Author: stef-guest Date: 2006-10-30 21:40:56 +0100 (Mon, 30 Oct 2006) New Revision: 4899 Modified: data/CVE/list Log: - CVE-2006-5601/2: new xsupplicant remote code execution issue - CVE-2006-4513: new wvware issue - marking CVE-2003-1307 as unimportant - new wireshark issues: CVE-2006-5740, -5468, -5469, -4805, -4574 Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-10-30 17:05:21 UTC (rev 4898) +++ data/CVE/list 2006-10-30 20:40:56 UTC (rev 4899) @@ -1,3 +1,9 @@ +CVE-2006-5740 [wireshark LDAP dissector issue] + - wireshark <unfixed> (bug filed; medium) +CVE-2006-5602 [Xsupplicant "eap_do_notify()" Buffer Overflow Vulnerability] + - xsupplicant <unfixed> (bug #396204; medium) +CVE-2006-5601 [Xsupplicant "eap_do_notify()" Buffer Overflow Vulnerability] + - xsupplicant <unfixed> (bug #396204; medium) CVE-2006-XXXX [several possible mysql 5.0 local DoS vulnerabilities] - mysql-dfsg-5.0 5.0.26-1 (low) CVE-2006-5512 (Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen ...) @@ -86,10 +92,12 @@ NOT-FOR-US: Softerra PHP Developer Library CVE-2006-5470 RESERVED -CVE-2006-5469 +CVE-2006-5469 [Wireshark WBXML dissector issue] RESERVED -CVE-2006-5468 + - wireshark <unfixed> (bug filed; medium) +CVE-2006-5468 [Wireshark HTTP dissector issue] RESERVED + - wireshark <unfixed> (bug filed; medium) CVE-2006-5467 RESERVED CVE-2006-5466 @@ -276,8 +284,10 @@ NOTE: why you have lost as soon as an attacker can execute arbitrary NOTE: php scripts. NOTE: http://www.securityfocus.com/bid/9302 - - apache <unfixed> - - apache2 <unfixed> + NOTE: Probably an unfixable design flaw. But if you can execute a malicious + NOTE: program, you can do $BADSTUFF anyway. + - apache <unfixed> (unimportant) + - apache2 <unfixed> (unimportant) CVE-2006-XXXX [unspecified steam cache vulnerability] - steam 2.2.31-1 [sarge] - steam <not-affected> (Sarge version doesn''t implement caching) @@ -1488,8 +1498,9 @@ RESERVED CVE-2006-4806 RESERVED -CVE-2006-4805 +CVE-2006-4805 [wireshark XOT dissector issue] RESERVED + - wireshark <unfixed> (bug filed; medium) CVE-2006-4804 RESERVED CVE-2006-4803 (The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager ...) @@ -1989,8 +2000,9 @@ RESERVED CVE-2006-4575 RESERVED -CVE-2006-4574 +CVE-2006-4574 [Wireshark MIME Multipart dissector issue] RESERVED + - wireshark <unfixed> (bug filed; medium) CVE-2006-4573 (Multiple unspecified vulnerabilities in the "utf8 combining characters ...) - screen 4.0.3-0.1 (bug #395225; medium) CVE-2006-4572 @@ -2162,8 +2174,9 @@ RESERVED CVE-2006-4514 RESERVED -CVE-2006-4513 +CVE-2006-4513 [wvware Multiple Integer Overflow Vulnerabilities] RESERVED + - wv <unfixed> (bug filed; medium) CVE-2006-4512 RESERVED CVE-2006-4511 (Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows ...)