Author: stef-guest Date: 2006-11-13 22:14:00 +0100 (Mon, 13 Nov 2006) New Revision: 4961 Modified: data/CVE/list Log: - postgresql DoSs CVEified - some freebsd issues - CVE-2006-5747/8: new mozilla* issues (high) Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-11-13 20:59:58 UTC (rev 4960) +++ data/CVE/list 2006-11-13 21:14:00 UTC (rev 4961) @@ -148,9 +148,21 @@ CVE-2006-5749 RESERVED CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in ...) - TODO: check + - firefox <unfixed> (high) + - thunderbird <removed> (medium) + - icedove <unfixed> (medium) + - mozilla <unfixed> (high) + - xulrunner <unfixed> (high) + - mozilla-firefox <removed> (high) + - mozilla-thunderbird <removed> (medium) CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...) - TODO: check + - firefox <unfixed> (high) + - thunderbird <removed> (medium) + - icedove <unfixed> (medium) + - mozilla <unfixed> (medium) + - xulrunner <unfixed> (high) + - mozilla-firefox <removed> (high) + - mozilla-thunderbird <removed> (medium) CVE-2006-5746 (The console in AirMagnet Enterprise does not properly validate the ...) NOT-FOR-US: AirMagnet CVE-2006-5745 (Unspecified vulnerability in the setRequestHeader method in the ...) @@ -287,7 +299,8 @@ CVE-2006-5680 RESERVED CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows ...) - TODO: check + - kfreebsd-5 <unfixed> + [etch] - kfreebsd-5 <no-dsa> (no security support for freebsd) CVE-2006-5678 (** DISPUTED ** ...) NOT-FOR-US: Les Visiteurs CVE-2006-5677 (resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and ...) @@ -543,7 +556,8 @@ CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow ...) NOT-FOR-US: QK SMTP CVE-2006-5550 (The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause ...) - TODO: check + - kfreebsd-5 <unfixed> + [etch] - kfreebsd-5 <no-dsa> (no security support for freebsd) CVE-2006-5549 (** DISPUTED ** ...) NOT-FOR-US: Adobe PHP SDK CVE-2006-5548 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...) @@ -559,11 +573,19 @@ CVE-2006-5543 (PHP remote file inclusion vulnerability in misc/function.php3 in PHP ...) NOT-FOR-US: PHP Generator of Object SQL Database CVE-2006-5542 (backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote ...) - TODO: check + - postgresql-8.1 8.1.5-1 (unimportant) + NOTE: All crashes can only be triggered by authenticated users, these are not + NOTE: treated as vulnerabilities. CVE-2006-5541 (backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, ...) - TODO: check + - postgresql-7.4 1:7.4.14-1 (unimportant) + - postgresql-8.1 8.1.5-1 (unimportant) + [sarge] - postgresql <unfixed> (unimportant) + NOTE: All crashes can only be triggered by authenticated users, these are not + NOTE: treated as vulnerabilities. CVE-2006-5540 (backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows ...) - TODO: check + - postgresql-8.1 8.1.5-1 (unimportant) + NOTE: All crashes can only be triggered by authenticated users, these are not + NOTE: treated as vulnerabilities. CVE-2006-5539 (PHP remote file inclusion vulnerability in login/secure.php in ...) NOT-FOR-US: UeberProject Management System CVE-2006-5538 (D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote ...) @@ -687,9 +709,11 @@ CVE-2006-5484 (SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 ...) NOT-FOR-US: SSH Tectia CVE-2006-5483 (p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified ...) - TODO: check + - kfreebsd-5 <unfixed> + [etch] - kfreebsd-5 <no-dsa> (no security support for freebsd) CVE-2006-5482 (ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified ...) - TODO: check + - kfreebsd-5 <unfixed> + [etch] - kfreebsd-5 <no-dsa> (no security support for freebsd) CVE-2006-5481 (Multiple PHP remote file inclusion vulnerabilities in Castor 1.1.1 ...) NOT-FOR-US: Castor CVE-2006-5480 (PHP remote file inclusion vulnerability in lib/rs.php in Castor 1.1.1 ...) @@ -738,12 +762,6 @@ RESERVED CVE-2006-XXXX [diffmon information leakage] - diffmon 20020222-2.2 (bug #382132) -CVE-2006-XXXX [postgres DoSs] - - postgresql-7.4 1:7.4.14-1 (unimportant) - - postgresql-8.1 8.1.5-1 (unimportant) - [sarge] - postgresql <unfixed> (unimportant) - NOTE: All crashes can only be triggered by authenticated users, these are not - NOTE: treated as vulnerabilities. CVE-2006-5460 (** DISPUTED ** ...) NOT-FOR-US: phpht Topsites CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...) @@ -2805,7 +2823,8 @@ CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a ...) NOT-FOR-US: Novell iManager CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local users to ...) - TODO: check + - kfreebsd-5 <unfixed> + [etch] - kfreebsd-5 <no-dsa> (no security support for freebsd) CVE-2006-4515 RESERVED CVE-2006-4514