Author: joeyh
Date: 2006-04-27 09:14:29 +0000 (Thu, 27 Apr 2006)
New Revision: 3887
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-04-27 09:06:10 UTC (rev 3886)
+++ data/CVE/list 2006-04-27 09:14:29 UTC (rev 3887)
@@ -482,6 +482,7 @@
CVE-2006-1791 (Directory traversal vulnerability in acc.php in QuickBlogger 1.4
...)
NOT-FOR-US: QuickBlogger
CVE-2006-1790 (A regression fix in Mozilla Firefox 1.0.7 allows remote
attackers to ...)
+ {DSA-1046-1}
- firefox 1.5
- mozilla-firefox <not-affected> (problematic fix not backported into
1.0.4-2sarge5)
CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and
...)
@@ -586,7 +587,7 @@
CVE-2006-1743 (Multiple SQL injection vulnerabilities in form.php in JBook 1.4
allow ...)
NOT-FOR-US: JBook
CVE-2006-1742 (The JavaScript engine in Mozilla Firefox and Thunderbird 1.x
before ...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
@@ -595,61 +596,61 @@
NOTE: The Mozilla Foundation labels this as "critical", but
it''s not
NOTE: clear if this bug is exploitable.
CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla
Suite ...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- thunderbird <unfixed> (low)
- mozilla-thunderbird <unfixed> (low)
CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla
Suite ...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (low)
- mozilla-firefox <unfixed> (low)
- mozilla <unfixed> (low)
- thunderbird <unfixed> (low)
- mozilla-thunderbird <unfixed> (low)
CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird
1.x ...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- thunderbird <unfixed> (low)
- mozilla-thunderbird <unfixed> (low)
CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- thunderbird <unfixed> (low)
- mozilla-thunderbird <unfixed> (low)
CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before
1.5 and ...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- thunderbird <unfixed> (low)
- mozilla-thunderbird <unfixed> (low)
CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla
Suite ...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (low)
- mozilla-firefox <unfixed> (low)
- mozilla <unfixed> (low)
CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (high)
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
- thunderbird <unfixed> (medium)
- mozilla-thunderbird <unfixed> (medium)
CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (high)
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
- thunderbird <unfixed> (medium)
- mozilla-thunderbird <unfixed> (medium)
CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (high)
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
@@ -663,14 +664,14 @@
- thunderbird <unfixed> (low)
- mozilla-thunderbird <unfixed> (low)
CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- thunderbird <unfixed> (low)
- mozilla-thunderbird <unfixed> (low)
CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before
1.5.0.2 ...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
@@ -679,20 +680,20 @@
NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is
NOTE: exploitable in the default configuration.
CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8,
Mozilla ...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
NOTE: Can likely be used to steal OpenSSH keys and the like.
CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
- thunderbird <unfixed> (medium)
- mozilla-thunderbird <unfixed> (medium)
CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
@@ -708,6 +709,7 @@
- firefox 1.5.dfsg+1.5.0.2-1 (low)
NOTE: New bug in Firefox 1.5.
CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
+ {DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla <unfixed> (medium)
- thunderbird <unfixed> (low)
@@ -716,6 +718,7 @@
NOTE: Thunderbird is potentially affected as well, but not in the
NOTE: default configuration.
CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
+ {DSA-1046-1}
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
@@ -961,6 +964,7 @@
CVE-2006-1631 (Unspecified vulnerability in the HTTP compression functionality
in ...)
NOT-FOR-US: Cisco
CVE-2006-1629 (OpenVPN 2.0 through 2.0.5 allows remote malicious servers to
execute ...)
+ {DSA-1045-1}
- openvpn 2.0.6-1 (bug #360559; medium)
CVE-2006-1628 (Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01
allows ...)
NOT-FOR-US: Adobe LiveCycle
@@ -1218,6 +1222,7 @@
CVE-2006-1532 (Cross-site scripting (XSS) vulnerability in search.php in PHP
...)
NOT-FOR-US: PHP Classifieds
CVE-2006-1531 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
+ {DSA-1046-1}
- firefox <unfixed> (medium)
- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
- thunderbird <unfixed> (low)
@@ -1226,6 +1231,7 @@
NOTE: Thunderbird is potentially affected as well, but not in the
NOTE: default configuration.
CVE-2006-1530 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
+ {DSA-1046-1}
- firefox <unfixed> (medium)
- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
- thunderbird <unfixed> (low)
@@ -1234,6 +1240,7 @@
NOTE: Thunderbird is potentially affected as well, but not in the
NOTE: default configuration.
CVE-2006-1529 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
+ {DSA-1046-1}
- firefox <unfixed> (medium)
- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
- thunderbird <unfixed> (low)
@@ -2336,6 +2343,7 @@
CVE-2006-1046 (server.cpp in Monopd 0.9.3 allows remote attackers to cause a
denial ...)
- monopd <unfixed> (bug #355797)
CVE-2006-1045 (The HTML rendering engine in Mozilla Thunderbird 1.5, when
"Block ...)
+ {DSA-1046-1}
- mozilla-thunderbird <unfixed> (low)
- firefox 1.5.dfsg+1.5.0.2-1
CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including
...)
@@ -2676,6 +2684,7 @@
CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in
CuteNews ...)
NOT-FOR-US: CuteNews
CVE-2006-0884 (The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and
earlier ...)
+ {DSA-1046-1}
- mozilla-thunderbird <unfixed>
- firefox 1.5.dfsg+1.5.0.2-1
CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly
other ...)
@@ -2964,14 +2973,14 @@
CVE-2006-0750 (SQL injection vulnerability in index.php in supersmashbrothers
(SSB) ...)
TODO: check
CVE-2006-0749 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (low)
- mozilla-firefox <unfixed> (low)
- mozilla <unfixed> (low)
- thunderbird <unfixed> (low)
- mozilla-thunderbird <unfixed> (low)
CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x
before ...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
@@ -4139,11 +4148,12 @@
- mozilla <not-affected> (Mozilla 1.7 is not affected)
- mozilla-thunderbird <unfixed>
CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in
Firefox ...)
+ {DSA-1046-1}
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
- mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
- mozilla-thunderbird <unfixed>
CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox
before ...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
- mozilla-firefox <unfixed> (bug #351442)
- mozilla-thunderbird <unfixed>
@@ -5886,7 +5896,7 @@
CVE-2005-4135 (Direct static code injection vulnerability in
includes/newtopic.php in ...)
NOT-FOR-US: SimpleBBS
CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before
...)
- {DSA-1044-1}
+ {DSA-1046-1 DSA-1044-1}
- mozilla-firefox <unfixed> (unimportant)
- mozilla <unfixed> (unimportant)
NOTE: Not exploitable beyond a sluggish browser startup, see
@@ -15848,6 +15858,7 @@
CVE-2005-XXXX [Possible SQL injection in freeradius]
- freeradius 1.0.2-4
CVE-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows
local ...)
+ {DSA-1046-1}
- mozilla-thunderbird 1.0.6-1 (bug #306893; low)
- firefox 1.5.dfsg+1.5.0.2-1
CVE-2005-XXXX [Directory traversal in unzoo]