[Secure-testing-commits] r5647 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Apr 11 21:14:18 UTC 2007
Author: joeyh
Date: 2007-04-11 21:14:14 +0000 (Wed, 11 Apr 2007)
New Revision: 5647
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-04-11 19:51:12 UTC (rev 5646)
+++ data/CVE/list 2007-04-11 21:14:14 UTC (rev 5647)
@@ -1,3 +1,271 @@
+CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi ...)
+ TODO: check
+CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...)
+ TODO: check
+CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam ...)
+ TODO: check
+CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew ...)
+ TODO: check
+CVE-2007-1967 (PHP remote file inclusion vulnerability in index.php in stat12 allows ...)
+ TODO: check
+CVE-2007-1966 (Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows ...)
+ TODO: check
+CVE-2007-1965 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS ...)
+ TODO: check
+CVE-2007-1964 (member.php in MyBB (aka MyBulletinBoard), when debug mode is ...)
+ TODO: check
+CVE-2007-1963 (SQL injection vulnerability in the create_session function in ...)
+ TODO: check
+CVE-2007-1962 (SQL injection vulnerability in index.php in the WF-Snippets 1.02 and ...)
+ TODO: check
+CVE-2007-1961 (PHP remote file inclusion vulnerability in mutant_functions.php in the ...)
+ TODO: check
+CVE-2007-1960 (SQL injection vulnerability in visit.php in the Rha7 Downloads ...)
+ TODO: check
+CVE-2007-1959 (Unspecified vulnerability in the process_cmdent function in ...)
+ TODO: check
+CVE-2007-1958 (Buffer overflow in TinyMUX before 2.4 allows attackers to cause a ...)
+ TODO: check
+CVE-2007-1957 (Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain ...)
+ TODO: check
+CVE-2007-1956 (SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads ...)
+ TODO: check
+CVE-2007-1955 (Multiple stack-based buffer overflows in the SignKorea SKCrypAX ...)
+ TODO: check
+CVE-2007-1954 (Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 ...)
+ TODO: check
+CVE-2007-1953 (Session fixation vulnerability in onelook courts on-line allows remote ...)
+ TODO: check
+CVE-2007-1952 (Session fixation vulnerability in onelook onebyone CMS allows remote ...)
+ TODO: check
+CVE-2007-1951 (Session fixation vulnerability in onelook obo Shop allows remote ...)
+ TODO: check
+CVE-2007-1950 (Cross-site scripting (XSS) vulnerability in index_cms.php in ...)
+ TODO: check
+CVE-2007-1949 (Session fixation vulnerability in WebBlizzard CMS allows remote ...)
+ TODO: check
+CVE-2007-1948 (Buffer overflow in IrfanView 3.99 allows context-dependent attackers ...)
+ TODO: check
+CVE-2007-1947 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...)
+ TODO: check
+CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might ...)
+ TODO: check
+CVE-2007-1945 (Unspecified vulnerability in the Servlet Engine/Web Container in IBM ...)
+ TODO: check
+CVE-2007-1944 (The Java Message Service (JMS) in IBM WebSphere Application Server ...)
+ TODO: check
+CVE-2007-1943 (Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent ...)
+ TODO: check
+CVE-2007-1942 (Integer overflow in FastStone Image Viewer 2.9 allows ...)
+ TODO: check
+CVE-2007-1941 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...)
+ TODO: check
+CVE-2007-1940 (IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 ...)
+ TODO: check
+CVE-2007-1939 (Cross-site scripting (XSS) vulnerability in the embedded webserver in ...)
+ TODO: check
+CVE-2007-1938 (Ichitaro 2005 through 2007, and possibly related products, allows ...)
+ TODO: check
+CVE-2007-1937 (PHP remote file inclusion vulnerability in smilies.php in Scorp Book ...)
+ TODO: check
+CVE-2007-1936 (PHP remote file inclusion vulnerability in scaradcontrol.php in ...)
+ TODO: check
+CVE-2007-1935 (PHP file inclusion vulnerability in admin/index.php in ScarAdControl ...)
+ TODO: check
+CVE-2007-1934 (Directory traversal vulnerability in member.php in the eBoard 1.0.7 ...)
+ TODO: check
+CVE-2007-1933 (Multiple directory traversal vulnerabilities in PcP-Guestbook ...)
+ TODO: check
+CVE-2007-1932 (Directory traversal vulnerability in scarnews.inc.php in ScarNews ...)
+ TODO: check
+CVE-2007-1931 (SQL injection vulnerability in index.php in the slownik module in ...)
+ TODO: check
+CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc 2.21 ...)
+ TODO: check
+CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo 2.0 ...)
+ TODO: check
+CVE-2007-1928 (Directory traversal vulnerability in index.php in witshare 0.9 allows ...)
+ TODO: check
+CVE-2007-1927 (Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer ...)
+ TODO: check
+CVE-2007-1926 (Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin ...)
+ TODO: check
+CVE-2007-1925 (The borrado function in modules/Your_Account/index.php in Tru-Zone ...)
+ TODO: check
+CVE-2007-1924 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-1923 ((1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...)
+ TODO: check
+CVE-2007-1922 (The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in ...)
+ TODO: check
+CVE-2007-1921 (LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other ...)
+ TODO: check
+CVE-2007-1920 (SQL injection vulnerability in index.php in the aktualnosci module in ...)
+ TODO: check
+CVE-2007-1919 (Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream ...)
+ TODO: check
+CVE-2007-1918 (The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 ...)
+ TODO: check
+CVE-2007-1917 (Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC ...)
+ TODO: check
+CVE-2007-1916 (Buffer overflow in the RFC_START_GUI function in the SAP RFC Library ...)
+ TODO: check
+CVE-2007-1915 (Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC ...)
+ TODO: check
+CVE-2007-1914 (The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 ...)
+ TODO: check
+CVE-2007-1913 (The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and ...)
+ TODO: check
+CVE-2007-1912 (Heap-based buffer overflow in Microsoft Windows allows user-assisted ...)
+ TODO: check
+CVE-2007-1911 (Multiple unspecified vulnerabilities in Microsoft Word 2007 allow ...)
+ TODO: check
+CVE-2007-1910 (Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote ...)
+ TODO: check
+CVE-2007-1909 (SQL injection vulnerability in login.php in Ryan Haudenschilt ...)
+ TODO: check
+CVE-2007-1908 (PHP file inclusion vulnerability in php121db.php in PHP121 Instant ...)
+ TODO: check
+CVE-2007-1907 (PHP remote file inclusion vulnerability in warn.php in Pathos Content ...)
+ TODO: check
+CVE-2007-1906 (Directory traversal vulnerability in richedit/keyboard.php in eCardMAX ...)
+ TODO: check
+CVE-2007-1905 (Cross-site scripting (XSS) vulnerability in auth.php in Pineapple ...)
+ TODO: check
+CVE-2007-1904 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 ...)
+ TODO: check
+CVE-2007-1903
+ RESERVED
+CVE-2007-1902
+ RESERVED
+CVE-2007-1901
+ RESERVED
+CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ...)
+ TODO: check
+CVE-2007-1899
+ RESERVED
+CVE-2007-1898
+ RESERVED
+CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...)
+ TODO: check
+CVE-2007-1896 (Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach ...)
+ TODO: check
+CVE-2007-1895 (PHP remote file inclusion vulnerability in chat.php in Sky GUNNING ...)
+ TODO: check
+CVE-2007-1894 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows ...)
+ TODO: check
+CVE-2007-1892
+ RESERVED
+CVE-2007-1891
+ RESERVED
+CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...)
+ TODO: check
+CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the ...)
+ TODO: check
+CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c ...)
+ TODO: check
+CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the bundled ...)
+ TODO: check
+CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP ...)
+ TODO: check
+CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and ...)
+ TODO: check
+CVE-2007-1884 (Multiple integer signedness errors in the printf function family in ...)
+ TODO: check
+CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...)
+ TODO: check
+CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury ...)
+ TODO: check
+CVE-2007-1881 (Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, ...)
+ TODO: check
+CVE-2007-1880 (Integer overflow in the _NtSetValueKey function in klif.sys in ...)
+ TODO: check
+CVE-2007-1879 (The StartUploading function in KL.SysInfo ActiveX control ...)
+ TODO: check
+CVE-2007-1878 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...)
+ TODO: check
+CVE-2007-1877
+ RESERVED
+CVE-2007-1876
+ RESERVED
+CVE-2007-1875
+ RESERVED
+CVE-2007-1874
+ RESERVED
+CVE-2007-1873
+ RESERVED
+CVE-2007-1872
+ RESERVED
+CVE-2007-1871
+ RESERVED
+CVE-2007-1870
+ RESERVED
+CVE-2007-1869
+ RESERVED
+CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS ...)
+ TODO: check
+CVE-2007-1867 (Buffer overflow in IrfanView 3.99 allows remote attackers to execute ...)
+ TODO: check
+CVE-2007-1866 (Stack-based buffer overflow in the dns_decode_reverse_name function in ...)
+ TODO: check
+CVE-2007-1865
+ RESERVED
+CVE-2007-1864
+ RESERVED
+CVE-2007-1863
+ RESERVED
+CVE-2007-1862
+ RESERVED
+CVE-2007-1861
+ RESERVED
+CVE-2007-1860
+ RESERVED
+CVE-2007-1859
+ RESERVED
+CVE-2007-1858
+ RESERVED
+CVE-2007-1857
+ RESERVED
+CVE-2007-1856
+ RESERVED
+CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in ...)
+ TODO: check
+CVE-2007-1854 (Unspecified vulnerability in Hitachi Cosminexus Component Container ...)
+ TODO: check
+CVE-2007-1853 (Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, ...)
+ TODO: check
+CVE-2007-1852 (Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 ...)
+ TODO: check
+CVE-2007-1851 (Multiple directory traversal vulnerabilities in Really Simple PHP and ...)
+ TODO: check
+CVE-2007-1850 (Directory traversal vulnerability in classes/captcha/captcha.jpg.php ...)
+ TODO: check
+CVE-2007-1849 (Directory traversal vulnerability in 404.php in Drake CMS allows ...)
+ TODO: check
+CVE-2007-1848 (Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php ...)
+ TODO: check
+CVE-2007-1847 (SQL injection vulnerability in viewcat.php in the Repository module ...)
+ TODO: check
+CVE-2007-1846 (SQL injection vulnerability in index.php in the MyAds 2.04jp and ...)
+ TODO: check
+CVE-2007-1845 (SQL injection vulnerability in show_event.php in the Expanded Calendar ...)
+ TODO: check
+CVE-2007-1844 (Multiple PHP remote file inclusion vulnerabilities in Aardvark ...)
+ TODO: check
+CVE-2007-1843 (PHP remote file inclusion vulnerability in gmapfactory/params.php in ...)
+ TODO: check
+CVE-2007-1842 (Directory traversal vulnerability in login.php in JSBoard before ...)
+ TODO: check
+CVE-2007-1841 (The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in ...)
+ TODO: check
+CVE-2006-7192 (Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle ...)
+ TODO: check
+CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, and 5.1.x before ...)
+ TODO: check
+CVE-2005-4836
+ RESERVED
CVE-2007-XXXX [Dos in quagga's bgpd through MP_REACH_NLRI and MP_UNREACH_NLRI]
- quagga <unfixed> (low; bug #418323)
NOTE: The attributes are non-transitive, which means that they
@@ -53,7 +321,7 @@
NOT-FOR-US: Sprint Nextel
CVE-2007-1820 (Nortel Networks CallPilot and Meridian Mail voicemail systems, when a ...)
NOT-FOR-US: Nortel Networks
-CVE-2007-1819 (Unspecified vulnerability in a certain ActiveX control in TestDirector ...)
+CVE-2007-1819 (Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control ...)
NOT-FOR-US: ActiveX control in TestDirector
CVE-2007-1818 (PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php ...)
NOT-FOR-US: Forum picture and META tags module for phpBB
@@ -95,7 +363,7 @@
NOT-FOR-US: Cisco Secure ACS
CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...)
- ktorrent <unfixed> (medium)
-CVE-2007-1798 (Buffer overflow in the drmgr command for IBM AIX 5.2 and 5.3 allows ...)
+CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows ...)
NOT-FOR-US: IBM AIX
CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote ...)
- imagemagick <unfixed> (medium)
@@ -180,7 +448,7 @@
NOT-FOR-US: HP JetDirect
CVE-2007-1771 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Ay System Solutions Web Content System
-CVE-2007-1770 (ESRI ArcSDE 8.3, 9.0, and 9.1 before 20070327, when using three tiered ...)
+CVE-2007-1770 (Buffer overflow in the ArcSDE service (giomgr) in Environmental ...)
NOT-FOR-US: ArcSDE
CVE-2007-1769 (Cross-site scripting (XSS) vulnerability in /search in Mephisto 0.7.3 ...)
NOT-FOR-US: Mephisto
@@ -357,22 +625,22 @@
RESERVED
CVE-2007-1688
RESERVED
-CVE-2007-1687
- RESERVED
+CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation iPIX ...)
+ TODO: check
CVE-2007-1686
RESERVED
CVE-2007-1685
RESERVED
-CVE-2007-1684
- RESERVED
+CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in ...)
+ TODO: check
CVE-2007-1683
RESERVED
CVE-2007-1682
RESERVED
CVE-2007-1681
RESERVED
-CVE-2007-1680
- RESERVED
+CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference function in ...)
+ TODO: check
CVE-2007-1679 (** DISPUTED ** ...)
TODO: check
CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension ...)
@@ -694,7 +962,7 @@
- sql-ledger <unfixed> (unimportant; bug #409703)
NOTE: It's documented behaviour that SQL-Ledger should only be run in an
NOTE: authenticated HTTP zone and without untrusted users
-CVE-2007-1540 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 and ...)
+CVE-2007-1540 (Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 ...)
- sql-ledger <unfixed> (unimportant; bug #409703)
NOTE: It's documented behaviour that SQL-Ledger should only be run in an
NOTE: authenticated HTTP zone and without untrusted users
@@ -717,7 +985,7 @@
NOT-FOR-US: Microsoft
CVE-2007-1532 (The neighbor discovery implementation in Microsoft Windows Vista ...)
NOT-FOR-US: Microsoft
-CVE-2007-1531 (Microsoft Windows Vista overwrites ARP table entries included in ...)
+CVE-2007-1531 (Microsoft Windows XP and Vista overwrites ARP table entries included ...)
NOT-FOR-US: Microsoft
CVE-2007-1530 (The LLTD Mapper in Microsoft Windows Vista does not properly gather ...)
NOT-FOR-US: Microsoft
@@ -1130,8 +1398,7 @@
- libapache-mod-security <removed>
CVE-2007-1358
RESERVED
-CVE-2007-1357 [linux kernel appletalk remote DoS]
- RESERVED
+CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before ...)
- linux-2.6 2.6.20-1
CVE-2007-1356
RESERVED
@@ -1141,11 +1408,9 @@
RESERVED
CVE-2007-1353
RESERVED
-CVE-2007-1352
- RESERVED
+CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org libXfont ...)
- libxfont 1:1.2.2-2 (medium)
-CVE-2007-1351
- RESERVED
+CVE-2007-1351 (Integer overflow in the bdfReadCharacters function in bdfread.c in (1) ...)
- libxfont 1:1.2.2-2 (medium)
CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 ...)
NOT-FOR-US: Novell NetMail
@@ -1433,10 +1698,10 @@
NOT-FOR-US: NetBSD Kernel
CVE-2007-1272
RESERVED
-CVE-2007-1271
- RESERVED
-CVE-2007-1270
- RESERVED
+CVE-2007-1271 (Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow ...)
+ TODO: check
+CVE-2007-1270 (Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows ...)
+ TODO: check
CVE-2007-1269 (GNUMail 1.1.2 and earlier does not properly use the --status-fd ...)
- gnumail <unfixed> (unimportant)
NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
@@ -1560,34 +1825,33 @@
- asterisk-chan-capi 0.7.1-1.1 (bug #411293)
- linux-2.6 <unfixed> (bug #411294; low)
NOTE: Not exploitable over ISDN network, only through a CAPI server
-CVE-2007-1216
- RESERVED
+CVE-2007-1216 (Double-free vulnerability in the GSS-API library, as used by the ...)
{DSA-1276-1}
- krb5 1.4.4-8 (high)
-CVE-2007-1215
- RESERVED
+CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
+ TODO: check
CVE-2007-1214
RESERVED
-CVE-2007-1213
- RESERVED
-CVE-2007-1212
- RESERVED
-CVE-2007-1211
- RESERVED
+CVE-2007-1213 (The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows ...)
+ TODO: check
+CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
+ TODO: check
+CVE-2007-1211 (Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 ...)
+ TODO: check
CVE-2007-1210
RESERVED
-CVE-2007-1209
- RESERVED
+CVE-2007-1209 (Use-after-free vulnerability in the Client/Server Run-time Subsystem ...)
+ TODO: check
CVE-2007-1208
RESERVED
CVE-2007-1207
RESERVED
-CVE-2007-1206
- RESERVED
-CVE-2007-1205
- RESERVED
-CVE-2007-1204
- RESERVED
+CVE-2007-1206 (The Windows Kernel in Microsoft Windows 2000 SP4, XP SP2, and Server ...)
+ TODO: check
+CVE-2007-1205 (Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in ...)
+ TODO: check
+CVE-2007-1204 (Unspecified vulnerability in the Universal Plug and Play (UPnP) ...)
+ TODO: check
CVE-2007-1203
RESERVED
CVE-2007-1202
@@ -1821,8 +2085,8 @@
NOT-FOR-US: Microsoft IE
CVE-2007-1113
RESERVED
-CVE-2007-1112
- RESERVED
+CVE-2007-1112 (Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe ...)
+ TODO: check
CVE-2007-1111 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar ...)
NOT-FOR-US: ActiveCalendar
CVE-2007-1110 (Directory traversal vulnerability in data/showcode.php in ...)
@@ -2227,14 +2491,13 @@
- iceape <unfixed> (low)
- xulrunner <unfixed> (low)
NOTE: maintainer notes that this may affect browsers based on xulrunner
-CVE-2007-1003 [X.org resource management memory corruption]
- RESERVED
+CVE-2007-1003 (Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList ...)
- xorg-server 2:1.1.1-21 (medium)
CVE-2007-1002 (Format string vulnerability in the write_html function in ...)
- evolution <unfixed>
[sarge] - evolution <not-affected> (Vulnerable code not present)
-CVE-2007-1001
- RESERVED
+CVE-2007-1001 (Multiple integer overflows in the (1) createwbmp and (2) readwbmp ...)
+ TODO: check
CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the ...)
- linux-2.6 2.6.18.dfsg.1-12 (medium)
CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other ...)
@@ -2267,7 +2530,7 @@
RESERVED
CVE-2007-0989
RESERVED
-CVE-2007-0988 (The zend_hash_init function in PHP, when running on a 64-bit platform, ...)
+CVE-2007-0988 (The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before ...)
{DSA-1264-1}
- php4 6:4.4.4-9
- php5 5.2.0-9
@@ -2337,12 +2600,10 @@
NOT-FOR-US: Cisco PIX
CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable ...)
- linux-2.6 <unfixed> (unimportant)
-CVE-2007-0957
- RESERVED
+CVE-2007-0957 (Stack-based buffer overflow in the krb5_klog_syslog function in the ...)
{DSA-1276-1}
- krb5 1.4.4-8 (high)
-CVE-2007-0956
- RESERVED
+CVE-2007-0956 (The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote ...)
{DSA-1276-1}
- krb5 1.4.4-8 (high)
CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable ...)
@@ -2377,10 +2638,10 @@
RESERVED
CVE-2007-0940
RESERVED
-CVE-2007-0939
- RESERVED
-CVE-2007-0938
- RESERVED
+CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content ...)
+ TODO: check
+CVE-2007-0938 (Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does ...)
+ TODO: check
CVE-2007-0937
RESERVED
CVE-2007-0936
@@ -2485,7 +2746,7 @@
NOTE: other half is possibly CHECKME-printfstuff-maybecve.diff and
NOTE: CHECKME-formattedprint-maybecve.diff and
NOTE: CHECKME-main.c-precision-maybecve.diff in the same place.
-CVE-2007-0908 (The wddx extension in PHP before 5.2.1 allows remote attackers to ...)
+CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ...)
- php5 5.2.0-9 (unimportant)
- php4 6:4.4.4-9 (unimportant)
NOTE: this extension is not enabled in the php packages
@@ -3031,8 +3292,8 @@
RESERVED
CVE-2007-0735
RESERVED
-CVE-2007-0734
- RESERVED
+CVE-2007-0734 (The AirPort Disk feature of the AirPort Extreme Base Station with ...)
+ TODO: check
CVE-2007-0733 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 ...)
NOT-FOR-US: Apple Mac ImageIO
CVE-2007-0732
@@ -3708,8 +3969,8 @@
RESERVED
CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for Hewlett-Packard ...)
NOT-FOR-US: HP Mercury
-CVE-2007-0445
- RESERVED
+CVE-2007-0445 (Heap-based buffer overflow in the arj.ppl module in the OnDemand ...)
+ TODO: check
CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...)
NOT-FOR-US: Citrix
CVE-2007-0443
@@ -4173,8 +4434,7 @@
RESERVED
CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 ...)
- sun-java5 1.5.0-10-1
-CVE-2007-0242 [too lenient UTF-8 decoder in src/codecs/qutfcodec.cpp]
- RESERVED
+CVE-2007-0242 (The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does ...)
- qt4-x11 4.2.2-2
- qt-x11-free 3:3.3.7-4
CVE-2007-0241
@@ -4188,7 +4448,7 @@
{DSA-1270-1}
- openoffice.org 2.0.4.dfsg.2-6
[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
-CVE-2007-0238 (Stack-based buffer overflow in the StarCalc parser in OpenOffice.org ...)
+CVE-2007-0238 (Stack-based buffer overflow in filter\starcalc\scflt.cxx in the ...)
{DSA-1270-1}
- openoffice.org 2.0.4.dfsg.2-6
[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
@@ -7017,7 +7277,8 @@
NOT-FOR-US: Less Inventory Manager
CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Less Inventory Manager
-CVE-2006-5941 (snmpd in (1) the SUNWsmagt package in Solaris 10 before 20061122 and ...)
+CVE-2006-5941
+ REJECTED
NOT-FOR-US: Solaris, see #400557
CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has ...)
NOT-FOR-US: Grisoft AVG Anti-Virus
@@ -7412,7 +7673,7 @@
NOT-FOR-US: phpDynaSite
CVE-2006-5759 (index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote ...)
NOT-FOR-US: Rhadrix If-CMS
-CVE-2006-5758 (Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 ...)
+CVE-2006-5758 (The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 ...)
NOT-FOR-US: Microsoft
CVE-2006-5757 (Race condition in the __find_get_block_slow function in the ISO9660 ...)
- linux-2.6 2.6.18.dfsg.1-10 (low)
@@ -7793,8 +8054,8 @@
NOT-FOR-US: CMS Faethon
CVE-2006-5587 (Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and ...)
NOT-FOR-US: MDweb
-CVE-2006-5586
- RESERVED
+CVE-2006-5586 (The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 ...)
+ TODO: check
CVE-2006-5585 (The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and ...)
NOT-FOR-US: Microsoft
CVE-2006-5584 (The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 ...)
@@ -10800,8 +11061,7 @@
{DSA-1211}
- pdns-recursor 3.1.4-1 (bug #398557; high)
- pdns <not-affected> (Recursor module has been moved to pdns-recursor)
-CVE-2006-4250 [buffer overflow in man-db]
- RESERVED
+CVE-2006-4250 (Buffer overflow in man and man-db 2.4.3 and earlier allows local users ...)
{DSA-1278-1}
- man-db 2.4.3-5
CVE-2006-4249 (Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when ...)
@@ -11931,7 +12191,7 @@
NOT-FOR-US: IDevSpot PhpLinkExchange
CVE-2006-3776 (PHP remote file inclusion vulnerability in order/index.php in IDevSpot ...)
NOT-FOR-US: IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0
-CVE-2006-3775 (SQL injection vulnerability in class_session.php in MyBB (aka ...)
+CVE-2006-3775 (SQL injection vulnerability in the init function in class_session.php ...)
NOT-FOR-US: MyBB
CVE-2006-3774 (PHP remote file inclusion vulnerability in performs.php in the ...)
NOT-FOR-US: perForms component (com_performs) for Joomla!
@@ -28644,7 +28904,7 @@
CVE-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands via ...)
NOTE: How bizarre, they assign a CVE Id without knowing which product contains
NOTE: the affected probe.cgi
-CVE-2005-2177 (Unknown vulnerability in Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before ...)
+CVE-2005-2177 (Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when ...)
{DSA-873-1}
- net-snmp 5.2.1.2-1 (bug #318420; low)
- ucd-snmp 4.2.5-5.1 (bug #337394; low)
More information about the Secure-testing-commits
mailing list