote file inclusion vulnerability in hsList.php in
WoWRoster ...)
+ TODO: check
+CVE-2006-3996 (SQL injection vulnerability in links/index.php in ATutor
1.5.3.1 and ...)
+ TODO: check
+CVE-2006-3995 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
+ TODO: check
+CVE-2006-3994 (SQL injection vulnerability in the u2u_send_recp function in
...)
+ TODO: check
+CVE-2006-3993 (PHP remote file inclusion vulnerability in copyright.php in
Olaf ...)
+ TODO: check
+CVE-2006-3992 (Unspecified vulnerability in the Centrino (1) w22n50.sys, (2)
...)
+ TODO: check
+CVE-2006-3991 (PHP remote file inclusion vulnerability in index.php in Vlad
Vostrykh ...)
+ TODO: check
+CVE-2006-3990 (Multiple PHP remote file inclusion vulnerabilities in Paul M.
Jones ...)
+ TODO: check
+CVE-2006-3989 (PHP remote file inclusion vulnerability in index.php in
Knusperleicht ...)
+ TODO: check
+CVE-2006-3988 (PHP remote file inclusion vulnerability in index.php in
Knusperleicht ...)
+ TODO: check
+CVE-2006-3987 (Multiple PHP remote file inclusion vulnerabilities in index.php
in ...)
+ TODO: check
+CVE-2006-3986 (PHP remote file inclusion vulnerability in index.php in
Knusperleicht ...)
+ TODO: check
+CVE-2006-3985 (Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware
...)
+ TODO: check
+CVE-2006-3984 (PHP remote file inclusion vulnerability in
phpAdsNew/view.inc.php in ...)
+ TODO: check
+CVE-2006-3983 (PHP remote file inclusion vulnerability in editprofile.php in
...)
+ TODO: check
+CVE-2006-3982 (PHP remote file inclusion vulnerability in quickie.php in ...)
+ TODO: check
+CVE-2006-3981 (PHP remote file inclusion vulnerability in about.mgm.php in
Mambo ...)
+ TODO: check
+CVE-2006-3980 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-3979
+ RESERVED
+CVE-2006-3978
+ RESERVED
+CVE-2006-3977 (Unspecified vulnerability in CA eTrust Antivirus WebScan before
...)
+ TODO: check
+CVE-2006-3976 (Unspecified vulnerability in CA eTrust Antivirus WebScan before
...)
+ TODO: check
+CVE-2006-3975 (Unspecified vulnerability in CA eTrust Antivirus WebScan allows
remote ...)
+ TODO: check
+CVE-2006-3974
+ RESERVED
+CVE-2006-3973
+ RESERVED
+CVE-2006-3972 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2006-XXXX [unspecified security issues in steam]
- steam 2.2.16-1
CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by utf8]
@@ -22,9 +116,9 @@
NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3962 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: com_bayesiannaivefilter for mambo
-CVE-2006-3961 (Unspecified vulnerability in McAfee Internet Security Suite
2006, ...)
+CVE-2006-3961 (Unspecified vulnerability in McAfee Security Center 6.0.23 for
...)
NOT-FOR-US: McAfee
-CVE-2006-3960 (SQL injection vulnerability in top.php in X-Scripts X-Poll 1.10
allows ...)
+CVE-2006-3960 (SQL injection vulnerability in top.php in X-Scripts X-Poll,
probably ...)
NOT-FOR-US: X-Scripts X-Poll
CVE-2006-3959 (SQL injection vulnerability in protect.php in X-Scripts
X-Protection ...)
NOT-FOR-US: X-Scripts X-Protection
@@ -255,7 +349,7 @@
NOT-FOR-US: Warzone
CVE-2006-3848 (Cross-site scripting (XSS) vulnerability in CGI wrapper for IP
...)
NOT-FOR-US: ipcalc <unfixed> (bug #381469; low)
-CVE-2006-3847 (PHP remote file inclusion vulnerability in ...)
+CVE-2006-3847 (PHP remote file inclusion vulnerability in (1) admin.php, and
possibly ...)
NOT-FOR-US: MoSpray
CVE-2006-3846 (PHP remote file inclusion vulnerability in
extadminmenus.class.php in ...)
NOT-FOR-US: MultiBanners
@@ -542,7 +636,7 @@
{DSA-1132-1 DSA-1131-1}
- apache <unfixed> (medium; bug #380231)
- apache2 2.0.55-4.1 (medium; bug #380182)
-CVE-2006-3746 (Buffer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows
remote ...)
+CVE-2006-3746 (Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows
remote ...)
{DSA-1141-1 DSA-1140-1}
- gnupg 1.4.5-1 (medium)
- gnupg2 1.9.20-2 (medium)
@@ -791,8 +885,8 @@
RESERVED
CVE-2006-3635
RESERVED
-CVE-2006-3634
- RESERVED
+CVE-2006-3634 (The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic
...)
+ TODO: check
CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users
to ...)
TODO: check
CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0
...)
@@ -1069,28 +1163,28 @@
RESERVED
CVE-2006-3506
RESERVED
-CVE-2006-3505
- RESERVED
-CVE-2006-3504
- RESERVED
-CVE-2006-3503
- RESERVED
-CVE-2006-3502
- RESERVED
-CVE-2006-3501
- RESERVED
-CVE-2006-3500
- RESERVED
-CVE-2006-3499
- RESERVED
-CVE-2006-3498
- RESERVED
-CVE-2006-3497
- RESERVED
-CVE-2006-3496
- RESERVED
-CVE-2006-3495
- RESERVED
+CVE-2006-3505 (WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote
attackers to ...)
+ TODO: check
+CVE-2006-3504 (The Download Validation in LaunchServices for Apple Mac OS X
10.4.7 ...)
+ TODO: check
+CVE-2006-3503 (Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows ...)
+ TODO: check
+CVE-2006-3502 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7
allows ...)
+ TODO: check
+CVE-2006-3501 (Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows
...)
+ TODO: check
+CVE-2006-3500 (The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local
users ...)
+ TODO: check
+CVE-2006-3499 (The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local
users ...)
+ TODO: check
+CVE-2006-3498 (Stack-based buffer overflow in bootpd in the DHCP component for
Apple ...)
+ TODO: check
+CVE-2006-3497 (Unspecified vulnerability in the "compression state
handling" in Bom ...)
+ TODO: check
+CVE-2006-3496 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote
attackers ...)
+ TODO: check
+CVE-2006-3495 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect
keys ...)
+ TODO: check
CVE-2006-3494 (Multiple cross-site scripting (XSS) vulnerabilities in Buddy
Zone ...)
NOT-FOR-US: Buddy Zone
CVE-2006-3493 (Buffer overflow in LsCreateLine function (mso_203) in mso.dll
and ...)
@@ -1149,32 +1243,25 @@
- freetype 2.2.1-1 (bug #379920; medium)
CVE-2006-3466
REJECTED
-CVE-2006-3465 [libtiff: flaw in custom tag support]
- RESERVED
+CVE-2006-3465 (Unspecified vulnerability in the custom tag support for the
TIFF ...)
{DSA-1137-1}
- tiff 3.8.2-6
-CVE-2006-3464 [libtiff: insufficient range checking]
- RESERVED
+CVE-2006-3464 (Multiple unspecified vulnerabilities in the TIFF library
(libtiff) ...)
{DSA-1137-1}
- tiff 3.8.2-6
-CVE-2006-3463 [libtiff: infinite loop was discovered in
EstimateStripByteCounts()]
- RESERVED
+CVE-2006-3463 (The TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned
short ...)
{DSA-1137-1}
- tiff 3.8.2-6
-CVE-2006-3462 [libtiff: NeXT RLE decoder heap overflow]
- RESERVED
+CVE-2006-3462 (Heap-based buffer overflow in the NeXT RLE decoder in the TIFF
library ...)
{DSA-1137-1}
- tiff 3.8.2-6
-CVE-2006-3461 [libtiff: heap overflow exists in the PixarLog decoder]
- RESERVED
+CVE-2006-3461 (Heap-based buffer overflow in the PixarLog decoder in the TIFF
library ...)
{DSA-1137-1}
- tiff 3.8.2-6
-CVE-2006-3460 [libtiff: heap overflow vulnerability was discovered in the jpeg
decoder]
- RESERVED
+CVE-2006-3460 (Heap-based buffer overflow in the TIFF library (libtiff) before
3.8.2 ...)
{DSA-1137-1}
- tiff 3.8.2-6
-CVE-2006-3459 [libtiff: stack buffer overflow via TIFFFetchShortPair()]
- RESERVED
+CVE-2006-3459 (Multiple stack-based buffer overflows in the TIFF library
(libtiff) ...)
{DSA-1137-1}
- tiff 3.8.2-6
CVE-2006-3486 (** DISPUTED ** ...)
@@ -1182,8 +1269,8 @@
[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable code not present)
[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
NOTE: Only DoS possible, only root can trigger this -> non-issue
-CVE-2006-3457
- RESERVED
+CVE-2006-3457 (Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and
the ...)
+ TODO: check
CVE-2006-3456
RESERVED
CVE-2006-3455
@@ -1876,8 +1963,7 @@
RESERVED
CVE-2006-3124
RESERVED
-CVE-2006-3123 [cfs integer overflow]
- RESERVED
+CVE-2006-3123 (Multiple integer overflows in the (1) dodecrypt and (2)
doencrypt ...)
{DSA-1138-1}
- cfs 1.4.1-17
CVE-2006-3122
@@ -5918,10 +6004,10 @@
NOT-FOR-US: Windows Firewall
CVE-2006-1474 (Cross-site scripting (XSS) vulnerability in the
"failed" functionality ...)
NOT-FOR-US: Raindance Web Conferencing Pro
-CVE-2006-1473
- RESERVED
-CVE-2006-1472
- RESERVED
+CVE-2006-1473 (Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and
10.4.7 ...)
+ TODO: check
+CVE-2006-1472 (Unspecified vulnerability in AFP Server in Apple Mac OS X
10.3.9 ...)
+ TODO: check
CVE-2006-1471 (Format string vulnerability in the CF_syslog function launchd
in Apple ...)
NOT-FOR-US: Apple
CVE-2006-1470 (OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote
attackers ...)
@@ -8481,14 +8567,14 @@
NOT-FOR-US: Apple
CVE-2006-0396 (Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5,
when ...)
NOT-FOR-US: Apple
-CVE-2006-0395
- RESERVED
+CVE-2006-0395 (The Download Validation in Mail in Mac OS X 10.4 does not
properly ...)
+ TODO: check
CVE-2006-0394
REJECTED
-CVE-2006-0393
- RESERVED
-CVE-2006-0392
- RESERVED
+CVE-2006-0393 (OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2006-0392 (Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted
...)
+ TODO: check
CVE-2006-0391 (Directory traversal vulnerability in the BOM framework in Mac
OS X ...)
NOT-FOR-US: Apple
CVE-2006-0390
@@ -14607,8 +14693,8 @@
RESERVED
CVE-2005-2739 (Keychain Access in Mac OS X 10.4.2 and earlier keeps a password
...)
NOT-FOR-US: Mac OS X
-CVE-2005-2738
- RESERVED
+CVE-2005-2738 (Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not
prevent multiple ...)
+ TODO: check
CVE-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro
5.1 ...)
NOT-FOR-US: PhotoPost
CVE-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and
earlier ...)
@@ -15530,14 +15616,14 @@
CVE-2005-2531 (OpenVPN before 2.0.1, when running with "verb 0" and
without TLS ...)
{DSA-851-1}
- openvpn 2.0.2-1 (bug #324167; high)
-CVE-2005-2530
- RESERVED
-CVE-2005-2529
- RESERVED
+CVE-2005-2530 (Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on
Apple Mac OS X ...)
+ TODO: check
+CVE-2005-2529 (Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2
on Apple Mac ...)
+ TODO: check
CVE-2005-2528
RESERVED
-CVE-2005-2527
- RESERVED
+CVE-2005-2527 (Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple
Mac OS X ...)
+ TODO: check
CVE-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to
cause a ...)
NOT-FOR-US: MacOS X
CVE-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file
...)
@@ -17017,8 +17103,8 @@
NOT-FOR-US: Apple Airport
CVE-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote
attackers ...)
NOT-FOR-US: Apple Darwin Streaming Server
-CVE-2005-2194
- RESERVED
+CVE-2005-2194 (Unspecified vulnerability in the Apple Mac OS X kernel before
10.4.2 ...)
+ TODO: check
CVE-2005-2193 (SQL injection vulnerability in the user profile edit module in
...)
NOT-FOR-US: PunBB
CVE-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in
config/password.txt with ...)
@@ -19102,8 +19188,8 @@
NOT-FOR-US: Apple
CVE-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...)
NOT-FOR-US: Apple
-CVE-2005-1726
- RESERVED
+CVE-2005-1726 (The CoreGraphics Window Server in Mac OS X 10.4.1 allows local
users ...)
+ TODO: check
CVE-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local
users ...)
NOT-FOR-US: Apple
CVE-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly
obey the ...)
@@ -21739,8 +21825,8 @@
NOT-FOR-US: IRC Services NickServ
CVE-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server
6.5.1, ...)
NOT-FOR-US: Lotus Domino
-CVE-2005-0985
- RESERVED
+CVE-2005-0985 (Unspecified vulnerability in the Mac OS X kernel before 10.3.8
allows ...)
+ TODO: check
CVE-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi
Knight: ...)
NOT-FOR-US: Star Wars game
CVE-2005-0983 (Quake 3 engine, as used in multiple games, allows remote
attackers to ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
