[Secure-testing-commits] r7300 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Wed Nov 14 21:14:12 UTC 2007 

Author: joeyh
Date: 2007-11-14 21:14:11 +0000 (Wed, 14 Nov 2007)
New Revision: 7300

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-11-14 12:04:29 UTC (rev 7299)
+++ data/CVE/list	2007-11-14 21:14:11 UTC (rev 7300)
@@ -1,3 +1,69 @@
+CVE-2007-5957 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) ...)
+	TODO: check
+CVE-2007-5956 (Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) ...)
+	TODO: check
+CVE-2007-5955 (Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET ...)
+	TODO: check
+CVE-2007-5954 (Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo ...)
+	TODO: check
+CVE-2007-5953 (Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before ...)
+	TODO: check
+CVE-2007-5952 (Cross-site scripting (XSS) vulnerability in admin/index.php in Helios ...)
+	TODO: check
+CVE-2007-5951 (SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows ...)
+	TODO: check
+CVE-2007-5950 (Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, ...)
+	TODO: check
+CVE-2007-5949 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk ...)
+	TODO: check
+CVE-2007-5948 (Multiple cross-site scripting (XSS) vulnerabilities in main.php in ...)
+	TODO: check
+CVE-2007-5947 (The jar protocol handler in Mozilla Firefox retrieves the inner URL ...)
+	TODO: check
+CVE-2007-5946 (Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX ...)
+	TODO: check
+CVE-2007-5945 (USVN before 0.6.5 allows remote attackers to obtain a list of ...)
+	TODO: check
+CVE-2007-5944 (Cross-site scripting (XSS) vulnerability in Servlet Engine / Web ...)
+	TODO: check
+CVE-2007-5943 (Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a ...)
+	TODO: check
+CVE-2007-5942 (Bandersnatch 0.4 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2007-5941 (Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in ...)
+	TODO: check
+CVE-2007-5940 (feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users ...)
+	TODO: check
+CVE-2007-5939
+	RESERVED
+CVE-2007-5938
+	RESERVED
+CVE-2007-5937 (Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive ...)
+	TODO: check
+CVE-2007-5936 (dvips in teTeX and TeXlive 2007 and earlier allows local users to ...)
+	TODO: check
+CVE-2007-5935 (Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive ...)
+	TODO: check
+CVE-2007-5934 (The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request ...)
+	TODO: check
+CVE-2007-5933 (Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to ...)
+	TODO: check
+CVE-2006-7226
+	RESERVED
+CVE-2006-7225
+	RESERVED
+CVE-2004-2753 (Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and ...)
+	TODO: check
+CVE-2004-2752 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...)
+	TODO: check
+CVE-2004-2751 (SQL injection vulnerability in the members_list module in PostNuke ...)
+	TODO: check
+CVE-2004-2750 (Directory traversal vulnerability in browser.php in JBrowser 1.0 ...)
+	TODO: check
+CVE-2004-2749 (Directory traversal vulnerability in wra/public/wralogin in 2Wire ...)
+	TODO: check
+CVE-2003-1537 (Directory traversal vulnerability in PostNuke 0.723 and earlier allows ...)
+	TODO: check
 CVE-2007-5932 (Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content ...)
 	NOT-FOR-US: Fatwire Content Server
 CVE-2007-5931 (The reDirect function in lib/controllers/RepViewController.php in ...)
@@ -236,7 +302,7 @@
 	NOT-FOR-US: Avaya Messaging Storage Server
 CVE-2007-5829 (The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and ...)
 	NOT-FOR-US: Symantec AntiVirus
-CVE-2007-5828 (Cross-site request forgery (CSRF) vulnerability in the admin panel in ...)
+CVE-2007-5828 (** DISPUTED ** ...)
 	- python-django <unfixed> (unimportant)
 	NOTE: this is documented in docs/csrf.txt included in the python-django package and
 	NOTE: there is a plugin enabling this feature. This is intended behaviour.
@@ -305,8 +371,8 @@
 	NOT-FOR-US: Apache Geronimo
 CVE-2007-5796 (Cross-site scripting (XSS) vulnerability in the management console in ...)
 	NOT-FOR-US: Blue Coat ProxySG
-CVE-2007-5794
-	RESERVED
+CVE-2007-5794 (Race condition in nss_ldap, when used in applications that use pthread ...)
+	TODO: check
 CVE-2007-5839 (The e_hostname function in commands.c in BitchX 1.1a allows local ...)
 	- ircii-pana <unfixed> (low; bug #449149)
 CVE-2007-5795 (The hack-local-variables function in Emacs before 22.2, when ...)
@@ -359,8 +425,8 @@
 	NOT-FOR-US: Flatnuke
 CVE-2007-5771 (Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain ...)
 	NOT-FOR-US: Flatnuke
-CVE-2007-5770
-	RESERVED
+CVE-2007-5770 (The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, ...)
+	TODO: check
 CVE-2007-5769
 	RESERVED
 CVE-2007-5768 (The Globe7 soft phone client 7.3 sends username and password ...)
@@ -387,10 +453,10 @@
 	RESERVED
 CVE-2007-5757
 	RESERVED
-CVE-2007-5756
-	RESERVED
-CVE-2007-5755
-	RESERVED
+CVE-2007-5756 (Multiple array index errors in the bpf_filter_init function in NPF.SYS ...)
+	TODO: check
+CVE-2007-5755 (Multiple stack-based buffer overflows in the AOL AmpX ActiveX control ...)
+	TODO: check
 CVE-2007-5754 (PHP remote file inclusion vulnerability in urlinn_includes/config.php ...)
 	NOT-FOR-US: phpFaber
 CVE-2007-5753 (Unspecified vulnerability in Light FMan PHP (lfman or lightfman) ...)
@@ -652,7 +718,7 @@
 CVE-2007-5691 (ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers ...)
 	- iceweasel 2.0.0.8-1 (unimportant)
 	NOTE: Browser crashes not treated as security problems
-CVE-2007-5690 (Buffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1 might ...)
+CVE-2007-5690 (** DISPUTED ** ...)
 	- zaptel <unfixed> (unimportant; bug #448763)
 	NOTE: zaptel does copy argv[1] into ifr_name but zaptel is not suid root or something
 	NOTE: similar so this is no security issue in Debian even if sethdl-new will segfault
@@ -892,8 +958,8 @@
 	RESERVED
 CVE-2007-5668
 	RESERVED
-CVE-2007-5667
-	RESERVED
+CVE-2007-5667 (NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, ...)
+	TODO: check
 CVE-2007-5666
 	RESERVED
 CVE-2007-5665
@@ -5001,8 +5067,8 @@
 CVE-2007-4137 (Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech ...)
 	- qt-x11-free 3:3.3.7-8 (medium; bug #442780)
 	- qt4-x11 <not-affected> (Not exploitable according to upstream)
-CVE-2007-4136
-	RESERVED
+CVE-2007-4136 (The ricci daemon in Conga 0.10.0 allows remote attackers to cause a ...)
+	TODO: check
 CVE-2007-4135 (The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle ...)
 	- libnfsidmap 0.18-0 (low; bug #442935)
 	NOTE: https://issues.rpath.com/browse/RPL-1731
@@ -5541,11 +5607,11 @@
 	RESERVED
 CVE-2007-3899 (Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, ...)
 	NOT-FOR-US: Microsoft Word
-CVE-2007-3898
-	RESERVED
+CVE-2007-3898 (The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 ...)
+	TODO: check
 CVE-2007-3897 (Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, ...)
 	NOT-FOR-US: Outlook Express
-CVE-2007-3896 (The URL handling in Windows XP and Windows Server 2003, with Windows ...)
+CVE-2007-3896 (The URL handling in Shell32.dll in the Windows shell in Microsoft ...)
 	NOT-FOR-US: Windows
 CVE-2007-3895
 	RESERVED
@@ -5577,8 +5643,8 @@
 	NOT-FOR-US: Expert Advisor
 CVE-2007-3881 (SQL injection vulnerability in index.php in Pictures Rating (Picture ...)
 	NOT-FOR-US: Pictures Rating
-CVE-2007-3880
-	RESERVED
+CVE-2007-3880 (Format string vulnerability in srsexec in Sun Remote Services (SRS) ...)
+	TODO: check
 CVE-2007-3879
 	RESERVED
 CVE-2007-3878
@@ -10973,7 +11039,8 @@
 	NOT-FOR-US: Active Photo Gallery
 CVE-2007-1628 (Multiple PHP remote file inclusion vulnerabilities in Study planner ...)
 	NOT-FOR-US: Study planner
-CVE-2007-1627 (Multiple SQL injection vulnerabilities in php-revista 1.1.2 and ...)
+CVE-2007-1627
+	REJECTED
 	NOT-FOR-US: php-revista
 CVE-2007-1626 (PHP remote file inclusion vulnerability in iframe.php in the iFrame ...)
 	NOT-FOR-US: iFrame Module for PHP-NUKE
@@ -14347,7 +14414,7 @@
 	NOT-FOR-US: BEA
 CVE-2007-0414 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 ...)
 	NOT-FOR-US: BEA
-CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 improperly cleartext data in a ...)
+CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a ...)
 	NOT-FOR-US: BEA
 CVE-2007-0412 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 ...)
 	NOT-FOR-US: BEA

More information about the Secure-testing-commits mailing list