[Secure-testing-commits] r7022 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Fri Oct 19 21:14:09 UTC 2007 

Author: joeyh
Date: 2007-10-19 21:14:08 +0000 (Fri, 19 Oct 2007)
New Revision: 7022

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-19 17:31:08 UTC (rev 7021)
+++ data/CVE/list	2007-10-19 21:14:08 UTC (rev 7022)
@@ -1,3 +1,135 @@
+CVE-2007-5579 (login.php in Pligg CMS 9.5 uses a guessable confirmation code when ...)
+	TODO: check
+CVE-2007-5578 (Basic Analysis and Security Engine (BASE) before 1.3.8 sends a ...)
+	TODO: check
+CVE-2007-5577 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
+	TODO: check
+CVE-2007-5576 (BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic ...)
+	TODO: check
+CVE-2007-5575 (Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 ...)
+	TODO: check
+CVE-2007-5574 (PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 ...)
+	TODO: check
+CVE-2007-5573 (PHP remote file inclusion vulnerability in classes/core/language.php ...)
+	TODO: check
+CVE-2007-5572 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple ...)
+	TODO: check
+CVE-2007-5571 (Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, ...)
+	TODO: check
+CVE-2007-5570 (Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, ...)
+	TODO: check
+CVE-2007-5569 (Cisco PIX and ASA appliances with 7.1 and 7.2 software, when ...)
+	TODO: check
+CVE-2007-5568 (Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco ...)
+	TODO: check
+CVE-2007-5567 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-5566 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-5565 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-5564 (Multiple cross-site scripting (XSS) vulnerabilities in NSSboard ...)
+	TODO: check
+CVE-2007-5563 (Unspecified vulnerability in VirtueMart before 1.0.13 allows remote ...)
+	TODO: check
+CVE-2007-5562 (Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the ...)
+	TODO: check
+CVE-2007-5561 (Format string vulnerability in the logging function in the Oracle OPMN ...)
+	TODO: check
+CVE-2007-5560 (Heap-based buffer overflow in the Juniper HTTP Service allows remote ...)
+	TODO: check
+CVE-2007-5559 (Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows ...)
+	TODO: check
+CVE-2007-5558 (Integer overflow in the LG Mobile handset allows remote attackers to ...)
+	TODO: check
+CVE-2007-5557 (Unspecified vulnerability in the NEC mobile handset allows remote ...)
+	TODO: check
+CVE-2007-5556 (Unspecified vulnerability in the Avaya VoIP Handset allows remote ...)
+	TODO: check
+CVE-2007-5555 (Symantec Altiris Deployment Solution 6 allows local users to obtain ...)
+	TODO: check
+CVE-2007-5554 (Oracle allows remote attackers to obtain server memory contents via ...)
+	TODO: check
+CVE-2007-5553 (Unspecified vulnerability in rvd in TIBCO Rendezvous allows remote ...)
+	TODO: check
+CVE-2007-5552 (Integer overflow in Cisco IOS allows remote attackers to execute ...)
+	TODO: check
+CVE-2007-5551 (Off-by-one error in Cisco IOS allows remote attackers to execute ...)
+	TODO: check
+CVE-2007-5550 (Unspecified vulnerability in Cisco IOS allows remote attackers to ...)
+	TODO: check
+CVE-2007-5549 (Unspecified vulnerability in Command EXEC in Cisco IOS allows local ...)
+	TODO: check
+CVE-2007-5548 (Multiple stack-based buffer overflows in Command EXEC in Cisco IOS ...)
+	TODO: check
+CVE-2007-5547 (Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote ...)
+	TODO: check
+CVE-2007-5546 (Multiple stack-based buffer overflows in TIBCO SmartPGM FX allow ...)
+	TODO: check
+CVE-2007-5545 (Format string vulnerability in TIBCO SmartPGM FX allows remote ...)
+	TODO: check
+CVE-2007-5544
+	RESERVED
+CVE-2007-5543
+	RESERVED
+CVE-2007-5542
+	RESERVED
+CVE-2003-1400 (Cross-site scripting (XSS) vulnerability in the Your_Account module ...)
+	TODO: check
+CVE-2003-1399 (eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, ...)
+	TODO: check
+CVE-2003-1398 (Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts ...)
+	TODO: check
+CVE-2003-1397 (The PluginContext object of Opera 6.05 and 7.0 allows remote attackers ...)
+	TODO: check
+CVE-2003-1396 (Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote ...)
+	TODO: check
+CVE-2003-1395 (Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to ...)
+	TODO: check
+CVE-2003-1394 (CoffeeCup Software Password Wizard 4.0 stores sensitive information ...)
+	TODO: check
+CVE-2003-1393 (Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to ...)
+	TODO: check
+CVE-2003-1392 (CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to ...)
+	TODO: check
+CVE-2003-1391 (RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the ...)
+	TODO: check
+CVE-2003-1390 (RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a ...)
+	TODO: check
+CVE-2003-1389 (RTS CryptoBuddy 1.2 and earlier truncates long passphrases without ...)
+	TODO: check
+CVE-2003-1388 (Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to ...)
+	TODO: check
+CVE-2003-1387 (Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, ...)
+	TODO: check
+CVE-2003-1386 (AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to ...)
+	TODO: check
+CVE-2003-1385 (ipchat.php in Invision Power Board 1.1.1 allows remote attackers to ...)
+	TODO: check
+CVE-2003-1384 (Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor ...)
+	TODO: check
+CVE-2003-1383 (WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2003-1382 (Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to ...)
+	TODO: check
+CVE-2003-1381 (Format string vulnerability in AMX 0.9.2 and earlier, a plugin for ...)
+	TODO: check
+CVE-2003-1380 (Directory traversal vulnerability in BisonFTP Server 4 release 2 ...)
+	TODO: check
+CVE-2003-1379 (clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to ...)
+	TODO: check
+CVE-2003-1378 (Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone ...)
+	TODO: check
+CVE-2003-1377 (Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) ...)
+	TODO: check
+CVE-2003-1376 (WinZip 8.0 uses weak random number generation for password protected ...)
+	TODO: check
+CVE-2003-1375 (Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local ...)
+	TODO: check
+CVE-2003-1374 (Buffer overflow in disable of HP-UX 11.0 may allow local users to ...)
+	TODO: check
+CVE-2002-2306 (Sharman Networks KaZaA Media Desktop 1.7.1 allows remote attackers to ...)
+	TODO: check
 CVE-2002-2305 (SQL injection vulnerability in agentadmin.php in Immobilier allows ...)
 	NOT-FOR-US: Immobilier
 CVE-2002-2304 (SQL injection vulnerability in admin/auth/checksession.php in ...)
@@ -229,11 +361,11 @@
 	RESERVED
 CVE-2007-5474
 	RESERVED
-CVE-2007-5473
-	RESERVED
+CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when ...)
+	TODO: check
 CVE-2007-5472
 	RESERVED
-CVE-2003-1373 (Direcory traversal vulnerability in auth.php for PhpBB 1.4.0 through ...)
+CVE-2003-1373 (Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through ...)
 	- phpbb2 <not-affected> (phpbb was the vulnerable one)
 CVE-2003-1372 (Cross-site scripting (XSS) vulnerability in links.php script in ...)
 	NOT-FOR-US: myPHPNuke
@@ -647,8 +779,10 @@
 	RESERVED
 CVE-2007-5340
 	RESERVED
+	{DSA-1391-1}
 CVE-2007-5339
 	RESERVED
+	{DSA-1391-1}
 CVE-2007-5338
 	RESERVED
 CVE-2007-5337
@@ -1176,7 +1310,7 @@
 	- ruby1.9 <not-affected> (Vulnerable code no longer present)
 	- ruby1.8 <unfixed> (low; bug #444929)
 	NOTE: fix for 1.8 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504
-CVE-2007-5161 (Cross-site scripting (XSS) vulnerability in the internal browser in ...)
+CVE-2007-5161 (Cross-zone scripting vulnerability in the internal browser in ...)
 	NOT-FOR-US: Feedreader 3
 	NOTE: editor not included in native wordpress
 CVE-2007-5160 (Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche ...)
@@ -2466,8 +2600,8 @@
 	NOT-FOR-US: ACG news
 CVE-2007-4602 (SQL injection vulnerability in cms/revert-content.php in Implied by ...)
 	NOT-FOR-US: Micro-CMS
-CVE-2007-4600
-	RESERVED
+CVE-2007-4600 (The &quot;Protect Worksheet&quot; functionality in Mathsoft Mathcad 12 through ...)
+	TODO: check
 CVE-2007-4599
 	RESERVED
 CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of &quot;12345&quot; for the manager ...)
@@ -3729,6 +3863,7 @@
 CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! ...)
 	NOT-FOR-US: Yahoo! Widgets
 CVE-2007-4033 (Buffer overflow in the intT1_EnvGetCompletePath function in ...)
+	{DSA-1390-1}
 	- t1lib 5.1.0-3 (bug #439927)
 	NOTE: originally posted as a php vuln, actually in libt1
 	NOTE: http://www.securityfocus.com/bid/25079 (particularly the discussions)
@@ -4151,13 +4286,13 @@
 CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as used ...)
 	NOT-FOR-US: TortoiseSVN on Windows
 CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x ...)
-	{DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
+	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
 	- iceweasel 2.0.0.6-1 (medium)
 	- xulrunner 1.8.1.6-1 (medium)
 	- iceape 1.1.3-2 (medium)
 	- icedove <unfixed> (medium)
 CVE-2007-3844 (Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and ...)
-	{DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
+	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
 	- iceweasel 2.0.0.6-1 (medium)
 	- xulrunner 1.8.1.6-1 (medium)
 	- iceape 1.1.3-2 (medium)
@@ -4432,14 +4567,14 @@
 	- iceape 1.1.3-1 (high)
 	- xulrunner 1.8.1.5-1 (high)
 CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
-	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
 	- iceweasel 2.0.0.5-1 (high)
 	- icedove <unfixed> (low)
 	NOTE: Affects only broken setups, enabling js in Icedove is strongly not recommended
 	- iceape 1.1.3-1 (high)
 	- xulrunner 1.8.1.5-1 (high)
 CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
-	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
 	- iceweasel 2.0.0.5-1 (high)
 	- icedove 2.0.0.6-1 (high; bug #444010)
 	- iceape 1.1.3-1 (high)
@@ -5985,8 +6120,8 @@
 CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on various Linux ...)
 	{DSA-1342-1}
 	- xfs 1:1.0.4-2
-CVE-2007-3102
-	RESERVED
+CVE-2007-3102 (Unspecified vulnerability in the linux_audit_record_event function in ...)
+	TODO: check
 CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSF ...)
 	NOT-FOR-US: Apache MyFaces Tomahawk
 CVE-2007-3100 (usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before ...)
@@ -60929,7 +61064,7 @@
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2001-0104 (MDaemon Pro 3.5.1 and earlier allows local users to bypass the &quot;lock ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2001-0103 (CoffeeCup Direct and Free FTP clients useas weak encryption to store ...)
+CVE-2001-0103 (CoffeeCup Direct and Free FTP clients uses weak encryption to store ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2001-0102 (&quot;Multiple Users&quot; Control Panel in Mac OS 9 allows Normal users to gain ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker

More information about the Secure-testing-commits mailing list