Author: stef-guest Date: 2006-08-09 19:42:07 +0000 (Wed, 09 Aug 2006) New Revision: 4542 Modified: data/CVE/list Log: - CVE-2006-4020, CVE-2006-4023: new php issues - CVE-2006-301[678] affect also php4 Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-08-09 19:00:51 UTC (rev 4541) +++ data/CVE/list 2006-08-09 19:42:07 UTC (rev 4542) @@ -8,13 +8,15 @@ CVE-2006-4024 (The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through ...) - festalon <not-affected> (vuln. code introduced in 0.5.0) CVE-2006-4023 (The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...) - TODO: check + - php5 <unfixed> (medium; bug #382257) + - php4 <unfixed> (medium; bug filed) CVE-2006-4022 (Intel 2100 PRO/Wireless Network Connection driver PROSet before ...) NOT-FOR-US: Intel CVE-2006-4021 RESERVED CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows ...) - TODO: check + - php5 <unfixed> (medium; bug #382256) + - php4 <unfixed> (medium; bug filed) CVE-2006-4019 RESERVED CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in Clam AntiVirus ...) @@ -2220,10 +2222,13 @@ NOT-FOR-US: phpCMS CVE-2006-3018 (Unspecified vulnerability in the session extension functionality in ...) - php5 5.1.4-0.1 (medium) + - php4 <unfixed> (medium) CVE-2006-3017 (zend_hash.c in PHP before 5.1.3 can cause the internal zend_hash_del ...) - php5 5.1.4-0.1 (medium) + - php4 <unfixed> (medium; bug #381998) CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...) - php5 5.1.4-0.1 (medium) + - php4 <unfixed> (medium; bug filed) CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328 allows ...) NOT-FOR-US: WinSCP CVE-2006-3014 (Microsoft Excel allows user-complicit attackers to execute arbitrary ...)