[Secure-testing-commits] r7650 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Tue Dec 18 09:14:10 UTC 2007
Author: joeyh
Date: 2007-12-18 09:14:10 +0000 (Tue, 18 Dec 2007)
New Revision: 7650
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-12-18 02:00:45 UTC (rev 7649)
+++ data/CVE/list 2007-12-18 09:14:10 UTC (rev 7650)
@@ -1,3 +1,17 @@
+CVE-2007-6358 (files/pdftops.pl before 1.20 in pdftops allows local users to ...)
+ TODO: check
+CVE-2007-6356
+ RESERVED
+CVE-2007-6355
+ RESERVED
+CVE-2007-6354
+ RESERVED
+CVE-2007-6352
+ RESERVED
+CVE-2007-6351
+ RESERVED
+CVE-2007-6349
+ RESERVED
CVE-2007-6418 [insecure mysql call in cron job passing user and password as command line arguments]
- dspam <unfixed> (low; bug #448519)
CVE-2008-0025
@@ -30,71 +44,72 @@
RESERVED
CVE-2008-0011
RESERVED
-CVE-2007-6387
+CVE-2007-6387 (Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ...)
NOT-FOR-US: Vantage Linguistics AnswerWorks ActiveX
-CVE-2007-6386
+CVE-2007-6386 (Stack-based buffer overflow in PccScan.dll before build 1451 in Trend ...)
NOT-FOR-US: Trend Micro AntiVirus
-CVE-2007-6385
+CVE-2007-6385 (The proxy server in Kerio WinRoute Firewall before 6.4.1 does not ...)
NOT-FOR-US: Kerio WinRoute Firewall
-CVE-2007-6384
+CVE-2007-6384 (Unspecified vulnerability in the Image Converter functionality in BEA ...)
NOT-FOR-US: BEA WebLogic Mobility Server
-CVE-2007-6383
+CVE-2007-6383 (The DAV component in Chandler Server (Cosmo) before 0.10.1 does not ...)
NOT-FOR-US: Chandler
-CVE-2007-6382
+CVE-2007-6382 (The Event Dispatch Thread in Robocode before 1.5.1 allows remote ...)
NOT-FOR-US: Robocode
-CVE-2007-6381
+CVE-2007-6381 (SQL injection vulnerability in the indexed_search system extension in ...)
- typo3 <unfixed>
-CVE-2007-6380
+CVE-2007-6380 (Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and ...)
NOT-FOR-US: e-Xoops
-CVE-2007-6379
+CVE-2007-6379 (BadBlue 2.72b and earlier allows remote attackers to obtain sensitive ...)
NOT-FOR-US: BadBlue
-CVE-2007-6378
+CVE-2007-6378 (Directory traversal vulnerability in upload.dll in BadBlue 2.72b and ...)
NOT-FOR-US: BadBlue
-CVE-2007-6377
+CVE-2007-6377 (Stack-based buffer overflow in the PassThru functionality in ext.dll ...)
NOT-FOR-US: BadBlue
-CVE-2007-6376
+CVE-2007-6376 (Directory traversal vulnerability in autohtml.php in Francisco Burzi ...)
NOT-FOR-US: PHP-Nuke
-CVE-2007-6375
+CVE-2007-6375 (Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier ...)
NOT-FOR-US: Bitweaver
-CVE-2007-6374
+CVE-2007-6374 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 ...)
NOT-FOR-US: Bitweaver
-CVE-2007-6373
+CVE-2007-6373 (Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow ...)
NOT-FOR-US: GestDown
-CVE-2007-6372
+CVE-2007-6372 (Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows ...)
NOT-FOR-US: JUNOS
-CVE-2007-6371
+CVE-2007-6371 (Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote ...)
NOT-FOR-US: Nokia N95
-CVE-2007-6370
+CVE-2007-6370 (Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers ...)
NOT-FOR-US: Cisco IP Phone 7940
-CVE-2007-6369
+CVE-2007-6369 (Multiple directory traversal vulnerabilities in resize.php in the ...)
NOT-FOR-US: PictPress
-CVE-2007-6368
+CVE-2007-6368 (Directory traversal vulnerability in index.php in ezContents 1.4.5 ...)
NOT-FOR-US: ezContents
-CVE-2007-6367
+CVE-2007-6367 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook ...)
NOT-FOR-US: SineCMS
-CVE-2007-6366
+CVE-2007-6366 (Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier ...)
NOT-FOR-US: SineCMS
-CVE-2007-6365
+CVE-2007-6365 (Cross-site scripting (XSS) vulnerability in modules/ecal/display.php ...)
NOT-FOR-US: bcoos
-CVE-2007-6364
+CVE-2007-6364 (Cross-site scripting (XSS) vulnerability in modificarPerfil.php in ...)
NOT-FOR-US: JLMForo System
-CVE-2007-6363
+CVE-2007-6363 (IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when ...)
NOT-FOR-US: IBM Tivoli Netcool Security Manager
-CVE-2007-6362
+CVE-2007-6362 (SQL injection vulnerability in index.php in the RSGallery ...)
NOT-FOR-US: RSGallery
-CVE-2007-6361
+CVE-2007-6361 (Gekko 0.8.2 and earlier stores sensitive information under the web ...)
NOT-FOR-US: Gekko
-CVE-2007-6360
+CVE-2007-6360 (Unspecified vulnerability in the Sun eXtended System Control Facility ...)
NOT-FOR-US: Sun eXtended System Control Facility
-CVE-2007-6359
+CVE-2007-6359 (The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel ...)
NOT-FOR-US: Apple Mac OS X
-CVE-2007-6357
+CVE-2007-6357 (Stack-based buffer overflow in Microsoft Office Access allows remote, ...)
NOT-FOR-US: Microsoft Office Access
CVE-2007-6353 [exiv2 integer overflow in EXIF parsing]
+ RESERVED
- exiv2 0.15-2 (medium; bug #456760)
-CVE-2007-6350 [Unsafe "svn", "svnserve" passthrough in scponly]
+CVE-2007-6350 (scponly 4.6 and earlier allows remote authenticated users to bypass ...)
- scponly 4.6-1.1 (high; bug #437148)
-CVE-2007-6348 [SquirrelMail package compromise]
+CVE-2007-6348 (SquirrelMail 1.4.11 and 1.4.12, as distributed on www.squirrelmail.org ...)
- squirrelmail <not-affected> (Compromised packages were never in Debian)
CVE-2007-6347 (PHP remote file inclusion vulnerability in blocks/block_site_map.php ...)
NOT-FOR-US: ViArt, CMS, HelpDesk, Shop Evaluation, Shop Free
@@ -114,7 +129,7 @@
RESERVED
CVE-2007-6339
RESERVED
-CVE-2007-6338
+CVE-2007-6338 (SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill ...)
NOT-FOR-US: Trivantis CourseMill Enterprise Learning Management System
CVE-2007-6337
RESERVED
@@ -306,8 +321,8 @@
RESERVED
CVE-2007-6250
RESERVED
-CVE-2007-6249
- RESERVED
+CVE-2007-6249 (etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the ...)
+ TODO: check
CVE-2007-6248
RESERVED
CVE-2007-6247
@@ -445,8 +460,8 @@
NOT-FOR-US: Plumtree
CVE-2007-6196 (Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail ...)
NOT-FOR-US: Calacode
-CVE-2007-6195
- RESERVED
+CVE-2007-6195 (Unspecified vulnerability in HP HP-UX B.11.11 and B.11.23, when ...)
+ TODO: check
CVE-2007-6194 (Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 ...)
NOT-FOR-US: HP Select Identity
CVE-2007-6193 (The web management interface in Citrix NetScaler 8.0 build 47.8 stores ...)
@@ -497,7 +512,7 @@
NOT-FOR-US: VU Case Manager
CVE-2007-6167 (yast2-core includes the current working directory in its search path, ...)
NOT-FOR-US: Yast2
-CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime 7.2 and 7.3 allows ...)
+CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime before 7.3.1 allows ...)
NOT-FOR-US: Apple QuickTime
CVE-2007-6165 (Mail in Apple Mac OS X Leopard allows user-assisted remote attackers ...)
NOT-FOR-US: Apple Mac OS X
@@ -528,8 +543,8 @@
RESERVED
CVE-2007-6152
RESERVED
-CVE-2007-6151
- RESERVED
+CVE-2007-6151 (The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows ...)
+ TODO: check
CVE-2007-6149
RESERVED
CVE-2007-6148
@@ -2343,12 +2358,12 @@
RESERVED
CVE-2007-5583
RESERVED
-CVE-2007-5582
- RESERVED
+CVE-2007-5582 (Cross-site scripting (XSS) vulnerability in the login page in Cisco ...)
+ TODO: check
CVE-2007-5581 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Cisco Unified MeetingPlace
-CVE-2007-5580
- RESERVED
+CVE-2007-5580 (Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 ...)
+ TODO: check
CVE-2003-1428 (Gallery 1.3.3 creates directories with insecure permissions, which ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1427 (Directory traversal vulnerability in the web configuration interface ...)
@@ -4870,10 +4885,10 @@
RESERVED
CVE-2007-4708
RESERVED
-CVE-2007-4707
- RESERVED
-CVE-2007-4706
- RESERVED
+CVE-2007-4707 (Multiple unspecified vulnerabilities in the Flash media handler in ...)
+ TODO: check
+CVE-2007-4706 (Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows ...)
+ TODO: check
CVE-2007-4705
RESERVED
CVE-2007-4704 (The Application Firewall in Apple Mac OS X 10.5 does not apply changed ...)
@@ -6726,11 +6741,11 @@
- zoph 0.7.0.2-1 (bug #435711)
CVE-2007-3904
RESERVED
-CVE-2007-3903 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...)
+CVE-2007-3903 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2007-3902 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...)
+CVE-2007-3902 (Use-after-free vulnerability in the CRecalcProperty function in ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2007-3901 (Unspecified vulnerability in Microsoft DirectShow in Microsoft DirectX ...)
+CVE-2007-3901 (Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 ...)
NOT-FOR-US: Microsoft DirectX
CVE-2007-3900
RESERVED
@@ -6742,7 +6757,7 @@
NOT-FOR-US: Outlook Express
CVE-2007-3896 (The URL handling in Shell32.dll in the Windows shell in Microsoft ...)
NOT-FOR-US: Windows
-CVE-2007-3895 (Unspecified vulnerability in Microsoft DirectShow in Microsoft DirectX ...)
+CVE-2007-3895 (Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 ...)
NOT-FOR-US: Microsoft DirectX
CVE-2007-3894
RESERVED
@@ -8865,7 +8880,7 @@
NOT-FOR-US: Microsoft
CVE-2007-3040 (Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft ...)
NOT-FOR-US: Windows
-CVE-2007-3039 (Buffer overflow in the Microsoft Message Queuing (MSMQ) service in ...)
+CVE-2007-3039 (Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) ...)
NOT-FOR-US: Windows
CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64 Edition ...)
NOT-FOR-US: Microsoft
@@ -16443,7 +16458,7 @@
RESERVED
CVE-2007-0065
RESERVED
-CVE-2007-0064 (Unspecified vulnerability in Windows Media Format Runtime 7.1, 9, 9.5, ...)
+CVE-2007-0064 (Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, ...)
NOT-FOR-US: Windows
CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation before ...)
- vmware-package 0.16
More information about the Secure-testing-commits
mailing list