joeyh at alioth.debian.org
2007-Dec-14 21:14 UTC
[Secure-testing-commits] r7619 - data/CVE
Author: joeyh
Date: 2007-12-14 21:14:10 +0000 (Fri, 14 Dec 2007)
New Revision: 7619
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-12-14 20:50:12 UTC (rev 7618)
+++ data/CVE/list 2007-12-14 21:14:10 UTC (rev 7619)
@@ -1,3 +1,85 @@
+CVE-2008-0025
+ RESERVED
+CVE-2008-0024
+ RESERVED
+CVE-2008-0023
+ RESERVED
+CVE-2008-0022
+ RESERVED
+CVE-2008-0021
+ RESERVED
+CVE-2008-0020
+ RESERVED
+CVE-2008-0019
+ RESERVED
+CVE-2008-0018
+ RESERVED
+CVE-2008-0017
+ RESERVED
+CVE-2008-0016
+ RESERVED
+CVE-2008-0015
+ RESERVED
+CVE-2008-0014
+ RESERVED
+CVE-2008-0013
+ RESERVED
+CVE-2008-0012
+ RESERVED
+CVE-2008-0011
+ RESERVED
+CVE-2007-6347 (PHP remote file inclusion vulnerability in
blocks/block_site_map.php ...)
+ TODO: check
+CVE-2007-6346 (Cross-site scripting (XSS) vulnerability in Rainboard before
2.10 ...)
+ TODO: check
+CVE-2007-6345 (SQL injection vulnerability in aurora framework before 20071208
allows ...)
+ TODO: check
+CVE-2007-6344 (Directory traversal vulnerability in modules/cms/index.php in
Mcms ...)
+ TODO: check
+CVE-2007-6343 (Cross-site scripting (XSS) vulnerability in HP OpenView Network
Node ...)
+ TODO: check
+CVE-2007-6342 (SQL injection vulnerability in the David Castro AuthCAS module
...)
+ TODO: check
+CVE-2007-6341
+ RESERVED
+CVE-2007-6340
+ RESERVED
+CVE-2007-6339
+ RESERVED
+CVE-2007-6338
+ RESERVED
+CVE-2007-6337
+ RESERVED
+CVE-2007-6336
+ RESERVED
+CVE-2007-6335
+ RESERVED
+CVE-2007-6334
+ RESERVED
+CVE-2007-6333 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as
...)
+ TODO: check
+CVE-2007-6332 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as
...)
+ TODO: check
+CVE-2007-6331 (Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1
...)
+ TODO: check
+CVE-2007-6330 (Meridian Prolog Manager 2007, and 7.5 and earlier, sends all
usernames ...)
+ TODO: check
+CVE-2007-6329 (Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do
not ...)
+ TODO: check
+CVE-2007-6328 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-6327 (Buffer overflow in a certain ActiveX control in Online Media
...)
+ TODO: check
+CVE-2007-6326 (Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote
...)
+ TODO: check
+CVE-2007-6325 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-6324 (PHP remote file inclusion vulnerability in head.php in
CityWriter ...)
+ TODO: check
+CVE-2007-6323 (Multiple directory traversal vulnerabilities in MMS Gallery PHP
1.0 ...)
+ TODO: check
+CVE-2007-6322 (Directory traversal vulnerability in filedownload.php in xml2owl
0.1.1 ...)
+ TODO: check
CVE-2007-6320 (Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module,
does ...)
NOT-FOR-US: Feature (third party drupal module)
CVE-2007-6319
@@ -254,8 +336,8 @@
CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS
sidebar ...)
- serendipity 1.2.1-1 (low)
[etch] - serendipity <no-dsa> (Can only be exploited in rare conditions)
-CVE-2007-6204
- RESERVED
+CVE-2007-6204 (Multiple stack-based buffer overflows in HP OpenView Network
Node ...)
+ TODO: check
CVE-2007-6203 (Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP
Method ...)
- apache2 2.2.6-3 (low)
[sarge] - apache2 <no-dsa> (minor issue)
@@ -558,7 +640,7 @@
[etch] - audacity <no-dsa> (Minor issue)
CVE-2007-6060 (AhnLab Antivirus 3 Internet Security 2008 Platinum appends data
to a ...)
NOT-FOR-US: AhnLab Antivirus 3 Internet Security 2008 Platinum
-CVE-2007-6059 (Javamail does not properly handle a series of invalid login
attempts ...)
+CVE-2007-6059 (** DISPUTED ** ...)
NOT-FOR-US: Javamail
CVE-2007-6058 (Multiple SQL injection vulnerabilities in index.php in
ProfileCMS 1.0 ...)
NOT-FOR-US: ProfileCMS
@@ -699,9 +781,9 @@
RESERVED
CVE-2007-6016
RESERVED
-CVE-2007-6015
- RESERVED
+CVE-2007-6015 (Stack-based buffer overflow in the send_mailslot function in
nmbd in ...)
{DSA-1427-1}
+ TODO: check
CVE-2007-6014 (SQL injection vulnerability in post.php in Beehive Forum 0.7.1
and ...)
NOT-FOR-US: Beehive Forum
CVE-2007-6013 (Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5
hash ...)
@@ -778,8 +860,8 @@
NOT-FOR-US: Symantec Web Security
CVE-2004-2754 (SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3,
and ...)
NOT-FOR-US: YaBB
-CVE-2007-5989
- RESERVED
+CVE-2007-5989 (Unspecified vulnerability in the skype4com URI handler in Skype
before ...)
+ TODO: check
CVE-2007-5988 (blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify
user ...)
NOT-FOR-US: BtiTracker
CVE-2007-5987 (details.php in BtiTracker before 1.4.5, when torrent viewing is
...)
@@ -835,8 +917,8 @@
RESERVED
CVE-2007-5965
RESERVED
-CVE-2007-5964
- RESERVED
+CVE-2007-5964 (The default configuration of autofs 5 in Red Hat Enterprise
Linux ...)
+ TODO: check
CVE-2007-5963 [kdm local resouce consumption "DoS"]
RESERVED
- kdebase <unfixed> (unimportant)
@@ -4023,8 +4105,7 @@
RESERVED
CVE-2007-5001
RESERVED
-CVE-2007-5000 [Apache mod_imap/mod_imagemap XSS]
- RESERVED
+CVE-2007-5000 (Cross-site scripting (XSS) vulnerability in the (1) mod_imap
module in ...)
[sarge] - apache2 <no-dsa> (minor issue)
[sarge] - apache <no-dsa> (minor issue)
[etch] - apache2 <no-dsa> (minor issue)
@@ -26479,10 +26560,10 @@
REJECTED
CVE-2005-1755 (PHP remote file inclusion vulnerability in poll_vote.php in PHP
Poll ...)
NOT-FOR-US: PHP Poll Creator
-CVE-2005-1754 (JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16,
...)
+CVE-2005-1754 (** DISPUTED ** ...)
NOT-FOR-US: JavaMail API
NOTE: vulnerable file not in Debian
-CVE-2005-1753 (ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by
Apache ...)
+CVE-2005-1753 (** DISPUTED ** ...)
NOT-FOR-US: JavaMail API
NOTE: vulnerable file not in Debian
CVE-2005-1752 (viewFile.php in the scm component of Gforge before 4.0 allows
remote ...)
@@ -42447,7 +42528,7 @@
NOT-FOR-US: episodex
CVE-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in
Microsoft ...)
NOT-FOR-US: Microsoft
-CVE-2005-1682 (JavaMail API, as used by Solstice Internet Mail Server POP3 2.0,
does ...)
+CVE-2005-1682 (** DISPUTED ** ...)
NOT-FOR-US: Solstice Internet Mail Server
CVE-2005-1681 (PHP remote file inclusion vulnerability in common.php in phpATM
1.21, ...)
NOT-FOR-US: phpATM