[Secure-testing-commits] r6334 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Thu Aug 16 09:14:10 UTC 2007
Author: joeyh
Date: 2007-08-16 09:14:10 +0000 (Thu, 16 Aug 2007)
New Revision: 6334
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-08-16 01:47:51 UTC (rev 6333)
+++ data/CVE/list 2007-08-16 09:14:10 UTC (rev 6334)
@@ -1,3 +1,41 @@
+CVE-2007-4371 (Unrestricted file upload vulnerability in admin/pages/blog-add.php in ...)
+ TODO: check
+CVE-2007-4370 (Multiple buffer overflows in the (1) client and (2) server in Racer ...)
+ TODO: check
+CVE-2007-4369 (Directory traversal vulnerability in go/_files in SOTEeSKLEP before ...)
+ TODO: check
+CVE-2007-4368 (SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) ...)
+ TODO: check
+CVE-2007-4367 (Opera before 9.23 allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2007-4366 (WengoPhone 2.1 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2007-4365 (Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier ...)
+ TODO: check
+CVE-2007-4364 (Fedora Commons before 2.2.1 does not properly handle certain ...)
+ TODO: check
+CVE-2007-4363 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
+CVE-2007-4362 (SQL injection vulnerability in category.php in Prozilla Webring allows ...)
+ TODO: check
+CVE-2007-4361 (NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta ...)
+ TODO: check
+CVE-2007-4360 (Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with ...)
+ TODO: check
+CVE-2007-4359 (Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems ...)
+ TODO: check
+CVE-2007-4358 (Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2007-4357 (Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof ...)
+ TODO: check
+CVE-2007-4356 (Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML ...)
+ TODO: check
+CVE-2007-4355 (Buffer overflow in the at program on IBM AIX 5.3 allows local users to ...)
+ TODO: check
+CVE-2007-4354 (Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 ...)
+ TODO: check
+CVE-2007-4353 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in ...)
+ TODO: check
CVE-2007-4352
RESERVED
CVE-2007-4351
@@ -28,7 +66,7 @@
NOT-FOR-US: PHPCentral Poll Script
CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) 0.6 and ...)
NOT-FOR-US: Family Connections
-CVE-2007-4337 (Buffer overflow in the httplib_parse_sc_header function in lib/http.c ...)
+CVE-2007-4337 (Multiple buffer overflows in the httplib_parse_sc_header function in ...)
- streamripper 1.62.2-1 (medium)
CVE-2007-4336 (Buffer overflow in the Live Picture Corporation ...)
NOT-FOR-US: Microsoft
@@ -148,8 +186,8 @@
NOT-FOR-US: KnowledgeTree
CVE-2007-4279 (PHP remote file inclusion vulnerability in config.php in ...)
NOT-FOR-US: FrontAccounting
-CVE-2007-4278
- RESERVED
+CVE-2007-4278 (Stack-based buffer overflow in ESRI ArcSDE service 9.2, as used with ...)
+ TODO: check
CVE-2007-4277
RESERVED
CVE-2007-4276
@@ -548,8 +586,7 @@
NOT-FOR-US: Minb Is Not a Blog (minb)
CVE-2007-4092 (Directory traversal vulnerability in index.php in iFoto 1.0.1 and ...)
NOT-FOR-US: iFoto
-CVE-2007-4091
- RESERVED
+CVE-2007-4091 (Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow ...)
- rsync 2.6.9-5 (bug #438125; medium)
CVE-2007-4090 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...)
NOT-FOR-US: Vikingboard
@@ -1048,7 +1085,7 @@
NOT-FOR-US: Oracle
CVE-2007-3853 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...)
NOT-FOR-US: Oracle
-CVE-2007-3852 (The init script (sysstat.in) in sysstat creates /tmp/sysstat.run ...)
+CVE-2007-3852 (The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates ...)
TODO: check
CVE-2007-3851 (The drm/i915 component in the Linux kernel before 2.6.22.2, when used ...)
TODO: check
@@ -2987,7 +3024,7 @@
RESERVED
CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64 Edition ...)
NOT-FOR-US: Microsoft
-CVE-2007-3037 (Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, ...)
+CVE-2007-3037 (Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote ...)
NOT-FOR-US: Microsoft
CVE-2007-3036
RESERVED
@@ -2995,7 +3032,7 @@
NOT-FOR-US: Microsoft
CVE-2007-3034 (Integer overflow in the AttemptWrite function in Graphics Rendering ...)
NOT-FOR-US: Microsoft
-CVE-2007-3033 (Unspecified vulnerability in Windows Vista Feed Headlines Gadgets in ...)
+CVE-2007-3033 (Cross-site scripting (XSS) vulnerability in Windows Vista Feed ...)
NOT-FOR-US: Microsoft
CVE-2007-3032 (Unspecified vulnerability in Windows Vista Contacts Gadget in Windows ...)
NOT-FOR-US: Microsoft
@@ -3226,10 +3263,10 @@
RESERVED
CVE-2007-2930
RESERVED
-CVE-2007-2929
- RESERVED
-CVE-2007-2928
- RESERVED
+CVE-2007-2929 (The IBM Lenovo Access Support acpRunner ActiveX control, as ...)
+ TODO: check
+CVE-2007-2928 (Format string vulnerability in the IBM Lenovo Access Support acpRunner ...)
+ TODO: check
CVE-2007-2927 (Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter ...)
NOT-FOR-US: Windows Atheros drivers
CVE-2007-2926 (ISC BIND 9 through 9.5.0a5 uses a weak random number generator during ...)
@@ -4023,7 +4060,7 @@
CVE-2007-2590 (Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, ...)
NOT-FOR-US: Nokia
CVE-2007-2589 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...)
- {DSA-1290-1}
+ {}
- squirrelmail 2:1.4.10a-1 (low)
NOTE: This has been addressed in DSA-1290
NOTE: CVE id has later been assigned to a part of this issue
@@ -4843,8 +4880,8 @@
- bind9 1:9.4.1-1 (medium)
[etch] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
[sarge] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
-CVE-2007-2240
- RESERVED
+CVE-2007-2240 (The IBM Lenovo Access Support acpRunner ActiveX control, as ...)
+ TODO: check
CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS Camera ...)
NOT-FOR-US: AXIS Camera Control
CVE-2007-2238
@@ -4876,9 +4913,9 @@
RESERVED
CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in Windows ...)
NOT-FOR-US: Microsoft
-CVE-2007-2224 (Unspecified vulnerability in Object linking and embedding (OLE) ...)
+CVE-2007-2224 (Object linking and embedding (OLE) Automation, as used in Microsoft ...)
NOT-FOR-US: Microsoft
-CVE-2007-2223 (Unspecified vulnerability in Microsoft XML Core Services (MSXML) 3.0 ...)
+CVE-2007-2223 (Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote ...)
NOT-FOR-US: Microsoft XML
CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and ...)
NOT-FOR-US: Microsoft
@@ -9832,8 +9869,8 @@
NOT-FOR-US: FLEXnet Connect
CVE-2007-0320 (Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) ...)
NOT-FOR-US: InstallFromTheWeb
-CVE-2007-0319
- RESERVED
+CVE-2007-0319 (Multiple stack-based buffer overflows in the Motive ...)
+ TODO: check
CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows ...)
NOT-FOR-US: Apple Mac OS
CVE-2007-0317 (Format string vulnerability in the LogMessage function in FileZilla ...)
@@ -39924,7 +39961,7 @@
NOT-FOR-US: eXPerience2
CVE-2005-0721 (PHP remote file inclusion vulnerability in modules.php in eXPerience2 ...)
NOT-FOR-US: eXPerience2
-CVE-2005-0720 (PHP remote file inclusion vulnerability in header.php in PHP mcNews ...)
+CVE-2005-0720 (PHP remote file inclusion vulnerability in admin/header.php in PHP ...)
NOT-FOR-US: mcNews
CVE-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64 Unix ...)
NOT-FOR-US: Tru64
More information about the Secure-testing-commits
mailing list