Author: stef-guest Date: 2006-11-22 23:10:36 +0100 (Wed, 22 Nov 2006) New Revision: 4999 Modified: data/CVE/list Log: - CVE-2006-6008: linux-ftpd issue already fixed - dovecot CVEified - some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-11-22 22:04:06 UTC (rev 4998) +++ data/CVE/list 2006-11-22 22:10:36 UTC (rev 4999) @@ -69,13 +69,13 @@ CVE-2006-6028 (Directory traversal vulnerability in textview.php in Anton Vlasov ...) TODO: check CVE-2006-6027 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2006-6026 (Heap-based buffer overflow in Helix DNA Server 11.0 and 11.1 has ...) TODO: check CVE-2006-6025 (QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: QUALCOMM Eudora WorldMail CVE-2006-6024 (Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 ...) - TODO: check + NOT-FOR-US: Eudora Worldmail CVE-2006-6023 (** DISPUTED ** ...) TODO: check CVE-2006-6022 (Cross-site scripting (XSS) vulnerability in login_form.asp in ...) @@ -101,13 +101,13 @@ CVE-2006-6012 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in ...) TODO: check CVE-2006-6011 (Unspecified vulnerability in SAP Web Application Server before 6.40 ...) - TODO: check + NOT-FOR-US: SAP CVE-2006-6010 (SAP allows remote attackers to obtain potentially sensitive ...) - TODO: check + NOT-FOR-US: SAP CVE-2006-6009 (Unspecified vulnerability in the Java Runtime Environment (JRE) Swing ...) TODO: check CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, ...) - TODO: check + - linux-ftpd 0.17-22 CVE-2006-6007 (save_profile.asp in WebEvents (Online Event Registration Template) 2.0 ...) TODO: check CVE-2006-6006 @@ -147,7 +147,7 @@ CVE-2006-5989 (Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 ...) - libapache-mod-auth-kerb 5.3-1 (low) CVE-2006-5988 (Unspecified vulnerability in Windows 2000 Advanced Server SP4 running ...) - TODO: check + NOT-FOR-US: Windows CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet 2.1 allows ...) TODO: check CVE-2006-5986 (admin/options.php in Extreme CMS 0.9, and possibly earlier, does not ...) @@ -177,12 +177,10 @@ CVE-2006-5974 RESERVED CVE-2006-5973 (Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and ...) - TODO: check -CVE-2005-4815 (SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before ...) - TODO: check -CVE-2006-XXXX [dovecot off-by-one] - dovecot 1.0.rc15-1 [sarge] - dovecot <not-affected> (Vulnerable code not present) +CVE-2005-4815 (SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before ...) + NOT-FOR-US: SAP CVE-2006-XXXX [TorrentFlux Arbitrary Command Execution and Directory Traversal] - torrentflux <unfixed> (medium; bug #399169) CVE-2006-XXXX [Firefox Sage Extension Feed Script Insertion Vulnerability]