[Secure-testing-commits] r6418 - data/CVE
stef-guest at alioth.debian.org
stef-guest at alioth.debian.org
Tue Aug 28 20:58:21 UTC 2007
Author: stef-guest
Date: 2007-08-28 20:58:20 +0000 (Tue, 28 Aug 2007)
New Revision: 6418
Modified:
data/CVE/list
Log:
manual automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-08-28 20:57:52 UTC (rev 6417)
+++ data/CVE/list 2007-08-28 20:58:20 UTC (rev 6418)
@@ -1,3 +1,239 @@
+CVE-2007-4580 (Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows ...)
+ TODO: check
+CVE-2007-4579 (Heap-based buffer overflow in Microsoft MSN Messenger 7.x and Live ...)
+ TODO: check
+CVE-2007-4578 (Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows ...)
+ TODO: check
+CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers ...)
+ TODO: check
+CVE-2007-4576
+ RESERVED
+CVE-2007-4575
+ RESERVED
+CVE-2007-4574
+ RESERVED
+CVE-2007-4573
+ RESERVED
+CVE-2007-4572
+ RESERVED
+CVE-2007-4571
+ RESERVED
+CVE-2007-4570
+ RESERVED
+CVE-2007-4569
+ RESERVED
+CVE-2007-4568
+ RESERVED
+CVE-2007-4567
+ RESERVED
+CVE-2007-4566 (Multiple buffer overflows in the login mechanism in sidvault in Alpha ...)
+ TODO: check
+CVE-2007-4565 (fetchmail before 6.3.9 allows context-dependent attackers to cause a ...)
+ TODO: check
+CVE-2007-4564 (Cosminexus Manager in Cosminexus Application Server 07-00 and later ...)
+ TODO: check
+CVE-2007-4563 (Cosminexus Manager in Cosminexus Application Server 06-50 and later ...)
+ TODO: check
+CVE-2007-4562 (Unspecified vulnerability in Hitachi DABroker before 03-02-/D and ...)
+ TODO: check
+CVE-2007-4561 (Heap-based buffer overflow in the RTSP service in Helix DNA Server ...)
+ TODO: check
+CVE-2007-4560 (clamav-milter in ClamAV before 0.91.2, when run in black hole mode, ...)
+ TODO: check
+CVE-2007-4559 (Directory traversal vulnerability in the (1) extract and (2) ...)
+ TODO: check
+CVE-2007-4558 (Directory traversal vulnerability in extract.c in star before 1.5a84 ...)
+ TODO: check
+CVE-2007-4557 (Cross-site scripting (XSS) vulnerability in the webacc servlet in ...)
+ TODO: check
+CVE-2007-4556 (Struts support in OpenSymphony XWork before 1.2.3, and 2.x before ...)
+ TODO: check
+CVE-2007-4555 (Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows ...)
+ TODO: check
+CVE-2007-4554 (Cross-site scripting (XSS) vulnerability in tiki-remind_password.php ...)
+ TODO: check
+CVE-2007-4553 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote ...)
+ TODO: check
+CVE-2007-4552 (SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 ...)
+ TODO: check
+CVE-2007-4551 (PHP remote file inclusion vulnerability in index.php in Agares Media ...)
+ TODO: check
+CVE-2007-4550 (Format string vulnerability in ALPass 2.7 English and 3.02 Korean ...)
+ TODO: check
+CVE-2007-4549 (Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow ...)
+ TODO: check
+CVE-2007-4548 (The login method in LoginModule implementations in Apache Geronimo 2.0 ...)
+ TODO: check
+CVE-2007-4547 (Unreal Commander 0.92 build 565 and 573 writes portions of heap memory ...)
+ TODO: check
+CVE-2007-4546 (Unreal Commander 0.92 build 565 and 573 lists the filenames from the ...)
+ TODO: check
+CVE-2007-4545 (Multiple directory traversal vulnerabilities in Unreal Commander 0.92 ...)
+ TODO: check
+CVE-2007-4544 (Cross-site scripting (XSS) vulnerability in wp-newblog.php in ...)
+ TODO: check
+CVE-2007-4543 (Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla ...)
+ TODO: check
+CVE-2007-4542 (Multiple cross-site scripting (XSS) vulnerabilities in MapServer ...)
+ TODO: check
+CVE-2007-4541 (Multiple cross-site scripting (XSS) vulnerabilities in Olate Download ...)
+ TODO: check
+CVE-2007-4540 (Multiple SQL injection vulnerabilities in download.php in Olate ...)
+ TODO: check
+CVE-2007-4539 (The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 ...)
+ TODO: check
+CVE-2007-4538 (email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers ...)
+ TODO: check
+CVE-2007-4537 (Heap-based buffer overflow in the Huffman decompression algorithm ...)
+ TODO: check
+CVE-2007-4536 (TorrentTrader 1.07 and earlier sets insecure permissions for files in ...)
+ TODO: check
+CVE-2007-4535 (The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows ...)
+ TODO: check
+CVE-2007-4534 (Buffer overflow in the VThinker::BroadcastPrintf function in ...)
+ TODO: check
+CVE-2007-4533 (Format string vulnerability in the Say command in sv_main.cpp in ...)
+ TODO: check
+CVE-2007-4532 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and ...)
+ TODO: check
+CVE-2007-4531 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and ...)
+ TODO: check
+CVE-2007-4530 (Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak ...)
+ TODO: check
+CVE-2007-4529 (The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote ...)
+ TODO: check
+CVE-2007-4528 (The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not ...)
+ TODO: check
+CVE-2007-4527 (Unrestricted file upload vulnerability in phUploader.php in phphq.Net ...)
+ TODO: check
+CVE-2007-4526 (The Client Login Extension (CLE) in Novell Identity Manager before ...)
+ TODO: check
+CVE-2007-4525 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-4524 (PHP remote file inclusion vulnerability in adisplay.php in PhPress ...)
+ TODO: check
+CVE-2007-4523 (Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website ...)
+ TODO: check
+CVE-2007-4522 (Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 ...)
+ TODO: check
+CVE-2007-4521 (Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an ...)
+ TODO: check
+CVE-2007-4520
+ RESERVED
+CVE-2007-4519
+ RESERVED
+CVE-2007-4518
+ RESERVED
+CVE-2007-4517
+ RESERVED
+CVE-2007-4516
+ RESERVED
+CVE-2007-4515
+ RESERVED
+CVE-2007-4514
+ RESERVED
+CVE-2007-4513
+ RESERVED
+CVE-2007-4512
+ RESERVED
+CVE-2007-4511 (The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply ...)
+ TODO: check
+CVE-2007-4510 (ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and ...)
+ TODO: check
+CVE-2007-4509 (SQL injection vulnerability in index.php in the EventList component ...)
+ TODO: check
+CVE-2007-4508 (Stack-based buffer overflow in Rebellion Asura engine, as used for the ...)
+ TODO: check
+CVE-2007-4507 (Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 ...)
+ TODO: check
+CVE-2007-4506 (SQL injection vulnerability in index.php in the NeoRecruit component ...)
+ TODO: check
+CVE-2007-4505 (SQL injection vulnerability in index.php in the RemoSitory component ...)
+ TODO: check
+CVE-2007-4504 (Directory traversal vulnerability in index.php in the RSfiles ...)
+ TODO: check
+CVE-2007-4503 (SQL injection vulnerability in index.php in the Nice Talk component ...)
+ TODO: check
+CVE-2007-4502 (SQL injection vulnerability in index.php in the BibTeX component ...)
+ TODO: check
+CVE-2007-4501 (Unspecified vulnerability in PassphraseRequester in SSHKeychain before ...)
+ TODO: check
+CVE-2007-4500 (Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 ...)
+ TODO: check
+CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American ...)
+ TODO: check
+CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader ...)
+ TODO: check
+CVE-2007-4497
+ RESERVED
+CVE-2007-4496
+ RESERVED
+CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on ...)
+ TODO: check
+CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9 before ...)
+ TODO: check
+CVE-2007-4493 (eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check ...)
+ TODO: check
+CVE-2007-4492 (Multiple unspecified vulnerabilities in the ata disk driver in Sun ...)
+ TODO: check
+CVE-2007-4491 (SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows ...)
+ TODO: check
+CVE-2007-4490 (Multiple buffer overflows in EarthAgent.exe in Trend Micro ...)
+ TODO: check
+CVE-2007-4489 (Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 ...)
+ TODO: check
+CVE-2007-4488 (Multiple cross-site scripting (XSS) vulnerabilities in the Siemens ...)
+ TODO: check
+CVE-2007-4487 (Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision ...)
+ TODO: check
+CVE-2007-4486 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2007-4485 (PHP remote file inclusion vulnerability in visitor.php in Butterfly ...)
+ TODO: check
+CVE-2007-4484 (PHP remote file inclusion vulnerability in login.php in My_REFERER ...)
+ TODO: check
+CVE-2007-4483 (Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...)
+ TODO: check
+CVE-2007-4482 (Cross-site scripting (XSS) vulnerability in index.php in the Pool ...)
+ TODO: check
+CVE-2007-4481 (Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix ...)
+ TODO: check
+CVE-2007-4480 (Cross-site scripting (XSS) vulnerability in index.php in the Sirius ...)
+ TODO: check
+CVE-2007-4479 (Cross-site scripting (XSS) vulnerability in search.html in Search ...)
+ TODO: check
+CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
+ TODO: check
+CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router allows ...)
+ TODO: check
+CVE-2007-4476
+ RESERVED
+CVE-2007-4475
+ RESERVED
+CVE-2007-4474
+ RESERVED
+CVE-2007-4473
+ RESERVED
+CVE-2007-4472
+ RESERVED
+CVE-2007-4471
+ RESERVED
+CVE-2007-4470
+ RESERVED
+CVE-2007-4469
+ RESERVED
+CVE-2007-4468
+ RESERVED
+CVE-2007-4467
+ RESERVED
+CVE-2007-4466
+ RESERVED
+CVE-2006-7222 (Buffer overflow in the CFLICStream::_deltachunk function in ...)
+ TODO: check
+CVE-2003-1335 (Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple ...)
+ TODO: check
+CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge ...)
+ TODO: check
CVE-2007-4465
RESERVED
CVE-2007-4464 (CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total ...)
@@ -11,7 +247,7 @@
[etch] - nufw <not-affected>
CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) ...)
- id3lib3.8.3 3.8.3-7 (bug #438540)
-CVE-2007-4459 (The Cisco IP Phone 7940 with P0S3-08-6-00 firmware allows remote ...)
+CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP ...)
NOT-FOR-US: Cisco IP Phone
CVE-2007-4458 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Firesoft
@@ -158,7 +394,7 @@
NOT-FOR-US: winamp
CVE-2007-4391 (Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger ...)
NOT-FOR-US: kakadu
-CVE-2007-4390 (The Command Line Interface (CLI) on the BlueCat Networks Adonis ...)
+CVE-2007-4390 (The Command Line Interface (CLI), aka Adonis Administration Console, ...)
NOT-FOR-US: BlueCat
CVE-2007-4389 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire ...)
NOT-FOR-US: 2wire
@@ -290,7 +526,7 @@
NOT-FOR-US: phpDVD
CVE-2007-4339 (Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll ...)
NOT-FOR-US: PHPCentral Poll Script
-CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) 0.6 and ...)
+CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 ...)
NOT-FOR-US: Family Connections
CVE-2007-4337 (Multiple buffer overflows in the httplib_parse_sc_header function in ...)
- streamripper 1.62.2-1 (medium)
@@ -493,7 +729,7 @@
NOT-FOR-US: Justsystem Ichitaro
CVE-2007-4245 (Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa ...)
NOT-FOR-US: DiMeMa CONTENTdm
-CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in the J! ...)
+CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in J! ...)
NOT-FOR-US: com_jreactions for Joomla!
CVE-2007-4243 (Unspecified vulnerability in pfilter-reporter.pl in Astaro Security ...)
NOT-FOR-US: Astaro Security Gateway
@@ -548,10 +784,10 @@
RESERVED
CVE-2007-4220
RESERVED
-CVE-2007-4219
- RESERVED
-CVE-2007-4218
- RESERVED
+CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as ...)
+ TODO: check
+CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) ...)
+ TODO: check
CVE-2007-4217
RESERVED
CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before ...)
@@ -730,8 +966,8 @@
RESERVED
CVE-2007-4132
RESERVED
-CVE-2007-4131
- RESERVED
+CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in ...)
+ TODO: check
CVE-2007-4130
RESERVED
CVE-2007-4129
@@ -905,7 +1141,8 @@
NOT-FOR-US: UltraDefrag
CVE-2007-4050 (Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta ...)
NOT-FOR-US: ADempiere Bazaar
-CVE-2007-4049 (Cross-site scripting (XSS) vulnerability in the printenv.pl test CGI ...)
+CVE-2007-4049
+ REJECTED
NOTE: Rediscovery / dupe of CVE-2000-1205
CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo ...)
- phpsysinfo <unfixed> (low; bug #435935)
@@ -1270,8 +1507,8 @@
NOT-FOR-US: CA Anti-Virus
CVE-2007-3874
RESERVED
-CVE-2007-3873
- RESERVED
+CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI ...)
+ TODO: check
CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace Service ...)
NOT-FOR-US: HP OpenView
CVE-2007-3871
@@ -1330,10 +1567,10 @@
CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to send ...)
{DSA-1356-1}
TODO: check
-CVE-2007-3847
- RESERVED
-CVE-2007-3846
- RESERVED
+CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in ...)
+ TODO: check
+CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as used ...)
+ TODO: check
CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x ...)
{DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
- iceweasel 2.0.0.6-1 (medium)
@@ -1583,8 +1820,8 @@
NOT-FOR-US: Apple Safari
CVE-2007-3742 (WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before ...)
NOT-FOR-US: Apple Safari
-CVE-2007-3741
- RESERVED
+CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp ...)
+ TODO: check
CVE-2007-3740
RESERVED
CVE-2007-3739
@@ -3450,8 +3687,8 @@
NOT-FOR-US: Scallywag
CVE-2007-2959 (SQL injection vulnerability in manufacturer.php in cpCommerce before ...)
NOT-FOR-US: cpCommerce
-CVE-2007-2958
- RESERVED
+CVE-2007-2958 (Format string vulnerability in the inc_put_error function in src/inc.c ...)
+ TODO: check
CVE-2007-2957
RESERVED
CVE-2007-2956 (Stack-based buffer overflow in the readRadianceHeader function in (1) ...)
@@ -3855,8 +4092,7 @@
CVE-2007-XXXX [NTFS driver for FUSE unspecified issue]
- ntfs-3g 1:1.516-1
NOTE: local root exploit
-CVE-2007-2797 [xterm world-writable tty]
- RESERVED
+CVE-2007-2797 (xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in ...)
- xterm <not-affected> (Debian uses safe compile-time settings)
CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial of ...)
NOT-FOR-US: Arris Cadant
@@ -4183,7 +4419,8 @@
NOT-FOR-US: NetWin
CVE-2007-2654 (xfs_fsr in xfsdump creates a .fsr temporary directory with insecure ...)
- xfsdump 2.2.45-1 (bug #417894; low)
-CVE-2007-2653 (Unspecified vulnerability in Vim (Vi IMproved) before 7.1 has ...)
+CVE-2007-2653
+ REJECTED
NOT-FOR-US: This is bogus, the annoucement refers to the recently discovered modelines issues
CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow ...)
NOT-FOR-US: Free-SA
@@ -7238,7 +7475,7 @@
{DSA-1304 DSA-1286-1}
- linux-2.6 2.6.20-1
CVE-2007-1356
- RESERVED
+ REJECTED
CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- tomcat4 <removed> (low)
- tomcat5 <unfixed> (low)
@@ -33594,7 +33831,7 @@
- kernel-source-2.4.27 2.4.27-11 (medium)
CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...)
NOT-FOR-US: Greasemonkey
-CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and .0.0 and 7.0.1, uses insecure ...)
+CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure ...)
NOT-FOR-US: IBM Lotus Notes
CVE-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...)
NOT-FOR-US: NetworkActiv Web Server
More information about the Secure-testing-commits
mailing list