[Secure-testing-commits] r6646 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Sep 19 21:14:09 UTC 2007
Author: joeyh
Date: 2007-09-19 21:14:09 +0000 (Wed, 19 Sep 2007)
New Revision: 6646
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-09-19 20:26:42 UTC (rev 6645)
+++ data/CVE/list 2007-09-19 21:14:09 UTC (rev 6646)
@@ -1,3 +1,99 @@
+CVE-2007-4972 (RegMon 7.04 does not properly validate certain parameters to System ...)
+ TODO: check
+CVE-2007-4971 (ProSecurity 1.40 Beta 2 does not properly validate certain parameters ...)
+ TODO: check
+CVE-2007-4970 (ProcessGuard 3.410 does not properly validate certain parameters to ...)
+ TODO: check
+CVE-2007-4969 (Process Monitor 1.22 does not properly validate certain parameters to ...)
+ TODO: check
+CVE-2007-4968 (Privatefirewall 5.0.14.2 does not properly validate certain parameters ...)
+ TODO: check
+CVE-2007-4967 (Online Armor Personal Firewall 2.0.1.215 does not properly validate ...)
+ TODO: check
+CVE-2007-4966 (SQL injection vulnerability in www/people/editprofile.php in GForge ...)
+ TODO: check
+CVE-2007-4965 (Multiple integer overflows in the imageop module in Python 2.5.1 and ...)
+ TODO: check
+CVE-2007-4964 (WinImage 8.10 and earlier allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2007-4963 (Visual truncation vulnerability in WinImage 8.10 and earlier allows ...)
+ TODO: check
+CVE-2007-4962 (Directory traversal vulnerability in WinImage 8.10 and earlier allows ...)
+ TODO: check
+CVE-2007-4961 (The login_to_simulator method in Linden Lab Second Life, as used by ...)
+ TODO: check
+CVE-2007-4960 (Argument injection vulnerability in the Linden Lab Second Life ...)
+ TODO: check
+CVE-2007-4959 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2007-4958 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery ...)
+ TODO: check
+CVE-2007-4957 (Multiple directory traversal vulnerabilities in download.php in Chupix ...)
+ TODO: check
+CVE-2007-4956 (Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote ...)
+ TODO: check
+CVE-2007-4955 (PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in ...)
+ TODO: check
+CVE-2007-4954 (PHP remote file inclusion vulnerability in admin.joom12pic.php in the ...)
+ TODO: check
+CVE-2007-4953 (SQL injection vulnerability in index.php in SimpCMS allows remote ...)
+ TODO: check
+CVE-2007-4952 (SQL injection vulnerability in article.php in OmniStar Article Manager ...)
+ TODO: check
+CVE-2007-4951 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-4950 (** DISPUTED ** PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-4949 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-4948 (Multiple PHP remote file inclusion vulnerabilities in Webmedia ...)
+ TODO: check
+CVE-2007-4947 (Multiple PHP remote file inclusion vulnerabilities in myphpPagetool ...)
+ TODO: check
+CVE-2007-4946 (LetterGrade allows remote attackers to obtain sensitive information ...)
+ TODO: check
+CVE-2007-4945 (Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade ...)
+ TODO: check
+CVE-2007-4944 (The canvas.createPattern function in Opera 9.x before 9.22 for Linux, ...)
+ TODO: check
+CVE-2007-4943 (Multiple buffer overflows in a certain ActiveX control in sparser.dll ...)
+ TODO: check
+CVE-2007-4942 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-4941 (KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a ...)
+ TODO: check
+CVE-2007-4940 (Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and ...)
+ TODO: check
+CVE-2007-4939 (Heap-based buffer overflow in mplayerc.exe in Media Player Classic ...)
+ TODO: check
+CVE-2007-4938 (Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 ...)
+ TODO: check
+CVE-2007-4937 (CS Guestbook stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2007-4936 (Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has ...)
+ TODO: check
+CVE-2007-4935 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 ...)
+ TODO: check
+CVE-2007-4934 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 ...)
+ TODO: check
+CVE-2007-4933 (Direct static code injection vulnerability in ...)
+ TODO: check
+CVE-2007-4932 (admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the ...)
+ TODO: check
+CVE-2007-4931 (HP System Management Homepage (SMH) for Windows, when used in ...)
+ TODO: check
+CVE-2007-4930 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...)
+ TODO: check
+CVE-2007-4929 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W ...)
+ TODO: check
+CVE-2007-4928 (The AXIS 207W camera stores a WEP or WPA key in cleartext in the ...)
+ TODO: check
+CVE-2007-4927 (axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote ...)
+ TODO: check
+CVE-2007-4926 (The AXIS 207W camera uses a base64-encoded cleartext username and ...)
+ TODO: check
+CVE-2007-4925 (The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment ...)
+ TODO: check
CVE-2007-4924
RESERVED
CVE-2007-4923 (PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in ...)
@@ -381,10 +477,10 @@
- alien-arena 6.05-4.1 (medium; bug #442075)
CVE-2007-4753 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote ...)
NOT-FOR-US: Thomson ST 2030 SIP phone
-CVE-2007-4751
- RESERVED
-CVE-2007-4750
- RESERVED
+CVE-2007-4751 (RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in ...)
+ TODO: check
+CVE-2007-4750 (Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 ...)
+ TODO: check
CVE-2007-4749 (The cmdjob utility in Autodesk Backburner 3.0.2 allows remote ...)
NOT-FOR-US: Autodesk Backburner
CVE-2007-4752 (ssh in OpenSSH before 4.7 does not properly handle when an untrusted ...)
@@ -1756,8 +1852,7 @@
- samba 3.0.26-1
[etch] - samba <not-affected> (Vulnerable code was introduced in 3.0.25)
[sarge] - samba <not-affected> (Vulnerable code was introduced in 3.0.25)
-CVE-2007-4137 [buffer overflow in QUtf8Decoder]
- RESERVED
+CVE-2007-4137 (Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech ...)
- qt-x11-free 3:3.3.7-8 (medium; bug #442780)
- qt4-x11 <not-affected> (Not exploitable according to upstream)
CVE-2007-4136
@@ -4426,8 +4521,8 @@
NOT-FOR-US: Fujitsu-Siemens
CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens ...)
NOT-FOR-US: Fujitsu-Siemens
-CVE-2007-3010
- RESERVED
+CVE-2007-3010 (masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX ...)
+ TODO: check
CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent function in ...)
NOT-FOR-US: Mbedthis AppWeb
CVE-2007-3008 (Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has ...)
@@ -4861,8 +4956,7 @@
CVE-2007-2835 (Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) ...)
{DSA-1328-1}
- unicon 3.0.4-12 (bug #431336)
-CVE-2007-2834 [OO TIFF heap overflow]
- RESERVED
+CVE-2007-2834 (Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3 ...)
- openoffice.org 2.2.1-9 (medium)
CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of service ...)
{DSA-1316-1}
@@ -7085,8 +7179,8 @@
NOT-FOR-US: IrfanView
CVE-2007-1866 (Stack-based buffer overflow in the dns_decode_reverse_name function in ...)
NOT-FOR-US: dproxy-nexgen
-CVE-2007-1865
- RESERVED
+CVE-2007-1865 (** DISPUTED ** ...)
+ TODO: check
CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ...)
{DSA-1331-1 DSA-1330-1}
- php4 <unfixed>
@@ -9501,8 +9595,8 @@
- xen-3.0 <unfixed> (bug #436250; medium)
NOTE: Fedora disabled the VNC access to the Qemu monitor
NOTE: An adjusted patch has been sent to the debian bugreport
-CVE-2007-0997
- RESERVED
+CVE-2007-0997 (Race condition in the tee (sys_tee) system call in the Linux kernel ...)
+ TODO: check
CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before ...)
{DSA-1336-1}
NOTE: MFSA-2007-02
@@ -11250,8 +11344,8 @@
NOT-FOR-US: Macrovision
CVE-2007-0327
RESERVED
-CVE-2007-0326
- RESERVED
+CVE-2007-0326 (Multiple stack-based buffer overflows in the PhotoChannel Networks PNI ...)
+ TODO: check
CVE-2007-0325 (Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment ...)
NOT-FOR-US: Trend Micro OfficeScan
CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in ...)
@@ -12643,8 +12737,8 @@
CVE-2007-0005 (Multiple buffer overflows in the (1) read and (2) write handlers in ...)
{DSA-1286-1}
- linux-2.6 2.6.20-1
-CVE-2007-0004
- RESERVED
+CVE-2007-0004 (The NFS client implementation in the kernel in Red Hat Enterprise ...)
+ TODO: check
CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers ...)
- pam <not-affected> (Only pam 0.99.7 affected)
CVE-2007-0002 (Multiple heap-based buffer overflows in WordPerfect Document ...)
More information about the Secure-testing-commits
mailing list