Author: stef-guest Date: 2006-04-29 15:47:53 +0000 (Sat, 29 Apr 2006) New Revision: 3893 Modified: data/CVE/list Log: new beagle issue new linux issue some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-04-29 07:25:07 UTC (rev 3892) +++ data/CVE/list 2006-04-29 15:47:53 UTC (rev 3893) @@ -287,51 +287,51 @@ CVE-2006-1888 (phpGraphy 0.9.11 and earlier allows remote attackers to bypass ...) TODO: check CVE-2006-1887 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security ...) - TODO: check + NOT-FOR-US: Oracle JD Edwards EnterpriseOne CVE-2006-1886 (Unspecified vulnerability in the PeopleTools component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1885 (Multiple unspecified vulnerabilities in the Reporting Framework ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1884 (Unspecified vulnerability in the Oracle Thesaurus Management System ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1883 (Unspecified vulnerability in the Oracle Application Object Library ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1882 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1881 (Unspecified vulnerability in the Financials for Asia/Pacific component ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1880 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1879 (Multiple unspecified vulnerabilities in the Email Server component in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1878 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber ...) - TODO: check + NOT-FOR-US: phpFaber TopSites CVE-2006-1877 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1876 (Unspecified vulnerability in Oracle Database Server 9.2.0.7 and ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1875 (Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1874 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1873 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1872 (Unspecified vulnerability in Oracle Database Server 9.0.1.5 and ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1871 (SQL injection vulnerability in Oracle Database Server 9.2.0.7 and ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1870 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1869 (Unspecified vulnerability in Oracle Database Server 8.1.7.4 and ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1868 (Buffer overflow in the Advanced Replication component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1867 (Unspecified vulnerability in Oracle Database Server 9.2.0.6 has ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1866 (Multiple unspecified vulnerabilities in Oracle Database Server ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-1865 (Beagle before 0.2.5 can produce certain insecure command lines to ...) - TODO: check + - beagle <unfixed> (bug filed; medium) CVE-2006-1864 RESERVED CVE-2006-1863 [Don''t allow a backslash in a path component] @@ -354,26 +354,26 @@ CVE-2006-1855 RESERVED CVE-2006-1854 (Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager ...) - TODO: check + NOT-FOR-US: BluePay Manager CVE-2006-1853 (Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier ...) - TODO: check + NOT-FOR-US: ModernBill CVE-2006-1852 (SQL injection vulnerability in category.php in Article Publisher Pro ...) - TODO: check + NOT-FOR-US: Article Publisher Pro CVE-2006-1851 (xFlow 5.46.11 and earlier allows remote attackers to determine the ...) - TODO: check + NOT-FOR-US: xFlow CVE-2006-1850 (Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 ...) - TODO: check + NOT-FOR-US: xFlow CVE-2006-1849 (Multiple SQL injection vulnerabilities in members_only/index.cgi in ...) - TODO: check + NOT-FOR-US: xFlow CVE-2006-1848 (Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php ...) - TODO: check + NOT-FOR-US: LinPHA CVE-2006-1847 (SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 ...) - TODO: check + NOT-FOR-US: PHP-Nuke CVE-2006-1846 (Cross-site scripting (XSS) vulnerability in the Your_Account module in ...) - TODO: check + NOT-FOR-US: PHP-Nuke CVE-2006-1845 REJECTED - TODO: check + NOT-FOR-US: exchange (Duplicate of CVE-2006-0537) CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2) base-config ...) NOTE: seems to be a duplicate of CVE-2006-1376 - shadow 1:4.0.14-9 (bug #358210; bug #356939) @@ -3014,19 +3014,19 @@ CVE-2006-0740 RESERVED CVE-2006-0739 (eStara SIP softphone allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: eStara SIP softphone CVE-2006-0738 (Multiple format string vulnerabilities in eStara SIP softphone allow ...) - TODO: check + NOT-FOR-US: eStara SIP softphone CVE-2006-0737 (eStara SIP softphone allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: eStara SIP softphone CVE-2006-0736 (Stack-based buffer overflow in the pam_micasa PAM authentication ...) - TODO: check + NOT-FOR-US: pam_micasa / Novell CVE-2005-4726 (MUTE 0.4 uses improper flood protection algorithms, which allows ...) - TODO: check + NOT-FOR-US: MUTE CVE-2005-4725 (Geeklog before 1.3.11sr3 allows remote attackers to bypass intended ...) - TODO: check + NOT-FOR-US: Geeklog CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows ...) - TODO: check + NOT-FOR-US: PhpTagCool CVE-2006-XXXX [imagemagick: array index overflow in DisplayImageCommand] - imagemagick 6:6.2.4.5-0.6 (bug #345595) CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom ...) @@ -3443,9 +3443,9 @@ CVE-2006-0560 RESERVED CVE-2006-0559 (Format string vulnerability in the SMTP server for McAfee WebShield ...) - TODO: check + NOT-FOR-US: McAfee WebShield CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local ...) - TODO: check + - linux-2.6 <unfixed> (bug filed; low) CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not ...) - linux-2.6 <unfixed> CVE-2006-0556 @@ -3691,15 +3691,15 @@ CVE-2005-4691 (imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, ...) NOT-FOR-US: NetBSD CVE-2005-4690 (Six Apart Movable Type 3.16 allows local users with blog-creation ...) - TODO: check + NOT-FOR-US: Six Apart Movable Type CVE-2005-4689 (Six Apart Movable Type 3.16 stores account names and password hashes ...) - TODO: check + NOT-FOR-US: Six Apart Movable Type CVE-2005-4688 (PunBB 1.2.9 does not require password entry when changing the e-mail ...) - TODO: check + NOT-FOR-US: PunBB CVE-2005-4687 (PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client''s ...) - TODO: check + NOT-FOR-US: PunBB CVE-2005-4686 (PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes ...) - TODO: check + NOT-FOR-US: PunBB CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple domains when ...) TODO: check CVE-2005-4684 (Konqueror can associate a cookie with multiple domains when the DNS ...)