Author: stef-guest Date: 2006-10-24 20:54:10 +0000 (Tue, 24 Oct 2006) New Revision: 4880 Modified: data/CVE/list Log: - CVE-2006-5330: new flashplugin-nonfree issue (medium) - CVE-2006-545[3-5]: new bugzilla issues (low) - new drupal XSS and XSRF (low) Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-10-24 20:15:36 UTC (rev 4879) +++ data/CVE/list 2006-10-24 20:54:10 UTC (rev 4880) @@ -1,5 +1,7 @@ CVE-2006-XXXX [serendipity XSS for registered authors] - serendipity 1.0.2-1 (low) +CVE-2006-XXXX [drupal XSS and XSRF http://secunia.com/advisories/22486/] + - drupal <unfixed> (low) CVE-2006-5460 (** DISPUTED ** ...) TODO: check CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...) @@ -12,11 +14,11 @@ - graphicsmagick 1.1.7-9 (medium) - imagemagick 7:6.2.4.5.dfsg1-0.11 (bug #393025) CVE-2006-5455 (Cross-site request forgery (CSRF) vulnerability in editversions.cgi in ...) - TODO: check + - bugzilla <unfixed> (bug filed; low) CVE-2006-5454 (Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before ...) - TODO: check + - bugzilla <unfixed> (bug filed; low) CVE-2006-5453 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x ...) - TODO: check + - bugzilla <unfixed> (bug filed; low) CVE-2006-5452 (Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX ...) TODO: check CVE-2006-5451 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 ...) @@ -267,7 +269,7 @@ CVE-2006-5331 RESERVED CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 for ...) - TODO: check + - flashplugin-nonfree <unfixed> (medium) CVE-2006-5329 RESERVED CVE-2006-5328 (OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and ...)