Author: jmm-guest
Date: 2006-05-18 23:13:26 +0000 (Thu, 18 May 2006)
New Revision: 3971
Modified:
data/CVE/list
Log:
new nessus issues
bugnums
NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-05-18 21:14:24 UTC (rev 3970)
+++ data/CVE/list 2006-05-18 23:13:26 UTC (rev 3971)
@@ -42,7 +42,7 @@
- dovecot 1.0.beta8-1 (low)
[sarge] - dovecot <not-affected> (vulnerability introduced in 1.0)
CVE-2006-2341 (The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1
and 3.0, ...)
- TODO: check
+ NOT-FOR-US: Symantec Gateway Security
CVE-2006-2340 (Cross-site scripting (XSS) vulnerability in PassMasterFlex and
...)
TODO: check
CVE-2006-2339 (SQL injection vulnerability in index.php in evoTopsites 2.x and
...)
@@ -52,7 +52,7 @@
CVE-2006-2337 (Directory traversal vulnerability in webcm in the D-Link
DSL-G604T ...)
TODO: check
CVE-2006-2336 (SQL injection vulnerability in showthread.php in MyBB (aka ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2006-2335 (Jelsoft vBulletin accepts uploads of Cascading Style Sheets
(CSS) and ...)
TODO: check
CVE-2006-2334 (The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in
...)
@@ -62,9 +62,9 @@
CVE-2006-2332 (Mozilla Firefox 1.5.0.3 allows remote attackers to cause a
denial of ...)
TODO: check
CVE-2006-2331 (Multiple directory traversal vulnerabilities in PHP-Fusion
6.00.306 ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2006-2330 (PHP-Fusion 6.00.306 and earlier, running under Apache HTTP
Server ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2006-2329 (AngelineCMS 0.6.5 and earlier allow remote attackers to obtain
...)
TODO: check
CVE-2006-2328 (SQL injection vulnerability in lib/adodb/server.php in
AngelineCMS ...)
@@ -254,7 +254,7 @@
TODO: check
CVE-2006-2237 (The web interface for AWStats 6.4 and 6.5, when statistics
updates are ...)
{DSA-1058-1}
- - awstats 6.5-2 (bug #365909; medium)
+ - awstats 6.5-2 (bug #365909; bug #365910; medium)
CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60,
(2) ...)
- quake3 <itp> (bug #337937)
CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when
authentication is ...)
@@ -418,7 +418,7 @@
CVE-2006-2163 (Cross-site scripting (XSS) vulnerability in index.php in
Pinnacle Cart ...)
TODO: check
CVE-2006-2162 (Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x
before ...)
- - nagios 2:1.4-1 (bug #366682; medium)
+ - nagios 2:1.4-1 (bug #366682; bug #366803; medium)
- nagios2 2.3-1 (bug #366683; medium)
CVE-2006-2161 (Buffer overflow in TZipBuilder 1.79.03.01 allows remote
attackers to ...)
TODO: check
@@ -562,7 +562,7 @@
CVE-2006-2094 (Microsoft Internet Explorer before Windows XP Service Pack 2 and
...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-2093 (Nessus before 2.2.8, and 3.x before 3.0.3, allows user-complicit
...)
- TODO: check
+ - libnasl <unfixed> (bug #365898; low)
CVE-2006-2092 (Unspecified vulnerability in HP StorageWorks Secure Path for
Windows ...)
TODO: check
CVE-2006-2091 (admin.php in Virtual War (VWar) 1.5 and versions before 1.2
allows ...)
@@ -835,7 +835,7 @@
NOT-FOR-US: FlexBB
CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows
remote ...)
{DSA-1055-1 DSA-1053-1}
- - firefox 1.5.dfsg+1.5.0.3-1 (high)
+ - firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high)
[sarge] - mozilla-firefox 1.0.4-2sarge7 (high)
[sarge] - mozilla 1.7.8-1sarge6 (high)
- mozilla <unfixed> (high)
@@ -3466,7 +3466,7 @@
CVE-2006-0904
RESERVED
CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging
...)
- - mysql-dfsg-5.0 5.0.19-3 (bug #359701)
+ - mysql-dfsg-5.0 5.0.19-3 (bug #359701; bug #366162; bug #366163)
CVE-2006-0902
RESERVED
CVE-2006-0901 (Unspecified vulnerability in the hsfs filesystem in Solaris 8,
9, and ...)
@@ -4057,7 +4057,7 @@
- binutils <not-affected> (SuSE specific vulnerability)
CVE-2006-0645 (Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1)
GnuTLS ...)
{DSA-986-1 DSA-985-1}
- - libtasn1-2 <unfixed> (bug #352182)
+ - libtasn1-2 <unfixed> (bug #352182; bug #365234)
NOTE: upload of 0.3.1-1 was reverted in 1:0.2.17-2 because of soname change
- gnutls13 1.3.5-1
- gnutls12 <unfixed>