Author: joeyh
Date: 2007-08-15 09:14:07 +0000 (Wed, 15 Aug 2007)
New Revision: 6311
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-08-14 22:35:04 UTC (rev 6310)
+++ data/CVE/list 2007-08-15 09:14:07 UTC (rev 6311)
@@ -1,7 +1,184 @@
+CVE-2007-4352
+ RESERVED
+CVE-2007-4351
+ RESERVED
+CVE-2007-4350
+ RESERVED
+CVE-2007-4349
+ RESERVED
+CVE-2007-4348
+ RESERVED
+CVE-2007-4347
+ RESERVED
+CVE-2007-4346
+ RESERVED
+CVE-2007-4345
+ RESERVED
+CVE-2007-4344
+ RESERVED
+CVE-2007-4343
+ RESERVED
+CVE-2007-4342 (PHP remote file inclusion vulnerability in include.php in
PHPCentral ...)
+ TODO: check
+CVE-2007-4341 (PHP remote file inclusion vulnerability in
adm/my_statistics.php in ...)
+ TODO: check
+CVE-2007-4340 (PHP remote file inclusion vulnerability in index.php in phpDVD
1.0.4 ...)
+ TODO: check
+CVE-2007-4339 (Multiple PHP remote file inclusion vulnerabilities in
PHPCentral Poll ...)
+ TODO: check
+CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) 0.6
and ...)
+ TODO: check
+CVE-2007-4337 (Buffer overflow in the httplib_parse_sc_header function in
lib/http.c ...)
+ TODO: check
+CVE-2007-4336 (Buffer overflow in the Live Picture Corporation ...)
+ TODO: check
+CVE-2007-4335 (Format string vulnerability in the SMTP server component in
Qbik ...)
+ TODO: check
+CVE-2007-4334 (Cross-site scripting (XSS) vulnerability in whois.php in
Php-stats ...)
+ TODO: check
+CVE-2007-4333 (Multiple cross-site scripting (XSS) vulnerabilities in
signup.php in ...)
+ TODO: check
+CVE-2007-4332 (SQL injection vulnerability in article.php in Article
Dashboard, when ...)
+ TODO: check
+CVE-2007-4331 (PHP remote file inclusion vulnerability in index.php in FindNix
allows ...)
+ TODO: check
+CVE-2007-4330 (PHP remote file inclusion vulnerability in shoutbox.php in
Shoutbox ...)
+ TODO: check
+CVE-2007-4329 (Multiple PHP remote file inclusion vulnerabilities in Web News
1.1 ...)
+ TODO: check
+CVE-2007-4328 (Multiple PHP remote file inclusion vulnerabilities in Mapos
Bilder ...)
+ TODO: check
+CVE-2007-4327 (Multiple PHP remote file inclusion vulnerabilities in File
Uploader ...)
+ TODO: check
+CVE-2007-4326 (Multiple PHP remote file inclusion vulnerabilities in Bilder
Uploader ...)
+ TODO: check
+CVE-2007-4325 (PHP remote file inclusion vulnerability in index.php in
Gaestebuch 1.5 ...)
+ TODO: check
+CVE-2007-4324 (ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0 allows
remote ...)
+ TODO: check
+CVE-2007-4323 (DenyHosts 2.6 does not properly parse sshd log files, which
allows ...)
+ TODO: check
+CVE-2007-4322 (BlockHosts before 2.0.4 does not properly parse (1) sshd and
(2) ...)
+ TODO: check
+CVE-2007-4321 (fail2ban 0.8 and earlier does not properly parse sshd log
files, which ...)
+ TODO: check
+CVE-2007-4320 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-4319 (The management interface in ZyNOS firmware 3.62(WK.6) on the
Zyxel ...)
+ TODO: check
+CVE-2007-4318 (Cross-site scripting (XSS) vulnerability in Forms/General_1 in
the ...)
+ TODO: check
+CVE-2007-4317 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
+CVE-2007-4316 (The management interface in ZyNOS firmware 3.62(WK.6) on the
Zyxel ...)
+ TODO: check
+CVE-2007-4315 (The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista
allows ...)
+ TODO: check
+CVE-2007-4314 (pixlie.php in Pixlie 1.7 allows remote attackers to trigger the
...)
+ TODO: check
+CVE-2007-4313 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-4312 (SQL injection vulnerability in index.php in Php Blue Dragon CMS
3.0.0 ...)
+ TODO: check
+CVE-2007-4311 (The xfer_secondary_pool function in drivers/char/random.c in
the Linux ...)
+ TODO: check
+CVE-2007-4310 (The finger daemon (in.fingerd) in Sun Solaris 7 through 9
allows ...)
+ TODO: check
+CVE-2007-4309 (IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote
...)
+ TODO: check
+CVE-2007-4308 (The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the
SCSI ...)
+ TODO: check
+CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in
Storesprite 7 ...)
+ TODO: check
+CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
+ TODO: check
+CVE-2007-4305 (Multiple race conditions in the (1) Sudo monitor mode and (2)
Sysjail ...)
+ TODO: check
+CVE-2007-4304 (CerbNG for FreeBSD 4.8 does not properly implement VM
protection when ...)
+ TODO: check
+CVE-2007-4303 (Multiple race conditions in (1) certain rules and (2) argument
copying ...)
+ TODO: check
+CVE-2007-4302 (Multiple race conditions in certain system call wrappers in
Generic ...)
+ TODO: check
+CVE-2007-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the
management ...)
+ TODO: check
+CVE-2007-4300
+ RESERVED
+CVE-2007-4299
+ RESERVED
+CVE-2007-4298
+ RESERVED
+CVE-2007-4297 (Multiple cross-site scripting (XSS) vulnerabilities in
yorumkaydet.asp ...)
+ TODO: check
+CVE-2007-4296 (Unspecified vulnerability in assp.pl in Anti-Spam SMTP Proxy
Server ...)
+ TODO: check
+CVE-2007-4295 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows
remote ...)
+ TODO: check
+CVE-2007-4294 (Unspecified vulnerability in Cisco Unified Communications
Manager ...)
+ TODO: check
+CVE-2007-4293 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a
denial ...)
+ TODO: check
+CVE-2007-4292 (Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow
remote ...)
+ TODO: check
+CVE-2007-4291 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a
denial ...)
+ TODO: check
+CVE-2007-4290 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-4289 (Sun Java System Portal Server 7.0 does not properly process
XSLT ...)
+ TODO: check
+CVE-2007-4288 (Microsoft Windows Media Player 11 (wmplayer.exe) allows
user-assisted ...)
+ TODO: check
+CVE-2007-4287 (PHP remote file inclusion vulnerability in
fc_functions/fc_example.php ...)
+ TODO: check
+CVE-2007-4286 (Buffer overflow in the Next Hop Resolution Protocol (NHRP) ...)
+ TODO: check
+CVE-2007-4285 (Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up
to ...)
+ TODO: check
+CVE-2007-4284 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco
Unified ...)
+ TODO: check
+CVE-2007-4283 (PHP remote file inclusion vulnerability in
bridge/yabbse.inc.php in ...)
+ TODO: check
+CVE-2007-4282 (The "Extended properties for entries"
(entryproperties) plugin in ...)
+ TODO: check
+CVE-2007-4281 (Cross-site scripting (XSS) vulnerability in KnowledgeTree Open
Source ...)
+ TODO: check
+CVE-2007-4279 (PHP remote file inclusion vulnerability in config.php in ...)
+ TODO: check
+CVE-2007-4278
+ RESERVED
+CVE-2007-4277
+ RESERVED
+CVE-2007-4276
+ RESERVED
+CVE-2007-4275
+ RESERVED
+CVE-2007-4274
+ REJECTED
+ TODO: check
+CVE-2007-4273
+ RESERVED
+CVE-2007-4272
+ RESERVED
+CVE-2007-4271
+ RESERVED
+CVE-2007-4270
+ RESERVED
+CVE-2007-4269
+ RESERVED
+CVE-2007-4268
+ RESERVED
+CVE-2007-4267
+ RESERVED
+CVE-2007-4266
+ RESERVED
+CVE-2007-4265 (Multiple cross-site scripting (XSS) vulnerabilities in
VisionProject ...)
+ TODO: check
+CVE-2007-4264 (Multiple cross-site scripting (XSS) vulnerabilities in
index.php in ...)
+ TODO: check
CVE-2007-XXXX [serendipity issue in Extended properties for entries plugin]
- serendipity 1.1.4-1
[etch] - serendipity <not-affected> (introduced in 1.1.x)
-CVE-2007-4280 [asterisk remote DoS]
+CVE-2007-4280 (The Skinny channel driver (chan_skinny) in Asterisk Open Source
before ...)
- asterisk 1:1.4.10~dfsg-1
NOTE: http://ftp.digium.com/pub/asa/ASA-2007-019.html
[sarge] - asterisk <not-affected> (not affected according to advisory)
@@ -37,7 +214,7 @@
CVE-2007-4251 (OpenOffice.org (OOo) 2.2 does not properly handle files with
multiple ...)
- openoffice.org (unimportant)
NOTE: Only a crasher with malformed documents
-CVE-2007-4250 (The isChecked function in Toolbar.DLL in Advanced Searchbar
allows ...)
+CVE-2007-4250 (The isChecked function in Toolbar.DLL in Advanced Searchbar
before ...)
NOT-FOR-US: Advanced Searchbar
CVE-2007-4249 (The isChecked function in Toolbar.DLL in the ExportNation
toolbar for ...)
NOT-FOR-US: ExportNation toolbar
@@ -778,10 +955,10 @@
RESERVED
CVE-2007-3892
RESERVED
-CVE-2007-3891
- RESERVED
-CVE-2007-3890
- RESERVED
+CVE-2007-3891 (Unspecified vulnerability in Windows Vista Weather Gadgets in
Windows ...)
+ TODO: check
+CVE-2007-3890 (Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003
SP2, ...)
+ TODO: check
CVE-2007-3889 (Multiple SQL injection vulnerabilities in Insanely Simple Blog
0.5 and ...)
NOT-FOR-US: Insanely Simple Blog
CVE-2007-3888 (Multiple cross-site scripting (XSS) vulnerabilities in Insanely
Simple ...)
@@ -816,8 +993,8 @@
RESERVED
CVE-2007-3873
RESERVED
-CVE-2007-3872
- RESERVED
+CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace
Service ...)
+ TODO: check
CVE-2007-3871
RESERVED
CVE-2006-7221 (Multiple off-by-one errors in fsplib.c in fsplib before 0.8
allow ...)
@@ -862,16 +1039,16 @@
NOT-FOR-US: Oracle
CVE-2007-3853 (Multiple unspecified vulnerabilities in Oracle Database
10.1.0.5 and ...)
NOT-FOR-US: Oracle
-CVE-2007-3852
- RESERVED
-CVE-2007-3851
- RESERVED
+CVE-2007-3852 (The init script (sysstat.in) in sysstat creates
/tmp/sysstat.run ...)
+ TODO: check
+CVE-2007-3851 (The drm/i915 component in the Linux kernel before 2.6.22.2,
when used ...)
+ TODO: check
CVE-2007-3850
RESERVED
CVE-2007-3849
RESERVED
-CVE-2007-3848
- RESERVED
+CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to
send ...)
+ TODO: check
CVE-2007-3847
RESERVED
CVE-2007-3846
@@ -888,8 +1065,8 @@
- xulrunner 1.8.1.6-1 (medium)
- iceape 1.1.3-2 (medium)
- icedove <unfixed> (medium)
-CVE-2007-3843
- RESERVED
+CVE-2007-3843 (The Linux kernel before 2.6.23-rc1 checks the wrong global
variable ...)
+ TODO: check
CVE-2007-3842 (Cross-site scripting (XSS) vulnerability in the 8e6 R3000
Enterprise ...)
NOT-FOR-US: 8e6 R3000 Enterprise Filter
CVE-2007-3841 (Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for
Linux ...)
@@ -1111,7 +1288,7 @@
NOT-FOR-US: Apple Mac OS X
CVE-2007-3745 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and
10.4.10 ...)
NOT-FOR-US: Apple Mac OS X
-CVE-2007-3744 (Buffer overflow in the UPnP IGD (Internet Gateway Device
Standardized ...)
+CVE-2007-3744 (Heap-based buffer overflow in the UPnP IGD (Internet Gateway
Device ...)
TODO: check
CVE-2007-3743 (Stack-based buffer overflow in bookmark handling in Apple
Safari 3 ...)
TODO: check
@@ -1955,18 +2132,18 @@
- libextractor 0.5.12-1
NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus
marking as fixed
TODO: check ipe (only small parts, but with renamed source files:
ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp)
-CVE-2007-3386
- RESERVED
-CVE-2007-3385
- RESERVED
+CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager
Servlet ...)
+ TODO: check
+CVE-2007-3385 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to
5.0.30, 4.1.0 ...)
+ TODO: check
CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
TODO: check
CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in
the ...)
- tomcat4 <removed> (low)
[sarge] - tomcat4 <no-dsa> (minor issue)
NOTE: affects example app in tomcat4-webapps
-CVE-2007-3382
- RESERVED
+CVE-2007-3382 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to
5.0.30, 4.1.0 ...)
+ TODO: check
CVE-2007-3381 (The GDM daemon in GNOME Display Manager (GDM) before 2.14.13,
2.16.x ...)
- gdm 2.18.4-1 (low)
[sarge] - gdm <no-dsa> (Minor issue)
@@ -2787,26 +2964,26 @@
NOT-FOR-US: Hitachi Collaboration
CVE-2007-3042 (Cross-site scripting (XSS) vulnerability in Meneame before 2
allows ...)
NOT-FOR-US: Meneame
-CVE-2007-3041
- RESERVED
+CVE-2007-3041 (Unspecified vulnerability in the pdwizard.ocx ActiveX object
for ...)
+ TODO: check
CVE-2007-3040
RESERVED
CVE-2007-3039
RESERVED
CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64
Edition ...)
NOT-FOR-US: Microsoft
-CVE-2007-3037
- RESERVED
+CVE-2007-3037 (Unspecified vulnerability in Microsoft Windows Media Player
7.1, 9, ...)
+ TODO: check
CVE-2007-3036
RESERVED
-CVE-2007-3035
- RESERVED
-CVE-2007-3034
- RESERVED
-CVE-2007-3033
- RESERVED
-CVE-2007-3032
- RESERVED
+CVE-2007-3035 (Unspecified vulnerability in Microsoft Windows Media Player
7.1, 9, ...)
+ TODO: check
+CVE-2007-3034 (Integer overflow in the AttemptWrite function in Graphics
Rendering ...)
+ TODO: check
+CVE-2007-3033 (Unspecified vulnerability in Windows Vista Feed Headlines
Gadgets in ...)
+ TODO: check
+CVE-2007-3032 (Unspecified vulnerability in Windows Vista Contacts Gadget in
Windows ...)
+ TODO: check
CVE-2007-3031
RESERVED
CVE-2007-3030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer
allows ...)
@@ -2976,10 +3153,10 @@
RESERVED
CVE-2007-2957
RESERVED
-CVE-2007-2956
- RESERVED
-CVE-2007-2955
- RESERVED
+CVE-2007-2956 (Stack-based buffer overflow in the readRadianceHeader function
in (1) ...)
+ TODO: check
+CVE-2007-2955 (Multiple unspecified "input validation error"
vulnerabilities in ...)
+ TODO: check
CVE-2007-2954
RESERVED
CVE-2007-2953 (Format string vulnerability in the helptags_one function in ...)
@@ -4681,10 +4858,10 @@
RESERVED
CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in
Windows ...)
NOT-FOR-US: Microsoft
-CVE-2007-2224
- RESERVED
-CVE-2007-2223
- RESERVED
+CVE-2007-2224 (Unspecified vulnerability in Object linking and embedding (OLE)
...)
+ TODO: check
+CVE-2007-2223 (Unspecified vulnerability in Microsoft XML Core Services
(MSXML) 3.0 ...)
+ TODO: check
CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll)
and ...)
NOT-FOR-US: Microsoft
CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in
Microsoft ...)
@@ -4697,8 +4874,8 @@
NOT-FOR-US: Microsoft
CVE-2007-2217
RESERVED
-CVE-2007-2216
- RESERVED
+CVE-2007-2216 (Unspecified vulnerability in the tblinf32.dll (aka
vstlbinf.dll) ...)
+ TODO: check
CVE-2007-2215
RESERVED
CVE-2007-2214 (Unrestricted file upload vulnerability in
includes/upload_file.php in ...)
@@ -4785,7 +4962,7 @@
NOT-FOR-US: ZoneAlarm
CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and
(2) ...)
NOT-FOR-US: Gentoo's packaging of courier
-CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 causes RTA_MAX to
be used ...)
+CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before
2.4.35 ...)
- linux-2.6 <unfixed> (medium)
CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in
...)
NOT-FOR-US: Novell GroupWise
@@ -5769,8 +5946,8 @@
NOT-FOR-US: Microsoft
CVE-2007-1750 (Unspecified vulnerability in Microsoft Internet Explorer 6
allows ...)
NOT-FOR-US: Microsoft
-CVE-2007-1749
- RESERVED
+CVE-2007-1749 (Integer underflow in the CDownloadSink class code in the Vector
Markup ...)
+ TODO: check
CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain
Name ...)
NOT-FOR-US: Microsoft Windows
CVE-2007-1747 (Unspecified vulnerability in MSO.dll in Microsoft Office 2000
SP3, ...)
@@ -7999,8 +8176,8 @@
NOT-FOR-US: Fullaspsite ASP Hosting Site
CVE-2007-0949 (Stack-based buffer overflow in iTinySoft Studio Total Video
Player ...)
NOT-FOR-US: iTinySoft
-CVE-2007-0948
- RESERVED
+CVE-2007-0948 (Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC
for Mac ...)
+ TODO: check
CVE-2007-0947 (Use-after-free vulnerability in Microsoft Internet Explorer 7
on ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0946 (Unspecified vulnerability in Microsoft Internet Explorer 7 on
Windows ...)
@@ -8009,8 +8186,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0944 (Unspecified vulnerability in the CTableCol::OnPropertyChange
method in ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2007-0943
- RESERVED
+CVE-2007-0943 (Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1
allows ...)
+ TODO: check
CVE-2007-0942 (Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1
on ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0941
@@ -11929,7 +12106,7 @@
NOT-FOR-US: Solaris
CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net
iNews (1) ...)
NOT-FOR-US: Expinion.net iNews
-CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs
file, ...)
+CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd log
files, ...)
- fail2ban <not-affected> (looks fixed in 0.6, see #401793)
CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd log files, which
allows ...)
- denyhosts 2.6-1 (medium; bug #401795)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
