[Secure-testing-commits] r6418 - data/CVE

stef-guest at alioth.debian.org stef-guest at alioth.debian.org
Tue Aug 28 20:58:21 UTC 2007


Author: stef-guest
Date: 2007-08-28 20:58:20 +0000 (Tue, 28 Aug 2007)
New Revision: 6418

Modified:
   data/CVE/list
Log:
manual automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-08-28 20:57:52 UTC (rev 6417)
+++ data/CVE/list	2007-08-28 20:58:20 UTC (rev 6418)
@@ -1,3 +1,239 @@
+CVE-2007-4580 (Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows ...)
+	TODO: check
+CVE-2007-4579 (Heap-based buffer overflow in Microsoft MSN Messenger 7.x and Live ...)
+	TODO: check
+CVE-2007-4578 (Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows ...)
+	TODO: check
+CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers ...)
+	TODO: check
+CVE-2007-4576
+	RESERVED
+CVE-2007-4575
+	RESERVED
+CVE-2007-4574
+	RESERVED
+CVE-2007-4573
+	RESERVED
+CVE-2007-4572
+	RESERVED
+CVE-2007-4571
+	RESERVED
+CVE-2007-4570
+	RESERVED
+CVE-2007-4569
+	RESERVED
+CVE-2007-4568
+	RESERVED
+CVE-2007-4567
+	RESERVED
+CVE-2007-4566 (Multiple buffer overflows in the login mechanism in sidvault in Alpha ...)
+	TODO: check
+CVE-2007-4565 (fetchmail before 6.3.9 allows context-dependent attackers to cause a ...)
+	TODO: check
+CVE-2007-4564 (Cosminexus Manager in Cosminexus Application Server 07-00 and later ...)
+	TODO: check
+CVE-2007-4563 (Cosminexus Manager in Cosminexus Application Server 06-50 and later ...)
+	TODO: check
+CVE-2007-4562 (Unspecified vulnerability in Hitachi DABroker before 03-02-/D and ...)
+	TODO: check
+CVE-2007-4561 (Heap-based buffer overflow in the RTSP service in Helix DNA Server ...)
+	TODO: check
+CVE-2007-4560 (clamav-milter in ClamAV before 0.91.2, when run in black hole mode, ...)
+	TODO: check
+CVE-2007-4559 (Directory traversal vulnerability in the (1) extract and (2) ...)
+	TODO: check
+CVE-2007-4558 (Directory traversal vulnerability in extract.c in star before 1.5a84 ...)
+	TODO: check
+CVE-2007-4557 (Cross-site scripting (XSS) vulnerability in the webacc servlet in ...)
+	TODO: check
+CVE-2007-4556 (Struts support in OpenSymphony XWork before 1.2.3, and 2.x before ...)
+	TODO: check
+CVE-2007-4555 (Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows ...)
+	TODO: check
+CVE-2007-4554 (Cross-site scripting (XSS) vulnerability in tiki-remind_password.php ...)
+	TODO: check
+CVE-2007-4553 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote ...)
+	TODO: check
+CVE-2007-4552 (SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 ...)
+	TODO: check
+CVE-2007-4551 (PHP remote file inclusion vulnerability in index.php in Agares Media ...)
+	TODO: check
+CVE-2007-4550 (Format string vulnerability in ALPass 2.7 English and 3.02 Korean ...)
+	TODO: check
+CVE-2007-4549 (Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow ...)
+	TODO: check
+CVE-2007-4548 (The login method in LoginModule implementations in Apache Geronimo 2.0 ...)
+	TODO: check
+CVE-2007-4547 (Unreal Commander 0.92 build 565 and 573 writes portions of heap memory ...)
+	TODO: check
+CVE-2007-4546 (Unreal Commander 0.92 build 565 and 573 lists the filenames from the ...)
+	TODO: check
+CVE-2007-4545 (Multiple directory traversal vulnerabilities in Unreal Commander 0.92 ...)
+	TODO: check
+CVE-2007-4544 (Cross-site scripting (XSS) vulnerability in wp-newblog.php in ...)
+	TODO: check
+CVE-2007-4543 (Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla ...)
+	TODO: check
+CVE-2007-4542 (Multiple cross-site scripting (XSS) vulnerabilities in MapServer ...)
+	TODO: check
+CVE-2007-4541 (Multiple cross-site scripting (XSS) vulnerabilities in Olate Download ...)
+	TODO: check
+CVE-2007-4540 (Multiple SQL injection vulnerabilities in download.php in Olate ...)
+	TODO: check
+CVE-2007-4539 (The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 ...)
+	TODO: check
+CVE-2007-4538 (email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers ...)
+	TODO: check
+CVE-2007-4537 (Heap-based buffer overflow in the Huffman decompression algorithm ...)
+	TODO: check
+CVE-2007-4536 (TorrentTrader 1.07 and earlier sets insecure permissions for files in ...)
+	TODO: check
+CVE-2007-4535 (The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows ...)
+	TODO: check
+CVE-2007-4534 (Buffer overflow in the VThinker::BroadcastPrintf function in ...)
+	TODO: check
+CVE-2007-4533 (Format string vulnerability in the Say command in sv_main.cpp in ...)
+	TODO: check
+CVE-2007-4532 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and ...)
+	TODO: check
+CVE-2007-4531 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and ...)
+	TODO: check
+CVE-2007-4530 (Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak ...)
+	TODO: check
+CVE-2007-4529 (The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote ...)
+	TODO: check
+CVE-2007-4528 (The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not ...)
+	TODO: check
+CVE-2007-4527 (Unrestricted file upload vulnerability in phUploader.php in phphq.Net ...)
+	TODO: check
+CVE-2007-4526 (The Client Login Extension (CLE) in Novell Identity Manager before ...)
+	TODO: check
+CVE-2007-4525 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-4524 (PHP remote file inclusion vulnerability in adisplay.php in PhPress ...)
+	TODO: check
+CVE-2007-4523 (Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website ...)
+	TODO: check
+CVE-2007-4522 (Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 ...)
+	TODO: check
+CVE-2007-4521 (Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an ...)
+	TODO: check
+CVE-2007-4520
+	RESERVED
+CVE-2007-4519
+	RESERVED
+CVE-2007-4518
+	RESERVED
+CVE-2007-4517
+	RESERVED
+CVE-2007-4516
+	RESERVED
+CVE-2007-4515
+	RESERVED
+CVE-2007-4514
+	RESERVED
+CVE-2007-4513
+	RESERVED
+CVE-2007-4512
+	RESERVED
+CVE-2007-4511 (The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply ...)
+	TODO: check
+CVE-2007-4510 (ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and ...)
+	TODO: check
+CVE-2007-4509 (SQL injection vulnerability in index.php in the EventList component ...)
+	TODO: check
+CVE-2007-4508 (Stack-based buffer overflow in Rebellion Asura engine, as used for the ...)
+	TODO: check
+CVE-2007-4507 (Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 ...)
+	TODO: check
+CVE-2007-4506 (SQL injection vulnerability in index.php in the NeoRecruit component ...)
+	TODO: check
+CVE-2007-4505 (SQL injection vulnerability in index.php in the RemoSitory component ...)
+	TODO: check
+CVE-2007-4504 (Directory traversal vulnerability in index.php in the RSfiles ...)
+	TODO: check
+CVE-2007-4503 (SQL injection vulnerability in index.php in the Nice Talk component ...)
+	TODO: check
+CVE-2007-4502 (SQL injection vulnerability in index.php in the BibTeX component ...)
+	TODO: check
+CVE-2007-4501 (Unspecified vulnerability in PassphraseRequester in SSHKeychain before ...)
+	TODO: check
+CVE-2007-4500 (Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 ...)
+	TODO: check
+CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American ...)
+	TODO: check
+CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader ...)
+	TODO: check
+CVE-2007-4497
+	RESERVED
+CVE-2007-4496
+	RESERVED
+CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on ...)
+	TODO: check
+CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9 before ...)
+	TODO: check
+CVE-2007-4493 (eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check ...)
+	TODO: check
+CVE-2007-4492 (Multiple unspecified vulnerabilities in the ata disk driver in Sun ...)
+	TODO: check
+CVE-2007-4491 (SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows ...)
+	TODO: check
+CVE-2007-4490 (Multiple buffer overflows in EarthAgent.exe in Trend Micro ...)
+	TODO: check
+CVE-2007-4489 (Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 ...)
+	TODO: check
+CVE-2007-4488 (Multiple cross-site scripting (XSS) vulnerabilities in the Siemens ...)
+	TODO: check
+CVE-2007-4487 (Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision ...)
+	TODO: check
+CVE-2007-4486 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
+	TODO: check
+CVE-2007-4485 (PHP remote file inclusion vulnerability in visitor.php in Butterfly ...)
+	TODO: check
+CVE-2007-4484 (PHP remote file inclusion vulnerability in login.php in My_REFERER ...)
+	TODO: check
+CVE-2007-4483 (Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...)
+	TODO: check
+CVE-2007-4482 (Cross-site scripting (XSS) vulnerability in index.php in the Pool ...)
+	TODO: check
+CVE-2007-4481 (Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix ...)
+	TODO: check
+CVE-2007-4480 (Cross-site scripting (XSS) vulnerability in index.php in the Sirius ...)
+	TODO: check
+CVE-2007-4479 (Cross-site scripting (XSS) vulnerability in search.html in Search ...)
+	TODO: check
+CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
+	TODO: check
+CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router allows ...)
+	TODO: check
+CVE-2007-4476
+	RESERVED
+CVE-2007-4475
+	RESERVED
+CVE-2007-4474
+	RESERVED
+CVE-2007-4473
+	RESERVED
+CVE-2007-4472
+	RESERVED
+CVE-2007-4471
+	RESERVED
+CVE-2007-4470
+	RESERVED
+CVE-2007-4469
+	RESERVED
+CVE-2007-4468
+	RESERVED
+CVE-2007-4467
+	RESERVED
+CVE-2007-4466
+	RESERVED
+CVE-2006-7222 (Buffer overflow in the CFLICStream::_deltachunk function in ...)
+	TODO: check
+CVE-2003-1335 (Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple ...)
+	TODO: check
+CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge ...)
+	TODO: check
 CVE-2007-4465
 	RESERVED
 CVE-2007-4464 (CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total ...)
@@ -11,7 +247,7 @@
 	[etch] - nufw <not-affected>
 CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) ...)
 	- id3lib3.8.3 3.8.3-7 (bug #438540)
-CVE-2007-4459 (The Cisco IP Phone 7940 with P0S3-08-6-00 firmware allows remote ...)
+CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP ...)
 	NOT-FOR-US: Cisco IP Phone
 CVE-2007-4458 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Firesoft
@@ -158,7 +394,7 @@
 	NOT-FOR-US: winamp
 CVE-2007-4391 (Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger ...)
 	NOT-FOR-US: kakadu
-CVE-2007-4390 (The Command Line Interface (CLI) on the BlueCat Networks Adonis ...)
+CVE-2007-4390 (The Command Line Interface (CLI), aka Adonis Administration Console, ...)
 	NOT-FOR-US: BlueCat
 CVE-2007-4389 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire ...)
 	NOT-FOR-US: 2wire
@@ -290,7 +526,7 @@
 	NOT-FOR-US: phpDVD
 CVE-2007-4339 (Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll ...)
 	NOT-FOR-US: PHPCentral Poll Script
-CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) 0.6 and ...)
+CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 ...)
 	NOT-FOR-US: Family Connections
 CVE-2007-4337 (Multiple buffer overflows in the httplib_parse_sc_header function in ...)
 	- streamripper 1.62.2-1 (medium)
@@ -493,7 +729,7 @@
 	NOT-FOR-US: Justsystem Ichitaro
 CVE-2007-4245 (Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa ...)
 	NOT-FOR-US: DiMeMa CONTENTdm
-CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in the J! ...)
+CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in J! ...)
 	NOT-FOR-US: com_jreactions for Joomla!
 CVE-2007-4243 (Unspecified vulnerability in pfilter-reporter.pl in Astaro Security ...)
 	NOT-FOR-US: Astaro Security Gateway
@@ -548,10 +784,10 @@
 	RESERVED
 CVE-2007-4220
 	RESERVED
-CVE-2007-4219
-	RESERVED
-CVE-2007-4218
-	RESERVED
+CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as ...)
+	TODO: check
+CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) ...)
+	TODO: check
 CVE-2007-4217
 	RESERVED
 CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before ...)
@@ -730,8 +966,8 @@
 	RESERVED
 CVE-2007-4132
 	RESERVED
-CVE-2007-4131
-	RESERVED
+CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in ...)
+	TODO: check
 CVE-2007-4130
 	RESERVED
 CVE-2007-4129
@@ -905,7 +1141,8 @@
 	NOT-FOR-US: UltraDefrag
 CVE-2007-4050 (Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta ...)
 	NOT-FOR-US: ADempiere Bazaar
-CVE-2007-4049 (Cross-site scripting (XSS) vulnerability in the printenv.pl test CGI ...)
+CVE-2007-4049
+	REJECTED
 	NOTE: Rediscovery / dupe of CVE-2000-1205
 CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo ...)
 	- phpsysinfo <unfixed> (low; bug #435935)
@@ -1270,8 +1507,8 @@
 	NOT-FOR-US: CA Anti-Virus
 CVE-2007-3874
 	RESERVED
-CVE-2007-3873
-	RESERVED
+CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI ...)
+	TODO: check
 CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace Service ...)
 	NOT-FOR-US: HP OpenView
 CVE-2007-3871
@@ -1330,10 +1567,10 @@
 CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to send ...)
 	{DSA-1356-1}
 	TODO: check
-CVE-2007-3847
-	RESERVED
-CVE-2007-3846
-	RESERVED
+CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in ...)
+	TODO: check
+CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as used ...)
+	TODO: check
 CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x ...)
 	{DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
 	- iceweasel 2.0.0.6-1 (medium)
@@ -1583,8 +1820,8 @@
 	NOT-FOR-US: Apple Safari
 CVE-2007-3742 (WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before ...)
 	NOT-FOR-US: Apple Safari
-CVE-2007-3741
-	RESERVED
+CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp ...)
+	TODO: check
 CVE-2007-3740
 	RESERVED
 CVE-2007-3739
@@ -3450,8 +3687,8 @@
 	NOT-FOR-US: Scallywag
 CVE-2007-2959 (SQL injection vulnerability in manufacturer.php in cpCommerce before ...)
 	NOT-FOR-US: cpCommerce
-CVE-2007-2958
-	RESERVED
+CVE-2007-2958 (Format string vulnerability in the inc_put_error function in src/inc.c ...)
+	TODO: check
 CVE-2007-2957
 	RESERVED
 CVE-2007-2956 (Stack-based buffer overflow in the readRadianceHeader function in (1) ...)
@@ -3855,8 +4092,7 @@
 CVE-2007-XXXX [NTFS driver for FUSE unspecified issue]
 	- ntfs-3g 1:1.516-1
 	NOTE: local root exploit
-CVE-2007-2797 [xterm world-writable tty]
-	RESERVED
+CVE-2007-2797 (xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in ...)
 	- xterm <not-affected> (Debian uses safe compile-time settings)
 CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: Arris Cadant
@@ -4183,7 +4419,8 @@
 	NOT-FOR-US: NetWin
 CVE-2007-2654 (xfs_fsr in xfsdump creates a .fsr temporary directory with insecure ...)
 	- xfsdump 2.2.45-1 (bug #417894; low)
-CVE-2007-2653 (Unspecified vulnerability in Vim (Vi IMproved) before 7.1 has ...)
+CVE-2007-2653
+	REJECTED
 	NOT-FOR-US: This is bogus, the annoucement refers to the recently discovered modelines issues	
 CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow ...)
 	NOT-FOR-US: Free-SA
@@ -7238,7 +7475,7 @@
 	{DSA-1304 DSA-1286-1}
 	- linux-2.6 2.6.20-1
 CVE-2007-1356
-	RESERVED
+	REJECTED
 CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	- tomcat4 <removed> (low)
 	- tomcat5 <unfixed> (low)
@@ -33594,7 +33831,7 @@
 	- kernel-source-2.4.27 2.4.27-11 (medium)
 CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...)
 	NOT-FOR-US: Greasemonkey
-CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and .0.0 and 7.0.1, uses insecure ...)
+CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure ...)
 	NOT-FOR-US: IBM Lotus Notes
 CVE-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...)
 	NOT-FOR-US: NetworkActiv Web Server




More information about the Secure-testing-commits mailing list