Author: joeyh
Date: 2007-11-15 21:14:10 +0000 (Thu, 15 Nov 2007)
New Revision: 7310
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-11-15 19:41:17 UTC (rev 7309)
+++ data/CVE/list 2007-11-15 21:14:10 UTC (rev 7310)
@@ -1,3 +1,75 @@
+CVE-2007-5989
+ RESERVED
+CVE-2007-5988 (blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify
user ...)
+ TODO: check
+CVE-2007-5987 (details.php in BtiTracker before 1.4.5, when torrent viewing is
...)
+ TODO: check
+CVE-2007-5986 (SQL injection vulnerability in include/functions.php in
BtiTracker ...)
+ TODO: check
+CVE-2007-5985 (Multiple cross-site scripting (XSS) vulnerabilities in
BtiTracker ...)
+ TODO: check
+CVE-2007-5984 (classes/Url.php in Justin Hagstrom AutoIndex PHP Script before
2.2.4 ...)
+ TODO: check
+CVE-2007-5983 (Cross-site scripting (XSS) vulnerability in index.php in Justin
...)
+ TODO: check
+CVE-2007-5982 (Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat
2.0.4, ...)
+ TODO: check
+CVE-2007-5981 (Lantronix SCS3200 does not properly handle public-key requests,
which ...)
+ TODO: check
+CVE-2007-5980 (Cross-site scripting (XSS) vulnerability in home/rss.php in
eggblog ...)
+ TODO: check
+CVE-2007-5979 (Cross-site scripting (XSS) vulnerability in
download_plugin.php3 in F5 ...)
+ TODO: check
+CVE-2007-5978 (SQL injection vulnerability in brokenlink.php in the mylinks
module ...)
+ TODO: check
+CVE-2007-5977 (Cross-site scripting (XSS) vulnerability in db_create.php in
...)
+ TODO: check
+CVE-2007-5976 (SQL injection vulnerability in db_create.php in phpMyAdmin
before ...)
+ TODO: check
+CVE-2007-5975 (SQL injection vulnerability in index.php in TBSource, as used
in (1) ...)
+ TODO: check
+CVE-2007-5974 (SQL injection vulnerability in mailer.php in JPortal 2 allows
remote ...)
+ TODO: check
+CVE-2007-5973 (SQL injection vulnerability in articles.php in JPortal 2.3.1
and ...)
+ TODO: check
+CVE-2007-5972
+ RESERVED
+CVE-2007-5971
+ RESERVED
+CVE-2007-5970
+ RESERVED
+CVE-2007-5969
+ RESERVED
+CVE-2007-5968
+ RESERVED
+CVE-2007-5967
+ RESERVED
+CVE-2007-5966
+ RESERVED
+CVE-2007-5965
+ RESERVED
+CVE-2007-5964
+ RESERVED
+CVE-2007-5963
+ RESERVED
+CVE-2007-5962
+ RESERVED
+CVE-2007-5961
+ RESERVED
+CVE-2007-5960
+ RESERVED
+CVE-2007-5959
+ RESERVED
+CVE-2007-5958
+ RESERVED
+CVE-2006-7229 (The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not
properly ...)
+ TODO: check
+CVE-2006-7228 (Integer overflow in Perl-Compatible Regular Expression (PCRE)
library ...)
+ TODO: check
+CVE-2006-7227 (Integer overflow in Perl-Compatible Regular Expression (PCRE)
library ...)
+ TODO: check
+CVE-2005-4872 (Perl-Compatible Regular Expression (PCRE) library before 6.2
does not ...)
+ TODO: check
CVE-2007-5957 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS)
...)
NOT-FOR-US: IBM Informix Dynamic Server
CVE-2007-5956 (Directory traversal vulnerability in IBM Informix Dynamic
Server (IDS) ...)
@@ -92,7 +164,7 @@
NOT-FOR-US: Solaris
CVE-2007-5920 (index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows
remote ...)
NOT-FOR-US: Domenico Mancini PicoFlat CMS
-CVE-2007-5919 (MyWebFTP stores sensitive information under the web root with
...)
+CVE-2007-5919 (MyWebFTP, possibly 5.3.2, stores sensitive information under
the web ...)
NOT-FOR-US: MyWebFTP
CVE-2007-5918 (Cross-site request forgery (CSRF) vulnerability in edit.php in
the MS ...)
NOT-FOR-US: MS TopSites
@@ -147,7 +219,8 @@
RESERVED
CVE-2007-5894
RESERVED
-CVE-2006-7224 (Multiple integer overflows in Perl-Compatible Regular
Expression ...)
+CVE-2006-7224
+ REJECTED
- pcre3 6.7-1
CVE-2004-2748 (viewreport.pl in NetIQ WebTrends Reporting Center Enterprise
Edition ...)
NOT-FOR-US: WebTrends Reporting Center
@@ -3512,7 +3585,7 @@
NOT-FOR-US: Microsoft SQL Server Enterprise Manager
CVE-2007-4813 (Cross-site scripting (XSS) vulnerability in Domino Blogsphere
3.01 ...)
NOT-FOR-US: Domino Blogsphere
-CVE-2007-4812 (Buffer overflow in Apple Safari 3.0.3 522.15.5 allows remote
attackers ...)
+CVE-2007-4812 (Buffer overflow in Apple Safari 3.0.3 522.15.5, and other
versions ...)
NOT-FOR-US: Mac OS
CVE-2007-4811 (Multiple cross-site scripting (XSS) vulnerabilities in Netjuke
1.0-rc2 ...)
NOT-FOR-US: Netjuke
@@ -3770,54 +3843,54 @@
RESERVED
CVE-2007-4702
RESERVED
-CVE-2007-4701
- RESERVED
-CVE-2007-4700
- RESERVED
-CVE-2007-4699
- RESERVED
-CVE-2007-4698
- RESERVED
-CVE-2007-4697
- RESERVED
-CVE-2007-4696
- RESERVED
-CVE-2007-4695
- RESERVED
-CVE-2007-4694
- RESERVED
-CVE-2007-4693
- RESERVED
-CVE-2007-4692
- RESERVED
-CVE-2007-4691
- RESERVED
-CVE-2007-4690
- RESERVED
-CVE-2007-4689
- RESERVED
-CVE-2007-4688
- RESERVED
-CVE-2007-4687
- RESERVED
-CVE-2007-4686
- RESERVED
-CVE-2007-4685
- RESERVED
-CVE-2007-4684
- RESERVED
-CVE-2007-4683
- RESERVED
-CVE-2007-4682
- RESERVED
-CVE-2007-4681
- RESERVED
-CVE-2007-4680
- RESERVED
-CVE-2007-4679
- RESERVED
-CVE-2007-4678
- RESERVED
+CVE-2007-4701 (WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create
...)
+ TODO: check
+CVE-2007-4700 (Unspecified vulnerability in WebKit on Apple Mac OS X 10.4
through ...)
+ TODO: check
+CVE-2007-4699 (The default configuration of Safari in Apple Mac OS X 10.4
through ...)
+ TODO: check
+CVE-2007-4698 (Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS
X 10.4 ...)
+ TODO: check
+CVE-2007-4697 (Unspecified vulnerability in WebCore in Apple Mac OS X 10.4
through ...)
+ TODO: check
+CVE-2007-4696 (Race condition in WebCore in Apple Mac OS X 10.4 through
10.4.10 ...)
+ TODO: check
+CVE-2007-4695 (Unspecified "input validation" vulnerability in
WebCore in Apple Mac ...)
+ TODO: check
+CVE-2007-4694 (Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote
attackers ...)
+ TODO: check
+CVE-2007-4693 (The SecurityAgent component in Mac OS X 10.4 through 10.4.10
allows ...)
+ TODO: check
+CVE-2007-4692 (The tabbed browsing feature in Apple Safari 3 before Beta
Update 3.0.4 ...)
+ TODO: check
+CVE-2007-4691 (The NSURL component in Apple Mac OS X 10.4 through 10.4.10
performs ...)
+ TODO: check
+CVE-2007-4690 (Double-free vulnerability in the NFS component in Apple Mac OS
X 10.4 ...)
+ TODO: check
+CVE-2007-4689 (Double-free vulnerability in the Networking component in Apple
Mac OS ...)
+ TODO: check
+CVE-2007-4688 (The Networking component in Apple Mac OS X 10.4 through 10.4.10
allows ...)
+ TODO: check
+CVE-2007-4687 (The remote_cmds component in Apple Mac OS X 10.4 through
10.4.10 ...)
+ TODO: check
+CVE-2007-4686 (The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local
users ...)
+ TODO: check
+CVE-2007-4685 (The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local
users ...)
+ TODO: check
+CVE-2007-4684 (Integer overflow in the kernel in Apple Mac OS X 10.4 through
10.4.10 ...)
+ TODO: check
+CVE-2007-4683 (Directory traversal vulnerability in the kernel in Apple Mac OS
X 10.4 ...)
+ TODO: check
+CVE-2007-4682 (CoreText in Apple Mac OS X 10.4 through 10.4.10 allows
attackers to ...)
+ TODO: check
+CVE-2007-4681 (Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and
10.4 ...)
+ TODO: check
+CVE-2007-4680 (CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10
does not ...)
+ TODO: check
+CVE-2007-4679 (CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10
allows ...)
+ TODO: check
+CVE-2007-4678 (AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10
allows ...)
+ TODO: check
CVE-2007-4677 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows
remote ...)
NOT-FOR-US: Apple QuickTime
CVE-2007-4676 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows
remote ...)
@@ -3830,7 +3903,7 @@
NOT-FOR-US: Apple QuickTime
CVE-2007-4672 (Stack-based buffer overflow in Apple QuickTime before 7.3
allows ...)
NOT-FOR-US: Apple QuickTime
-CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1
allows ...)
+CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and
Safari ...)
NOT-FOR-US: Safari
CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown
impact and ...)
- php5 <unfixed> (unimportant)
@@ -4780,12 +4853,12 @@
NOT-FOR-US: IBM DB2
CVE-2007-4270 (Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and
9.1 ...)
NOT-FOR-US: IBM DB2
-CVE-2007-4269
- RESERVED
-CVE-2007-4268
- RESERVED
-CVE-2007-4267
- RESERVED
+CVE-2007-4269 (Integer overflow in the Networking component in Apple Mac OS X
10.4 ...)
+ TODO: check
+CVE-2007-4268 (Integer signedness error in the Networking component in Apple
Mac OS X ...)
+ TODO: check
+CVE-2007-4267 (Stack-based buffer overflow in the Networking component in
Apple Mac ...)
+ TODO: check
CVE-2007-4266
RESERVED
CVE-2007-4265 (Multiple cross-site scripting (XSS) vulnerabilities in
VisionProject ...)
@@ -5961,11 +6034,11 @@
NOT-FOR-US: Safari
CVE-2007-3759 (Safari in Apple iPhone 1.1.1, when requested to disable
Javascript, ...)
NOT-FOR-US: Safari
-CVE-2007-3758 (Safari in Apple iPhone 1.1.1 allows remote attackers to set
Javascript ...)
+CVE-2007-3758 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update
3.0.4 on ...)
NOT-FOR-US: Safari
CVE-2007-3757 (Safari in Apple iPhone 1.1.1 allows remote user-assisted
attackers to ...)
NOT-FOR-US: Safari
-CVE-2007-3756 (Safari in Apple iPhone 1.1.1 allows remote attackers to obtain
...)
+CVE-2007-3756 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update
3.0.4 on ...)
NOT-FOR-US: Safari
CVE-2007-3755 (Mail in Apple iPhone 1.1.1 allows remote user-assisted
attackers to ...)
NOT-FOR-US: Aplle iPhone
@@ -5979,8 +6052,8 @@
NOT-FOR-US: Apple QuickTime
CVE-2007-3750 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows
remote ...)
NOT-FOR-US: Apple QuickTime
-CVE-2007-3749
- RESERVED
+CVE-2007-3749 (The kernel in Apple Mac OS X 10.4 through 10.4.10 does not
reset the ...)
+ TODO: check
CVE-2007-3748 (Buffer overflow in the UPnP IGD (Internet Gateway Device
Standardized ...)
NOT-FOR-US: iChat on Apple Mac OS X
CVE-2007-3747 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and
10.4.10 ...)
@@ -6131,8 +6204,7 @@
NOT-FOR-US: CA ERwin Data Model Validator
CVE-2007-3695 (Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler
(formerly ...)
NOT-FOR-US: CA ERwin
-CVE-2007-3694
- RESERVED
+CVE-2007-3694 (Cross-site scripting (XSS) vulnerability in login.php in Miro
Project ...)
NOT-FOR-US: Broadcast Machine
CVE-2007-3693 (Cross-site scripting (XSS) vulnerability in Gobi as of
20070711, built ...)
NOT-FOR-US: gobi
@@ -13869,7 +13941,7 @@
NOT-FOR-US: Cisco
CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote
...)
NOT-FOR-US: AppleKit
-CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3 allows remote
...)
+CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3, and Safari in
Apple ...)
NOT-FOR-US: iMovie
CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote ...)
NOT-FOR-US: iPhoto
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
