[Secure-testing-commits] r7667 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Fri Dec 21 09:14:12 UTC 2007
Author: joeyh
Date: 2007-12-21 09:14:11 +0000 (Fri, 21 Dec 2007)
New Revision: 7667
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-12-20 23:31:05 UTC (rev 7666)
+++ data/CVE/list 2007-12-21 09:14:11 UTC (rev 7667)
@@ -1,3 +1,156 @@
+CVE-2007-6507 (SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, ...)
+ TODO: check
+CVE-2007-6506 (The HPRulesEngine.ContentCollection.1 ActiveX Control in ...)
+ TODO: check
+CVE-2007-6505 (Solaris 9, with Solaris Auditing enabled and certain patches for sshd ...)
+ TODO: check
+CVE-2007-6504 (Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 ...)
+ TODO: check
+CVE-2007-6503 (Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix ...)
+ TODO: check
+CVE-2007-6502 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote ...)
+ TODO: check
+CVE-2007-6501 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ...)
+ TODO: check
+CVE-2007-6500 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ...)
+ TODO: check
+CVE-2007-6499 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ...)
+ TODO: check
+CVE-2007-6498 (Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot ...)
+ TODO: check
+CVE-2007-6497 (Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote ...)
+ TODO: check
+CVE-2007-6496 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers ...)
+ TODO: check
+CVE-2007-6495 (inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier ...)
+ TODO: check
+CVE-2007-6494 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers ...)
+ TODO: check
+CVE-2007-6493 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and ...)
+ TODO: check
+CVE-2007-6492 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and ...)
+ TODO: check
+CVE-2007-6491 (Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS ...)
+ TODO: check
+CVE-2007-6490 (Cross-site request forgery (CSRF) vulnerability in Falcon Series One ...)
+ TODO: check
+CVE-2007-6489 (Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series ...)
+ TODO: check
+CVE-2007-6488 (Multiple PHP remote file inclusion vulnerabilities in Falcon Series ...)
+ TODO: check
+CVE-2007-6487 (Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 ...)
+ TODO: check
+CVE-2007-6486 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka ...)
+ TODO: check
+CVE-2007-6485 (Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 ...)
+ TODO: check
+CVE-2007-6484 (SQL injection vulnerability in index.php in phpRPG 0.8 allows remote ...)
+ TODO: check
+CVE-2007-6483 (Directory traversal vulnerability in SafeNet Sentinel Protection ...)
+ TODO: check
+CVE-2007-6482 (Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in ...)
+ TODO: check
+CVE-2007-6481 (Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in ...)
+ TODO: check
+CVE-2007-6480 (The Oracle database component in Sun Management Center (Sun MC) 3.6.1, ...)
+ TODO: check
+CVE-2007-6479 (Unrestricted file upload vulnerability in the "My productions" ...)
+ TODO: check
+CVE-2007-6478 (Stack-based buffer overflow in Rosoft Media Player 4.1.7 allows remote ...)
+ TODO: check
+CVE-2007-6477 (Cross-site scripting (XSS) vulnerability in the on-line help feature ...)
+ TODO: check
+CVE-2007-6476 (GF-3XPLORER 2.4 allows remote attackers to obtain configuration ...)
+ TODO: check
+CVE-2007-6475 (Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow ...)
+ TODO: check
+CVE-2007-6474 (Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 ...)
+ TODO: check
+CVE-2007-6473 (Heap-based buffer overflow in Texas Imperial Software WFTPD Pro ...)
+ TODO: check
+CVE-2007-6472 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 ...)
+ TODO: check
+CVE-2007-6471 (Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on ...)
+ TODO: check
+CVE-2007-6470 (phpRPG 0.8 stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2007-6469 (SQL injection vulnerability in index.php in phpRPG 0.8, when ...)
+ TODO: check
+CVE-2007-6468 (Buffer overflow in the HuffDecode function in ...)
+ TODO: check
+CVE-2007-6467 (SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows ...)
+ TODO: check
+CVE-2007-6466 (Multiple SQL injection vulnerabilities in index.php in FreeWebshop ...)
+ TODO: check
+CVE-2007-6465 (Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in ...)
+ TODO: check
+CVE-2007-6464 (Multiple PHP remote file inclusion vulnerabilities in Form tools ...)
+ TODO: check
+CVE-2007-6463 (Multiple cross-site scripting (XSS) vulnerabilities in the admin panel ...)
+ TODO: check
+CVE-2007-6462 (SQL injection vulnerability in fullnews.php in PHP Real Estate ...)
+ TODO: check
+CVE-2007-6461 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2007-6460 (Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy ...)
+ TODO: check
+CVE-2007-6459 (Anon Proxy Server 0.100, and probably 0.101, allows remote attackers ...)
+ TODO: check
+CVE-2007-6458 (SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 ...)
+ TODO: check
+CVE-2007-6457 (Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 ...)
+ TODO: check
+CVE-2007-6456 (Unspecified vulnerability in OpenOffice.org code in Planamesa ...)
+ TODO: check
+CVE-2007-6455 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2007-6454 (Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp ...)
+ TODO: check
+CVE-2007-6453 (Directory traversal vulnerability in raidenhttpd-admin/workspace.php ...)
+ TODO: check
+CVE-2007-6452 (Unspecified vulnerability in the benchmark reporting system in Google ...)
+ TODO: check
+CVE-2007-6451 (Unspecified vulnerability in the CIP dissector in Wireshark (formerly ...)
+ TODO: check
+CVE-2007-6450 (The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 ...)
+ TODO: check
+CVE-2007-6449
+ REJECTED
+ TODO: check
+CVE-2007-6448
+ REJECTED
+ TODO: check
+CVE-2007-6447
+ REJECTED
+ TODO: check
+CVE-2007-6446
+ REJECTED
+ TODO: check
+CVE-2007-6445
+ REJECTED
+ TODO: check
+CVE-2007-6444
+ REJECTED
+ TODO: check
+CVE-2007-6443
+ REJECTED
+ TODO: check
+CVE-2007-6442
+ REJECTED
+ TODO: check
+CVE-2007-6441 (The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows ...)
+ TODO: check
+CVE-2007-6440
+ REJECTED
+ TODO: check
+CVE-2007-6439 (Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause ...)
+ TODO: check
+CVE-2007-6438 (Unspecified vulnerability in the SMB dissector in Wireshark (formerly ...)
+ TODO: check
+CVE-2007-6437 (Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows ...)
+ TODO: check
+CVE-2003-1538 (susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and ...)
+ TODO: check
CVE-2008-0030
RESERVED
CVE-2008-0029
@@ -20,8 +173,7 @@
RESERVED
CVE-2007-6431
RESERVED
-CVE-2007-6430 [Remote Unauthenticated Sessions in asterisk]
- RESERVED
+CVE-2007-6430 (Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and ...)
- asterisk <unfixed> (low; bug #457063)
CVE-2007-6429
RESERVED
@@ -46,6 +198,7 @@
CVE-2007-6419
RESERVED
CVE-2007-6417 (The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through ...)
+ {DSA-1436-1}
- linux-2.6 2.6.23-2
CVE-2007-6416 (The copy_to_user function in the PAL emulation functionality for Xen ...)
- xen-unstable <not-affected> (We only have xen for i386 and amd64)
@@ -118,12 +271,12 @@
- exiftags <unfixed> (bug #457062)
CVE-2007-6354 (Unspecified vulnerability in exiftags before 1.01 has unknown impact ...)
- exiftags <unfixed> (bug #457062)
-CVE-2007-6352
- RESERVED
-CVE-2007-6351
- RESERVED
-CVE-2007-6349
- RESERVED
+CVE-2007-6352 (Integer overflow in libexif 0.6.16 and earlier allows ...)
+ TODO: check
+CVE-2007-6351 (libexif 0.6.16 and earlier allows context-dependent attackers to cause ...)
+ TODO: check
+CVE-2007-6349 (P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on ...)
+ TODO: check
CVE-2007-6418 (The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the ...)
- dspam <unfixed> (low; bug #448519)
CVE-2008-0025
@@ -217,8 +370,7 @@
NOT-FOR-US: Apple Mac OS X
CVE-2007-6357 (Stack-based buffer overflow in Microsoft Office Access allows remote, ...)
NOT-FOR-US: Microsoft Office Access
-CVE-2007-6353 [exiv2 integer overflow in EXIF parsing]
- RESERVED
+CVE-2007-6353 (Integer overflow in exif.cpp in exiv2 library allows context-dependent ...)
- exiv2 0.15-2 (medium; bug #456760)
CVE-2007-6350 (scponly 4.6 and earlier allows remote authenticated users to bypass ...)
- scponly 4.6-1.1 (high; bug #437148)
@@ -236,8 +388,8 @@
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2007-6342 (SQL injection vulnerability in the David Castro AuthCAS module ...)
NOT-FOR-US: Apache AuthCAS module
-CVE-2007-6341
- RESERVED
+CVE-2007-6341 (Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such ...)
+ TODO: check
CVE-2007-6340
RESERVED
CVE-2007-6339
@@ -248,16 +400,14 @@
RESERVED
{DTSA-101-1}
- clamav 0.92~dfsg-1
-CVE-2007-6336
- RESERVED
+CVE-2007-6336 (Off-by-one error in ClamAV before 0.92 allows remote attackers to ...)
{DTSA-101-1}
- clamav 0.92~dfsg-1
-CVE-2007-6335
- RESERVED
+CVE-2007-6335 (Integer overflow in libclamav in ClamAV before 0.92 allows remote ...)
{DTSA-101-1}
- clamav 0.92~dfsg-1
-CVE-2007-6334
- RESERVED
+CVE-2007-6334 (Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and ...)
+ TODO: check
CVE-2007-6333 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as ...)
NOT-FOR-US: HP Info Center / HP Quick Launch Buttons
CVE-2007-6332 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as ...)
@@ -346,16 +496,16 @@
NOT-FOR-US: HyperVM
CVE-2007-6286
RESERVED
-CVE-2007-6285
- RESERVED
+CVE-2007-6285 (The default configuration for autofs 5 (autofs5) on Red Hat Enterprise ...)
+ TODO: check
CVE-2007-6284
RESERVED
CVE-2007-6283 (Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key ...)
- bind9 <not-affected> (On Debian this file is rw for user bind and just readable for group bind)
CVE-2007-6282
RESERVED
-CVE-2007-6281
- RESERVED
+CVE-2007-6281 (Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in ...)
+ TODO: check
CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.52, 5.1.x before ...)
- mysql-dfsg-5.0 5.0.45-5 (low; bug #455737)
TODO: check mysql4
@@ -440,16 +590,16 @@
RESERVED
CVE-2007-6247
RESERVED
-CVE-2007-6246
- RESERVED
-CVE-2007-6245
- RESERVED
-CVE-2007-6244
- RESERVED
-CVE-2007-6243
- RESERVED
-CVE-2007-6242
- RESERVED
+CVE-2007-6246 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...)
+ TODO: check
+CVE-2007-6245 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...)
+ TODO: check
+CVE-2007-6244 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash ...)
+ TODO: check
+CVE-2007-6243 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...)
+ TODO: check
+CVE-2007-6242 (Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier ...)
+ TODO: check
CVE-2007-6241 (Multiple unspecified vulnerabilities in Beehive Forum 0.7.1 have ...)
NOT-FOR-US: Beehive Forum
CVE-2007-6240 (SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 ...)
@@ -533,6 +683,7 @@
CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not ...)
- xen-3 3.1.2-1
CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x ...)
+ {DSA-1436-1}
- linux-2.6 <unfixed>
NOTE: kernel-sec already tracks this
CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS sidebar ...)
@@ -573,7 +724,7 @@
NOT-FOR-US: Plumtree
CVE-2007-6196 (Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail ...)
NOT-FOR-US: Calacode
-CVE-2007-6195 (Unspecified vulnerability in HP HP-UX B.11.11 and B.11.23, when ...)
+CVE-2007-6195 (Buffer overflow in the sw_rpc_agent_init function in swagentd in ...)
NOT-FOR-US: HP-UX
CVE-2007-6194 (Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 ...)
NOT-FOR-US: HP Select Identity
@@ -627,7 +778,7 @@
NOT-FOR-US: Yast2
CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime before 7.3.1 allows ...)
NOT-FOR-US: Apple QuickTime
-CVE-2007-6165 (Mail in Apple Mac OS X Leopard allows user-assisted remote attackers ...)
+CVE-2007-6165 (Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote ...)
NOT-FOR-US: Apple Mac OS X
CVE-2007-6164 (Multiple SQL injection vulnerabilities in Eurologon CMS allow remote ...)
NOT-FOR-US: Eurologon CMS
@@ -832,6 +983,7 @@
CVE-2007-6064
RESERVED
CVE-2007-6063 (Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux ...)
+ {DSA-1436-1}
- linux-2.6 2.6.23-2
NOTE: kernel-sec is aware of this
CVE-2007-6062 (irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause ...)
@@ -1115,14 +1267,14 @@
REJECTED
CVE-2007-5967
RESERVED
-CVE-2007-5966
- RESERVED
+CVE-2007-5966 (Integer overflow in the hrtimer_start function in kernel/hrtimer.c in ...)
+ {DSA-1436-1}
+ TODO: check
CVE-2007-5965
RESERVED
CVE-2007-5964 (The default configuration of autofs 5 in Red Hat Enterprise Linux ...)
- autofs 3.1.4-8 (medium)
-CVE-2007-5963 [kdm local resouce consumption "DoS"]
- RESERVED
+CVE-2007-5963 (Unspecified vulnerability in kdebase allows local users to cause a ...)
- kdebase <unfixed> (unimportant)
NOTE: This has only theoretical security impact
CVE-2007-5962
@@ -1417,40 +1569,40 @@
RESERVED
CVE-2007-5864
RESERVED
-CVE-2007-5863
- RESERVED
+CVE-2007-5863 (Software Update in Apple Mac OS X 10.5.1 allows remote attackers to ...)
+ TODO: check
CVE-2007-5862 (Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to ...)
NOT-FOR-US: Cisco IP Phone 7940
-CVE-2007-5861
- RESERVED
-CVE-2007-5860
- RESERVED
-CVE-2007-5859
- RESERVED
-CVE-2007-5858
- RESERVED
-CVE-2007-5857
- RESERVED
-CVE-2007-5856
- RESERVED
-CVE-2007-5855
- RESERVED
-CVE-2007-5854
- RESERVED
-CVE-2007-5853
- RESERVED
+CVE-2007-5861 (Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 ...)
+ TODO: check
+CVE-2007-5860 (Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 ...)
+ TODO: check
+CVE-2007-5859 (Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 ...)
+ TODO: check
+CVE-2007-5858 (WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1 allows remote ...)
+ TODO: check
+CVE-2007-5857 (Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from ...)
+ TODO: check
+CVE-2007-5856 (Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does ...)
+ TODO: check
+CVE-2007-5855 (Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has ...)
+ TODO: check
+CVE-2007-5854 (Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat ...)
+ TODO: check
+CVE-2007-5853 (Unspecified vulnerability in IO Storage Family in Apple Mac OS X ...)
+ TODO: check
CVE-2007-5852
RESERVED
-CVE-2007-5851
- RESERVED
-CVE-2007-5850
- RESERVED
-CVE-2007-5849
- RESERVED
-CVE-2007-5848
- RESERVED
-CVE-2007-5847
- RESERVED
+CVE-2007-5851 (iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote ...)
+ TODO: check
+CVE-2007-5850 (Heap-based buffer overflow in Desktop Services in Apple Mac OS X ...)
+ TODO: check
+CVE-2007-5849 (Integer underflow in the asn1_get_string function in the SNMP back end ...)
+ TODO: check
+CVE-2007-5848 (Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin ...)
+ TODO: check
+CVE-2007-5847 (Race condition in the CFURLWriteDataAndPropertiesToResource API in ...)
+ TODO: check
CVE-2007-5846 (The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote ...)
{DTSA-88-1}
- net-snmp 5.4.1~dfsg-1
@@ -1636,7 +1788,7 @@
CVE-2007-5760
RESERVED
CVE-2007-5759
- RESERVED
+ REJECTED
CVE-2007-5758
RESERVED
CVE-2007-5757
@@ -2467,8 +2619,8 @@
- xscreensaver 5.03-3.1 (medium; bug #448157)
- rss-glx 0.8.1-8 (medium)
NOTE: proper fix available and uploaded
-CVE-2007-5584
- RESERVED
+CVE-2007-5584 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) ...)
+ TODO: check
CVE-2007-5583 (Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers ...)
NOT-FOR-US: Cisco IP Phone
CVE-2007-5582 (Cross-site scripting (XSS) vulnerability in the login page in Cisco ...)
@@ -4992,12 +5144,12 @@
NOT-FOR-US: eNetman
CVE-2007-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch ...)
NOT-FOR-US: Toms Gaestebuch
-CVE-2007-4710
- RESERVED
-CVE-2007-4709
- RESERVED
-CVE-2007-4708
- RESERVED
+CVE-2007-4710 (Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 ...)
+ TODO: check
+CVE-2007-4709 (Directory traversal vulnerability in CFNetwork in Apple Mac OS X ...)
+ TODO: check
+CVE-2007-4708 (Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 ...)
+ TODO: check
CVE-2007-4707 (Multiple unspecified vulnerabilities in the Flash media handler in ...)
NOT-FOR-US: Apple QuickTime
CVE-2007-4706 (Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows ...)
@@ -5920,7 +6072,7 @@
NOT-FOR-US: Bilder Uploader
CVE-2007-4325 (PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 ...)
NOT-FOR-US: Gaestebuch
-CVE-2007-4324 (ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0 allows remote ...)
+CVE-2007-4324 (ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other ...)
- flashplugin-nonfree <not-affected> (This package just downloads the plugin from adobe.com which has an updated version)
[etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
[sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
@@ -6528,7 +6680,7 @@
NOT-FOR-US: geoBlog
CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery ...)
NOT-FOR-US: Pony Gallery
-CVE-2007-4045 (The CUPS service on SUSE Linux before 20070720 allows remote attackers ...)
+CVE-2007-4045 (The CUPS service, as used in SUSE Linux before 20070720 and other ...)
- cupsys <not-affected> (SuSE-specific regression)
CVE-2007-4044
REJECTED
@@ -6858,7 +7010,7 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3902 (Use-after-free vulnerability in the CRecalcProperty function in ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2007-3901 (Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 ...)
+CVE-2007-3901 (Stack-based buffer overflow in the DirectShow Synchronized Accessible ...)
NOT-FOR-US: Microsoft DirectX
CVE-2007-3900
RESERVED
@@ -6908,8 +7060,8 @@
RESERVED
CVE-2007-3877
RESERVED
-CVE-2007-3876
- RESERVED
+CVE-2007-3876 (Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows ...)
+ TODO: check
CVE-2007-3875 (arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) ...)
NOT-FOR-US: CA Anti-Virus
CVE-2007-3874 (Directory traversal vulnerability in the tftp/mftp daemon in the PXE ...)
@@ -18679,6 +18831,7 @@
CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear ...)
NOT-FOR-US: NetGear
CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and ...)
+ {DSA-1436-1}
- linux-2.6 2.6.22-6 (unimportant)
NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on ...)
More information about the Secure-testing-commits
mailing list