Author: jmm-guest Date: 2006-12-16 01:09:40 +0100 (Sat, 16 Dec 2006) New Revision: 5130 Modified: data/CVE/list Log: proftpd CVEfied net-snmp not-affected new kernel issue not-affected NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-12-15 21:56:19 UTC (rev 5129) +++ data/CVE/list 2006-12-16 00:09:40 UTC (rev 5130) @@ -19,7 +19,8 @@ CVE-2006-6564 (FileZilla Server before 0.9.22 allows remote attackers to cause a ...) TODO: check CVE-2006-6563 (Stack-based buffer overflow in the pr_ctrls_recv_request function in ...) - TODO: check + - proftpd-dfsg 1.3.0-17 (medium) + [sarge] - proftpd <not-affected> (Vulnerable code not activated in binary build) CVE-2006-6562 RESERVED CVE-2006-6561 (Unspecified vulnerability in Microsoft Word allows user-assisted ...) @@ -155,9 +156,6 @@ RESERVED CVE-2006-6496 (The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus ...) TODO: check -CVE-2006-XXXX [proftpd mod_ctrls local root] - - proftpd-dfsg 1.3.0-17 (medium) - [sarge] - proftpd <not-affected> (Vulnerable code not activated in binary build) CVE-2006-6495 (Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 ...) NOT-FOR-US: Solaris CVE-2006-6494 (Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and ...) @@ -541,70 +539,69 @@ CVE-2006-6307 (srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote ...) NOT-FOR-US: Novell Netware CVE-2006-6306 (Format string vulnerability in Novell Modular Authentication Services ...) - TODO: check + NOT-FOR-US: Novell Netware CVE-2006-6305 (Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when ...) - TODO: check + - net-snmp <not-affected> (Only affects version 5.3.0) CVE-2006-6304 (The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets ...) - TODO: check + - linux-2.6 <not-affected> (Only affects plain 2.6.19) CVE-2006-6303 (The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not ...) NOTE: http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/ - ruby1.8 1.8.5-4 (low) - TODO: check other ruby versions CVE-2006-6300 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...) - TODO: check + NOT-FOR-US: CuteNews CVE-2006-6299 (Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management ...) - TODO: check + NOT-FOR-US: Novell ZENworks CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul ...) - TODO: check + NOT-FOR-US: Metyus Okul Yonetim Sistemi CVE-2006-6297 (Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, ...) - kdegraphics <unfixed> (unimportant) NOTE: Generic bug, treating it as a security problem is quite a stretch CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-6295 (PHP remote file inclusion vulnerability in includes/mx_common.php in ...) - TODO: check + NOT-FOR-US: MxBB Portal CVE-2006-6294 (Multiple unspecified vulnerabilities in FRISK Software F-Prot ...) NOT-FOR-US: F-Prot Antivirus CVE-2006-6293 (Heap-based buffer overflow in FRISK Software F-Prot Antivirus before ...) NOT-FOR-US: F-Prot Antivirus CVE-2006-6292 (Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 allows remote ...) - TODO: check + NOT-FOR-US: Apple Airport CVE-2006-6291 (Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable ...) - TODO: check + NOT-FOR-US: MailEnable Professional CVE-2006-6290 (Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) ...) - TODO: check + NOT-FOR-US: MailEnable CVE-2006-6289 (Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset ...) - TODO: check + NOT-FOR-US: Woltlab Burning Board CVE-2006-6288 (Multiple buffer overflows in Niek Albers CoolPlayer 215 and earlier ...) - TODO: check + NOT-FOR-US: Niek Albers CoolPlayer CVE-2006-6287 (Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote ...) - TODO: check + NOT-FOR-US: AtomixMP3 CVE-2006-6286 (Palm Desktop 4.1.4 and earlier stores user data with weak permissions ...) - TODO: check + NOT-FOR-US: Palm Desktop CVE-2006-6285 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Kai Blankenhorn Bitfolge CVE-2006-6284 (Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 ...) - TODO: check + NOT-FOR-US: Vikingboard CVE-2006-6283 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...) - TODO: check + NOT-FOR-US: Vikingboard CVE-2006-6282 (members.php in Vikingboard 0.1.2 allows remote attackers to trigger a ...) - TODO: check + NOT-FOR-US: Vikingboard CVE-2006-6281 (PHP remote file inclusion vulnerability in check_status.php in ...) - TODO: check + NOT-FOR-US: dicshunary CVE-2006-6280 (SQL injection vulnerability in viewthread.php in Oxygen (O2PHP ...) - TODO: check + NOT-FOR-US: Oxygen (O2PHP Bulletin Board) CVE-2006-6279 (index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: @lex Guestbook CVE-2006-6278 (Cross-site scripting (XSS) vulnerability in index.php in @lex ...) - TODO: check + NOT-FOR-US: @lex Guestbook CVE-2006-6277 (Directory traversal vulnerability in admin/FileServer.php in ...) - TODO: check + NOT-FOR-US: ContentServ CVE-2006-6276 (HTTP request smuggling vulnerability in Sun Java System Proxy Server ...) - TODO: check + NOT-FOR-US: Sun Java System Proxy Server CVE-2006-6275 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...) - TODO: check + NOT-FOR-US: Solaris CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net iNews (1) ...) - TODO: check + NOT-FOR-US: Expinion.net iNews CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs file, which ...) - fail2ban <not-affected> (looks fixed in 0.6) CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which allows remote ...)