Author: jmm-guest Date: 2006-03-24 13:24:24 +0000 (Fri, 24 Mar 2006) New Revision: 3682 Modified: data/CVE/list Log: new helix issue (unfixed) new passwd/d-i issue (fixed) three new kernel issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-03-24 10:40:06 UTC (rev 3681) +++ data/CVE/list 2006-03-24 13:24:24 UTC (rev 3682) @@ -1,81 +1,83 @@ CVE-2006-1378 (PasswordSafe 3.0, when running on Windows before XP, uses a weak ...) - TODO: check + NOT-FOR-US: PasswordSafe CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog ...) - TODO: check + NOT-FOR-US: EasyMoblog CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network install CD ...) - TODO: check + - passwd 1:4.0.14-9 (bug #358210) CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to obtain the ...) - TODO: check + NOT-FOR-US: AdMan CVE-2006-1374 (SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 ...) - TODO: check + NOT-FOR-US: AdMan CVE-2006-1373 (Cross-site scripting (XSS) vulnerability in status_image.php in PHP ...) - TODO: check + NOT-FOR-US: PHP Live! CVE-2006-1372 (Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier ...) - TODO: check + NOT-FOR-US: 1WebCalendar CVE-2006-1371 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows ...) - TODO: check + NOT-FOR-US: Laurentiu Matei eXpandable Home Page CVE-2006-1370 (Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through ...) - TODO: check + NOT-FOR-US: Real Player, according to Real Helix not affected CVE-2006-1369 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...) - TODO: check + NOT-FOR-US: Invision Power Board CVE-2006-1368 (Buffer overflow in the USB Gadget RNDIS implementation in the Linux ...) - TODO: check + - linux-2.6 2.6.16-1 CVE-2006-1367 (The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the ...) - TODO: check + NOT-FOR-US: Motorola hardware CVE-2006-1366 (Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other ...) - TODO: check + NOT-FOR-US: Motorola hardware CVE-2006-1365 (The Motorola PEBL U6, the Motorola V600, and possibly the Motorola ...) - TODO: check + NOT-FOR-US: Motorola hardware CVE-2006-1364 (Microsoft w3wp (aka w3wp.exe) does not properly handle when the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-1363 (images.php in Justin White (aka YTZ) Free Web Publishing System ...) - TODO: check + NOT-FOR-US: Justin White (aka YTZ) Free Web Publishing System CVE-2006-1362 (Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 ...) - TODO: check + NOT-FOR-US: Mini-Nuke CVE-2006-1361 (Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows ...) - TODO: check + NOT-FOR-US: OSWiki CVE-2006-1360 (Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow ...) - TODO: check + NOT-FOR-US: MusicBox CVE-2006-1359 (Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-1358 (Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes ...) - TODO: check + NOT-FOR-US: BEA WebLogic CVE-2006-1357 (Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 ...) - TODO: check + NOT-FOR-US: F5 Firepass 4100 SSL VPN CVE-2006-1356 (Stack-based buffer overflow in the count_vcards function in LibVC 3, ...) - TODO: check + NOT-FOR-US: LibVC CVE-2006-1355 (avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" ...) - TODO: check + NOT-FOR-US: avast AV CVE-2006-1354 (Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows ...) - freeradius <unfixed> CVE-2006-1353 (Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier ...) - TODO: check + NOT-FOR-US: ASPPortal CVE-2006-1352 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...) - TODO: check + NOT-FOR-US: BEA WebLogic CVE-2006-1351 (BEA WebLogic Server 6.1 SP7 and earlier allows remote ...) - TODO: check + NOT-FOR-US: BEA WebLogic CVE-2006-1350 (PHP remote file include vulnerability in index.php in 99Articles.com ...) - TODO: check + NOT-FOR-US: 99Articles.com CVE-2006-1349 (Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 ...) - TODO: check + NOT-FOR-US: MusicBox CVE-2006-1348 (Cross-site scripting (XSS) vulnerability in index.php in Greg ...) + NOT-FOR-US: Greg Neustaetter gCards TODO: check CVE-2006-1347 (SQL injection vulnerability in loginfunction.php in Greg Neustaetter ...) - TODO: check + NOT-FOR-US: Greg Neustaetter gCards CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg ...) - TODO: check + NOT-FOR-US: Greg Neustaetter gCards CVE-2006-1345 (polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers ...) - TODO: check + NOT-FOR-US: MyBB CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as ...) - TODO: check + NOT-FOR-US: VeriSign haydn.exe CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, ...) - TODO: check + - linux-2.6 <unfixed> CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear ...) - TODO: check + - linux-2.6 <unfixed> + NOTE: Possibly not-affected, needs further checking CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in ...) - TODO: check + NOT-FOR-US: Veritas Backup CVE-2000-1240 (Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 ...) - TODO: check + NOT-FOR-US: AnyPortal CVE-2006-1341 (SQL injection vulnerability in events.php in Maian Events 1.0 allows ...) NOT-FOR-US: Maian Events CVE-2006-1340 (CuteNews 1.4.1 and possibly other versions allows remote attackers to ...) @@ -2428,7 +2430,7 @@ CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows remote ...) NOT-FOR-US: WebspotBlogging CVE-2006-0323 (Buffer overflow in multiple RealNetworks products and versions ...) - TODO: check + - helix-player <unfixed> (bug #358754; medium) CVE-2006-0322 (Unspecified vulnerability the edit comment formatting functionality in ...) - mediawiki <unfixed> (low) CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 ...)