[Secure-testing-commits] r5282 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Jan 17 09:14:19 CET 2007
Author: joeyh
Date: 2007-01-17 09:14:16 +0100 (Wed, 17 Jan 2007)
New Revision: 5282
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-16 22:29:49 UTC (rev 5281)
+++ data/CVE/list 2007-01-17 08:14:16 UTC (rev 5282)
@@ -1,3 +1,225 @@
+CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
+ TODO: check
+CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
+ TODO: check
+CVE-2007-0295 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
+ TODO: check
+CVE-2007-0294 (Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has ...)
+ TODO: check
+CVE-2007-0293 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager ...)
+ TODO: check
+CVE-2007-0292 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager ...)
+ TODO: check
+CVE-2007-0291 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
+ TODO: check
+CVE-2007-0290 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
+ TODO: check
+CVE-2007-0289 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
+ TODO: check
+CVE-2007-0288 (Unspecified vulnerability in Oracle Application Server 10.1.4.0 has ...)
+ TODO: check
+CVE-2007-0287 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, ...)
+ TODO: check
+CVE-2007-0286 (Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and ...)
+ TODO: check
+CVE-2007-0285 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, ...)
+ TODO: check
+CVE-2007-0284 (Multiple unspecified vulnerabilities in Oracle Application Server ...)
+ TODO: check
+CVE-2007-0283 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and ...)
+ TODO: check
+CVE-2007-0282 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application ...)
+ TODO: check
+CVE-2007-0281 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, ...)
+ TODO: check
+CVE-2007-0280 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application ...)
+ TODO: check
+CVE-2007-0279 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and ...)
+ TODO: check
+CVE-2007-0278 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, ...)
+ TODO: check
+CVE-2007-0277 (Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has ...)
+ TODO: check
+CVE-2007-0276 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and ...)
+ TODO: check
+CVE-2007-0275 (Unspecified vulnerability in Oracle Workflow Cartridge, as used in ...)
+ TODO: check
+CVE-2007-0274 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and ...)
+ TODO: check
+CVE-2007-0273 (Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, ...)
+ TODO: check
+CVE-2007-0272 (Unspecified vulnerability in Oracle Database 8.1.7.4, 9.0.1.5, ...)
+ TODO: check
+CVE-2007-0271 (Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has ...)
+ TODO: check
+CVE-2007-0270 (Unspecified vulnerability in Oracle Database 9.2.0.7 and 10.1.0.4 has ...)
+ TODO: check
+CVE-2007-0269 (Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and ...)
+ TODO: check
+CVE-2007-0268 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, ...)
+ TODO: check
+CVE-2007-0267 (The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels ...)
+ TODO: check
+CVE-2007-0266 (SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal ...)
+ TODO: check
+CVE-2007-0265 (Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal ...)
+ TODO: check
+CVE-2007-0264 (Buffer overflow in Winzip32.exe in WinZip 9.0 SR-1 allows local users ...)
+ TODO: check
+CVE-2007-0263 (Unspecified vulnerability in Total Commander before 6.5.6 allows ...)
+ TODO: check
+CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify ...)
+ TODO: check
+CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit when ...)
+ TODO: check
+CVE-2007-0260 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-0259 (Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo ...)
+ TODO: check
+CVE-2007-0257 (Unspecified vulnerability in the expand_stack function in grsecurity ...)
+ TODO: check
+CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2007-0254 (Format string vulnerability in the errors_create_window function in ...)
+ TODO: check
+CVE-2007-0253 (Unspecified vulnerability in the grsecurity patch has unspecified ...)
+ TODO: check
+CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows remote ...)
+ TODO: check
+CVE-2007-0251 (Integer underflow in the DecodeGRE function in src/decode.c in Snort ...)
+ TODO: check
+CVE-2007-0250 (index.php in Nwom topsites 3.0 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2007-0249 (Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites ...)
+ TODO: check
+CVE-2007-0247 (squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers ...)
+ TODO: check
+CVE-2007-0246
+ RESERVED
+CVE-2007-0245
+ RESERVED
+CVE-2007-0244
+ RESERVED
+CVE-2007-0243
+ RESERVED
+CVE-2007-0242
+ RESERVED
+CVE-2007-0241
+ RESERVED
+CVE-2007-0240
+ RESERVED
+CVE-2007-0239
+ RESERVED
+CVE-2007-0238
+ RESERVED
+CVE-2007-0237
+ RESERVED
+CVE-2007-0236 (Double-free vulnerability in the _ATPsndrsp function in Apple Mac OS X ...)
+ TODO: check
+CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s function in ...)
+ TODO: check
+CVE-2007-0234 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 ...)
+ TODO: check
+CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly ...)
+ TODO: check
+CVE-2007-0232 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, ...)
+ TODO: check
+CVE-2007-0230 (** DISPUTED ** PHP remote file inclusion vulnerability in install.php ...)
+ TODO: check
+CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and ...)
+ TODO: check
+CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security Analyzer ...)
+ TODO: check
+CVE-2007-0227 (slocate 3.1 does not properly manage database entries that specify ...)
+ TODO: check
+CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier ...)
+ TODO: check
+CVE-2007-0225 (Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in ...)
+ TODO: check
+CVE-2007-0224 (SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP ...)
+ TODO: check
+CVE-2007-0223 (SQL injection vulnerability in shared/code/cp_functions_downloads.php ...)
+ TODO: check
+CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side ...)
+ TODO: check
+CVE-2007-0221
+ RESERVED
+CVE-2007-0220
+ RESERVED
+CVE-2007-0219
+ RESERVED
+CVE-2007-0218
+ RESERVED
+CVE-2007-0217
+ RESERVED
+CVE-2007-0216
+ RESERVED
+CVE-2007-0215
+ RESERVED
+CVE-2007-0214
+ RESERVED
+CVE-2007-0213
+ RESERVED
+CVE-2007-0212
+ RESERVED
+CVE-2007-0211
+ RESERVED
+CVE-2007-0210
+ RESERVED
+CVE-2007-0209
+ RESERVED
+CVE-2007-0208
+ RESERVED
+CVE-2007-0207
+ RESERVED
+CVE-2007-0206 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
+ TODO: check
+CVE-2006-6939 (GNU ed before 0.3 allows local users to overwrite arbitrary files via ...)
+ TODO: check
+CVE-2006-6938 (Directory traversal vulnerability in includes/common.php in NitroTech ...)
+ TODO: check
+CVE-2006-6937 (SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo ...)
+ TODO: check
+CVE-2006-6936 (Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery ...)
+ TODO: check
+CVE-2006-6935 (SQL injection vulnerability in the login component in Portix-PHP 0.4.2 ...)
+ TODO: check
+CVE-2006-6934 (Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP ...)
+ TODO: check
+CVE-2006-6933 (Easy Chat Server 2.1 stores sensitive information under the web root ...)
+ TODO: check
+CVE-2006-6932 (Multiple SQL injection vulnerabilities in Image Gallery with Access ...)
+ TODO: check
+CVE-2006-6931 (Algorithmic complexity vulnerability in Snort before 2.6.1, during ...)
+ TODO: check
+CVE-2006-6930 (SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 ...)
+ TODO: check
+CVE-2006-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Rapid ...)
+ TODO: check
+CVE-2006-6928 (Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 ...)
+ TODO: check
+CVE-2006-6927 (Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote ...)
+ TODO: check
+CVE-2006-6926 (Buffer overflow in eXtremail 2.1 has unknown impact and attack ...)
+ TODO: check
+CVE-2006-6925 (Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 ...)
+ TODO: check
+CVE-2006-6924 (bitweaver 1.3.1 and earlier allows remote attackers to obtain ...)
+ TODO: check
+CVE-2006-6923 (SQL injection vulnerability in newsletters/edition.php in bitweaver ...)
+ TODO: check
+CVE-2006-6922 (SQL injection vulnerability in Deadlock User Management System ...)
+ TODO: check
+CVE-2006-6921 (Unspecified versions of the Linux kernel allows local users to cause a ...)
+ TODO: check
+CVE-2005-4823 (Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP ...)
+ TODO: check
CVE-2007-XXXX [udev wrong permissions on raid devices]
- linux-2.6 <unfixed> (bug #404927)
CVE-2007-XXXX [yacas insecure rpath]
@@ -7,7 +229,7 @@
CVE-2007-XXXX [gosa allows non-priviledged users to change admin password]
- gosa 2.5.8-1 (medium)
NOTE: http://secunia.com/advisories/23749/
-CVE-2007-0248 [Denial of Service Vulnerabilities]
+CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows ...)
- squid <unfixed> (low; bug #407202)
TODO: check if version 2.5.9-10sarge2 have comprimised code.
NOTE: reference - http://secunia.com/advisories/23767/
@@ -531,7 +753,7 @@
RESERVED
CVE-2007-0035
RESERVED
-CVE-2007-0034 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers ...)
+CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of ...)
NOT-FOR-US: Microsoft Outlook
CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to ...)
NOT-FOR-US: Microsoft Outlook
@@ -543,7 +765,7 @@
NOT-FOR-US: Microsoft Excel
CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...)
NOT-FOR-US: Microsoft Excel
-CVE-2007-0028 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X ...)
+CVE-2007-0028 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, ...)
NOT-FOR-US: Microsoft Excel
CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...)
NOT-FOR-US: Microsoft Excel
@@ -617,8 +839,8 @@
- webcam-server 0.50-2
CVE-2007-0015 (Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to ...)
NOT-FOR-US: Apple Quicktime
-CVE-2007-0014
- RESERVED
+CVE-2007-0014 (ChainKey Java Code Protection allows attackers to decompile Java class ...)
+ TODO: check
CVE-2007-0013
RESERVED
CVE-2007-0012
@@ -786,8 +1008,8 @@
NOT-FOR-US: Land Down Under (LDU)
CVE-2006-6768 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
NOT-FOR-US: PWP Technologies The Classified Ad System
-CVE-2006-6767
- RESERVED
+CVE-2006-6767 (oftpd before 0.3.7 allows remote attackers to cause a denial of ...)
+ TODO: check
CVE-2006-6766 (Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and ...)
NOT-FOR-US: cwmExplorer
CVE-2006-6765 (Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php ...)
@@ -1502,8 +1724,8 @@
RESERVED
CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the Dialog Wrapper ...)
NOT-FOR-US: ICONICS
-CVE-2006-6487
- RESERVED
+CVE-2006-6487 (Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook ...)
+ TODO: check
CVE-2006-6486 (SQL injection vulnerability in EasyPage allows remote attackers to ...)
NOT-FOR-US: EasyPage
CVE-2006-6485 (Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 ...)
@@ -1642,7 +1864,7 @@
NOT-FOR-US: Joomla Content Editor (JCE)
CVE-2006-6419 (jce.php in the JCE Admin Component in Ryan Demmer Joomla Content ...)
NOT-FOR-US: Joomla Content Editor (JCE)
-CVE-2006-6418 (Unspecified vulnerability in the POSIX Threads library (libpthread) on ...)
+CVE-2006-6418 (Buffer overflow in the POSIX Threads library (libpthread) on HP Tru64 ...)
NOT-FOR-US: HP Tru64 UNIX
CVE-2006-6417 (PHP remote file inclusion vulnerability in ...)
- b2evolution <not-affected> (vulnerable code added later)
@@ -2297,7 +2519,8 @@
NOT-FOR-US: fipsForum
CVE-2006-6115 (SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier ...)
NOT-FOR-US: fipsCMS
-CVE-2006-6114 (Buffer overflow in NWSPOOL.DLL in Novell Client 4.91 Post-SP3 for ...)
+CVE-2006-6114
+ REJECTED
NOT-FOR-US: Novell
CVE-2006-6113 (Monkey Boards 0.3.5 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: Monkey Boards
@@ -2810,8 +3033,7 @@
CVE-2006-5877 [enigmail memory corruption]
RESERVED
- enigmail <unfixed> (bug #406604)
-CVE-2006-5876 [libsoup parse_headers_DoS]
- RESERVED
+CVE-2006-5876 (The soup_headers_parse function in soup-headers.c for libsoup HTTP ...)
{DSA-1248-1}
- libsoup 2.2.98-2 (bug #405197; medium)
CVE-2006-5875 (eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote ...)
@@ -4366,10 +4588,10 @@
NOTE: s390 only, fix in 2.6.18-3 was reverted in 2.6.18-4
CVE-2006-5173 (Linux kernel does not properly save or restore EFLAGS during a context ...)
- linux-2.6 2.6.18-1
-CVE-2006-5172
- RESERVED
-CVE-2006-5171
- RESERVED
+CVE-2006-5172 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in ...)
+ TODO: check
+CVE-2006-5171 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in ...)
+ TODO: check
CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and ...)
{DSA-1203-1}
- libpam-ldap 180-1.2 (bug #392984; medium)
@@ -7759,7 +7981,7 @@
NOT-FOR-US: Oracle
CVE-2006-3698 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have ...)
NOT-FOR-US: Oracle
-CVE-2006-3697 (Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft ...)
+CVE-2006-3697 (Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) ...)
NOT-FOR-US: Outpost Firewall Pro
CVE-2006-3696 (filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows ...)
NOT-FOR-US: Outpost Firewall Pro
@@ -8342,7 +8564,8 @@
NOT-FOR-US: Microsoft
CVE-2006-3433
RESERVED
-CVE-2006-3432 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, ...)
+CVE-2006-3432
+ REJECTED
TODO: check
CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel ...)
NOT-FOR-US: Microsoft Excel
@@ -33428,7 +33651,7 @@
CVE-2004-0968 (The catchsegv script in glibc 2.3.2 and earlier allows local users to ...)
{DSA-636-1}
- glibc 2.3.2.ds1-19
-CVE-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi , (3) pv.sh, and (4) sysvlp.sh scripts ...)
+CVE-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts ...)
- gs-common 0.3.6-0.1
- gs-gpl <unfixed> (bug #291373; unimportant)
NOTE: ps2epsi hole present in gs-gpl, but not shipped in binary
More information about the Secure-testing-commits
mailing list