[Secure-testing-commits] r5577 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Sat Mar 24 10:14:15 CET 2007
Author: joeyh
Date: 2007-03-24 09:14:12 +0000 (Sat, 24 Mar 2007)
New Revision: 5577
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-03-23 22:31:16 UTC (rev 5576)
+++ data/CVE/list 2007-03-24 09:14:12 UTC (rev 5577)
@@ -1,3 +1,159 @@
+CVE-2007-1590 (The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and ...)
+ TODO: check
+CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux, allows ...)
+ TODO: check
+CVE-2007-1588 (server.cpp in MyServer 0.8.5 calls Process::setuid before calling ...)
+ TODO: check
+CVE-2007-1587 (templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows ...)
+ TODO: check
+CVE-2007-1586 (ZynOS 3.40 allows remote attackers to cause a denial of service (link ...)
+ TODO: check
+CVE-2007-1585 (The Linksys WAG200G with firmware 1.01.01 allows remote attackers to ...)
+ TODO: check
+CVE-2007-1584 (Buffer underflow in the header function in PHP 5.2.0 allows ...)
+ TODO: check
+CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ...)
+ TODO: check
+CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
+ TODO: check
+CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows ...)
+ TODO: check
+CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote ...)
+ TODO: check
+CVE-2007-1578 (Multiple integer signedness errors in the NTLM implementation in ...)
+ TODO: check
+CVE-2007-1577 (Directory traversal vulnerability in index.php in GeBlog 0.1 allows ...)
+ TODO: check
+CVE-2007-1576 (Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt ...)
+ TODO: check
+CVE-2007-1575 (Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when ...)
+ TODO: check
+CVE-2007-1574 (CARE2X 2.2, and possibly earlier, allows remote attackers to obtain ...)
+ TODO: check
+CVE-2007-1573 (SQL injection vulnerability in admincp/attachment.php in Jelsoft ...)
+ TODO: check
+CVE-2007-1572 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and ...)
+ TODO: check
+CVE-2007-1571 (PHP remote file inclusion vulnerability in includes/base.php in ...)
+ TODO: check
+CVE-2007-1570 (SQL injection vulnerability in devami.asp in X-ice Haber Sistemi (aka ...)
+ TODO: check
+CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote ...)
+ TODO: check
+CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 ...)
+ TODO: check
+CVE-2007-1567 (Stack-based buffer overflow in War FTP Daemon 1.65, and possibly ...)
+ TODO: check
+CVE-2007-1566 (SQL injection vulnerability in News/page.asp in NetVIOS Portal allows ...)
+ TODO: check
+CVE-2007-1565 (Konqueror 3.5.5 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2007-1564 (The FTP protocol implementation in Konqueror 3.5.5 allows remote ...)
+ TODO: check
+CVE-2007-1563 (The FTP protocol implementation in Opera 9.10 allows remote attackers ...)
+ TODO: check
+CVE-2007-1562 (The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and ...)
+ TODO: check
+CVE-2007-1561 (Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers ...)
+ TODO: check
+CVE-2007-1560 (The clientProcessRequest() function in squid/src/client_side.c in ...)
+ TODO: check
+CVE-2007-1559
+ RESERVED
+CVE-2007-1558
+ RESERVED
+CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security ...)
+ TODO: check
+CVE-2007-1556 (SQL injection vulnerability in kommentare.php in Creative Files 1.2 ...)
+ TODO: check
+CVE-2007-1555 (SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 ...)
+ TODO: check
+CVE-2007-1554 (Direct static code injection vulnerability in admin/configuration.php ...)
+ TODO: check
+CVE-2007-1553 (admin/configuration.php in Guestbara 1.2 and earlier allows remote ...)
+ TODO: check
+CVE-2007-1552 (Unrestricted file upload vulnerability in usercp.php in MetaForum ...)
+ TODO: check
+CVE-2007-1551 (Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 ...)
+ TODO: check
+CVE-2007-1550 (Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote ...)
+ TODO: check
+CVE-2007-1549 (Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 ...)
+ TODO: check
+CVE-2007-1548 (SQL injection vulnerability in functions/functions_filters.asp in Web ...)
+ TODO: check
+CVE-2007-1547 (The ReadRequestFromClient function in server/os/io.c in Network Audio ...)
+ TODO: check
+CVE-2007-1546 (Array index error in Network Audio System (NAS) before 1.8a SVN 237 ...)
+ TODO: check
+CVE-2007-1545 (The AddResource function in server/dia/resource.c in Network Audio ...)
+ TODO: check
+CVE-2007-1544 (Integer overflow in the ProcAuWriteElement function in ...)
+ TODO: check
+CVE-2007-1543 (Stack-based buffer overflow in the accept_att_local function in ...)
+ TODO: check
+CVE-2007-1542 (Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running ...)
+ TODO: check
+CVE-2007-1541 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only ...)
+ TODO: check
+CVE-2007-1540 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 and ...)
+ TODO: check
+CVE-2007-1539 (Directory traversal vulnerability in inc/map.func.php in pragmaMX ...)
+ TODO: check
+CVE-2007-1538 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-1537 (\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 ...)
+ TODO: check
+CVE-2007-1536 (Integer underflow in the file_printf function in the "file" program ...)
+ TODO: check
+CVE-2007-1535 (Microsoft Windows Vista establishes a Teredo address without user ...)
+ TODO: check
+CVE-2007-1534 (DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains ...)
+ TODO: check
+CVE-2007-1533 (The Teredo implementation in Microsoft Windows Vista uses the same ...)
+ TODO: check
+CVE-2007-1532 (The neighbor discovery implementation in Microsoft Windows Vista ...)
+ TODO: check
+CVE-2007-1531 (Microsoft Windows Vista overwrites ARP table entries included in ...)
+ TODO: check
+CVE-2007-1530 (The LLTD Mapper in Microsoft Windows Vista does not properly gather ...)
+ TODO: check
+CVE-2007-1529 (The LLTD Responder in Microsoft Windows Vista does not send the Mapper ...)
+ TODO: check
+CVE-2007-1528 (The LLTD Mapper in Microsoft Windows Vista allows remote attackers to ...)
+ TODO: check
+CVE-2007-1527 (The LLTD Mapper in Microsoft Windows Vista does not verify that an IP ...)
+ TODO: check
+CVE-2007-1526 (Sun Java System Web Server 6.1 before 20070314 allows remote ...)
+ TODO: check
+CVE-2007-1525 (Direct static code injection vulnerability in postpost.php in Dayfox ...)
+ TODO: check
+CVE-2007-1524 (Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 ...)
+ TODO: check
+CVE-2007-1523 (Heap-based buffer overflow in the kernel in NetBSD 3.0, certain ...)
+ TODO: check
+CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0 and ...)
+ TODO: check
+CVE-2007-1521 (Double free vulnerability in PHP 5.2.1 and earlier allows ...)
+ TODO: check
+CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 does ...)
+ TODO: check
+CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...)
+ TODO: check
+CVE-2007-1518 (SQL injection vulnerability in usergroups.php in Woltlab Burning Board ...)
+ TODO: check
+CVE-2007-1517 (SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 ...)
+ TODO: check
+CVE-2006-7174 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
+ TODO: check
+CVE-2006-7173 (Direct static code injection vulnerability in admin.php in PHP-Stats ...)
+ TODO: check
+CVE-2006-7172 (Multiple SQL injection vulnerabilities in php-stats.recphp.php in ...)
+ TODO: check
+CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR ...)
+ TODO: check
CVE-2007-XXXX [Single-packet SIP INVITE DoS in asterisk]
- asterisk <unfixed> (bug #415466; medium)
NOTE: http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html
@@ -113,10 +269,10 @@
- libwpd 0.8.9-1 (medium)
CVE-2007-1465
RESERVED
-CVE-2007-1464
- RESERVED
-CVE-2007-1463
- RESERVED
+CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in ...)
+ TODO: check
+CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows ...)
+ TODO: check
CVE-2007-1462 (The luci server component in conga preserves the password between page ...)
NOT-FOR-US: conga
CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...)
@@ -225,7 +381,7 @@
NOT-FOR-US: Duyuru Scripti
CVE-2007-1421 (Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 ...)
NOT-FOR-US: SubDog
-CVE-2007-1420 (MySQL 5.x before 5.0.37 allows local users to cause a denial of ...)
+CVE-2007-1420 (MySQL 5.x before 5.0.36 allows local users to cause a denial of ...)
- mysql-dfsg-5.0 5.0.32-8 (bug #414790)
CVE-2007-1419 (The Java Management Extensions Remote API Remote Method Invocation ...)
NOT-FOR-US: JMX RMI-IIOP
@@ -443,8 +599,8 @@
RESERVED
CVE-2007-1314
RESERVED
-CVE-2007-1313
- RESERVED
+CVE-2007-1313 (NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly ...)
+ TODO: check
CVE-2007-1312
RESERVED
CVE-2007-1311
@@ -1434,8 +1590,8 @@
NOTE: maintainer notes that this may affect browsers based on xulrunner
CVE-2007-1003
RESERVED
-CVE-2007-1002
- RESERVED
+CVE-2007-1002 (Format string vulnerability in the write_html function in ...)
+ TODO: check
CVE-2007-1001
RESERVED
CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the ...)
@@ -2411,10 +2567,10 @@
NOT-FOR-US: phpBB2-MODificat it is a module to phpbb2
CVE-2007-0655
RESERVED
-CVE-2007-0654
- RESERVED
-CVE-2007-0653
- RESERVED
+CVE-2007-0654 (Integer underflow in X MultiMedia System (xmms) 1.2.10 allows ...)
+ TODO: check
+CVE-2007-0653 (Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly ...)
+ TODO: check
CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable Professional ...)
NOT-FOR-US: MailEnable Professional
CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable ...)
@@ -2511,10 +2667,10 @@
RESERVED
CVE-2007-0608
RESERVED
-CVE-2007-0607
- RESERVED
-CVE-2007-0606
- RESERVED
+CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores ...)
+ TODO: check
+CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive information ...)
+ TODO: check
CVE-2007-0605
RESERVED
CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) before ...)
@@ -3136,8 +3292,8 @@
NOT-FOR-US: FileMailer
CVE-2007-0349 (Directory traversal vulnerability in upgrade.php in nicecoder.com ...)
NOT-FOR-US: INDEXU
-CVE-2007-0348
- RESERVED
+CVE-2007-0348 (Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in ...)
+ TODO: check
CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not ...)
TODO: check
NOTE: it is unclear if 1.1.5 is vulnerable (is_repository_file is not in 1.1.5 source)
@@ -3377,12 +3533,10 @@
RESERVED
CVE-2007-0240
RESERVED
-CVE-2007-0239
- RESERVED
+CVE-2007-0239 (OpenOffice.org (OOo) Office Suite allows user-assisted remote ...)
{DSA-1270-1}
- openoffice.org 2.0.4.dfsg.2-6
-CVE-2007-0238
- RESERVED
+CVE-2007-0238 (Stack-based buffer overflow in the StarCalc parser in OpenOffice.org ...)
{DSA-1270-1}
- openoffice.org 2.0.4.dfsg.2-6
CVE-2007-0237 (The ndeb-binary feature in Lookup (lookup-el) allows local users to ...)
@@ -6935,7 +7089,7 @@
NOT-FOR-US: Microsoft
CVE-2006-5613 (PHP remote file inclusion in Core/core.inc.php in MP3 Streaming ...)
NOT-FOR-US: MP3 Streaming DownSampler (mp3SDS)
-CVE-2006-5612 (PHP remote file inclusion vulnerability in aide.php3 in GestArt beta ...)
+CVE-2006-5612 (PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in ...)
NOT-FOR-US: GestArt
CVE-2006-5611 (Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 ...)
NOT-FOR-US: Toshiba
More information about the Secure-testing-commits
mailing list