[Secure-testing-commits] r6880 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Tue Oct 9 21:14:11 UTC 2007


Author: joeyh
Date: 2007-10-09 21:14:11 +0000 (Tue, 09 Oct 2007)
New Revision: 6880

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-09 20:44:04 UTC (rev 6879)
+++ data/CVE/list	2007-10-09 21:14:11 UTC (rev 6880)
@@ -1,3 +1,95 @@
+CVE-2007-5288 (The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor ...)
+	TODO: check
+CVE-2007-5287 (Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library ...)
+	TODO: check
+CVE-2007-5286 (The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus ...)
+	TODO: check
+CVE-2007-5285 (Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in ...)
+	TODO: check
+CVE-2007-5284 (Heap-based buffer overflow in ConeXware PowerArchiver before 10.20.21 ...)
+	TODO: check
+CVE-2007-5283 (The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor ...)
+	TODO: check
+CVE-2007-5282 (Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library ...)
+	TODO: check
+CVE-2007-5281 (The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus ...)
+	TODO: check
+CVE-2007-5280 (Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in ...)
+	TODO: check
+CVE-2007-5279 (Heap-based buffer overflow in ConeXware PowerArchiver before 10.20.21 ...)
+	TODO: check
+CVE-2007-5278 (Zomplog 3.8.1 and earlier stores potentially sensitive information ...)
+	TODO: check
+CVE-2007-5277 (Microsoft Internet Explorer 6 drops DNS pins based on failed ...)
+	TODO: check
+CVE-2007-5276 (Opera 9 drops DNS pins based on failed connections to irrelevant TCP ...)
+	TODO: check
+CVE-2007-5275 (The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause ...)
+	TODO: check
+CVE-2007-5274 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and ...)
+	TODO: check
+CVE-2007-5273 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and ...)
+	TODO: check
+CVE-2007-5272 (SQL injection vulnerability in kategori.asp in Furkan Tastan Blog ...)
+	TODO: check
+CVE-2007-5271 (Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS ...)
+	TODO: check
+CVE-2007-5270 (Unspecified vulnerability in the Boost module before 4.7.x-1.0, and ...)
+	TODO: check
+CVE-2007-5269 (Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 ...)
+	TODO: check
+CVE-2007-5268 (pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) ...)
+	TODO: check
+CVE-2007-5267 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP ...)
+	TODO: check
+CVE-2007-5266 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP ...)
+	TODO: check
+CVE-2007-5265 (Multiple format string vulnerabilities in websrv.cpp in Dawn of Time ...)
+	TODO: check
+CVE-2007-5264 (Battlefront Dropteam 1.3.3 and earlier sends the client's online ...)
+	TODO: check
+CVE-2007-5263 (Multiple buffer overflows in Battlefront Dropteam 1.3.3 and earlier ...)
+	TODO: check
+CVE-2007-5262 (Multiple format string vulnerabilities in Battlefront Dropteam 1.3.3 ...)
+	TODO: check
+CVE-2004-2744 (Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has ...)
+	TODO: check
+CVE-2004-2743 (upload.cgi in Mega Upload Progress Bar before 1.45 allows remote ...)
+	TODO: check
+CVE-2004-2742 (Cross-site scripting (XSS) vulnerability in the report viewer in ...)
+	TODO: check
+CVE-2004-2741 (Cross-site scripting (XSS) vulnerability in the "help window" ...)
+	TODO: check
+CVE-2004-2740 (PHP remote file inclusion vulnerability in authform.inc.php in ...)
+	TODO: check
+CVE-2004-2739 (The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows ...)
+	TODO: check
+CVE-2004-2738 (Cross-site scripting (XSS) vulnerability in check_user_id.php in ...)
+	TODO: check
+CVE-2004-2737 (SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk ...)
+	TODO: check
+CVE-2004-2736 (Polar HelpDesk 3.0 allows remote attackers to bypass authentication by ...)
+	TODO: check
+CVE-2004-2735 (Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier ...)
+	TODO: check
+CVE-2004-2734 (webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses ...)
+	TODO: check
+CVE-2004-2733 (Web Wiz Forums 7.7a uses invalid logic to determine user privileges, ...)
+	TODO: check
+CVE-2004-2732 (nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain ...)
+	TODO: check
+CVE-2004-2731 (Multiple integer overflows in Sbus PROM driver ...)
+	TODO: check
+CVE-2004-2730 (Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, ...)
+	TODO: check
+CVE-2004-2729 (Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 ...)
+	TODO: check
+CVE-2004-2728 (Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and ...)
+	TODO: check
+CVE-2004-2727 (Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 ...)
+	TODO: check
+CVE-2004-2726 (HTTPMail service in MailEnable Professional 1.18 does not properly ...)
+	TODO: check
 CVE-2007-XXXX
 	- libpng <not-affected> (vulnerable code not present)
 	NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one
@@ -745,7 +837,7 @@
 	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2007-4975 (Cross-site scripting (XSS) vulnerability in hilfe.php in b1gMail 6.3.1 ...)
 	NOT-FOR-US: b1gMail
-CVE-2007-4974 (Heap-based buffer overflow in libsndfile 1.0.17 and earlier might ...)
+CVE-2007-4974 (Heap-based buffer overflow in the flac_buffer_copy function in ...)
 	- libsndfile 1.0.17-4 (bug #443386; medium)
 	- ardour <unfixed> (medium; bug #445889)
 CVE-2007-4973
@@ -850,8 +942,8 @@
 	NOT-FOR-US: Axis firmware
 CVE-2007-4925 (The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment ...)
 	NOT-FOR-US: eWire Payment Client
-CVE-2007-4924
-	RESERVED
+CVE-2007-4924 (The Open Phone Abstraction Library (opal), as used by (1) Ekiga before ...)
+	TODO: check
 CVE-2007-4923 (PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in ...)
 	NOT-FOR-US: Joomla extension
 CVE-2007-4922 (SQL injection vulnerability in play.php in the jeuxflash 1.0 module ...)
@@ -1012,7 +1104,7 @@
 CVE-2007-4852
 	RESERVED
 CVE-2007-4851
-	RESERVED
+	REJECTED
 CVE-2006-7223 (PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the ...)
 	NOT-FOR-US: Xwiki
 CVE-2005-4862 (The search functionality in XWiki 0.9.793 indexes cleartext user ...)
@@ -1298,6 +1390,7 @@
 CVE-2007-4728
 	RESERVED
 CVE-2007-4727 (Buffer overflow in the fcgi_env_add function in ...)
+	{DSA-1362-1}
 	- lighttpd 1.4.18-1 (medium; bug #441555)
 	NOTE: http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
 	NOTE: http://www.lighttpd.net/download/lighttpd-1.4.x_mod_fastcgi_overrun.patch




More information about the Secure-testing-commits mailing list