[Secure-testing-commits] r5815 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu May 10 09:14:18 UTC 2007


Author: joeyh
Date: 2007-05-10 09:14:13 +0000 (Thu, 10 May 2007)
New Revision: 5815

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-05-09 19:13:29 UTC (rev 5814)
+++ data/CVE/list	2007-05-10 09:14:13 UTC (rev 5815)
@@ -1,10 +1,227 @@
+CVE-2007-2588 (Multiple buffer overflows in the Office Viewer OCX ActiveX control ...)
+	TODO: check
+CVE-2007-2587 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote ...)
+	TODO: check
+CVE-2007-2586 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 does not properly ...)
+	TODO: check
+CVE-2007-2585 (Stack-based buffer overflow in the Verify function in the BarCodeWiz ...)
+	TODO: check
+CVE-2007-2584 (Buffer overflow in the IsOldAppInstalled function in the ...)
+	TODO: check
+CVE-2007-2583 (MySQL 5.x before 5.0.40 allows context-dependent attackers to cause a ...)
+	TODO: check
+CVE-2007-2582 (Unspecified vulnerability in the DB2 JDBC Applet Server (DB2JDS) ...)
+	TODO: check
+CVE-2007-2581 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
+	TODO: check
+CVE-2007-2580 (Unspecified vulnerability in Apple Safari allows local users to obtain ...)
+	TODO: check
+CVE-2007-2579 (Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 ...)
+	TODO: check
+CVE-2007-2578 (Unspecified vulnerability in search/list/action_search/index.php in ...)
+	TODO: check
+CVE-2007-2577 (Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote ...)
+	TODO: check
+CVE-2007-2576 (Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ...)
+	TODO: check
+CVE-2007-2575 (PHP remote file inclusion vulnerability in watermark.php in the vm ...)
+	TODO: check
+CVE-2007-2574 (Directory traversal vulnerability in index.php in Archangel Weblog ...)
+	TODO: check
+CVE-2007-2573 (PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in ...)
+	TODO: check
+CVE-2007-2572 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-2571 (SQL injection vulnerability in index.php in the wfquotes 1.0 0 module ...)
+	TODO: check
+CVE-2007-2570 (PHP remote file inclusion vulnerability in handlers/page/show.php in ...)
+	TODO: check
+CVE-2007-2569 (Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 ...)
+	TODO: check
+CVE-2007-2568
+	RESERVED
+CVE-2007-2567 (Buffer overflow in the SaveBarCode function in the Taltech Tal Bar ...)
+	TODO: check
+CVE-2007-2566 (The SaveBarCode function in the Taltech Tal Bar Code ActiveX control ...)
+	TODO: check
+CVE-2007-2565 (Cdelia Software ImageProcessing allows user-assisted remote attackers ...)
+	TODO: check
+CVE-2007-2564 (Multiple stack-based buffer overflows in the Sienzo Digital Music ...)
+	TODO: check
+CVE-2007-2563 (Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ...)
+	TODO: check
+CVE-2007-2562 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
+	TODO: check
+CVE-2007-2561 (SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote ...)
+	TODO: check
+CVE-2007-2560 (Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 ...)
+	TODO: check
+CVE-2007-2559 (Multiple PHP remote file inclusion vulnerabilities in american cart ...)
+	TODO: check
+CVE-2007-2558 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-2557 (MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, ...)
+	TODO: check
+CVE-2007-2556 (SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote ...)
+	TODO: check
+CVE-2007-2555 (Unspecified vulnerability in Default.aspx in Podium CMS allows remote ...)
+	TODO: check
+CVE-2007-2554 (Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank ...)
+	TODO: check
+CVE-2007-2553 (Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and ...)
+	TODO: check
+CVE-2007-2552 (The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 ...)
+	TODO: check
+CVE-2007-2551 (Cross-site scripting (XSS) vulnerability in usersettings.php in ...)
+	TODO: check
+CVE-2007-2550 (Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 ...)
+	TODO: check
+CVE-2007-2549 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop ...)
+	TODO: check
+CVE-2007-2548 (Unspecified vulnerability in index.php in TurnkeyWebTools SunShop ...)
+	TODO: check
+CVE-2007-2547 (Cross-site scripting (XSS) vulnerability in index.php in ...)
+	TODO: check
+CVE-2007-2546 (Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 ...)
+	TODO: check
+CVE-2007-2545 (Multiple PHP remote file inclusion vulnerabilities in Persism CMS ...)
+	TODO: check
+CVE-2007-2544 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-2543 (SQL injection vulnerability in game.php in the Flashgames 1.0.1 module ...)
+	TODO: check
+CVE-2007-2542 (PHP remote file inclusion vulnerability in header.php in workbench ...)
+	TODO: check
+CVE-2007-2541 (PHP remote file inclusion vulnerability in includes/ajax_listado.php ...)
+	TODO: check
+CVE-2007-2540 (Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and ...)
+	TODO: check
+CVE-2007-2539 (The show_files function in RunCms 1.5.2 and earlier allows remote ...)
+	TODO: check
+CVE-2007-2538 (SQL injection vulnerability in class/debug/debug_show.php in RunCms ...)
+	TODO: check
+CVE-2007-2537 (Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 ...)
+	TODO: check
+CVE-2007-2536 (PicoZip allows remote attackers to cause a denial of service (infinite ...)
+	TODO: check
+CVE-2007-2535 (WinAce allows remote attackers to cause a denial of service (infinite ...)
+	TODO: check
+CVE-2007-2534 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-2533 (Multiple buffer overflows in Trend Micro ServerProtect 5.58 before ...)
+	TODO: check
+CVE-2007-2532 (Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen ...)
+	TODO: check
+CVE-2007-2531 (PHP remote file inclusion vulnerability in berylium-classes.php in ...)
+	TODO: check
+CVE-2007-2530 (Multiple PHP remote file inclusion vulnerabilities in Tropicalm ...)
+	TODO: check
+CVE-2007-2529 (Integer signedness error in the acl (facl) system call in Solaris 10 ...)
+	TODO: check
+CVE-2007-2528 (Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for ...)
+	TODO: check
+CVE-2007-2527 (Multiple PHP remote file inclusion vulnerabilities in DynamicPAD ...)
+	TODO: check
+CVE-2007-2526 (Heap-based buffer overflow in the ConnectAsyncEx function in VNC ...)
+	TODO: check
+CVE-2007-2525 (Memory leak in the PPPoE socket implementation in the Linux kernel ...)
+	TODO: check
+CVE-2007-2524 (Cross-site scripting (XSS) vulnerability in index.pl in OTRS (Open ...)
+	TODO: check
+CVE-2007-2523
+	RESERVED
+CVE-2007-2522
+	RESERVED
+CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in E-GADS! 2.2.6 ...)
+	TODO: check
+CVE-2007-2520
+	RESERVED
+CVE-2007-2519
+	RESERVED
+CVE-2007-2518
+	REJECTED
+	TODO: check
+CVE-2007-2517
+	RESERVED
+CVE-2007-2516
+	RESERVED
+CVE-2007-2515
+	RESERVED
+CVE-2007-2514
+	RESERVED
+CVE-2007-2513
+	RESERVED
+CVE-2007-2512
+	RESERVED
+CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in PHP ...)
+	TODO: check
+CVE-2007-2510 (Buffer overflow in the make_http_soap_request function in PHP before ...)
+	TODO: check
+CVE-2007-2509 (CRLF injection vulnerability in the ftp_putcmd function in PHP before ...)
+	TODO: check
+CVE-2007-2508 (Multiple stack-based buffer overflows in Trend Micro ServerProtect ...)
+	TODO: check
+CVE-2007-2507 (Directory traversal vulnerability in includes/download.php in Treble ...)
+	TODO: check
+CVE-2007-2506 (WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and ...)
+	TODO: check
+CVE-2007-2505 (Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 ...)
+	TODO: check
+CVE-2007-2504 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-2503 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-2502 (Unspecified vulnerability in HP ProCurve 9300m Series switches with ...)
+	TODO: check
+CVE-2007-2501 (Eval injection vulnerability in codepress.html in CodePress before ...)
+	TODO: check
+CVE-2007-2500 (server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash ...)
+	TODO: check
+CVE-2007-2499 (Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and ...)
+	TODO: check
+CVE-2007-2498 (libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote ...)
+	TODO: check
+CVE-2007-2497 (RealNetworks RealPlayer 10 Gold allows remote attackers to cause a ...)
+	TODO: check
+CVE-2007-2496 (The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote ...)
+	TODO: check
+CVE-2007-2495 (Multiple stack-based buffer overflows in the ExcelOCX ActiveX control ...)
+	TODO: check
+CVE-2007-2494 (Multiple stack-based buffer overflows in the PowerPointOCX ActiveX ...)
+	TODO: check
+CVE-2007-2493 (PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES ...)
+	TODO: check
+CVE-2007-2492 (SQL injection vulnerability in index.php in the v4bJournal module for ...)
+	TODO: check
+CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation ...)
+	TODO: check
+CVE-2007-2490 (Unspecified vulnerability in LiveData Server before 5.00.62 allows ...)
+	TODO: check
+CVE-2007-2489 (Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and ...)
+	TODO: check
+CVE-2007-2487 (Stack-based buffer overflow in AtomixMP3 allows remote attackers to ...)
+	TODO: check
+CVE-2007-2486 (Directory traversal vulnerability in download.asp in Motobit 1.3 and ...)
+	TODO: check
+CVE-2007-2485 (PHP remote file inclusion vulnerability in myflash-button.php in the ...)
+	TODO: check
+CVE-2007-2484 (PHP remote file inclusion vulnerability in js/wptable-button.php in ...)
+	TODO: check
+CVE-2007-2483 (Directory traversal vulnerability in js/wptable-button.php in the ...)
+	TODO: check
+CVE-2007-2482 (Directory traversal vulnerability in wordtube-button.php in the ...)
+	TODO: check
+CVE-2007-2481 (PHP remote file inclusion vulnerability in wordtube-button.php in the ...)
+	TODO: check
+CVE-2006-7202 (The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not ...)
+	TODO: check
 CVE-2007-XXXX [schroot may use outdated configuration information]
 	- schroot <unfixed> (low; bug #422354)
 	[etch] - schroot <not-affected> (Only exploitable in unstable)
-CVE-2007-2488
+CVE-2007-2488 (The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does ...)
 	- asterisk <unfixed> (low)
 	NOTE: ASA-2007-013
-CVE-2007-2480 [port bind info leak]
+CVE-2007-2480 (The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel ...)
 	- linux-2.6 <unfixed> (medium)
 CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers ...)
 	NOT-FOR-US: Cerulean Trillian
@@ -97,7 +314,8 @@
 	NOTE: etch vulnerable (patch below applies)
 	NOTE: git url to fix the issue 
 	NOTE: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=71fc5b3e9309182978ead676965d65ca93a4e3b9
-CVE-2007-2436 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel ...)
+CVE-2007-2436
+	REJECTED
 	NOTE: Duplicate of CVE-2007-1861
 CVE-2007-2435 (Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java ...)
 	- sun-java5 1.5.0-11-1 (medium; bug #423062)
@@ -298,7 +516,7 @@
 	NOT-FOR-US: CreaScripts Creadirectory
 CVE-2007-2341 (PHP remote file inclusion vulnerability in suite/index.php in ...)
 	NOT-FOR-US: phpBandManager
-CVE-2007-2340 (PHP remote file inclusion vulnerability in inc/include_all.inc.php in ...)
+CVE-2007-2340 (Multiple PHP remote file inclusion vulnerabilities in ...)
 	NOT-FOR-US: phporacleview
 CVE-2007-2339 (Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow ...)
 	NOT-FOR-US: Phorum
@@ -526,8 +744,8 @@
 	TODO: check
 CVE-2007-2240
 	RESERVED
-CVE-2007-2239
-	RESERVED
+CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS Camera ...)
+	TODO: check
 CVE-2007-2238
 	RESERVED
 CVE-2007-2237
@@ -563,8 +781,8 @@
 	RESERVED
 CVE-2007-2222
 	RESERVED
-CVE-2007-2221
-	RESERVED
+CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in Microsoft ...)
+	TODO: check
 CVE-2007-2220
 	RESERVED
 CVE-2007-2219
@@ -613,7 +831,7 @@
 	NOT-FOR-US: LAN Management System
 CVE-2007-2197 (Race condition in the NeatUpload ASP.NET component 1.2.11 through ...)
 	NOT-FOR-US: NeatUpload
-CVE-2007-2196 (PHP remote file inclusion vulnerability in jambook.php in the Jambook ...)
+CVE-2007-2196 (** DISPUTED ** ...)
 	NOT-FOR-US: Jambook module for Mambo and Joomla
 CVE-2007-2195 (aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers ...)
 	NOT-FOR-US: Alvaro's Messenger
@@ -789,10 +1007,10 @@
 	NOT-FOR-US: Oracle
 CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component Oracle Database ...)
 	NOT-FOR-US: Oracle
-CVE-2006-7196
-	RESERVED
-CVE-2006-7195
-	RESERVED
+CVE-2006-7196 (Cross-site scripting (XSS) vulnerability in the calendar application ...)
+	TODO: check
+CVE-2006-7195 (Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in ...)
+	TODO: check
 CVE-2007-XXXX [buffer overflow in mixmaster importing type 2 messages]
 	- mixmaster 3.0b2-5 (low; bug #418662)
 	[etch] - mixmaster 3.0b2-4.etch1
@@ -828,7 +1046,7 @@
 	NOT-FOR-US: OpenConcept Back-End CMS
 CVE-2007-2098 (Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in ...)
 	NOT-FOR-US: Wabbit PHP Gallery
-CVE-2007-2097 (Multiple PHP remote file inclusion vulnerabilities in OpenConcept ...)
+CVE-2007-2097 (** DISPUTED ** ...)
 	NOT-FOR-US: OpenConcept Back-End CMS
 CVE-2007-2096 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...)
 	NOT-FOR-US: PHPHD Download System
@@ -1337,21 +1555,20 @@
 	NOT-FOR-US: dproxy-nexgen
 CVE-2007-1865
 	RESERVED
-CVE-2007-1864
-	RESERVED
+CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ...)
+	TODO: check
 CVE-2007-1863
 	RESERVED
 CVE-2007-1862
 	RESERVED
-CVE-2007-1861 [netlink DoS]
-	RESERVED
+CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel ...)
 	- linux-2.6 <unfixed>
 CVE-2007-1860
 	RESERVED
 CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for ...)
 	TODO: check
-CVE-2007-1858
-	RESERVED
+CVE-2007-1858 (The default SSL cipher configuration in Apache Tomcat 4.1.28 through ...)
+	TODO: check
 CVE-2007-1857
 	RESERVED
 CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure ...)
@@ -1390,8 +1607,8 @@
 	NOT-FOR-US: Microsoft ASP .NET Framework
 CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before ...)
 	- net-snmp 5.2.2-1 (medium)
-CVE-2005-4836
-	RESERVED
+CVE-2005-4836 (The HTTP/1.1 connector in Apache Tomcat 4.1.15 and later does not ...)
+	TODO: check
 CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable]
 	- initramfs-tools 0.85g (low; bug #417995)
 CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not ...)
@@ -1615,8 +1832,8 @@
 	RESERVED
 CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2007-1747
-	RESERVED
+CVE-2007-1747 (Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, ...)
+	TODO: check
 CVE-2007-1746
 	RESERVED
 CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam ...)
@@ -1788,16 +2005,16 @@
 	NOT-FOR-US: IBM Lotus Domino
 CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in ...)
 	NOT-FOR-US: LANDesk Management Suite
-CVE-2007-1673
-	RESERVED
-CVE-2007-1672
-	RESERVED
-CVE-2007-1671
-	RESERVED
-CVE-2007-1670
-	RESERVED
-CVE-2007-1669
-	RESERVED
+CVE-2007-1673 (unzoo.c allows remote attackers to cause a denial of service (infinite ...)
+	TODO: check
+CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers ...)
+	TODO: check
+CVE-2007-1670 (Panda Software Antivirus before 20070402 allows remote attackers to ...)
+	TODO: check
+CVE-2007-1669 (Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, ...)
+	TODO: check
 CVE-2007-1668
 	RESERVED
 CVE-2007-1666 (The processor_request function in the debugger server for DataRescue ...)
@@ -2145,7 +2362,7 @@
 CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0 and ...)
 	{DSA-1283-1}
 	- php5 <unfixed> (medium)
-CVE-2007-1521 (Double free vulnerability in PHP 5.2.1 and earlier allows ...)
+CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before 5.22, ...)
 	{DSA-1283-1 DSA-1282-1}
 	- php5 5.2.0-11 (medium)
 	- php4 <unfixed> (medium)
@@ -2295,7 +2512,7 @@
 CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: Safemode and open_basedir bypasses not supported
-CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP 5.2.0 ...)
+CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: Safemode and open_basedir bypasses not supported
 CVE-2007-1459 (Multiple PHP remote file inclusion vulnerabilities in WebCreator ...)
@@ -2459,7 +2676,7 @@
 	- snort <not-affected> (Vulnerable code not present)
 CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) ...)
 	NOT-FOR-US: FiSH IRC Encryption
-CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 5.2.1, when ...)
+CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 4.4.6, and ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: Non-issue
 CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 ...)
@@ -2549,8 +2766,8 @@
 	NOT-FOR-US: Drupal module Nodefamily
 CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and ...)
 	- libapache-mod-security <removed>
-CVE-2007-1358
-	RESERVED
+CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications using ...)
+	TODO: check
 CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before ...)
 	{DSA-1286-1}
 	- linux-2.6 2.6.20-1
@@ -2568,7 +2785,7 @@
 	- libxfont 1:1.2.2-2 (medium)
 CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 ...)
 	NOT-FOR-US: Novell NetMail
-CVE-2007-1349 (PerlRun.pm in Apache mod_perl 1.30 and earlier, and RegistryCooker.pm ...)
+CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in ...)
 	- apache <unfixed> (low)
 	- libapache2-mod-perl2 <unfixed> (low)
 CVE-2007-1348
@@ -2774,7 +2991,7 @@
 CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote ...)
 	{DSA-1283-1 DSA-1282-1}
 	- php4 6:4.4.6-1 (low)
-CVE-2007-1285 (The Zend Engine in PHP 4.x and 5.x allows remote attackers to cause a ...)
+CVE-2007-1285 (The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ...)
 	- php5 <unfixed> (unimportant)
 	- php4 <unfixed> (unimportant)
 	NOTE: Needs to be sanisited within apps, only crashes the current instance anyway
@@ -2786,8 +3003,8 @@
 	- icedove 1.5.0.10.dfsg1-1 (medium)
 CVE-2007-1281 (Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux ...)
 	NOT-FOR-US: Kaspersky AntiVirus Engine
-CVE-2007-1280
-	RESERVED
+CVE-2007-1280 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and ...)
+	TODO: check
 CVE-2007-1279 (Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 ...)
 	NOT-FOR-US: Adobe
 CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 ...)
@@ -2991,8 +3208,8 @@
 	- krb5 1.4.4-8 (high)
 CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
 	NOT-FOR-US: Microsoft GDI
-CVE-2007-1214
-	RESERVED
+CVE-2007-1214 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 ...)
+	TODO: check
 CVE-2007-1213 (The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
@@ -3013,10 +3230,10 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2007-1204 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2007-1203
-	RESERVED
-CVE-2007-1202
-	RESERVED
+CVE-2007-1203 (Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 ...)
+	TODO: check
+CVE-2007-1202 (Microsoft Word 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for ...)
+	TODO: check
 CVE-2007-1201
 	RESERVED
 CVE-2007-1200
@@ -3788,22 +4005,22 @@
 	NOT-FOR-US: iTinySoft
 CVE-2007-0948
 	RESERVED
-CVE-2007-0947
-	RESERVED
-CVE-2007-0946
-	RESERVED
-CVE-2007-0945
-	RESERVED
-CVE-2007-0944
-	RESERVED
+CVE-2007-0947 (Use-after-free vulnerability in Microsoft Internet Explorer 7 on ...)
+	TODO: check
+CVE-2007-0946 (Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows ...)
+	TODO: check
+CVE-2007-0945 (Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on ...)
+	TODO: check
+CVE-2007-0944 (Unspecified vulnerability in the CTableCol::OnPropertyChange method in ...)
+	TODO: check
 CVE-2007-0943
 	RESERVED
-CVE-2007-0942
-	RESERVED
+CVE-2007-0942 (Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on ...)
+	TODO: check
 CVE-2007-0941
 	RESERVED
-CVE-2007-0940
-	RESERVED
+CVE-2007-0940 (Unspecified vulnerability in the Cryptographic API Component Object ...)
+	TODO: check
 CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content ...)
 	NOT-FOR-US: Microsoft Content Management Server
 CVE-2007-0938 (Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does ...)
@@ -4537,7 +4754,7 @@
 CVE-2007-0692
 	RESERVED
 CVE-2007-0691
-	RESERVED
+	REJECTED
 CVE-2007-0690
 	RESERVED
 CVE-2007-0689
@@ -4725,16 +4942,16 @@
 	NOT-FOR-US: Free LAN Intranet Portal
 CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in ...)
 	NOT-FOR-US: CMSimple
-CVE-2007-0609
-	RESERVED
-CVE-2007-0608
-	RESERVED
+CVE-2007-0609 (Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows ...)
+	TODO: check
+CVE-2007-0608 (Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive ...)
+	TODO: check
 CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores ...)
 	NOT-FOR-US: Web-Agora
 CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive information ...)
 	NOT-FOR-US: Web-Agora
-CVE-2007-0605
-	RESERVED
+CVE-2007-0605 (Cross-site scripting (XSS) vulnerability in picture.php in Advanced ...)
+	TODO: check
 CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) before ...)
 	NOT-FOR-US: Movable Type
 CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects received over ...)
@@ -5406,8 +5623,8 @@
 	NOT-FOR-US: Trend Micro OfficeScan
 CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in ...)
 	NOT-FOR-US: LizardTech DjVu Browser Plug-in
-CVE-2007-0323
-	RESERVED
+CVE-2007-0323 (Buffer overflow in the SetLanguage function in Research In Motion ...)
+	TODO: check
 CVE-2007-0322
 	RESERVED
 CVE-2007-0321 (Buffer overflow in the Update Service Agent ActiveX Control in ...)
@@ -5646,10 +5863,10 @@
 	NOT-FOR-US: All In One Control Panel (AIOCP)
 CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side ...)
 	NOT-FOR-US: Oracle Application Server
-CVE-2007-0221
-	RESERVED
-CVE-2007-0220
-	RESERVED
+CVE-2007-0221 (IMAP support in Microsoft Exchange Server 2000 SP3 allows remote ...)
+	TODO: check
+CVE-2007-0220 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
+	TODO: check
 CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...)
 	NOT-FOR-US: Microsoft
 CVE-2007-0218
@@ -5658,12 +5875,12 @@
 	NOT-FOR-US: Microsoft
 CVE-2007-0216
 	RESERVED
-CVE-2007-0215
-	RESERVED
+CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, ...)
+	TODO: check
 CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 ...)
 	NOT-FOR-US: Microsoft
-CVE-2007-0213
-	RESERVED
+CVE-2007-0213 (Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does ...)
+	TODO: check
 CVE-2007-0212
 	RESERVED
 CVE-2007-0211 (The hardware detection functionality in the Windows Shell in Microsoft ...)
@@ -6249,16 +6466,16 @@
 	RESERVED
 CVE-2007-0040
 	RESERVED
-CVE-2007-0039
-	RESERVED
+CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in ...)
+	TODO: check
 CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft ...)
 	NOT-FOR-US: Microsoft
 CVE-2007-0037
 	RESERVED
 CVE-2007-0036
 	RESERVED
-CVE-2007-0035
-	RESERVED
+CVE-2007-0035 (Microsoft Word 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for ...)
+	TODO: check
 CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of ...)
 	NOT-FOR-US: Microsoft Outlook
 CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to ...)
@@ -17243,7 +17460,7 @@
 	NOT-FOR-US: Only on Windows
 CVE-2006-2056 (Argument injection vulnerability in Internet Explorer 6 for Windows XP ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-2055 (Argument injection vulnerability in Micrsoft Outlook 2003 SP1 allows ...)
+CVE-2006-2055 (Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows ...)
 	NOT-FOR-US: Micrsoft Outlook
 CVE-2006-2054 (3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before ...)
 	NOT-FOR-US: 3Com
@@ -20029,7 +20246,7 @@
 	NOT-FOR-US: Thomson modem firmware
 CVE-2006-0946 (Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems ...)
 	NOT-FOR-US: Thomson modem firmware
-CVE-2006-0945 (PHP remote file include vulnerability in index.php Archangel Weblog ...)
+CVE-2006-0945 (PHP remote file include vulnerability in admin/index.php in Archangel ...)
 	NOT-FOR-US: Archangel Weblog
 CVE-2006-0944 (Archangel Weblog 0.90.02 allows remote attackers to bypass ...)
 	NOT-FOR-US: Archangel Weblog




More information about the Secure-testing-commits mailing list