[Secure-testing-commits] r5776 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu May 3 21:14:39 UTC 2007
Author: joeyh
Date: 2007-05-03 21:14:33 +0000 (Thu, 03 May 2007)
New Revision: 5776
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-05-03 19:30:54 UTC (rev 5775)
+++ data/CVE/list 2007-05-03 21:14:33 UTC (rev 5776)
@@ -1,3 +1,123 @@
+CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers ...)
+ TODO: check
+CVE-2007-2478 (Multiple heap-based buffer overflows in the IRC component in Cerulean ...)
+ TODO: check
+CVE-2007-2477 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-2476 (Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before ...)
+ TODO: check
+CVE-2007-2475 (Unspecified vulnerability in the ADSCHEMA utility in Novell ...)
+ TODO: check
+CVE-2007-2474 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
+ TODO: check
+CVE-2007-2473 (SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 ...)
+ TODO: check
+CVE-2007-2472 (Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard ...)
+ TODO: check
+CVE-2007-2471 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 ...)
+ TODO: check
+CVE-2007-2470 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2007-2469 (SQL injection vulnerability in index.php in FileRun 1.0 and earlier ...)
+ TODO: check
+CVE-2007-2468 (Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 ...)
+ TODO: check
+CVE-2007-2467 (ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions ...)
+ TODO: check
+CVE-2007-2466 (Unspecified vulnerability in the LDAP Software Development Kit (SDK) ...)
+ TODO: check
+CVE-2007-2465 (Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing ...)
+ TODO: check
+CVE-2007-2464 (Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 ...)
+ TODO: check
+CVE-2007-2463 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...)
+ TODO: check
+CVE-2007-2462 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...)
+ TODO: check
+CVE-2007-2461 (The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and ...)
+ TODO: check
+CVE-2007-2460 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-2459 (Buffer overflow in the read_4bit_bmp function in bmp.c in Imager 0.56 ...)
+ TODO: check
+CVE-2007-2458 (Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery ...)
+ TODO: check
+CVE-2007-2457 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-2456 (Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 ...)
+ TODO: check
+CVE-2007-2455 (Parallels allows local users to cause a denial of service (virtual ...)
+ TODO: check
+CVE-2007-2454 (Heap-based buffer overflow in the VGA device in Parallels allows local ...)
+ TODO: check
+CVE-2007-2453
+ RESERVED
+CVE-2007-2452
+ RESERVED
+CVE-2007-2451
+ RESERVED
+CVE-2007-2450
+ RESERVED
+CVE-2007-2449
+ RESERVED
+CVE-2007-2448
+ RESERVED
+CVE-2007-2447
+ RESERVED
+CVE-2007-2446
+ RESERVED
+CVE-2007-2445
+ RESERVED
+CVE-2007-2444
+ RESERVED
+CVE-2007-2443
+ RESERVED
+CVE-2007-2442
+ RESERVED
+CVE-2007-2441
+ RESERVED
+CVE-2007-2440
+ RESERVED
+CVE-2007-2439
+ RESERVED
+CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) writefile, ...)
+ TODO: check
+CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0, 7.1, ...)
+ TODO: check
+CVE-2007-2436 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel ...)
+ TODO: check
+CVE-2007-2435 (Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java ...)
+ TODO: check
+CVE-2007-2434 (Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows ...)
+ TODO: check
+CVE-2007-2433 (Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 ...)
+ TODO: check
+CVE-2007-2432 (Cross-site scripting (XSS) vulnerability in utilities/search.asp in ...)
+ TODO: check
+CVE-2007-2431 (Dynamic variable evaluation vulnerability in ...)
+ TODO: check
+CVE-2007-2430 (shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote ...)
+ TODO: check
+CVE-2007-2429 (ManageEngine PasswordManager Pro (PMP) allows remote attackers to ...)
+ TODO: check
+CVE-2007-2428 (Multiple PHP remote file inclusion vulnerabilities in page.php in ...)
+ TODO: check
+CVE-2007-2427 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 ...)
+ TODO: check
+CVE-2007-2426 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-2425 (Directory traversal vulnerability in fileview.php in Imageview 5.3 ...)
+ TODO: check
+CVE-2007-2424 (PHP remote file inclusion vulnerability in help/index.php in The ...)
+ TODO: check
+CVE-2007-2423 (Cross-site scripting (XSS) vulnerability in index.php in MoinMoin ...)
+ TODO: check
+CVE-2007-2422 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-2421 (Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone ...)
+ TODO: check
+CVE-2007-2420 (SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows ...)
+ TODO: check
CVE-2007-XXXX [Tomcat does not enforce HTTPS for SSO cookies]
- tomcat5 <unfixed> (medium)
- tomcat5.5 <unfixed> (medium)
@@ -6,8 +126,8 @@
NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
CVE-2007-2419
RESERVED
-CVE-2007-2418
- RESERVED
+CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging ...)
+ TODO: check
CVE-2007-2417
RESERVED
CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote ...)
@@ -307,7 +427,7 @@
NOT-FOR-US: DCP-Portal
CVE-2007-2277 (Session fixation vulnerability in Plogger allows remote attackers to ...)
NOT-FOR-US: Plogger
-CVE-2007-2276 (3Com TippingPoint IPS allows remote attackers to cause a denial of ...)
+CVE-2007-2276 (** DISPUTED ** ...)
NOT-FOR-US: TippingPoint IPS
CVE-2007-2275 (Unspecified vulnerability in HP StorageWorks Command View Advanced ...)
NOT-FOR-US: HP StorageWorks
@@ -386,8 +506,8 @@
- kfreebsd-5 <unfixed> (low)
NOTE: This should be off by default, tweakable by a simple knob.
NOTE: (FreeBSD has it turned on for hosts, too.)
-CVE-2007-2241
- RESERVED
+CVE-2007-2241 (Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 ...)
+ TODO: check
CVE-2007-2240
RESERVED
CVE-2007-2239
@@ -519,7 +639,7 @@
NOT-FOR-US: Microgaming Download Helper
CVE-2007-2176 (Unspecified vulnerability in Mozilla Firefox allows remote attackers ...)
- iceweasel <unfixed> (low)
-CVE-2007-2175 (Unspecified vulnerability in Apple QuickTime, as used in Safari and ...)
+CVE-2007-2175 (Apple QuickTime Java extensions (QTJava.dll), as used in Safari and ...)
NOT-FOR-US: Apple QuickTime
CVE-2007-2174 (The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal ...)
NOT-FOR-US: ZoneAlarm
@@ -1175,10 +1295,10 @@
NOT-FOR-US: KL.SysInfo ActiveX control
CVE-2007-1878 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...)
NOT-FOR-US: Firebug extension for Firefox
-CVE-2007-1877
- RESERVED
-CVE-2007-1876
- RESERVED
+CVE-2007-1877 (VMware Workstation before 5.5.4 allows attackers to cause a denial of ...)
+ TODO: check
+CVE-2007-1876 (VMware Workstation before 5.5.4, when running a 64-bit Windows guest ...)
+ TODO: check
CVE-2007-1875
RESERVED
CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions ...)
@@ -1212,8 +1332,8 @@
- linux-2.6 <unfixed>
CVE-2007-1860
RESERVED
-CVE-2007-1859
- RESERVED
+CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for ...)
+ TODO: check
CVE-2007-1858
RESERVED
CVE-2007-1857
@@ -1484,8 +1604,8 @@
CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam ...)
{DSA-1281-1}
- clamav 0.90.2-1 (high)
-CVE-2007-1744
- RESERVED
+CVE-2007-1744 (Directory traversal vulnerability in the Shared Folders feature for ...)
+ TODO: check
CVE-2007-1743 (suexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...)
- apache2 <unfixed> (unimportant)
CVE-2007-1742 (suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison ...)
@@ -2387,9 +2507,9 @@
NOT-FOR-US: Drupal module Project
CVE-2007-1367 (Cross-site scripting (XSS) vulnerability in the login page in Avaya ...)
NOT-FOR-US: Avaya Communications Manager
-CVE-2007-1366
- RESERVED
+CVE-2007-1366 (QEMU 0.8.2 allows local users to crash a virtual machine via the ...)
{DSA-1284-1}
+ TODO: check
CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows ...)
NOT-FOR-US: OpenBSD Kernel
CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain ...)
@@ -2449,8 +2569,8 @@
NOT-FOR-US: Links Management Application
CVE-2007-1338 (The default configuration of the AirPort utility in Apple AirPort ...)
NOT-FOR-US: Apple AirPort Extreme
-CVE-2007-1337
- RESERVED
+CVE-2007-1337 (The virtual machine process (VMX) in VMware Workstation before 5.5.4 ...)
+ TODO: check
CVE-2007-1336
RESERVED
CVE-2007-1335
@@ -2483,15 +2603,15 @@
CVE-2007-1323
RESERVED
{DSA-1284-1}
-CVE-2007-1322
- RESERVED
+CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by executing ...)
{DSA-1284-1}
+ TODO: check
CVE-2007-1321
RESERVED
{DSA-1284-1}
-CVE-2007-1320
- RESERVED
+CVE-2007-1320 (Multiple heap-based buffer overflows in the cirrus_invalidate_region ...)
{DSA-1284-1}
+ TODO: check
CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup function in ...)
NOT-FOR-US: DeviceXPlorer OLE
CVE-2007-1318
@@ -3192,8 +3312,8 @@
NOT-FOR-US: Cisco Unified IP Phone
CVE-2007-1071 (Integer overflow in the gifGetBandProc function in ImageIO in Apple ...)
NOT-FOR-US: Apple ImageIO
-CVE-2007-1069
- RESERVED
+CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows ...)
+ TODO: check
CVE-2007-1068 (The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, ...)
NOT-FOR-US: Cisco Secure Services Client
CVE-2007-1067 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
@@ -4182,8 +4302,8 @@
RESERVED
CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows ...)
- linux-2.6 2.6.18.dfsg.1-11
-CVE-2007-0771
- RESERVED
+CVE-2007-0771 (Unspecified vulnerability in the utrace support for Linux kernel ...)
+ TODO: check
CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted ...)
{DSA-1260}
- graphicsmagick 1.1.7-12
@@ -4278,8 +4398,8 @@
NOT-FOR-US: Apple Mac OS X
CVE-2007-0746 (Heap-based buffer overflow in the VideoConference framework in Apple ...)
NOT-FOR-US: Apple Mac OS X
-CVE-2007-0745
- RESERVED
+CVE-2007-0745 (The Apple Security Update 2007-004 uses an incorrect configuration ...)
+ TODO: check
CVE-2007-0744 (SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean ...)
NOT-FOR-US: Apple Mac OS X
CVE-2007-0743 (URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username ...)
@@ -4477,8 +4597,8 @@
[etch] - nexuiz <not-affected> (Vulnerable code not present, was introduced in 2.2.2)
CVE-2007-0656 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
NOT-FOR-US: phpBB2-MODificat it is a module to phpbb2
-CVE-2007-0655
- RESERVED
+CVE-2007-0655 (The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan ...)
+ TODO: check
CVE-2007-0654 (Integer underflow in X MultiMedia System (xmms) 1.2.10 allows ...)
{DSA-1277-1}
- xmms 1:1.2.10+20070301-2 (bug #416423; low)
More information about the Secure-testing-commits
mailing list