Author: joeyh
Date: 2007-09-25 21:14:08 +0000 (Tue, 25 Sep 2007)
New Revision: 6707
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-09-25 21:07:13 UTC (rev 6706)
+++ data/CVE/list 2007-09-25 21:14:08 UTC (rev 6707)
@@ -1,3 +1,61 @@
+CVE-2007-5081
+ RESERVED
+CVE-2007-5080
+ RESERVED
+CVE-2007-5079 (Red Hat Enterprise Linux 4 does not properly compile and link
gdm with ...)
+ TODO: check
+CVE-2007-5078
+ RESERVED
+CVE-2007-5077
+ RESERVED
+CVE-2007-5076
+ RESERVED
+CVE-2007-5075
+ RESERVED
+CVE-2007-5074
+ RESERVED
+CVE-2007-5073
+ RESERVED
+CVE-2007-5072 (Unspecified vulnerability in Simple PHP Blog before 0.5.1 has
unknown ...)
+ TODO: check
+CVE-2007-5071 (Incomplete blacklist vulnerability in upload_img_cgi.php in
Simple PHP ...)
+ TODO: check
+CVE-2007-5070 (Heap-based buffer overflow in the EasyMailMessagePrinter
ActiveX ...)
+ TODO: check
+CVE-2007-5069 (Directory traversal vulnerability in data/compatible.php in the
Nuke ...)
+ TODO: check
+CVE-2007-5068 (SQL injection vulnerability in index.php in phpFullAnnu (PFA)
6.0 ...)
+ TODO: check
+CVE-2007-5067 (Multiple buffer overflows in iMatix Xitami Web Server 2.5c2
allow ...)
+ TODO: check
+CVE-2007-5066 (Unspecified vulnerability in Webmin before 1.370 on Windows
allows ...)
+ TODO: check
+CVE-2007-5065 (PHP remote file inclusion vulnerability in admin.slideshow1.php
in the ...)
+ TODO: check
+CVE-2007-5064 (Buffer overflow in a certain ActiveX control in Xunlei Web
Thunder ...)
+ TODO: check
+CVE-2007-5063 (Adam Scheinberg Flip 3.0 and earlier stores sensitive
information ...)
+ TODO: check
+CVE-2007-5062 (account.php in Adam Scheinberg Flip 3.0 and earlier allows
remote ...)
+ TODO: check
+CVE-2007-5061 (SQL injection vulnerability in mods/banners/navlist.php in
Clansphere ...)
+ TODO: check
+CVE-2007-5060 (Cross-site request forgery (CSRF) vulnerability in the cpass
...)
+ TODO: check
+CVE-2007-5059 (Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL
allow ...)
+ TODO: check
+CVE-2007-5058 (Cross-site scripting (XSS) vulnerability in the Monitor Web
Syslog ...)
+ TODO: check
+CVE-2007-5057 (NetSupport Manager Client before 10.20.0004 allows remote
attackers to ...)
+ TODO: check
+CVE-2007-5056 (Eval injection vulnerability in adodb-perf-module.inc.php in
ADOdb ...)
+ TODO: check
+CVE-2007-5055 (Multiple directory traversal vulnerabilities in iziContents 1
RC6 and ...)
+ TODO: check
+CVE-2007-5054 (Multiple PHP remote file inclusion vulnerabilities in
iziContents 1 ...)
+ TODO: check
+CVE-2007-5053 (Multiple incomplete blacklist vulnerabilities in iziContents 1
RC6 and ...)
+ TODO: check
CVE-2007-5052 (Multiple cross-site scripting (XSS) vulnerabilities in
index.php in ...)
NOT-FOR-US: Vigile CMS
CVE-2007-5051 (Multiple cross-site scripting (XSS) vulnerabilities in
PhpGedView ...)
@@ -165,14 +223,14 @@
RESERVED
CVE-2007-4989
RESERVED
-CVE-2007-4988
- RESERVED
-CVE-2007-4987
- RESERVED
-CVE-2007-4986
- RESERVED
-CVE-2007-4985
- RESERVED
+CVE-2007-4988 (Sign extension error in the ReadDIBImage function in
ImageMagick ...)
+ TODO: check
+CVE-2007-4987 (Off-by-one error in the ReadBlobString function in blob.c in
...)
+ TODO: check
+CVE-2007-4986 (Multiple integer overflows in ImageMagick before 6.3.5-9 allow
...)
+ TODO: check
+CVE-2007-4985 (ImageMagick before 6.3.5-9 allows context-dependent attackers
to cause ...)
+ TODO: check
CVE-2007-4984 (SQL injection vulnerability in index.php in the Ktauber.com
StylesDemo ...)
NOT-FOR-US: StylesDemo
CVE-2007-4983 (Directory traversal vulnerability in the JetAudio.Interface.1
ActiveX ...)
@@ -526,7 +584,7 @@
[etch] - mediawiki <not-affected> (Does not include the vulnerable code)
CVE-2007-4827 (Unspecified vulnerability in the Modbus/TCP Diagnostic function
in ...)
TODO: check
-CVE-2007-4826 (bgpd in Quagga before 0.99.9, when debugging is enabled, allows
remote ...)
+CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows explicitly configured BGP
peers to ...)
- quagga 0.99.9-1 (low; bug #442133)
NOTE: Upstream says that this can only be exploited by configured peers.
CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier
allows ...)
@@ -1099,8 +1157,7 @@
RESERVED
CVE-2007-4574
RESERVED
-CVE-2007-4573 [linux local privilege escalation on x86_64]
- RESERVED
+CVE-2007-4573 (The IA32 system call emulation functionality in Linux kernel
2.4.x and ...)
- linux-2.6 <unfixed> (medium)
CVE-2007-4572
RESERVED
@@ -1109,6 +1166,7 @@
CVE-2007-4570
RESERVED
CVE-2007-4569 (backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when
autologin is ...)
+ {DSA-1376-1 DTSA-60-1}
- kdebase 4:3.5.7-4
NOTE: http://www.kde.org/info/security/advisory-20070919-1.txt
CVE-2007-4568
@@ -1118,6 +1176,7 @@
CVE-2007-4566 (Multiple buffer overflows in the login mechanism in sidvault in
Alpha ...)
NOT-FOR-US: SIDVault
CVE-2007-4565 (fetchmail before 6.3.9 allows context-dependent attackers to
cause a ...)
+ {DSA-1377-2 DSA-1377-1}
- fetchmail 6.3.8-8 (bug #440006; low)
[etch] - fetchmail <no-dsa> (Hardly a security problem)
[sarge] - fetchmail <no-dsa> (Hardly a security problem)
@@ -2065,7 +2124,7 @@
- qt4-x11 <not-affected> (Not exploitable according to upstream)
CVE-2007-4136
RESERVED
-CVE-2007-4135 (Unspecified vulnerability in the NFSv4 ID mapper (nfsidmap) on
SUSE ...)
+CVE-2007-4135 (The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly
handle ...)
- libnfsidmap 0.18-0 (low; bug #442935)
NOTE: https://issues.rpath.com/browse/RPL-1731
CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before
1.5a84 ...)
@@ -4868,7 +4927,7 @@
CVE-2007-2954 (Multiple stack-based buffer overflows in the Spooler service
...)
NOT-FOR-US: Novell Client
CVE-2007-2953 (Format string vulnerability in the helptags_one function in ...)
- {DSA-1364-1}
+ {DSA-1364-2 DSA-1364-1}
- vim 1:7.1-056+1 (low)
CVE-2007-2952
RESERVED
@@ -5169,6 +5228,7 @@
{DSA-1328-1}
- unicon 3.0.4-12 (bug #431336)
CVE-2007-2834 (Integer overflow in the TIFF parser in OpenOffice.org (OOo)
before 2.3 ...)
+ {DSA-1375-1}
- openoffice.org 2.2.1-9 (medium)
CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of
service ...)
{DSA-1316-1}
@@ -5244,7 +5304,7 @@
CVE-2007-2800 (index.php in eTicket 1.5.5.1 and earlier allows remote
attackers to ...)
NOT-FOR-US: eTicket
CVE-2007-2799 (Integer overflow in the "file" program 4.20, when
running on 32-bit ...)
- {DSA-1343-1}
+ {DSA-1343-2 DSA-1343-1}
- file 4.21-1 (medium; bug #428293)
CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc
function in ...)
{DSA-1323-1}
@@ -6082,7 +6142,7 @@
CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and
earlier for ...)
NOT-FOR-US: Caucho Resin Professional
CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1)
writefile, ...)
- {DSA-1364-1}
+ {DSA-1364-2 DSA-1364-1}
- vim 1:7.1-022+1 (bug #435401; low)
[sarge] - vim <not-affected> (Vulnerable code not present)
NOTE: Exploitable through modelines, needs to be used with care in any
case
@@ -7556,6 +7616,7 @@
CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco
Trust ...)
NOT-FOR-US: Cisco
CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent
before ...)
+ {DSA-1799-1}
- ktorrent 2.1.4.dfsg.1-1 (medium; bug #432007)
CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3
allows ...)
NOT-FOR-US: IBM AIX
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
