Author: joeyh
Date: 2006-10-11 09:14:25 +0000 (Wed, 11 Oct 2006)
New Revision: 4840
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-10-10 21:33:39 UTC (rev 4839)
+++ data/CVE/list 2006-10-11 09:14:25 UTC (rev 4840)
@@ -1,3 +1,21 @@
+CVE-2006-5229 (OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms
and ...)
+ TODO: check
+CVE-2006-5228 (Multiple SQL injection vulnerabilities in the Google Gadget
login.php ...)
+ TODO: check
+CVE-2006-5227 (Cross-site scripting (XSS) vulnerability in admin.php in
TorrentFlux ...)
+ TODO: check
+CVE-2006-5226 (PHP remote file inclusion vulnerability in moteur/moteur.php in
...)
+ TODO: check
+CVE-2006-5225 (Multiple SQL injection vulnerabilities in AAIportal before 1.4.0
allow ...)
+ TODO: check
+CVE-2006-5224 (PHP remote file inclusion vulnerability in
includes/logger_engine.php ...)
+ TODO: check
+CVE-2006-5223 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5222 (Multiple PHP remote file inclusion vulnerabilities in Dimension
of ...)
+ TODO: check
+CVE-2006-5221 (Multiple SQL injection vulnerabilities in Cahier de textes 2.0
allow ...)
+ TODO: check
CVE-2006-5220 (Multiple PHP remote file inclusion vulnerabilities in WebYep
1.1.9, ...)
TODO: check
CVE-2006-5219 (SQL injection vulnerability in blog/index.php in the blog module
in ...)
@@ -2,5 +20,5 @@
TODO: check
-CVE-2006-5218 (Integer overflow in STRIOCREPLACE in systrace in OpenBSD 3.9 and
...)
+CVE-2006-5218 (Integer overflow in the systrace_preprepl function
(STRIOCREPLACE) in ...)
TODO: check
-CVE-2006-5217 (SQL injection vulnerability in uyegiris.asp in Emek Portal 2.1
allows ...)
+CVE-2006-5217 (SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1
allows ...)
TODO: check
@@ -38,10 +56,10 @@
TODO: check
CVE-2006-5201 (Multiple packages on Sun Solaris, including (1) NSS; (2) Java
JDK and ...)
TODO: check
-CVE-2006-5200
- RESERVED
-CVE-2006-5199
- RESERVED
+CVE-2006-5200 (Unspecified vulnerability in Adobe Breeze 5 Licensed Server and
Breeze ...)
+ TODO: check
+CVE-2006-5199 (Adobe Contribute Publishing Server leaks the administrator
password in ...)
+ TODO: check
CVE-2006-5198
RESERVED
CVE-2006-5197 (PDshopPro stores sensitive information under the web root with
...)
@@ -131,7 +149,7 @@
CVE-2006-5159 (** DISPUTED ** ...)
TODO: check again later
NOTE: might or might not be a real firefox issue, probably low impact
-CVE-2006-5158 (Unspecified vulnerability in NFS lockd in the kernel in SUSE
Linux 9.2 ...)
+CVE-2006-5158 (The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux
kernel ...)
TODO: check
CVE-2006-5157 (Format string vulnerability in the ActiveX control
(ATXCONSOLE.OCX) in ...)
NOT-FOR-US: TrendMicro OfficeScan
@@ -1094,16 +1112,16 @@
RESERVED
CVE-2006-4697
RESERVED
-CVE-2006-4696
- RESERVED
+CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft
Windows ...)
+ TODO: check
CVE-2006-4695
RESERVED
CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office
2000, ...)
NOT-FOR-US: Microsoft
-CVE-2006-4693
- RESERVED
-CVE-2006-4692
- RESERVED
+CVE-2006-4693 (Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X
for ...)
+ TODO: check
+CVE-2006-4692 (The Windows Object Packager in Microsoft Windows XP SP1 and SP2
and ...)
+ TODO: check
CVE-2006-4691
RESERVED
CVE-2006-4690
@@ -1114,10 +1132,10 @@
RESERVED
CVE-2006-4687
RESERVED
-CVE-2006-4686
- RESERVED
-CVE-2006-4685
- RESERVED
+CVE-2006-4686 (Buffer overflow in the Extensible Stylesheet Language
Transformations ...)
+ TODO: check
+CVE-2006-4685 (The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML
Core ...)
+ TODO: check
CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and
2.8.0 ...)
{DSA-1176-1}
- zope2.7 <removed>
@@ -1481,7 +1499,7 @@
NOT-FOR-US: CMS Frogss
CVE-2006-4535 (The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows
local ...)
- linux-2.6 2.6.18-1
-CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000 allows remote
...)
+CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000, 2002, and
Office ...)
NOT-FOR-US: Microsoft
CVE-2006-4533 (Multiple PHP remote file inclusion vulnerabilities in Plume CMS
1.0.6 ...)
NOT-FOR-US: Plume CMS
@@ -1910,7 +1928,7 @@
CVE-2006-4344 (CRLF injection vulnerability in CGI-Rescue Mail F/W System
(formd) ...)
NOT-FOR-US: CGI-Rescue Mail F/W System
CVE-2006-4343 (The get_server_hello function in the SSLv2 client code in
OpenSSL ...)
- {DSA-1185-2}
+ {DSA-1195-1 DSA-1185-2}
- openssl 0.9.8c-2 (bug #389940)
- openssl097 0.9.7k-2
- openssl096 <removed>
@@ -2327,7 +2345,7 @@
CVE-2006-4171
RESERVED
CVE-2006-4170
- RESERVED
+ REJECTED
CVE-2006-4169
RESERVED
CVE-2006-4168
@@ -2750,8 +2768,8 @@
NOT-FOR-US: Mambo Gallery Manager for Mambo
CVE-2006-3979 (The AdminAPI of ColdFusion MX 7 allows attackers to bypass ...)
NOT-FOR-US: ColdFusion MX
-CVE-2006-3978
- RESERVED
+CVE-2006-3978 (Unspecified vulnerability in a Verity third party library, as
used on ...)
+ TODO: check
CVE-2006-3977 (Unspecified vulnerability in CA eTrust Antivirus WebScan before
...)
NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3976 (Unspecified vulnerability in CA eTrust Antivirus WebScan before
...)
@@ -2942,10 +2960,10 @@
RESERVED
CVE-2006-3889
RESERVED
-CVE-2006-3888
- RESERVED
-CVE-2006-3887
- RESERVED
+CVE-2006-3888 (Buffer overflow in AOL You''ve Got Pictures (YGP) Pic
Downloader ...)
+ TODO: check
+CVE-2006-3887 (Buffer overflow in AOL You''ve Got Pictures (YGP)
Screensaver ActiveX ...)
+ TODO: check
CVE-2006-3886 (SQL injection vulnerability in Shalwan MusicBox 2.3.4 and
earlier ...)
NOT-FOR-US: Shalwan MusicBox
CVE-2006-3885 (Directory traversal vulnerability in Check Point Firewall-1 R55W
...)
@@ -2964,12 +2982,12 @@
- libmikmod2 <not-affected> (Debian''s 3.1.1 version
doesn''t have GT2 support)
CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs
/etc/init.d/mysql ...)
NOT-FOR-US: Opsware Network Automation System
-CVE-2006-3877
- RESERVED
-CVE-2006-3876
- RESERVED
-CVE-2006-3875
- RESERVED
+CVE-2006-3877 (Unspecified vulnerability in PowerPoint in Microsoft Office
2000, ...)
+ TODO: check
+CVE-2006-3876 (Unspecified vulnerability in PowerPoint in Microsoft Office
2000, ...)
+ TODO: check
+CVE-2006-3875 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003,
2004 ...)
+ TODO: check
CVE-2006-3874
RESERVED
CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet
...)
@@ -2982,16 +3000,16 @@
RESERVED
CVE-2006-3869 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet
...)
NOT-FOR-US: Microsoft
-CVE-2006-3868
- RESERVED
-CVE-2006-3867
- RESERVED
+CVE-2006-3868 (Unspecified vulnerability in Microsoft Office XP and 2003 allows
...)
+ TODO: check
+CVE-2006-3867 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003,
2004 ...)
+ TODO: check
CVE-2006-3866
REJECTED
CVE-2006-3865
RESERVED
-CVE-2006-3864
- RESERVED
+CVE-2006-3864 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003,
2004 for ...)
+ TODO: check
CVE-2006-3863
RESERVED
CVE-2006-3862 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5
through ...)
@@ -3344,7 +3362,7 @@
{DSA-1193-1}
- libxfont 1:1.2.2-1
CVE-2006-3738 (Buffer overflow in the SSL_get_shared_ciphers function in
OpenSSL ...)
- {DSA-1185-2}
+ {DSA-1195-1 DSA-1185-2}
- openssl 0.9.8c-2 (bug #389940)
- openssl097 0.9.7k-2
- openssl096 <removed>
@@ -3543,16 +3561,16 @@
NOT-FOR-US: Microsoft Works Spreadsheet
CVE-2006-3652 (Microsoft Internet Security and Acceleration (ISA) Server 2004
allows ...)
NOT-FOR-US: Microsoft Internet Security and Acceleration Server
-CVE-2006-3651
- RESERVED
-CVE-2006-3650
- RESERVED
+CVE-2006-3651 (Unspecified vulnerability in Microsoft Word 2000, 2002, and
Office ...)
+ TODO: check
+CVE-2006-3650 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003,
2004 for ...)
+ TODO: check
CVE-2006-3649 (Buffer overflow in Microsoft Visual Basic for Applications (VBA)
SDK ...)
NOT-FOR-US: Microsoft
CVE-2006-3648 (Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1
and ...)
NOT-FOR-US: Microsoft
-CVE-2006-3647
- RESERVED
+CVE-2006-3647 (Unspecified vulnerability in Microsoft Word 2000, 2002, Office
2003, ...)
+ TODO: check
CVE-2006-3646
RESERVED
CVE-2006-3645
@@ -4008,12 +4026,12 @@
NOT-FOR-US: Microsoft
CVE-2006-3437
RESERVED
-CVE-2006-3436
- RESERVED
-CVE-2006-3435
- RESERVED
-CVE-2006-3434
- RESERVED
+CVE-2006-3436 (Cross-site scripting (XSS) vulnerability in Microsoft .NET
Framework ...)
+ TODO: check
+CVE-2006-3435 (Unspecified vulnerability in PowerPoint in Microsoft Office 2003
...)
+ TODO: check
+CVE-2006-3434 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003,
2004 for ...)
+ TODO: check
CVE-2006-3433
RESERVED
CVE-2006-3432
@@ -4131,6 +4149,7 @@
CVE-2006-3377 (Cross-site scripting (XSS) vulnerability in JMB Software
AutoRank PHP ...)
NOT-FOR-US: JMB Software AutoRank PHP
CVE-2006-3376 (Integer overflow in player.c in libwmf 0.2.8.4, as used in
multiple ...)
+ {DSA-1194-1}
- libwmf 0.2.8.4-2 (bug #381538; medium)
CVE-2006-3375 (PHP remote file inclusion vulnerability in
includes/header.inc.php in ...)
NOT-FOR-US: Randshop
@@ -5075,7 +5094,7 @@
CVE-2006-2941 (Mailman before 2.1.9rc1 allows remote attackers to cause a
denial of ...)
- mailman 1:2.1.8-3
CVE-2006-2940 (OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier
versions ...)
- {DSA-1185-2}
+ {DSA-1195-1 DSA-1185-2}
- openssl 0.9.8c-2 (bug #389940)
- openssl097 0.9.7k-2
- openssl096 <removed>
@@ -6384,8 +6403,8 @@
NOT-FOR-US: Microsoft
CVE-2006-2388 (Microsoft Office Excel 2000 through 2004 allows user-assisted
...)
NOT-FOR-US: Microsoft
-CVE-2006-2387
- RESERVED
+CVE-2006-2387 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003,
2004 ...)
+ TODO: check
CVE-2006-2386
RESERVED
CVE-2006-2385 (Unspecified vulnerability in Microsoft Internet Explorer 5.01
SP4 and ...)