Author: stef-guest Date: 2006-08-06 20:22:10 +0000 (Sun, 06 Aug 2006) New Revision: 4514 Modified: data/CVE/list Log: - CVE-2006-2935: linux issue (low) - snort bugnum - some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-08-06 19:50:03 UTC (rev 4513) +++ data/CVE/list 2006-08-06 20:22:10 UTC (rev 4514) @@ -1189,9 +1189,9 @@ CVE-2006-3454 RESERVED CVE-2006-3453 (Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers ...) - TODO: check + NOT-FOR-US: Adobe acrobat CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure ...) - TODO: check + NOT-FOR-US: Adobe acrobat CVE-2006-3451 RESERVED CVE-2006-3450 @@ -2283,7 +2283,8 @@ - linux-2.6 2.6.17-5 (low) - linux-2.6.16 <unfixed> (low) CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in ...) - TODO: check + - linux-2.6 2.6.17-5 (low) + - linux-2.6.16 <unfixed> (low) CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux ...) - linux-2.6 2.6.17-3 - linux-2.6.16 2.6.16-17 @@ -2321,17 +2322,17 @@ CVE-2006-2919 (Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote ...) NOT-FOR-US: Microsoft CVE-2006-2918 (The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores ...) - TODO: check + NOT-FOR-US: Lanap BotDetect APS.NET CAPTCHA component CVE-2006-2917 (Directory traversal vulnerability in the IMAP server in WinGate ...) - TODO: check + NOT-FOR-US: WinGate CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or later ...) - arts 1.5.3-2 (bug #374003; low) [sarge] - arts <not-affected> (Not setuid root in Debian) NOTE: artswrapper is not suid root by default, but README.Debian describes it CVE-2006-2915 (Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote ...) - TODO: check + NOT-FOR-US: DeluxeBB CVE-2006-2914 (PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote ...) - TODO: check + NOT-FOR-US: DeluxeBB CVE-2006-2913 (Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows ...) NOT-FOR-US: SelectaPix CVE-2006-2912 (Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote ...) @@ -2339,7 +2340,7 @@ CVE-2006-2911 (SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 ...) NOT-FOR-US: CMS Mundo CVE-2006-2910 (Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other ...) - TODO: check + NOT-FOR-US: jetAudio CVE-2006-2909 (Stack-based buffer overflow in the info tip shell extension ...) NOT-FOR-US: PicoZip CVE-2006-2908 (The domecode function in inc/functions_post.php in MyBulletinBoard ...) @@ -2436,7 +2437,7 @@ CVE-2006-2866 (PHP remote file inclusion vulnerability in layout/prepend.php in ...) NOT-FOR-US: DotClear CVE-2006-2865 (** DISPUTED ** ...) - TODO: check + NOTE: phpbb2, but invalid CVE-2006-2864 (Multiple PHP remote file inclusion vulnerabilities in BlueShoes ...) NOT-FOR-US: BlueShoes CVE-2006-2863 (PHP remote file inclusion vulnerability in class.cs_phpmailer.php in ...) @@ -2448,7 +2449,7 @@ CVE-2006-2860 (PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 ...) NOT-FOR-US: Webspotblogging CVE-2006-2859 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: MyBloggie CVE-2006-2858 (SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds ...) NOT-FOR-US: LocazoList CVE-2006-2857 (SQL injection vulnerability in index.php in LifeType 1.0.4 allows ...) @@ -2516,7 +2517,7 @@ CVE-2006-2828 (Global variable overwrite vulnerability in PHP-Nuke allows remote ...) NOT-FOR-US: PHP-Nuke CVE-2006-2827 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: X-Cart CVE-2006-2826 (SQL injection vulnerability in sessions.inc in PHP Base Library ...) NOT-FOR-US: PHPLIB CVE-2006-2825 (cPanel does not automatically synchronize the PHP open_basedir ...) @@ -2737,7 +2738,7 @@ CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 ...) NOT-FOR-US: pppBLOG CVE-2006-2769 (The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through ...) - - snort <unfixed> (low; bug filed) + - snort <unfixed> (low; bug #381726) CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when ...) NOT-FOR-US: METAjour CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottoman 1.1.2, when ...)