[Secure-testing-commits] r5766 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue May 1 21:14:31 UTC 2007
Author: joeyh
Date: 2007-05-01 21:14:26 +0000 (Tue, 01 May 2007)
New Revision: 5766
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-05-01 18:29:46 UTC (rev 5765)
+++ data/CVE/list 2007-05-01 21:14:26 UTC (rev 5766)
@@ -1,3 +1,189 @@
+CVE-2007-2419
+ RESERVED
+CVE-2007-2418
+ RESERVED
+CVE-2007-2417
+ RESERVED
+CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote ...)
+ TODO: check
+CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2007-2414 (MyServer before 0.8.8 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2007-2413 (Heap-based buffer overflow in Imager before 0.57 allows remote ...)
+ TODO: check
+CVE-2007-2412 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-2411 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-2410
+ RESERVED
+CVE-2007-2409
+ RESERVED
+CVE-2007-2408
+ RESERVED
+CVE-2007-2407
+ RESERVED
+CVE-2007-2406
+ RESERVED
+CVE-2007-2405
+ RESERVED
+CVE-2007-2404
+ RESERVED
+CVE-2007-2403
+ RESERVED
+CVE-2007-2402
+ RESERVED
+CVE-2007-2401
+ RESERVED
+CVE-2007-2400
+ RESERVED
+CVE-2007-2399
+ RESERVED
+CVE-2007-2398
+ RESERVED
+CVE-2007-2397
+ RESERVED
+CVE-2007-2396
+ RESERVED
+CVE-2007-2395
+ RESERVED
+CVE-2007-2394
+ RESERVED
+CVE-2007-2393
+ RESERVED
+CVE-2007-2392
+ RESERVED
+CVE-2007-2391
+ RESERVED
+CVE-2007-2390
+ RESERVED
+CVE-2007-2389
+ RESERVED
+CVE-2007-2388
+ RESERVED
+CVE-2007-2387
+ RESERVED
+CVE-2007-2386
+ RESERVED
+CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object ...)
+ TODO: check
+CVE-2007-2384 (The Script.aculo.us framework exchanges data using JavaScript Object ...)
+ TODO: check
+CVE-2007-2383 (The Prototype (prototypejs) framework exchanges data using JavaScript ...)
+ TODO: check
+CVE-2007-2382 (The Moo.fx framework exchanges data using JavaScript Object Notation ...)
+ TODO: check
+CVE-2007-2381 (The MochiKit framework exchanges data using JavaScript Object Notation ...)
+ TODO: check
+CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Object ...)
+ TODO: check
+CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ...)
+ TODO: check
+CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...)
+ TODO: check
+CVE-2007-2377 (The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data ...)
+ TODO: check
+CVE-2007-2376 (The Dojo framework exchanges data using JavaScript Object Notation ...)
+ TODO: check
+CVE-2007-2375 (The agent remote upgrade interface in Symantec Enterprise Security ...)
+ TODO: check
+CVE-2007-2374 (Unspecified vulnerability in Microsoft Windows 2000, XP, and Server ...)
+ TODO: check
+CVE-2007-2373 (SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) ...)
+ TODO: check
+CVE-2007-2372 (admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...)
+ TODO: check
+CVE-2007-2371 (admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...)
+ TODO: check
+CVE-2007-2370 (SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 ...)
+ TODO: check
+CVE-2007-2369 (Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 ...)
+ TODO: check
+CVE-2007-2368 (picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2007-2367 (Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) ...)
+ TODO: check
+CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted ...)
+ TODO: check
+CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements ...)
+ TODO: check
+CVE-2007-2364 (Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and ...)
+ TODO: check
+CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted ...)
+ TODO: check
+CVE-2007-2362 (Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) ...)
+ TODO: check
+CVE-2007-2361 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and ...)
+ TODO: check
+CVE-2007-2360 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and ...)
+ TODO: check
+CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec Norton ...)
+ TODO: check
+CVE-2007-2358 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-2357 (Cross-site scripting (XSS) vulnerability in mods/Core/result.php in ...)
+ TODO: check
+CVE-2007-2356 (Stack-based buffer overflow in the set_color_table function in ...)
+ TODO: check
+CVE-2007-2355 (The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP ...)
+ TODO: check
+CVE-2007-2354 (Progress Webspeed Messenger allows remote attackers to obtain ...)
+ TODO: check
+CVE-2007-2353 (Apache Axis 1.0 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote ...)
+ TODO: check
+CVE-2007-2351 (Unspecified vulnerability in the HP Power Manager Remote Agent (RA) ...)
+ TODO: check
+CVE-2007-2350 (admin/config.php in the music-on-hold module in freePBX 2.2.x allows ...)
+ TODO: check
+CVE-2007-2349 (Cross-site scripting (XSS) vulnerability in Invision Power Board ...)
+ TODO: check
+CVE-2007-2348 (mirror --script in lftp before 3.5.9 does not properly quote shell ...)
+ TODO: check
+CVE-2007-2347 (PHP remote file inclusion vulnerability in main/forum/komentar.php in ...)
+ TODO: check
+CVE-2007-2346 (Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 ...)
+ TODO: check
+CVE-2007-2345 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-2344 (The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight ...)
+ TODO: check
+CVE-2007-2343 (Stack-based buffer overflow in the TFTPD component in Enterasys ...)
+ TODO: check
+CVE-2007-2342 (SQL injection vulnerability in error.asp in CreaScripts CreaDirectory ...)
+ TODO: check
+CVE-2007-2341 (PHP remote file inclusion vulnerability in suite/index.php in ...)
+ TODO: check
+CVE-2007-2340 (PHP remote file inclusion vulnerability in inc/include_all.inc.php in ...)
+ TODO: check
+CVE-2007-2339 (Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow ...)
+ TODO: check
+CVE-2007-2338 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2007-2337 (Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS ...)
+ TODO: check
+CVE-2007-2336 (Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 ...)
+ TODO: check
+CVE-2007-2335 (Cross-site scripting (XSS) vulnerability in the RSS feed reader ...)
+ TODO: check
+CVE-2007-2334 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...)
+ TODO: check
+CVE-2007-2333 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...)
+ TODO: check
+CVE-2007-2332 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...)
+ TODO: check
+CVE-2006-7201 (EMC RSA Security SiteKey does not set the secure qualifier on the ...)
+ TODO: check
+CVE-2006-7200 (EMC RSA Security SiteKey issues challenge-bypass tokens that persist ...)
+ TODO: check
+CVE-2006-7199 (EMC RSA Security SiteKey allows remote attackers to display the ...)
+ TODO: check
+CVE-2006-7198 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
+ TODO: check
+CVE-2005-4839 (PureTLS before 0.9b5 does not clear optional Extensions and ...)
+ TODO: check
CVE-2007-2331 (PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 ...)
NOT-FOR-US: Shop-Script
CVE-2007-2330 (PHP remote file inclusion vulnerability in includes_handler.php in ...)
@@ -77,11 +263,11 @@
- asterisk 1:1.4.3~dfsg-1 (low)
CVE-2007-2293 (Multiple stack-based buffer overflows in the process_sdp function in ...)
- asterisk 1:1.4.3~dfsg-1 (high)
-CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication in Mozilla ...)
+CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for ...)
- iceweasel (low)
- firefox <removed> (low)
- mozilla <removed> (low)
-CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication in Microsoft ...)
+CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication support for ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2290 (Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and ...)
NOT-FOR-US: B2 Weblog
@@ -583,13 +769,13 @@
- aircrack-ng 1:0.7-3 (medium)
NOTE: http://trac.aircrack-ng.org/changeset/288
CVE-2007-2056
- RESERVED
-CVE-2007-2055
- RESERVED
-CVE-2007-2054
- RESERVED
-CVE-2007-2053
- RESERVED
+ REJECTED
+CVE-2007-2055 (AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary ...)
+ TODO: check
+CVE-2007-2054 (Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow ...)
+ TODO: check
+CVE-2007-2053 (Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow ...)
+ TODO: check
CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in ...)
- python2.4 2.4.4-3 (bug #416931; low)
- python2.5 <unfixed> (bug #416934; low)
@@ -640,8 +826,7 @@
- lha <unfixed> (low)
[sarge] - lha <no-dsa> (Non-free not supported)
[etch] - lha <no-dsa> (Non-free not supported)
-CVE-2007-2029 [fd leak DoS in Clamav's PDF parser]
- RESERVED
+CVE-2007-2029 (The PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to ...)
{DSA-1281-1}
- clamav 0.90.2-1 (low; bug #418849)
NOTE: closed report: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=459
@@ -930,14 +1115,17 @@
CVE-2007-1898
RESERVED
CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...)
+ {DSA-1285-1}
- wordpress 2.1.3-1 (medium)
CVE-2007-1896 (Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach ...)
NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1895 (PHP remote file inclusion vulnerability in chat.php in Sky GUNNING ...)
NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1894 (Cross-site scripting (XSS) vulnerability in ...)
+ {DSA-1285-1}
- wordpress 2.1.3-1 (medium)
CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows ...)
+ {DSA-1285-1}
- wordpress 2.1.3-1 (medium)
CVE-2007-1892 (Stack-based buffer overflow in Akamai Technologies Download Manager ...)
NOT-FOR-US: Akamai
@@ -1030,7 +1218,7 @@
NOT-FOR-US: Hitachi Cosminexus Component Container
CVE-2007-1853 (Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, ...)
NOT-FOR-US: Hitachi DeviceManager
-CVE-2007-1852 (Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 ...)
+CVE-2007-1852 (** DISPUTED ** ...)
NOT-FOR-US: 2BGal
CVE-2007-1851 (Multiple directory traversal vulnerabilities in Really Simple PHP and ...)
NOT-FOR-US: Really Simple PHP and Ajax
@@ -1556,6 +1744,7 @@
CVE-2007-1623 (Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook ...)
NOT-FOR-US: realGuestbook
CVE-2007-1622 (Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in ...)
+ {DSA-1285-1}
- wordpress 2.1.3-1 (medium)
CVE-2007-1621 (PHP remote file inclusion vulnerability in templates/head.php in ...)
NOT-FOR-US: Active PHP Bookmark Notes
@@ -1912,7 +2101,7 @@
NOT-FOR-US: Creative Guestbook
CVE-2007-1478 (download.php in McGallery 0.5b allows remote attackers to read ...)
NOT-FOR-US: McGallery
-CVE-2007-1477 (Directory traversal vulnerability in index.php in PHP Point Of Sale ...)
+CVE-2007-1477 (** DISPUTED ** ...)
NOT-FOR-US: Point Of Sale for osCommerce
CVE-2007-1476 (The SymTDI driver in Symantec Norton Personal Firewall 2006 9.1.1.7 ...)
NOT-FOR-US: Symantec Norton Personal Firewall
@@ -2188,6 +2377,7 @@
NOT-FOR-US: Avaya Communications Manager
CVE-2007-1366
RESERVED
+ {DSA-1284-1}
CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows ...)
NOT-FOR-US: OpenBSD Kernel
CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain ...)
@@ -2279,12 +2469,16 @@
NOT-FOR-US: SnapGear
CVE-2007-1323
RESERVED
+ {DSA-1284-1}
CVE-2007-1322
RESERVED
+ {DSA-1284-1}
CVE-2007-1321
RESERVED
+ {DSA-1284-1}
CVE-2007-1320
RESERVED
+ {DSA-1284-1}
CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup function in ...)
NOT-FOR-US: DeviceXPlorer OLE
CVE-2007-1318
@@ -4621,7 +4815,7 @@
NOT-FOR-US: VisoHotlink
CVE-2007-0488 (The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the ...)
NOT-FOR-US: Huawei
-CVE-2007-0487 (PHP remote file inclusion vulnerability in index.php in FreeForum ...)
+CVE-2007-0487 (** DISPUTED ** ...)
NOT-FOR-US: FreeForum
CVE-2007-0486 (** DISPUTED ** ...)
NOT-FOR-US: Openads
@@ -11227,8 +11421,8 @@
[sarge] - hostapd <not-affected> (Vulnerable code not present)
CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS ...)
NOT-FOR-US: Novell eDirectory
-CVE-2006-4520
- RESERVED
+CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 ...)
+ TODO: check
CVE-2006-4519
RESERVED
CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a ...)
More information about the Secure-testing-commits
mailing list