joeyh at alioth.debian.org
2007-Dec-18 09:14 UTC
[Secure-testing-commits] r7650 - data/CVE
Author: joeyh Date: 2007-12-18 09:14:10 +0000 (Tue, 18 Dec 2007) New Revision: 7650 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-12-18 02:00:45 UTC (rev 7649) +++ data/CVE/list 2007-12-18 09:14:10 UTC (rev 7650) @@ -1,3 +1,17 @@ +CVE-2007-6358 (files/pdftops.pl before 1.20 in pdftops allows local users to ...) + TODO: check +CVE-2007-6356 + RESERVED +CVE-2007-6355 + RESERVED +CVE-2007-6354 + RESERVED +CVE-2007-6352 + RESERVED +CVE-2007-6351 + RESERVED +CVE-2007-6349 + RESERVED CVE-2007-6418 [insecure mysql call in cron job passing user and password as command line arguments] - dspam <unfixed> (low; bug #448519) CVE-2008-0025 @@ -30,71 +44,72 @@ RESERVED CVE-2008-0011 RESERVED -CVE-2007-6387 +CVE-2007-6387 (Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ...) NOT-FOR-US: Vantage Linguistics AnswerWorks ActiveX -CVE-2007-6386 +CVE-2007-6386 (Stack-based buffer overflow in PccScan.dll before build 1451 in Trend ...) NOT-FOR-US: Trend Micro AntiVirus -CVE-2007-6385 +CVE-2007-6385 (The proxy server in Kerio WinRoute Firewall before 6.4.1 does not ...) NOT-FOR-US: Kerio WinRoute Firewall -CVE-2007-6384 +CVE-2007-6384 (Unspecified vulnerability in the Image Converter functionality in BEA ...) NOT-FOR-US: BEA WebLogic Mobility Server -CVE-2007-6383 +CVE-2007-6383 (The DAV component in Chandler Server (Cosmo) before 0.10.1 does not ...) NOT-FOR-US: Chandler -CVE-2007-6382 +CVE-2007-6382 (The Event Dispatch Thread in Robocode before 1.5.1 allows remote ...) NOT-FOR-US: Robocode -CVE-2007-6381 +CVE-2007-6381 (SQL injection vulnerability in the indexed_search system extension in ...) - typo3 <unfixed> -CVE-2007-6380 +CVE-2007-6380 (Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and ...) NOT-FOR-US: e-Xoops -CVE-2007-6379 +CVE-2007-6379 (BadBlue 2.72b and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: BadBlue -CVE-2007-6378 +CVE-2007-6378 (Directory traversal vulnerability in upload.dll in BadBlue 2.72b and ...) NOT-FOR-US: BadBlue -CVE-2007-6377 +CVE-2007-6377 (Stack-based buffer overflow in the PassThru functionality in ext.dll ...) NOT-FOR-US: BadBlue -CVE-2007-6376 +CVE-2007-6376 (Directory traversal vulnerability in autohtml.php in Francisco Burzi ...) NOT-FOR-US: PHP-Nuke -CVE-2007-6375 +CVE-2007-6375 (Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier ...) NOT-FOR-US: Bitweaver -CVE-2007-6374 +CVE-2007-6374 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 ...) NOT-FOR-US: Bitweaver -CVE-2007-6373 +CVE-2007-6373 (Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow ...) NOT-FOR-US: GestDown -CVE-2007-6372 +CVE-2007-6372 (Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows ...) NOT-FOR-US: JUNOS -CVE-2007-6371 +CVE-2007-6371 (Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote ...) NOT-FOR-US: Nokia N95 -CVE-2007-6370 +CVE-2007-6370 (Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers ...) NOT-FOR-US: Cisco IP Phone 7940 -CVE-2007-6369 +CVE-2007-6369 (Multiple directory traversal vulnerabilities in resize.php in the ...) NOT-FOR-US: PictPress -CVE-2007-6368 +CVE-2007-6368 (Directory traversal vulnerability in index.php in ezContents 1.4.5 ...) NOT-FOR-US: ezContents -CVE-2007-6367 +CVE-2007-6367 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook ...) NOT-FOR-US: SineCMS -CVE-2007-6366 +CVE-2007-6366 (Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier ...) NOT-FOR-US: SineCMS -CVE-2007-6365 +CVE-2007-6365 (Cross-site scripting (XSS) vulnerability in modules/ecal/display.php ...) NOT-FOR-US: bcoos -CVE-2007-6364 +CVE-2007-6364 (Cross-site scripting (XSS) vulnerability in modificarPerfil.php in ...) NOT-FOR-US: JLMForo System -CVE-2007-6363 +CVE-2007-6363 (IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when ...) NOT-FOR-US: IBM Tivoli Netcool Security Manager -CVE-2007-6362 +CVE-2007-6362 (SQL injection vulnerability in index.php in the RSGallery ...) NOT-FOR-US: RSGallery -CVE-2007-6361 +CVE-2007-6361 (Gekko 0.8.2 and earlier stores sensitive information under the web ...) NOT-FOR-US: Gekko -CVE-2007-6360 +CVE-2007-6360 (Unspecified vulnerability in the Sun eXtended System Control Facility ...) NOT-FOR-US: Sun eXtended System Control Facility -CVE-2007-6359 +CVE-2007-6359 (The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-6357 +CVE-2007-6357 (Stack-based buffer overflow in Microsoft Office Access allows remote, ...) NOT-FOR-US: Microsoft Office Access CVE-2007-6353 [exiv2 integer overflow in EXIF parsing] + RESERVED - exiv2 0.15-2 (medium; bug #456760) -CVE-2007-6350 [Unsafe "svn", "svnserve" passthrough in scponly] +CVE-2007-6350 (scponly 4.6 and earlier allows remote authenticated users to bypass ...) - scponly 4.6-1.1 (high; bug #437148) -CVE-2007-6348 [SquirrelMail package compromise] +CVE-2007-6348 (SquirrelMail 1.4.11 and 1.4.12, as distributed on www.squirrelmail.org ...) - squirrelmail <not-affected> (Compromised packages were never in Debian) CVE-2007-6347 (PHP remote file inclusion vulnerability in blocks/block_site_map.php ...) NOT-FOR-US: ViArt, CMS, HelpDesk, Shop Evaluation, Shop Free @@ -114,7 +129,7 @@ RESERVED CVE-2007-6339 RESERVED -CVE-2007-6338 +CVE-2007-6338 (SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill ...) NOT-FOR-US: Trivantis CourseMill Enterprise Learning Management System CVE-2007-6337 RESERVED @@ -306,8 +321,8 @@ RESERVED CVE-2007-6250 RESERVED -CVE-2007-6249 - RESERVED +CVE-2007-6249 (etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the ...) + TODO: check CVE-2007-6248 RESERVED CVE-2007-6247 @@ -445,8 +460,8 @@ NOT-FOR-US: Plumtree CVE-2007-6196 (Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail ...) NOT-FOR-US: Calacode -CVE-2007-6195 - RESERVED +CVE-2007-6195 (Unspecified vulnerability in HP HP-UX B.11.11 and B.11.23, when ...) + TODO: check CVE-2007-6194 (Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 ...) NOT-FOR-US: HP Select Identity CVE-2007-6193 (The web management interface in Citrix NetScaler 8.0 build 47.8 stores ...) @@ -497,7 +512,7 @@ NOT-FOR-US: VU Case Manager CVE-2007-6167 (yast2-core includes the current working directory in its search path, ...) NOT-FOR-US: Yast2 -CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime 7.2 and 7.3 allows ...) +CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime before 7.3.1 allows ...) NOT-FOR-US: Apple QuickTime CVE-2007-6165 (Mail in Apple Mac OS X Leopard allows user-assisted remote attackers ...) NOT-FOR-US: Apple Mac OS X @@ -528,8 +543,8 @@ RESERVED CVE-2007-6152 RESERVED -CVE-2007-6151 - RESERVED +CVE-2007-6151 (The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows ...) + TODO: check CVE-2007-6149 RESERVED CVE-2007-6148 @@ -2343,12 +2358,12 @@ RESERVED CVE-2007-5583 RESERVED -CVE-2007-5582 - RESERVED +CVE-2007-5582 (Cross-site scripting (XSS) vulnerability in the login page in Cisco ...) + TODO: check CVE-2007-5581 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Cisco Unified MeetingPlace -CVE-2007-5580 - RESERVED +CVE-2007-5580 (Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 ...) + TODO: check CVE-2003-1428 (Gallery 1.3.3 creates directories with insecure permissions, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2003-1427 (Directory traversal vulnerability in the web configuration interface ...) @@ -4870,10 +4885,10 @@ RESERVED CVE-2007-4708 RESERVED -CVE-2007-4707 - RESERVED -CVE-2007-4706 - RESERVED +CVE-2007-4707 (Multiple unspecified vulnerabilities in the Flash media handler in ...) + TODO: check +CVE-2007-4706 (Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows ...) + TODO: check CVE-2007-4705 RESERVED CVE-2007-4704 (The Application Firewall in Apple Mac OS X 10.5 does not apply changed ...) @@ -6726,11 +6741,11 @@ - zoph 0.7.0.2-1 (bug #435711) CVE-2007-3904 RESERVED -CVE-2007-3903 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...) +CVE-2007-3903 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-3902 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...) +CVE-2007-3902 (Use-after-free vulnerability in the CRecalcProperty function in ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-3901 (Unspecified vulnerability in Microsoft DirectShow in Microsoft DirectX ...) +CVE-2007-3901 (Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 ...) NOT-FOR-US: Microsoft DirectX CVE-2007-3900 RESERVED @@ -6742,7 +6757,7 @@ NOT-FOR-US: Outlook Express CVE-2007-3896 (The URL handling in Shell32.dll in the Windows shell in Microsoft ...) NOT-FOR-US: Windows -CVE-2007-3895 (Unspecified vulnerability in Microsoft DirectShow in Microsoft DirectX ...) +CVE-2007-3895 (Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 ...) NOT-FOR-US: Microsoft DirectX CVE-2007-3894 RESERVED @@ -8865,7 +8880,7 @@ NOT-FOR-US: Microsoft CVE-2007-3040 (Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft ...) NOT-FOR-US: Windows -CVE-2007-3039 (Buffer overflow in the Microsoft Message Queuing (MSMQ) service in ...) +CVE-2007-3039 (Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) ...) NOT-FOR-US: Windows CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64 Edition ...) NOT-FOR-US: Microsoft @@ -16443,7 +16458,7 @@ RESERVED CVE-2007-0065 RESERVED -CVE-2007-0064 (Unspecified vulnerability in Windows Media Format Runtime 7.1, 9, 9.5, ...) +CVE-2007-0064 (Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, ...) NOT-FOR-US: Windows CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation before ...) - vmware-package 0.16