thr3ads.net - Secure testing commits - [Secure-testing-commits] r5251

If this information is useful, please help other people find it:
Share via:
Alex de Oliveira Silva
2007-Jan-12 15:57 UTC
[Secure-testing-commits] r5251 - data/CVE

Author: enerv-guest
Date: 2007-01-12 15:57:35 +0100 (Fri, 12 Jan 2007)
New Revision: 5251

Modified:
   data/CVE/list
Log:
Added severity:
CVE-2006-0040 low
CVE-2006-5867 low
CVE-2006-6508 low
CVE-2006-6839 high
CVE-2006-6841 high
CVE-2006-6858 medium
CVE-2006-6870 low

Changed severity:
CVE-2006-6421 to medium
CVE-2006-6799 to high



Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-01-12 14:22:11 UTC (rev 5250)
+++ data/CVE/list	2007-01-12 14:57:35 UTC (rev 5251)
@@ -447,7 +447,7 @@
 CVE-2006-XXXX [ssmtp password leak]
 	- ssmtp 2.61-10.1 (bug #369542; low)
 CVE-2006-6870 (The consume_labels function in avahi-core/dns.c in Avahi before
0.6.16 ...)
-	- avahi 0.6.16-1
+	- avahi 0.6.16-1 (low)
 CVE-2007-XXXX [CenterICQ buffer overflow]
 	- centericq 4.21.0-17
 	NOTE:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051663.html
@@ -534,7 +534,7 @@
 CVE-2007-0016 (Stack-based buffer overflow in MoviePlay 4.76 allows remote
attackers ...)
 	NOT-FOR-US: MoviePlay
 CVE-2006-6858 (Miredo 0.9.8 through 1.0.5 does not properly authenticate a
Teredo ...)
-	- miredo 1.0.4-2 (bug #405412; bug #405111)
+	- miredo 1.0.4-2 (bug #405412; bug #405111; medium)
 CVE-2006-6857 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Docebo LMS
 CVE-2006-6856 (Direct static code injection vulnerability in WebText CMS
0.4.5.2 and ...)
@@ -568,11 +568,11 @@
 CVE-2006-6842 (SQL injection vulnerability in admin/admin_acronyms.php in the
Acronym ...)
 	NOT-FOR-US: Acronym Mod for phpBB2
 CVE-2006-6841 (Certain forms in phpBB before 2.0.22 lack session checks, which
has ...)
-	- phpbb2 <unfixed> (bug #405980)
+	- phpbb2 <unfixed> (bug #405980; high)
 CVE-2006-6840 (Unspecified vulnerability in phpBB before 2.0.22 has unknown
impact ...)
-	- phpbb2 <unfixed> (bug #405980)
+	- phpbb2 <unfixed> (bug #405980; high)
 CVE-2006-6839 (Unspecified vulnerability in phpBB before 2.0.22 has unknown
impact ...)
-	- phpbb2 <unfixed> (bug #405980)
+	- phpbb2 <unfixed> (bug #405980; high)
 CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote
attackers to ...)
 	NOT-FOR-US: Rediff Bol Downloader ActiveX (OCX) control
 CVE-2006-6837 (Multiple stack-based buffer overflows in the (1) LoadTree, (2)
...)
@@ -667,7 +667,7 @@
 CVE-2006-6800 (PHP remote file inclusion in eventcal/mod_eventcal.php in the
event ...)
 	NOT-FOR-US: Limbo CMS
 CVE-2006-6799 (SQL injection vulnerability in Cacti 0.8.6i and earlier, when
...)
-	- cacti <unfixed> (bug #404818; medium)
+	- cacti <unfixed> (bug #404818; high)
 CVE-2006-6798
 	RESERVED
 CVE-2006-6797 (The Client Server Run-Time Subsystem (CSRSS) in Microsoft
Windows ...)
@@ -1349,7 +1349,7 @@
 CVE-2006-6509 (Cross-site scripting (XSS) vulnerability in the skinning feature
in ...)
 	NOT-FOR-US: SiteKiosk
 CVE-2006-6508 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21
allows ...)
-	- phpbb2 <unfixed> (bug #402140)
+	- phpbb2 <unfixed> (bug #402140; low)
 CVE-2006-6507 (Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to
bypass ...)
 	NOTE: MFSA-2006-76
 	- iceweasel 2.0.0.1+dfsg-1 (high)
@@ -1600,7 +1600,7 @@
 CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly
handle ...)
 	NOT-FOR-US: AgileBill AgileVoice
 CVE-2006-6421 (Cross-site scripting (XSS) vulnerability in the private message
box ...)
-	- phpbb2 <unfixed> (low)
+	- phpbb2 <unfixed> (medium)
 	[sarge] - phpbb2 <not-affected>
 CVE-2006-6420 (Multiple cross-site scripting (XSS) vulnerabilities in jce.php
in the ...)
 	NOT-FOR-US: Joomla Content Editor (JCE)
@@ -2794,7 +2794,7 @@
 	{DSA-1213}
 	- imagemagick 7:6.2.4.5.dfsg1-0.11
 CVE-2006-5867 (fetchmail before 6.3.6-rc4 does not properly enforce TLS and may
transmit ...)
-	- fetchmail 6.3.6~rc5-1
+	- fetchmail 6.3.6~rc5-1 (low)
 CVE-2006-5866 (Directory traversal vulnerability in Mdoc/view-sourcecode.php
for ...)
 	NOT-FOR-US: phpManta
 CVE-2006-5865 (PHP remote file inclusion vulnerability in language.inc.php for
Script ...)
@@ -16904,7 +16904,7 @@
 CVE-2006-0041
 	RESERVED
 CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to
cause a ...)
-	- evolution <unfixed> (bug #398064)
+	- evolution <unfixed> (bug #398064; low)
 	[sarge] - evolution <not-affected> (Not reproducable on Sarge)
 CVE-2006-0039 (Race condition in the do_add_counters function in netfilter for
Linux ...)
 	{DSA-1103 DSA-1097-1}
Secure testing commits - Jan 2007 - r5251 - data/CVE

[Secure-testing-commits] r5251 - data/CVE
