thr3ads.net - Secure testing commits - [Secure-testing-commits] r3904

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-May-01 09:15 UTC
[Secure-testing-commits] r3904 - data/CVE

Author: joeyh
Date: 2006-05-01 09:14:25 +0000 (Mon, 01 May 2006)
New Revision: 3904

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-05-01 09:04:48 UTC (rev 3903)
+++ data/CVE/list	2006-05-01 09:14:25 UTC (rev 3904)
@@ -1,3 +1,119 @@
+CVE-2006-2071 (Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to
bypass ...)
+	TODO: check
+CVE-2006-2070 (Cross-site scripting (XSS) vulnerability in member.php in DevBB
1.0.0 ...)
+	TODO: check
+CVE-2006-2069 (The recursor in PowerDNS before 3.0.1 allows remote attackers to
cause ...)
+	TODO: check
+CVE-2006-2068 (Unspecified vulnerability in Hitachi JP1 products allow remote
...)
+	TODO: check
+CVE-2006-2067 (SQL injection vulnerability in vb_board_functions.php in
MKPortal 1.1, ...)
+	TODO: check
+CVE-2006-2066 (Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php
in ...)
+	TODO: check
+CVE-2006-2065 (SQL injection vulnerability in save.php in PHPSurveyor 0.995 and
...)
+	TODO: check
+CVE-2006-2064 (Unspecified vulnerability in the libpkcs11 library in Sun
Solaris 10 ...)
+	TODO: check
+CVE-2006-2063 (Multiple cross-site scripting (XSS) vulnerabilities in Leadhound
Full ...)
+	TODO: check
+CVE-2006-2062 (Multiple SQL injection vulnerabilities in Leadhound Full and
LITE 2.1, ...)
+	TODO: check
+CVE-2006-2061 (SQL injection vulnerability in lib/func_taskmanager.php in
Invision ...)
+	TODO: check
+CVE-2006-2060 (Directory traversal vulnerability in
action_admin/paysubscriptions.php ...)
+	TODO: check
+CVE-2006-2059 (action_public/search.php in Invision Power Board (IPB) 2.1.x and
2.0.x ...)
+	TODO: check
+CVE-2006-2058 (Argument injection vulnerability in Avant Browser 10.1 Build 17
allows ...)
+	TODO: check
+CVE-2006-2057 (Argument injection vulnerability in Mozilla Firefox 1.06 allows
...)
+	TODO: check
+CVE-2006-2056 (Argument injection vulnerability in Internet Explorer 6 for
Windows XP ...)
+	TODO: check
+CVE-2006-2055 (Argument injection vulnerability in Micrsoft Outlook 2003 SP1
allows ...)
+	TODO: check
+CVE-2006-2054 (3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware
before ...)
+	TODO: check
+CVE-2006-2053 (Multiple SQL injection vulnerabilities in QuickEStore 7.9 and
earlier ...)
+	TODO: check
+CVE-2006-2052 (Cross-site scripting (XSS) vulnerability in Verosky Media
Instant ...)
+	TODO: check
+CVE-2006-2051 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2006-2050 (SQL injection vulnerability in dcboard.cgi in DCScripts
DCForumLite ...)
+	TODO: check
+CVE-2006-2049 (Cross-site scripting (XSS) vulnerability in dcboard.cgi in
DCScripts ...)
+	TODO: check
+CVE-2006-2048 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2006-2047 (Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier
allows ...)
+	TODO: check
+CVE-2006-2046 (Multiple SQL injection vulnerabilities in Application Dynamics
...)
+	TODO: check
+CVE-2006-2045 (The (1) shadow password file in na-img-4.0.34.bin for the IP3
Networks ...)
+	TODO: check
+CVE-2006-2044 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a
default ...)
+	TODO: check
+CVE-2006-2043 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows
local ...)
+	TODO: check
+CVE-2006-2042
+	RESERVED
+CVE-2006-2041 (PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain
...)
+	TODO: check
+CVE-2006-2040 (Multiple SQL injection vulnerabilities in photokorn 1.53 and
1.542 ...)
+	TODO: check
+CVE-2006-2039 (Multiple SQL injection vulnerabilities in the osTicket module in
Help ...)
+	TODO: check
+CVE-2006-2038 (Multiple SQL injection vulnerabilities in ampleShop 2.1 and
earlier ...)
+	TODO: check
+CVE-2006-2037 (Cross-site scripting (XSS) vulnerability in index.php in
Thwboard 3.0 ...)
+	TODO: check
+CVE-2006-2036 (iOpus Secure Email Attachments (SEA), probably 1.0, does not
properly ...)
+	TODO: check
+CVE-2006-2035 (Websense, when configured to permit access to the dynamic
content ...)
+	TODO: check
+CVE-2006-2034 (SQL injection vulnerability in function/showprofile.php in
FlexBB ...)
+	TODO: check
+CVE-2006-2033 (PHP remote file inclusion vulnerability in Core CoreNews 2.0.1
and ...)
+	TODO: check
+CVE-2006-2032 (Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1
and ...)
+	TODO: check
+CVE-2006-2031 (Cross-site scripting (XSS) vulnerability in index.php in
phpMyAdmin ...)
+	TODO: check
+CVE-2006-2030 (The Allied Telesyn AT-9724TS switch allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2006-2029 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft
Simplog ...)
+	TODO: check
+CVE-2006-2028 (Cross-site scripting (XSS) vulnerability in imagelist.php in
Jeremy ...)
+	TODO: check
+CVE-2006-2027 (Buffer overflow in Unicode processing in the logging
functionality in ...)
+	TODO: check
+CVE-2006-2026 (Double-free vulnerability in tif_jpeg.c in libtiff before 3.8.1
allows ...)
+	TODO: check
+CVE-2006-2025 (Integer overflow in the TIFFFetchData function in tif_dirread.c
for ...)
+	TODO: check
+CVE-2006-2024 (Multiple vulnerabilities in libtiff before 3.8.1 allow ...)
+	TODO: check
+CVE-2006-2023 (Integer overflow in the RTSP_msg_len function in
rtsp/RTSP_msg_len.c ...)
+	TODO: check
+CVE-2006-2022 (Buffer overflow in the parse_url function in the RTSP module
...)
+	TODO: check
+CVE-2006-2021 (Absolute path traversal vulnerability in
recordings/misc/audio.php in ...)
+	TODO: check
+CVE-2006-2020 (Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8
stores ...)
+	TODO: check
+CVE-2006-2019 (Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions
allows ...)
+	TODO: check
+CVE-2005-4791 (Multiple untrusted search path vulnerabilities in SUSE Linux
10.0 ...)
+	TODO: check
+CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3
and ...)
+	TODO: check
+CVE-2005-4789 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other
distributions, ...)
+	TODO: check
+CVE-2005-4788 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other
distributions, ...)
+	TODO: check
+CVE-2004-2658 (resmgr in SUSE CORE 9 does not properly identify terminal names,
which ...)
+	TODO: check
 CVE-2006-XXXX [librsvg2 crash on certain svg files]
 	- librsvg 2.14.3-2 (bug #361653; bug #361540; medium)
 CVE-2006-2018 (** DISPUTED ** ...)
@@ -337,10 +453,9 @@
 	NOT-FOR-US: Oracle
 CVE-2006-1865 (Beagle before 0.2.5 can produce certain insecure command lines
to ...)
 	- beagle <unfixed> (bug #365371; medium)
-CVE-2006-1864
-	RESERVED
-CVE-2006-1863 [Don''t allow a backslash in a path component]
-	RESERVED
+CVE-2006-1864 (Directory traversal vulnerability in smbfs in Linux 2.6.16 and
earlier ...)
+	TODO: check
+CVE-2006-1863 (Directory traversal vulnerability in CIFS in Linux 2.6.16 and
earlier ...)
 	- linux-2.6 2.6.16-10
 CVE-2006-1862
 	RESERVED
@@ -416,6 +531,7 @@
 CVE-2006-1828 (SQL injection vulnerability in php121language.php in PHP121 1.4
allows ...)
 	NOT-FOR-US: PHP121
 CVE-2006-1827 (Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and
...)
+	{DSA-1048-1}
 	- asterisk 1:1.2.7.1.dfsg-1 (bug #364195; medium)
 CVE-2005-4786 (Buffer overflow in the archive decompression library
(vrAZMain.dll ...)
 	NOT-FOR-US: HAURI anti-virus
@@ -503,7 +619,6 @@
 CVE-2006-XXXX [kphone stores SIP passwords in world readable files]
 	- kphone 4.2-3 (bug #337830; low)
 CVE-2006-XXXX [resmgr access restriction bypass]
-	{DSA-1047-1}
 	- resmgr 1.0-4 (low)
 CVE-2006-1789 (Directory traversal vulnerability in pajax_call_dispatcher.php
in ...)
 	NOT-FOR-US: pajax
@@ -908,7 +1023,7 @@
 	NOT-FOR-US: Chucky A. Ivey N.T.
 CVE-2006-1657 (Cross-site scripting (XSS) vulnerability in index.php in Chucky
...)
 	NOT-FOR-US: Chucky A. Ivey N.T.
-CVE-2005-4772 (Yet another Setup Tool (YaST) in SUSE Linux before 20051007
preserves ...)
+CVE-2005-4772 (liby2util in Yet another Setup Tool (YaST) in SUSE Linux before
...)
 	NOT-FOR-US: YaST
 CVE-2005-4771 (Trusted Mobility Agent PC Policy in Trust Digital Trusted
Mobility ...)
 	NOT-FOR-US: Trusted Mobility Agent 
@@ -1269,7 +1384,7 @@
 	RESERVED
 CVE-2006-1525 (ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local
users ...)
 	- linux-2.6 2.6.16-9
-CVE-2006-1524 (madvise_remove in Linux kernel 2.4.x and 2.6.x before 2.6.16.6
does ...)
+CVE-2006-1524 (madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not
follow ...)
 	- linux-2.6 2.6.16-8
 CVE-2006-1523 (The __group_complete_signal function in the RCU signal handling
...)
 	- linux-2.6 2.6.16-7
@@ -1289,8 +1404,7 @@
 	RESERVED
 CVE-2006-1515
 	RESERVED
-CVE-2006-1514
-	RESERVED
+CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in
abcmidi ...)
 	{DSA-1043-1}
 	- abcmidi <unfixed>
 CVE-2006-1513 (Multiple buffer overflows in abc2ps before 1.3.3 allow
user-complicit ...)
@@ -2313,7 +2427,7 @@
 	- curl 7.15.3-1 
 	[woody] - curl <not-affected> (Vulnerable code not present)
 	[sarge] - curl <not-affected> (Vulnerable code not present)
-CVE-2006-1060 (Heap-based buffer overflow in xzgv allows user-complicit
attackers to ...)
+CVE-2006-1060 (Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8
might ...)
 	{DSA-1038-1 DSA-1037-1}
 	- xzgv <unfixed> (bug #362288; medium)
 	- zgv 5.9-2
@@ -2323,7 +2437,7 @@
 	[sarge] - samba <not-affected>
 CVE-2006-1058 (BusyBox 1.1.1 does not use a salt when generating passwords,
which ...)
 	- busybox <unfixed> (low; bug #360578)
-CVE-2006-1057 (Race condition in gdm before 2.14.1 allows local users to gain
...)
+CVE-2006-1057 (Race condition in daemon/slave.c in gdm before 2.14.1 allows
local ...)
 	{DSA-1040-1}
 	- gdm 2.14.1-1
 CVE-2006-1056 (The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when
running ...)
@@ -4909,8 +5023,7 @@
 CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify
non-detached ...)
 	{DSA-993-2}
 	- gnupg 1.4.2.2-1 (bug #356125; medium)
-CVE-2006-0048 [tcpick dos]
-	RESERVED
+CVE-2006-0048 (Francesco Stablum tcpick 0.2.1 allows remote attackers to cause
a ...)
 	- tcpick 0.2.1-3 (bug #360571; medium)
 CVE-2006-0047 (packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to
cause ...)
 	{DSA-994-1}
@@ -7486,6 +7599,7 @@
 CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security
Suite ...)
 	NOT-FOR-US: Zone Labs
 CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9
...)
+	{DSA-1048-1}
 	- asterisk <unfixed> (bug #338116; medium)
 	NOTE: Sarge and Woody are affected by this
 CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows
...)
@@ -9380,7 +9494,7 @@
 	NOT-FOR-US: Lotus Domino
 CVE-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance
allows ...)
 	NOT-FOR-US: Ensim webppliance
-CVE-2005-3013 (Buffer overflow in YaST for SuSE Linux 9.3 allows local users to
...)
+CVE-2005-3013 (Buffer overflow in liby2util in Yet another Setup Tool (YaST)
for SuSE ...)
 	NOT-FOR-US: YaST
 CVE-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for
...)
 	NOT-FOR-US: SimpleCDR-X
Secure testing commits - May 2006 - r3904 - data/CVE

[Secure-testing-commits] r3904 - data/CVE
