[Secure-testing-commits] r5333 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Jan 23 21:14:11 CET 2007 

Author: joeyh
Date: 2007-01-23 21:14:08 +0100 (Tue, 23 Jan 2007)
New Revision: 5333

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-01-23 19:26:08 UTC (rev 5332)
+++ data/CVE/list	2007-01-23 20:14:08 UTC (rev 5333)
@@ -1,3 +1,91 @@
+CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers ...)
+	TODO: check
+CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 ...)
+	TODO: check
+CVE-2007-0433 (Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 ...)
+	TODO: check
+CVE-2007-0432 (BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject ...)
+	TODO: check
+CVE-2007-0431 (AVM Fritz!Box 7050, and possibly other product models, allows remote ...)
+	TODO: check
+CVE-2007-0430 (The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and ...)
+	TODO: check
+CVE-2007-0429 (DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed ...)
+	TODO: check
+CVE-2007-0428 (Unspecified vulnerability in the chtbl_lookup function in hash.c for ...)
+	TODO: check
+CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 ...)
+	TODO: check
+CVE-2007-0426 (BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered ...)
+	TODO: check
+CVE-2007-0425 (Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 ...)
+	TODO: check
+CVE-2007-0424 (Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for ...)
+	TODO: check
+CVE-2007-0423 (BEA WebLogic Portal 9.2 does not properly handle when an administrator ...)
+	TODO: check
+CVE-2007-0422 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, ...)
+	TODO: check
+CVE-2007-0421 (BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 ...)
+	TODO: check
+CVE-2007-0420 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to ...)
+	TODO: check
+CVE-2007-0419 (The BEA WebLogic Server proxy plug-in before June 2006 for the Apache ...)
+	TODO: check
+CVE-2007-0418 (BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and ...)
+	TODO: check
+CVE-2007-0417 (BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and ...)
+	TODO: check
+CVE-2007-0416 (The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and ...)
+	TODO: check
+CVE-2007-0415 (BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce ...)
+	TODO: check
+CVE-2007-0414 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 ...)
+	TODO: check
+CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 improperly cleartext data in a ...)
+	TODO: check
+CVE-2007-0412 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 ...)
+	TODO: check
+CVE-2007-0411 (BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when ...)
+	TODO: check
+CVE-2007-0410 (Unspecified vulnerability in the thread management in BEA WebLogic 7.0 ...)
+	TODO: check
+CVE-2007-0409 (BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial ...)
+	TODO: check
+CVE-2007-0408 (BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate ...)
+	TODO: check
+CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain ...)
+	TODO: check
+CVE-2007-0406 (Multiple buffer overflows in the (1) main function in (a) client.c, ...)
+	TODO: check
+CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django 0.95 ...)
+	TODO: check
+CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument strings ...)
+	TODO: check
+CVE-2007-0403 (SQL injection vulnerability in admin/memberlist.php in Easebay ...)
+	TODO: check
+CVE-2007-0402 (Cross-site scripting (XSS) vulnerability in admin/edit_member.php in ...)
+	TODO: check
+CVE-2007-0401 (SQL injection vulnerability in admin/memberlist.php in Easebay ...)
+	TODO: check
+CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php in ...)
+	TODO: check
+CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+	TODO: check
+CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in MisterSP ...)
+	TODO: check
+CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog ...)
+	TODO: check
+CVE-2006-6950 (Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 ...)
+	TODO: check
+CVE-2006-6949 (Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in ...)
+	TODO: check
+CVE-2006-6948 (MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 ...)
+	TODO: check
+CVE-2006-6947 (The FTP server in the NEC MultiWriter 1700C allows remote attackers to ...)
+	TODO: check
+CVE-2006-6946 (The web server in the NEC MultiWriter 1700C allows remote attackers to ...)
+	TODO: check
 CVE-2007-XXXX [wordpress unregister_globals workaround from 2.0.7]
 	- wordpress 2.0.7 (bug #407116; unimportant)
 	NOTE: Non-issue, hash issue fixed since months in Sarge and Etch,
@@ -1020,10 +1108,10 @@
 	NOT-FOR-US: Microsoft IE
 CVE-2007-0023
 	RESERVED
-CVE-2007-0022
-	RESERVED
-CVE-2007-0021
-	RESERVED
+CVE-2007-0022 (Untrusted search path vulnerability in writeconfig in Apple Mac OS X ...)
+	TODO: check
+CVE-2007-0021 (Format string vulnerability in Apple iChat 3.1.6 allows remote ...)
+	TODO: check
 CVE-2007-0020
 	RESERVED
 CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and ...)
@@ -7258,7 +7346,7 @@
 	NOT-FOR-US: Business Objects
 CVE-2006-4098 (Stack-based buffer overflow in the CSRadius service in Cisco Secure Access ...)
 	TODO: check
-CVE-2006-4097 (Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure ...)
+CVE-2006-4097 (Multiple unspecified vulnerabilities in the CSRadius service in Cisco ...)
 	TODO: check
 CVE-2006-4096 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to ...)
 	{DSA-1172-1}
@@ -46350,7 +46438,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2002-0222 (Etype Eserv 2.97 allows remote attackers to to redirect traffic to ...)
+CVE-2002-0222 (Etype Eserv 2.97 allows remote attackers to redirect traffic to other ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2002-0221 (Etype Eserv 2.97 allows remote attackers to cause a denial of service ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker

More information about the Secure-testing-commits mailing list