Author: joeyh
Date: 2007-09-12 21:14:07 +0000 (Wed, 12 Sep 2007)
New Revision: 6601
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-09-12 16:48:48 UTC (rev 6600)
+++ data/CVE/list 2007-09-12 21:14:07 UTC (rev 6601)
@@ -1,3 +1,55 @@
+CVE-2007-4827
+ RESERVED
+CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows remote BGP peers to cause a
denial ...)
+ TODO: check
+CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier
allows ...)
+ TODO: check
+CVE-2007-4824 (Multiple cross-application scripting (XAS) vulnerabilities in
Google ...)
+ TODO: check
+CVE-2007-4823 (Multiple buffer overflows in Google Picasa have unspecified
attack ...)
+ TODO: check
+CVE-2007-4822 (Cross-site request forgery (CSRF) vulnerability in the device
...)
+ TODO: check
+CVE-2007-4821 (Buffer overflow in a certain ActiveX control in
officeviewer.ocx ...)
+ TODO: check
+CVE-2007-4820 (Absolute path traversal vulnerability in blanko.preview.php in
Sisfo ...)
+ TODO: check
+CVE-2007-4819 (Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS
0.2 ...)
+ TODO: check
+CVE-2007-4818 (Multiple PHP remote file inclusion vulnerabilities in Txx CMS
0.2 ...)
+ TODO: check
+CVE-2007-4817 (Unrestricted file upload vulnerability in the Restaurante ...)
+ TODO: check
+CVE-2007-4816 (Multiple buffer overflows in the BaoFeng2 storm ActiveX control
in ...)
+ TODO: check
+CVE-2007-4815 (Multiple PHP remote file inclusion vulnerabilities in WebED in
Markus ...)
+ TODO: check
+CVE-2007-4814 (Buffer overflow in the SQLServer ActiveX control in the
Distributed ...)
+ TODO: check
+CVE-2007-4813 (Cross-site scripting (XSS) vulnerability in Domino Blogsphere
3.01 ...)
+ TODO: check
+CVE-2007-4812 (Buffer overflow in Apple Safari 3.0.3 522.15.5 allows remote
attackers ...)
+ TODO: check
+CVE-2007-4811 (Multiple cross-site scripting (XSS) vulnerabilities in Netjuke
1.0-rc2 ...)
+ TODO: check
+CVE-2007-4810 (Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow
remote ...)
+ TODO: check
+CVE-2007-4809 (Multiple PHP remote file inclusion vulnerabilities in Online
Fantasy ...)
+ TODO: check
+CVE-2007-4808 (Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow
remote ...)
+ TODO: check
+CVE-2007-4807 (Multiple PHP remote file inclusion vulnerabilities in Focus/SIS
2.2 ...)
+ TODO: check
+CVE-2007-4806 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-4805 (Directory traversal vulnerability in getgalldata.php in
fuzzylime ...)
+ TODO: check
+CVE-2007-4804 (Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow
remote ...)
+ TODO: check
+CVE-2007-4803 (Buffer overflow in AtomixMP3 2.3 allows user-assisted remote
attackers ...)
+ TODO: check
+CVE-2007-4802 (Multiple heap-based buffer overflows in GlobalLink 2.7.0.8
allow ...)
+ TODO: check
CVE-2007-4801
RESERVED
CVE-2007-4800
@@ -104,8 +156,7 @@
RESERVED
CVE-2007-4749
RESERVED
-CVE-2007-4752 [Unsafe fallback to trusted X11 cookie in openssh]
- RESERVED
+CVE-2007-4752 (ssh in OpenSSH before 4.7 does not properly handle when an
untrusted ...)
- openssh <unfixed> (low)
[etch] - openssh <no-dsa> (minor issue in weak security measure)
[sarge] - openssh <no-dsa> (minor issue in weak security measure)
@@ -155,10 +206,9 @@
- librpcsecgss 0.14-4 (high; bug #441393)
NOTE:
http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86
NOTE: 1.6.dfsg.1-7 somehow already includes the updated version
-CVE-2007-4731
- RESERVED
-CVE-2007-4730 [xorg composite overflow]
- RESERVED
+CVE-2007-4731 (Stack-based buffer overflow in the TMregChange function in
TMReg.dll ...)
+ TODO: check
+CVE-2007-4730 (Buffer overflow in the compNewPixmap function in compalloc.c in
the ...)
{DSA-1372-1}
NOTE: XFree86 is not affected
CVE-2007-4729
@@ -337,8 +387,8 @@
NOT-FOR-US: Cisco Content Services Switch
CVE-2007-4652 (The session extension in PHP before 5.2.4 might allow local
users to ...)
- php5 <unfixed> (unimportant)
-CVE-2007-4651
- RESERVED
+CVE-2007-4651 (Unspecified vulnerability in Adobe Connect Enterprise Server 6
allows ...)
+ TODO: check
CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3
allow ...)
- gallery2 2.2.3-1
[etch] - gallery2 <unfixed> (bug #441407)
@@ -1660,6 +1710,7 @@
REJECTED
NOTE: Rediscovery / dupe of CVE-2000-1205
CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in
phpSysInfo ...)
+ {DTSA-58-1}
- phpsysinfo 2.5.1-6.1 (low; bug #435935)
- phpgroupware 0.9.16.012-1 (low; bug #435936)
- egroupware-phpsysinfo 1.2.107-2.dfsg-1.1 (low; bug #435937)
@@ -1728,7 +1779,7 @@
CVE-2007-4020 (Multiple cross-site scripting (XSS) vulnerabilities in
login.php in ...)
NOT-FOR-US: AdMan
CVE-2007-4019
- RESERVED
+ REJECTED
CVE-2007-5645
REJECTED
NOTE: duplicate of CVE-2006-5645
@@ -4064,16 +4115,16 @@
NOT-FOR-US: Meneame
CVE-2007-3041 (Unspecified vulnerability in the pdwizard.ocx ActiveX object
for ...)
NOT-FOR-US: Microsoft
-CVE-2007-3040
- RESERVED
+CVE-2007-3040 (Stack-based buffer overflow in the Agent.Control function in
Microsoft ...)
+ TODO: check
CVE-2007-3039
RESERVED
CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64
Edition ...)
NOT-FOR-US: Microsoft
CVE-2007-3037 (Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote
...)
NOT-FOR-US: Microsoft
-CVE-2007-3036
- RESERVED
+CVE-2007-3036 (Unspecified vulnerability in the (1) Windows Services for UNIX
3.0 and ...)
+ TODO: check
CVE-2007-3035 (Unspecified vulnerability in Microsoft Windows Media Player
7.1, 9, ...)
NOT-FOR-US: Microsoft
CVE-2007-3034 (Integer overflow in the AttemptWrite function in Graphics
Rendering ...)
@@ -4309,10 +4360,10 @@
NOT-FOR-US: Phil-a-Form
CVE-2007-2932 (Cross-site scripting (XSS) vulnerability in index.php in
BoastMachine ...)
NOT-FOR-US: BoastMachine
-CVE-2007-2931 (Heap-based buffer overflow in Microsoft MSN Messenger 7.x and
Live ...)
+CVE-2007-2931 (Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0,
and ...)
NOT-FOR-US: MSN Messenger
-CVE-2007-2930
- RESERVED
+CVE-2007-2930 (The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms
in ISC ...)
+ TODO: check
CVE-2007-2929 (The IBM Lenovo Access Support acpRunner ActiveX control, as ...)
NOT-FOR-US: IBM Lenovo Access Support
CVE-2007-2928 (Format string vulnerability in the IBM Lenovo Access Support
acpRunner ...)
@@ -13559,7 +13610,7 @@
NOT-FOR-US: IBM WebSphere
CVE-2006-6134 (Heap-based buffer overflow in the WMCheckURLScheme function in
...)
NOT-FOR-US: Windows Media
-CVE-2006-6133 (Stack-based buffer overflow in Business Objects Crystal Reports
XI ...)
+CVE-2006-6133 (Stack-based buffer overflow in Visual Studio Crystal Reports
for ...)
NOT-FOR-US: Business Objects Crystal Reports
CVE-2006-6132 (Multiple SQL injection vulnerabilities in Link Exchange Lite
allow ...)
NOT-FOR-US: Link Exchange Lite
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
