Author: joeyh
Date: 2007-06-12 21:14:09 +0000 (Tue, 12 Jun 2007)
New Revision: 5996
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-06-12 19:05:03 UTC (rev 5995)
+++ data/CVE/list 2007-06-12 21:14:09 UTC (rev 5996)
@@ -1,3 +1,121 @@
+CVE-2007-3183
+ RESERVED
+CVE-2007-3182
+ RESERVED
+CVE-2007-3181
+ RESERVED
+CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP
systems ...)
+ TODO: check
+CVE-2007-3179 (Multiple SQL injection vulnerabilities in archives.php in
Particle ...)
+ TODO: check
+CVE-2007-3178 (Multiple SQL injection vulnerabilities in Zindizayn Okul Web
Sistemi ...)
+ TODO: check
+CVE-2007-3177 (Ingate Firewall and SIParator before 4.5.2 allow remote
attackers to ...)
+ TODO: check
+CVE-2007-3176 (Unspecified vulnerability in Ingate Firewall and SIParator
before ...)
+ TODO: check
+CVE-2007-3175 (Multiple SQL injection vulnerabilities in W2B Online Banking
allow ...)
+ TODO: check
+CVE-2007-3174 (Cross-site scripting (XSS) vulnerability in auth.w2b in W2B
Online ...)
+ TODO: check
+CVE-2007-3173 (Almnzm allows remote attackers to obtain sensitive information
via an ...)
+ TODO: check
+CVE-2007-3172 (Directory traversal vulnerability in demo/pop3/error.php in
Uebimiau ...)
+ TODO: check
+CVE-2007-3171 (Uebimiau Webmail allows remote attackers to obtain sensitive
...)
+ TODO: check
+CVE-2007-3170 (Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau
...)
+ TODO: check
+CVE-2007-3169 (Buffer overflow in a certain ActiveX control in the EDraw
Office ...)
+ TODO: check
+CVE-2007-3168 (A certain ActiveX control in the EDraw Office Viewer Component
...)
+ TODO: check
+CVE-2007-3167 (Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX
control ...)
+ TODO: check
+CVE-2007-3166 (Buffer overflow in Qualcomm Eudora 7.1.0.9 allows
user-assisted, ...)
+ TODO: check
+CVE-2007-3165 (Tor before 0.1.2.14 can construct circuits in which an entry
guard is ...)
+ TODO: check
+CVE-2007-3164 (Microsoft Internet Explorer 7, when prompting for HTTP Basic
...)
+ TODO: check
+CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in
Frederico ...)
+ TODO: check
+CVE-2007-3162 (Buffer overflow in the NotSafe function in the idaiehlp ActiveX
...)
+ TODO: check
+CVE-2007-3161 (Buffer overflow in Ace-FTP Client 1.24a allows user-assisted,
remote ...)
+ TODO: check
+CVE-2007-3160 (PHP remote file inclusion vulnerability in admin/header.php in
PHP ...)
+ TODO: check
+CVE-2007-3159 (http.c in MiniWeb Http Server 0.8.x allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2007-3158 (download_script.asp in ASP Folder Gallery allows remote
attackers to ...)
+ TODO: check
+CVE-2007-3157 (IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0
Build ...)
+ TODO: check
+CVE-2007-3156 (Multiple cross-site scripting (XSS) vulnerabilities in
pam_login.cgi ...)
+ TODO: check
+CVE-2007-3155 (Unspecified vulnerability in eGroupWare before 1.2.107-2 has
unknown ...)
+ TODO: check
+CVE-2007-3154 (Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka ...)
+ TODO: check
+CVE-2007-3153 (The ares_init:randomize_key function in c-ares, on platforms
other ...)
+ TODO: check
+CVE-2007-3152 (c-ares before 1.4.0 uses a predictable seed for the random
number ...)
+ TODO: check
+CVE-2007-3151 (rpttop.htm in the web management interface in Packeteer
PacketShaper ...)
+ TODO: check
+CVE-2007-3150 (Google Desktop allows user-assisted remote attackers to execute
...)
+ TODO: check
+CVE-2007-3149 (sudo, when linked with MIT Kerberos 5 (krb5), does not properly
check ...)
+ TODO: check
+CVE-2007-3148 (Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in
...)
+ TODO: check
+CVE-2007-3147 (Buffer overflow in the Yahoo! Webcam Upload ActiveX control in
...)
+ TODO: check
+CVE-2007-3146 (Zen Help Desk 2.1 stores sensitive information under the web
root with ...)
+ TODO: check
+CVE-2007-3145 (Visual truncation vulnerability in Galeon 2.0.1 allows remote
...)
+ TODO: check
+CVE-2007-3144 (Visual truncation vulnerability in Mozilla 1.7.12 allows remote
...)
+ TODO: check
+CVE-2007-3143 (Visual truncation vulnerability in Konqueror 3.5.5 allows
remote ...)
+ TODO: check
+CVE-2007-3142 (Visual truncation vulnerability in Opera 9.21 allows remote
attackers ...)
+ TODO: check
+CVE-2007-3141 (PHP remote file inclusion vulnerability in core/editor.php in
...)
+ TODO: check
+CVE-2007-3140 (SQL injection vulnerability in xmlrpc.php in WordPress 2.2
allows ...)
+ TODO: check
+CVE-2007-3139 (config/general.php in Quick.Cart 2.2 and earlier uses a default
...)
+ TODO: check
+CVE-2007-3138 (Directory traversal vulnerability in index.php in Open Solution
...)
+ TODO: check
+CVE-2007-3137 (Multiple cross-site scripting (XSS) vulnerabilities in
4print.asp in ...)
+ TODO: check
+CVE-2007-3136 (PHP remote file inclusion vulnerability in inc/nuke_include.php
in ...)
+ TODO: check
+CVE-2007-3135 (Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php
in Atom ...)
+ TODO: check
+CVE-2007-3134 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2007-3133 (SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket
0.1 ...)
+ TODO: check
+CVE-2007-3132 (Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0
and ...)
+ TODO: check
+CVE-2007-3131 (Cross-site scripting (XSS) vulnerability in add_comment.php in
Light ...)
+ TODO: check
+CVE-2007-3130 (Multiple PHP remote file inclusion vulnerabilities in the
OpenWiki ...)
+ TODO: check
+CVE-2005-4845 (The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the
1.4.2_03 and ...)
+ TODO: check
+CVE-2005-4844 (The CLSID_ApprenticeICW control allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2005-4843 (The SmartConnect Class control allows remote attackers to cause
a ...)
+ TODO: check
+CVE-2005-4842 (The System Monitor Source Properties control allows remote
attackers ...)
+ TODO: check
+CVE-2005-4841 (The Outlook Progress Ctl control allows remote attackers to
cause a ...)
+ TODO: check
CVE-2007-XXXX [jffnms multiple issues]
- jffnms 0.8.3dfsg.1-4
CVE-2007-3129
@@ -204,8 +322,8 @@
RESERVED
CVE-2007-3028
RESERVED
-CVE-2007-3027
- RESERVED
+CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7
allows ...)
+ TODO: check
CVE-2007-3026
RESERVED
CVE-2007-3025 (Unspecified vulnerability in libclamav/phishcheck.c in ClamAV
before ...)
@@ -430,8 +548,8 @@
RESERVED
CVE-2007-2921
RESERVED
-CVE-2007-2920
- RESERVED
+CVE-2007-2920 (Multiple stack-based buffer overflows in the Zoomify Viewer
ActiveX ...)
+ TODO: check
CVE-2007-2919 (Multiple stack-based buffer overflows in the FViewerLoading
ActiveX ...)
TODO: check
CVE-2007-2918 (Multiple stack-based buffer overflows in ActiveX controls (1)
VibeC in ...)
@@ -518,14 +636,14 @@
- linux-2.6 2.6.21-3
CVE-2007-2877 (Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before
8.5a6 ...)
NOTE: Not a security issue; Windows-only anyway.
-CVE-2007-2876
- RESERVED
-CVE-2007-2875
- RESERVED
+CVE-2007-2876 (The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2)
...)
+ TODO: check
+CVE-2007-2875 (Integer underflow in the cpuset_tasks_read function in the
Linux ...)
+ TODO: check
CVE-2007-2874
RESERVED
-CVE-2007-2873
- RESERVED
+CVE-2007-2873 (SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when
running as ...)
+ TODO: check
CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5
before ...)
- php5 <unfixed>
NOTE: Fix from 5.2.3 was ineffective
@@ -738,8 +856,8 @@
CVE-2007-2797 [xterm world-writable tty]
RESERVED
- xterm <not-affected> (Debian uses safe compile-time settings)
-CVE-2007-2796
- RESERVED
+CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial
of ...)
+ TODO: check
CVE-2007-2795
RESERVED
CVE-2007-2794
@@ -1470,8 +1588,8 @@
NOT-FOR-US: Parallels
CVE-2007-2454 (Heap-based buffer overflow in the VGA device in Parallels
allows local ...)
NOT-FOR-US: Parallels
-CVE-2007-2453
- RESERVED
+CVE-2007-2453 (The random number feature in Linux kernel 2.6 before 2.6.20.13,
and ...)
+ TODO: check
CVE-2007-2452 (Heap-based buffer overflow in the visit_old_format function in
...)
- findutils 4.2.31-1 (low; bug #426862)
CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in
GEODE-AES ...)
@@ -1996,8 +2114,8 @@
[sarge] - dovecot <not-affected> (Vulnerable code not present)
CVE-2007-2230 (SQL injection vulnerability in CA Clever Path Portal allows
remote ...)
NOT-FOR-US: CA Clever Path
-CVE-2007-2229
- RESERVED
+CVE-2007-2229 (Microsoft Windows Vista uses insecure default permissions for
...)
+ TODO: check
CVE-2007-2228
RESERVED
CVE-2007-2227
@@ -2010,16 +2128,16 @@
RESERVED
CVE-2007-2223
RESERVED
-CVE-2007-2222
- RESERVED
+CVE-2007-2222 (Multiple unspecified vulnerabilities in speech control ActiveX
...)
+ TODO: check
CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in
Microsoft ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2220
RESERVED
-CVE-2007-2219
- RESERVED
-CVE-2007-2218
- RESERVED
+CVE-2007-2219 (Unspecified vulnerability in the Win32 API on Microsoft Windows
2000, ...)
+ TODO: check
+CVE-2007-2218 (Unspecified vulnerability in the Windows Schannel Security
Package for ...)
+ TODO: check
CVE-2007-2217
RESERVED
CVE-2007-2216
@@ -3071,12 +3189,12 @@
RESERVED
CVE-2007-1753
RESERVED
-CVE-2007-1752
- RESERVED
-CVE-2007-1751
- RESERVED
-CVE-2007-1750
- RESERVED
+CVE-2007-1752 (Microsoft Internet Explorer 7 allows remote attackers to spoof
web ...)
+ TODO: check
+CVE-2007-1751 (Microsoft Internet Explorer 5.01, 6, and 7 allows remote
attackers to ...)
+ TODO: check
+CVE-2007-1750 (Unspecified vulnerability in Microsoft Internet Explorer 6
allows ...)
+ TODO: check
CVE-2007-1749
RESERVED
CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain
Name ...)
@@ -3228,8 +3346,8 @@
NOT-FOR-US: iPIX Image Well ActiveX control
CVE-2007-1686
RESERVED
-CVE-2007-1685
- RESERVED
+CVE-2007-1685 (Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection
3.2.36, ...)
+ TODO: check
CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in
...)
NOT-FOR-US: sldimdownload ActiveX control
CVE-2007-1683 (Stack-based buffer overflow in the DoWebMenuAction function in
the ...)
@@ -5305,12 +5423,12 @@
NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0937
RESERVED
-CVE-2007-0936
- RESERVED
+CVE-2007-0936 (Multiple unspecified vulnerabilities in Microsoft Visio 2002
allow ...)
+ TODO: check
CVE-2007-0935
RESERVED
-CVE-2007-0934
- RESERVED
+CVE-2007-0934 (Unspecified vulnerability in Microsoft Visio 2002 allows remote
...)
+ TODO: check
CVE-2007-0933 (Buffer overflow in the wireless driver 6.0.0.18 for D-Link
DWL-G650+ ...)
TODO: check
CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and
(2) ...)
@@ -7082,6 +7200,7 @@
- gforge-plugin-scmcvs 4.5.14-6
CVE-2007-0245
RESERVED
+ {DSA-1307-1}
CVE-2007-0244 (pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd)
before ...)
{DSA-1288-1}
- pptpd 1.3.4-1
@@ -7152,8 +7271,8 @@
NOT-FOR-US: Microsoft
CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM
objects ...)
NOT-FOR-US: Microsoft
-CVE-2007-0218
- RESERVED
+CVE-2007-0218 (Microsoft Internet Explorer 5.01 and 6 allows remote attackers
to ...)
+ TODO: check
CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer
5.01 ...)
NOT-FOR-US: Microsoft
CVE-2007-0216
@@ -11275,7 +11394,7 @@
NOT-FOR-US: Oracle
CVE-2006-5331
RESERVED
-CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin
9.0.16 for ...)
+CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin
9.0.16 and ...)
- flashplugin-nonfree 9.0.31.0.1 (bug #402822; medium)
NOTE: It is not clear if this is already fix in 9.0.21.78.X (previous
version)
NOTE: or not but it's fix in 9.0.31.0.1 for sure.
@@ -14330,8 +14449,8 @@
NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3975 (Unspecified vulnerability in CA eTrust Antivirus WebScan allows
remote ...)
NOT-FOR-US: CA eTrust Antivirus WebScan
-CVE-2006-3974
- RESERVED
+CVE-2006-3974 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin in
3Com ...)
+ TODO: check
CVE-2006-3973 (My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe
is ...)
NOT-FOR-US: My Firewall Plus
CVE-2006-3972 (Directory traversal vulnerability in ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
