Author: joeyh
Date: 2008-02-07 09:14:13 +0000 (Thu, 07 Feb 2008)
New Revision: 8095
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-02-06 21:14:10 UTC (rev 8094)
+++ data/CVE/list 2008-02-07 09:14:13 UTC (rev 8095)
@@ -1,3 +1,287 @@
+CVE-2008-0641
+ RESERVED
+CVE-2008-0640
+ RESERVED
+CVE-2008-0639
+ RESERVED
+CVE-2008-0638
+ RESERVED
+CVE-2008-0637
+ RESERVED
+CVE-2008-0636
+ RESERVED
+CVE-2008-0635 (Unspecified vulnerability in the delivery engine in Openads
2.4.0 ...)
+ TODO: check
+CVE-2008-0634 (Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX
control in ...)
+ TODO: check
+CVE-2008-0633 (Buffer overflow in Anon Proxy Server 0.102 and earlier, when
user ...)
+ TODO: check
+CVE-2008-0632 (Unrestricted file upload vulnerability in cp_upload_image.php
in ...)
+ TODO: check
+CVE-2008-0631 (Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5
allow ...)
+ TODO: check
+CVE-2008-0630 (Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before
r25823 ...)
+ TODO: check
+CVE-2008-0629 (Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN
before ...)
+ TODO: check
+CVE-2008-0628 (The XML parsing code in Sun Java Runtime Environment JDK and
JRE 6 ...)
+ TODO: check
+CVE-2008-0627
+ REJECTED
+ TODO: check
+CVE-2008-0626
+ REJECTED
+ TODO: check
+CVE-2008-0625 (Buffer overflow in the MediaGrid ActiveX control
(mediagrid.dll) in ...)
+ TODO: check
+CVE-2008-0624 (Buffer overflow in the YMP Datagrid ActiveX control
(datagrid.dll) in ...)
+ TODO: check
+CVE-2008-0623 (Stack-based buffer overflow in the YMP Datagrid ActiveX control
...)
+ TODO: check
+CVE-2008-0622 (Cross-site scripting (XSS) vulnerability in RaidenHTTPD 2.0.19
and ...)
+ TODO: check
+CVE-2008-0621 (Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI
7.10 ...)
+ TODO: check
+CVE-2008-0620 (SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint
before ...)
+ TODO: check
+CVE-2008-0619 (Buffer overflow in NeroMediaPlayer.exe in Nero Media Player
1.4.0.35 ...)
+ TODO: check
+CVE-2008-0618 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
+CVE-2008-0617 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
+CVE-2008-0616 (SQL injection vulnerability in the administration panel in the
...)
+ TODO: check
+CVE-2008-0615 (Directory traversal vulnerability in wp-admin/admin.php in the
...)
+ TODO: check
+CVE-2008-0614 (SQL injection vulnerability in index.php in Photokorn Gallery
1.543 ...)
+ TODO: check
+CVE-2008-0613 (Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18
allows ...)
+ TODO: check
+CVE-2008-0612 (Directory traversal vulnerability in htdocs/install/index.php
in XOOPS ...)
+ TODO: check
+CVE-2008-0611 (SQL injection vulnerability in rmgs/images.php in the RMSOFT
Gallery ...)
+ TODO: check
+CVE-2008-0610 (Stack-based buffer overflow in the ...)
+ TODO: check
+CVE-2008-0609 (Directory traversal vulnerability in index.php in DivideConcept
VHD ...)
+ TODO: check
+CVE-2008-0608 (The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in
IPSwitch ...)
+ TODO: check
+CVE-2008-0607 (SQL injection vulnerability in index.php in the Sigsiu Online
Business ...)
+ TODO: check
+CVE-2008-0606 (SQL injection vulnerability in index.php in the Shambo2
(com_shambo2) ...)
+ TODO: check
+CVE-2008-0605 (Multiple cross-site scripting (XSS) vulnerabilities in
AstroSoft ...)
+ TODO: check
+CVE-2008-0604 (The LDAP authentication feature in XLight FTP Server before
2.83, when ...)
+ TODO: check
+CVE-2008-0603 (SQL injection vulnerability in index.php in the amazOOP Awesom!
...)
+ TODO: check
+CVE-2008-0602 (Directory traversal vulnerability in index.php in All Club CMS
(ACCMS) ...)
+ TODO: check
+CVE-2008-0601 (SQL injection vulnerability in index.php in All Club CMS
(ACCMS) ...)
+ TODO: check
+CVE-2008-0600
+ RESERVED
+CVE-2008-0599
+ RESERVED
+CVE-2008-0598
+ RESERVED
+CVE-2008-0597
+ RESERVED
+CVE-2008-0596
+ RESERVED
+CVE-2008-0595
+ RESERVED
+CVE-2008-0594
+ RESERVED
+CVE-2008-0593
+ RESERVED
+CVE-2008-0592
+ RESERVED
+CVE-2008-0591
+ RESERVED
+CVE-2008-0590 (Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0
allows ...)
+ TODO: check
+CVE-2008-0589 (The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1
allows ...)
+ TODO: check
+CVE-2008-0588 (Buffer overflow in the utape program in devices.scsi.tape.diag
in IBM ...)
+ TODO: check
+CVE-2008-0587 (Buffer overflow in the uspchrp program in
devices.chrp.base.diag in ...)
+ TODO: check
+CVE-2008-0586 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local
users to ...)
+ TODO: check
+CVE-2008-0585 (sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world
writable ...)
+ TODO: check
+CVE-2008-0584 (Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and
5.3 ...)
+ TODO: check
+CVE-2008-0583 (Cross-zone scripting vulnerability in the Internet Explorer web
...)
+ TODO: check
+CVE-2008-0582 (Cross-zone scripting vulnerability in the Internet Explorer web
...)
+ TODO: check
+CVE-2008-0581 (Geert Moernaut LSrunasE allows local users to gain privileges
by ...)
+ TODO: check
+CVE-2008-0580 (Geert Moernaut LSrunasE and Supercrypt use an encryption key
composed ...)
+ TODO: check
+CVE-2008-0579 (SQL injection vulnerability in index.php in the buslicense ...)
+ TODO: check
+CVE-2008-0578 (Cross-site scripting (XSS) vulnerability in the web management
login ...)
+ TODO: check
+CVE-2008-0577 (The Project Issue Tracking module 5.x-2.x-dev before 20080130
in the ...)
+ TODO: check
+CVE-2008-0576 (Cross-site scripting (XSS) vulnerability in the Project Issue
Tracking ...)
+ TODO: check
+CVE-2008-0575 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2008-0574 (Cross-site scripting (XSS) vulnerability in index.php in
webSPELL ...)
+ TODO: check
+CVE-2008-0573 (IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and
SoftRemote ...)
+ TODO: check
+CVE-2008-0572 (Multiple PHP remote file inclusion vulnerabilities in Mindmeld
...)
+ TODO: check
+CVE-2008-0571 (The point moderation form in the Userpoints 4.7.x before
4.7.x-2.3, ...)
+ TODO: check
+CVE-2008-0570 (The OpenID 5.x-1.0 and earlier module for Drupal does not
properly ...)
+ TODO: check
+CVE-2008-0569 (The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before
5.x-0.1 ...)
+ TODO: check
+CVE-2008-0568 (Unspecified vulnerability in the IP-authentication feature in
the ...)
+ TODO: check
+CVE-2008-0567 (Multiple PHP remote file inclusion vulnerabilities in
ChronoEngine ...)
+ TODO: check
+CVE-2008-0566 (PHP remote file inclusion vulnerability in includes/smarty.php
in ...)
+ TODO: check
+CVE-2008-0565 (SQL injection vulnerability in vote.php in DeltaScripts PHP
Links 1.3 ...)
+ TODO: check
+CVE-2008-0563 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2008-0562 (SQL injection vulnerability in index.php in the Restaurant ...)
+ TODO: check
+CVE-2008-0561 (SQL injection vulnerability in index.php in the Arthur Konze
...)
+ TODO: check
+CVE-2008-0560 (** DISPUTED ** ...)
+ TODO: check
+CVE-2008-0559 (Multiple directory traversal vulnerabilities in Nilson's
Blogger 0.11 ...)
+ TODO: check
+CVE-2008-0558 (Cross-site scripting (XSS) vulnerability in Uniwin eCart
Professional ...)
+ TODO: check
+CVE-2008-0557 (SQL injection vulnerability in index.php in the CatalogShop ...)
+ TODO: check
+CVE-2008-0556
+ RESERVED
+CVE-2008-0555
+ RESERVED
+CVE-2008-0552 (Cross-site scripting (XSS) vulnerability in index.php in
eTicket ...)
+ TODO: check
+CVE-2008-0551 (The NamoInstaller.NamoInstall.1 ActiveX control in
NamoInstaller.dll ...)
+ TODO: check
+CVE-2008-0550 (Off-by-one error in Steamcast 0.9.75 and earlier allows remote
...)
+ TODO: check
+CVE-2008-0549 (Integer overflow in the OggHeaderParse function in Steamcast
0.9.75 ...)
+ TODO: check
+CVE-2008-0548 (Steamcast 0.9.75 and earlier allows remote attackers to cause a
denial ...)
+ TODO: check
+CVE-2008-0547 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2008-0546 (Multiple SQL injection vulnerabilities in CandyPress (CP)
4.1.1.26, ...)
+ TODO: check
+CVE-2008-0545 (Multiple directory traversal vulnerabilities in Bubbling
Library 1.32 ...)
+ TODO: check
+CVE-2008-0543 (Multiple SQL injection vulnerabilities in Pre Dynamic
Institution ...)
+ TODO: check
+CVE-2008-0542 (Directory traversal vulnerability in thumbnail.php in Gerd
Tentler ...)
+ TODO: check
+CVE-2008-0541 (Multiple cross-site scripting (XSS) vulnerabilities in
forum.php in ...)
+ TODO: check
+CVE-2008-0540 (Multiple cross-site scripting (XSS) vulnerabilities in trixbox
2.4.2.0 ...)
+ TODO: check
+CVE-2008-0539 (Cross-site scripting (XSS) vulnerability in
dms/policy/rep_request.php ...)
+ TODO: check
+CVE-2008-0538 (Multiple SQL injection vulnerabilities in phpIP Management
4.3.2 allow ...)
+ TODO: check
+CVE-2008-0537
+ RESERVED
+CVE-2008-0536
+ RESERVED
+CVE-2008-0535
+ RESERVED
+CVE-2008-0534
+ RESERVED
+CVE-2008-0533
+ RESERVED
+CVE-2008-0532
+ RESERVED
+CVE-2008-0531
+ RESERVED
+CVE-2008-0530
+ RESERVED
+CVE-2008-0529
+ RESERVED
+CVE-2008-0528
+ RESERVED
+CVE-2008-0527
+ RESERVED
+CVE-2008-0526
+ RESERVED
+CVE-2008-0525 (PatchLink Update client for Unix allows local users to (1)
truncate ...)
+ TODO: check
+CVE-2008-0524 (Cross-site request forgery (CSRF) vulnerability in the
management ...)
+ TODO: check
+CVE-2008-0523 (Multiple cross-site scripting (XSS) vulnerabilities in
SoftCart.exe in ...)
+ TODO: check
+CVE-2008-0522 (Cross-site scripting (XSS) vulnerability in multiple Hal
Networks ...)
+ TODO: check
+CVE-2008-0521 (Multiple directory traversal vulnerabilities in Bubbling
Library 1.32 ...)
+ TODO: check
+CVE-2008-0520 (Multiple SQL injection vulnerabilities in main.php in the
WassUp ...)
+ TODO: check
+CVE-2008-0519 (SQL injection vulnerability in index.php in the Atapin Jokes
...)
+ TODO: check
+CVE-2008-0518 (SQL injection vulnerability in index.php in the Recipes
(com_recipes) ...)
+ TODO: check
+CVE-2008-0517 (SQL injection vulnerability in index.php in the Darko Selesi
...)
+ TODO: check
+CVE-2008-0516 (PHP remote file inclusion vulnerability in
spaw/dialogs/confirm.php in ...)
+ TODO: check
+CVE-2008-0515 (SQL injection vulnerability in index.php in the musepoes ...)
+ TODO: check
+CVE-2008-0514 (SQL injection vulnerability in index.php in the Glossary ...)
+ TODO: check
+CVE-2008-0513 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2008-0512 (SQL injection vulnerability in index.php in the fq (com_fq)
component ...)
+ TODO: check
+CVE-2008-0511 (SQL injection vulnerability in index.php in the MaMML
(com_mamml) ...)
+ TODO: check
+CVE-2008-0510 (SQL injection vulnerability in index.php in the Newsletter ...)
+ TODO: check
+CVE-2008-0509 (Multiple buffer overflows in IBM AIX 4.3 allow remote attackers
to ...)
+ TODO: check
+CVE-2008-0508 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2008-0507 (SQL injection vulnerability in adclick.php in the AdServe 0.2
plugin ...)
+ TODO: check
+CVE-2008-0506 (include/imageObjectIM.class.php in Coppermine Photo Gallery
(CPG) ...)
+ TODO: check
+CVE-2008-0505 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-0504 (Multiple SQL injection vulnerabilities in Coppermine Photo
Gallery ...)
+ TODO: check
+CVE-2008-0503 (Eval injection vulnerability in admin/op/disp.php in Netwerk
Smart ...)
+ TODO: check
+CVE-2008-0502 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-6700 (Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in
the web ...)
+ TODO: check
+CVE-2007-6699 (Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX
control ...)
+ TODO: check
+CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36, allows
remote ...)
+ TODO: check
+CVE-2007-6696 (Multiple cross-site scripting (XSS) vulnerabilities in
WebCalendar ...)
+ TODO: check
+CVE-2007-6695 (Cross-site scripting (XSS) vulnerability in index.php in Drake
CMS ...)
+ TODO: check
CVE-2008-XXXX [unauthorized content modification via xml-rpc in wordpress]
- wordpress 2.3.3-1 (medium; bug #464170)
NOTE: The blog has to provide user accounts
@@ -5,12 +289,14 @@
NOTE: CVE id pending
TODO: check if packages embedding xmlrpc share this code
CVE-2008-0553 [buffer overflow in tk GIF handling]
+ RESERVED
- tk8.5 8.5.0-3
- tk8.4 8.4.17-2
- tk8.3 8.3.5-12
CVE-2008-0554 [buffer overflow in netpbm GIF handling]
+ RESERVED
- netpbm <unfixed> (bug #464056)
-CVE-2008-0564 [mailman xss as list admin]
+CVE-2008-0564 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman
before ...)
- mailman <unfixed> (low)
[etch] - mailman <no-dsa> (Minor issue)
[sarge] - mailman <no-dsa> (Minor issue)
@@ -55,13 +341,11 @@
NOT-FOR-US: VB Marketing
CVE-2008-0487 (Multiple SQL injection vulnerabilities in login.asp in
ASPired2Protect ...)
NOT-FOR-US: ASPired2Protect
-CVE-2008-0486 [MPlayer and Xine Buffer overflow in libmpdemux/flac]
- RESERVED
+CVE-2008-0486 (Array index vulnerability in libmpdemux/demux_audio.c in
MPlayer ...)
- mplayer <unfixed> (bug #464060)
- xine-lib <unfixed>
TODO: check embedded code in other packages
-CVE-2008-0485 [MPlayer arbitrary code execution in libmpdemux/mov]
- RESERVED
+CVE-2008-0485 (Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2
and ...)
- mplayer <unfixed> (bug #464060)
TODO: check embedded code in other packages
CVE-2008-0484
@@ -98,7 +382,7 @@
NOT-FOR-US: Tiger Php News System
CVE-2008-0468 (SQL injection vulnerability in category.php in Flinx 1.3 and
earlier ...)
NOT-FOR-US: Flinx
-CVE-2008-0467 (Buffer overflow in Firebird before 2.1.0 RC1 might allow remote
...)
+CVE-2008-0467 (Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x
before ...)
- firebird2 <removed>
- firebird2.0 2.0.3.12981.ds1-5 (medium; bug #463596)
CVE-2008-0466 (Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text
Editor ...)
@@ -233,10 +517,10 @@
- openssh <unfixed> (bug #463011)
CVE-2008-XXXX [exempi buffer overflow in GIF ReadHeader() function]
- exempi 1.99.7-1 (bug #454297)
-CVE-2008-0544 [heap based buffer overflow in IMG_LoadLBM_RW in libsdl-image]
+CVE-2008-0544 (Heap-based buffer overflow in the IMG_LoadLBM_RW function in
IMG_lbm.c ...)
- sdl-image1.2 1.2.6-3 (medium)
NOTE: maintainer is aware of this
-CVE-2007-6697 [buffer overflow in libsdl-image in GIF handling]
+CVE-2007-6697 (Buffer overflow in the LWZReadByte function in IMG_gif.c in
SDL_image ...)
- sdl-image1.2 1.2.6-2 (medium)
CVE-2008-0410 (HTTP File Server (HFS) before 2.2c allows remote attackers to
obtain ...)
NOT-FOR-US: HTTP File Server
@@ -290,8 +574,7 @@
[lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1
- firebird2 <removed>
NOTE: firebird2 in etch is vulnerable
-CVE-2008-0386 [arbitrary code execution in xdg-utils via crafted path name]
- RESERVED
+CVE-2008-0386 (Xdg-utils 1.0.2 and earlier allows user-assisted remote
attackers to ...)
- xdg-utils <not-affected> (Ships a patch that modifies the vulnerable
code and uses sed secure)
NOTE: xdg-open-generic replaces the vulnerable code and runs
view-mailcap or sensible-browser
CVE-2008-0385
@@ -326,9 +609,9 @@
NOT-FOR-US: aliTalk
CVE-2008-0370 (Cross-site scripting (XSS) vulnerability in dohtaccess.html in
cPanel ...)
NOT-FOR-US: cPanel
-CVE-2008-0369 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS)
10.x ...)
+CVE-2008-0369 (Multiple unspecified programs in IBM Informix Dynamic Server
(IDS) ...)
NOT-FOR-US: IBM Informix Dynamic Server
-CVE-2008-0368 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS)
10.x ...)
+CVE-2008-0368 (onedcu in IBM Informix Dynamic Server (IDS) 10.x before
10.00.xC8 ...)
NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0367 (Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions,
when ...)
- iceweasel <unfixed> (low)
@@ -692,8 +975,8 @@
RESERVED
CVE-2008-0213
RESERVED
-CVE-2008-0212
- RESERVED
+CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) ...)
+ TODO: check
CVE-2008-0211
RESERVED
CVE-2008-0210 (Uebimiau Webmail 2.7.10 and 2.7.2 does not protect
authentication ...)
@@ -762,16 +1045,16 @@
NOT-FOR-US: Sys-Hotel
CVE-2008-0183
RESERVED
-CVE-2008-0182
- RESERVED
-CVE-2008-0181
- RESERVED
-CVE-2008-0180
- RESERVED
-CVE-2008-0179
- RESERVED
-CVE-2008-0178
- RESERVED
+CVE-2008-0182 (Cross-site request forgery (CSRF) vulnerability in the Admin
portlet ...)
+ TODO: check
+CVE-2008-0181 (Cross-site scripting (XSS) vulnerability in the Admin portlet
in ...)
+ TODO: check
+CVE-2008-0180 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2008-0179 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2008-0178 (Cross-site scripting (XSS) vulnerability in the Enterprise
Admin ...)
+ TODO: check
CVE-2008-0177
RESERVED
CVE-2008-0176 (Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY
HMI ...)
@@ -1056,8 +1339,8 @@
RESERVED
CVE-2008-0065 (Multiple stack-based buffer overflows in in_mp3.dll in Winamp
5.21, ...)
NOT-FOR-US: Winamp
-CVE-2008-0064
- RESERVED
+CVE-2008-0064 (Stack-based buffer overflow in Pierre-emmanuel Gougelet (1)
XnView ...)
+ TODO: check
CVE-2008-0063
RESERVED
CVE-2008-0062
@@ -1930,8 +2213,8 @@
CVE-2007-6341 (Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages
such ...)
- libnet-dns-perl <unfixed> (low; bug #457445)
NOTE: maybe this should be unimportant as applications using net-dns
should handle this croak
-CVE-2007-6340
- RESERVED
+CVE-2007-6340 (Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4
stream ...)
+ TODO: check
CVE-2007-6339
RESERVED
CVE-2007-6338 (SQL injection vulnerability in userlogin.jsp in Trivantis
CourseMill ...)
@@ -2059,11 +2342,11 @@
RESERVED
CVE-2007-6281 (Heap-based buffer overflow in Open File Manager service
(ofmnt.exe) in ...)
NOT-FOR-US: St. Bernard Open File Manager
-CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.52, 5.1.x before
...)
+CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x
before ...)
{DSA-1451-1}
- mysql-dfsg-5.0 5.0.45-5 (low; bug #455737)
- mysql-dfsg-4.1 <removed>
-CVE-2007-6303 (MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x
before 6.0.4 ...)
+CVE-2007-6303 (MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x
before 6.0.4 ...)
- mysql-dfsg-5.0 5.0.45-5 (low; bug #455737)
- mysql-dfsg-4.1 <removed>
CVE-2007-6299 (Multiple SQL injection vulnerabilities in Drupal and vbDrupal
4.7.x ...)
@@ -4206,8 +4489,8 @@
RESERVED
CVE-2007-5603 (Stack-based buffer overflow in the SonicWall SSL-VPN
NetExtender ...)
NOT-FOR-US: SonicWall SSL-VPN NetExtender
-CVE-2007-5602
- RESERVED
+CVE-2007-5602 (Multiple stack-based buffer overflows in SwiftView Viewer
before ...)
+ TODO: check
CVE-2007-5601 (Stack-based buffer overflow in the Database Component in
MPAMedia.dll ...)
NOT-FOR-US: RealPlayer (windows only issue)
CVE-2007-5600 (Incomplete blacklist vulnerability in index.php in Artmedic CMS
3.4 ...)
@@ -6125,8 +6408,7 @@
NOTE: pending for apache 1.3.34-4.1+etch1 / etch r3
CVE-2007-4999 (libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML
logging, ...)
- pidgin 2.2.2-1 (medium)
-CVE-2007-4998 [cp symlink overwrite]
- RESERVED
+CVE-2007-4998 (cp, when running with an option to preserve symlinks on
multiple OSes, ...)
- coreutils 4.1.2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=356471
CVE-2007-4997 (Integer underflow in the ieee80211_rx function in ...)
@@ -8181,8 +8463,8 @@
CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot
function in ...)
{DSA-1438-1}
- tar 1.18-2 (medium; bug #439335)
-CVE-2007-4130
- RESERVED
+CVE-2007-4130 (The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise
Linux ...)
+ TODO: check
CVE-2007-4129 (CoolKey 1.1.0 allows local users to overwrite arbitrary files
via a ...)
- coolkey 1.1.0-3
CVE-2007-4128 (SQL injection vulnerability in index.php in the Firestorm
Technologies ...)
@@ -20552,7 +20834,7 @@
NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for
NetGear ...)
NOT-FOR-US: NetGear
-CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x up to 2.6.18,
and ...)
+CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x before 2.6.24,
...)
{DSA-1436-1}
- linux-2.6 2.6.22-6 (unimportant)
NOTE: Mounting filesystem partitions should be limited to root
@@ -24661,8 +24943,8 @@
NOT-FOR-US: IBM WebSphere Application
CVE-2006-4221 (Stack-based buffer overflow in the IBM Access Support eGatherer
...)
NOT-FOR-US: IBM
-CVE-2006-4220
- RESERVED
+CVE-2006-4220 (Multiple cross-site scripting (XSS) vulnerabilities in webacc
in ...)
+ TODO: check
CVE-2006-4219 (The Terminal Services COM object (tsuserex.dll) allows remote
...)
NOT-FOR-US: Terminal Services COM object
CVE-2006-4218 (Directory traversal vulnerability in Zen Cart 1.3.0.2 and
earlier ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
