joeyh at alioth.debian.org
2007-Nov-16 21:14 UTC
[Secure-testing-commits] r7330 - data/CVE
Author: joeyh
Date: 2007-11-16 21:14:08 +0000 (Fri, 16 Nov 2007)
New Revision: 7330
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-11-16 20:18:19 UTC (rev 7329)
+++ data/CVE/list 2007-11-16 21:14:08 UTC (rev 7330)
@@ -1,3 +1,53 @@
+CVE-2007-6011 (Unspecified vulnerability in main.php of BugHotel Reservation
System ...)
+ TODO: check
+CVE-2007-6010 (Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3
...)
+ TODO: check
+CVE-2007-6009 (Multiple buffer overflows in ACD products allow user-assisted
remote ...)
+ TODO: check
+CVE-2007-6008 (Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in
Autonomy ...)
+ TODO: check
+CVE-2007-6007 (Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo
...)
+ TODO: check
+CVE-2007-6006 (TestLink before 1.7.1 does not enforce an unspecified
authorization ...)
+ TODO: check
+CVE-2007-6005 (Unspecified vulnerability in the GpcContainer.GpcContainer.1
ActiveX ...)
+ TODO: check
+CVE-2007-6004 (Multiple SQL injection vulnerabilities in index.php in Toko
Instan 7.6 ...)
+ TODO: check
+CVE-2007-6003 (Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in
the ...)
+ TODO: check
+CVE-2007-6002 (Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir
...)
+ TODO: check
+CVE-2007-6001 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+ TODO: check
+CVE-2007-6000 (KDE Konqueror 3.5.6 and earlier allows remote attackers to cause
a ...)
+ TODO: check
+CVE-2007-5999 (SQL injection vulnerability in product_desc.php in Softbiz
Auctions ...)
+ TODO: check
+CVE-2007-5998 (SQL injection vulnerability in ads.php in Softbiz Ad Management
plus ...)
+ TODO: check
+CVE-2007-5997 (SQL injection vulnerability in campaign_stats.php in Softbiz
Banner ...)
+ TODO: check
+CVE-2007-5996 (SQL injection vulnerability in searchresult.php in Softbiz Link
...)
+ TODO: check
+CVE-2007-5995 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2007-5994 (PHP remote file inclusion vulnerability in check_noimage.php in
Fritz ...)
+ TODO: check
+CVE-2007-5993 (Cross-site scripting (XSS) vulnerability in Visionary Technology
in ...)
+ TODO: check
+CVE-2007-5992 (SQL injection vulnerability in index.php in datecomm Social
Networking ...)
+ TODO: check
+CVE-2007-5991 (SQL injection vulnerability in index.php in ExoPHPdesk allows
remote ...)
+ TODO: check
+CVE-2007-5990 (Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows
remote ...)
+ TODO: check
+CVE-2006-7230 (Perl-Compatible Regular Expression (PCRE) library before 7.0
does not ...)
+ TODO: check
+CVE-2004-2755 (Cross-site scripting (XSS) vulnerability in Symantec Web
Security 2.5, ...)
+ TODO: check
+CVE-2004-2754 (SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3,
and ...)
+ TODO: check
CVE-2007-5989
RESERVED
CVE-2007-5988 (blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify
user ...)
@@ -201,8 +251,7 @@
TODO: check
CVE-2007-5906 (Xen 3.1.1 allows virtual guest system users to cause a denial of
...)
TODO: check
-CVE-2007-5905
- RESERVED
+CVE-2007-5905 (Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack
sessions ...)
NOT-FOR-US: Adobe ColdFusion
CVE-2007-5904 (Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and
...)
TODO: check
@@ -1728,8 +1777,7 @@
RESERVED
CVE-2007-5502
RESERVED
-CVE-2007-5501 [kernel tcp remote DoS]
- RESERVED
+CVE-2007-5501 (The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in
Linux ...)
- linux-2.6 <unfixed> (high)
[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in
2.6.21)
NOTE:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=96a2d41a3e495734b63bff4e5dd0112741b93b38
@@ -1832,7 +1880,7 @@
NOTE: should be only "exploitable" in local network with untrusted
users
CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest ...)
NOT-FOR-US: Cisco
-CVE-2007-5467 (Unspecified vulnerability in eXtremail 2.1.1 and earlier allows
remote ...)
+CVE-2007-5467 (Integer overflow in eXtremail 2.1.1 and earlier allows remote
...)
NOT-FOR-US: eXtremail
CVE-2007-5466 (Multiple buffer overflows in eXtremail 2.1.1 and earlier allow
remote ...)
NOT-FOR-US: eXtremail
@@ -2243,24 +2291,24 @@
CVE-2007-5341
RESERVED
CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla
Firefox ...)
- {DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1}
+ {DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1}
- iceweasel 2.0.0.8-1 (high)
- xulrunner 1.8.1.9-1 (high)
- icedove <unfixed> (low)
- iceape 1.1.5 (high)
CVE-2007-5339 (Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, ...)
- {DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1}
+ {DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1}
- iceweasel 2.0.0.8-1 (high)
- xulrunner 1.8.1.9-1 (bug #447734; high)
- icedove <unfixed> (low)
- iceape 1.1.5
CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow
remote ...)
- {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1}
+ {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
- iceweasel 2.0.0.8-1
- xulrunner 1.8.1.9-1
- iceape 1.1.5
CVE-2007-5337 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when
...)
- {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1}
+ {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
- iceweasel 2.0.0.8-1
- xulrunner 1.8.1.9-1
- iceape 1.1.5
@@ -2272,7 +2320,7 @@
NOTE: Firefox 2.0-specific issue, doesn''t affect xulrunner, iceape or
icedove
NOTE: not mentioned in debian changelog, but mozilla #390983 confirms it went
into 2.0.0.8
CVE-2007-5334 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can
hide the ...)
- {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1}
+ {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
- iceweasel 2.0.0.8-1
- xulrunner 1.8.1.9-1
- iceape 1.1.5
@@ -2983,7 +3031,7 @@
NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2002-2227 (Buffer underflow in ssldump 0.9b2 and earlier allows remote
attackers ...)
- ssldump 0.9b3-1 (low)
-CVE-2007-5081 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10 and
10.1; ...)
+CVE-2007-5081 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10,
10.1, and ...)
NOT-FOR-US: RealPlayer
CVE-2007-5080 (Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne
...)
NOT-FOR-US: RealPlayer
@@ -3851,12 +3899,12 @@
RESERVED
CVE-2007-4705
RESERVED
-CVE-2007-4704
- RESERVED
-CVE-2007-4703
- RESERVED
-CVE-2007-4702
- RESERVED
+CVE-2007-4704 (The Application Firewall in Apple Mac OS X 10.5 does not apply
changed ...)
+ TODO: check
+CVE-2007-4703 (The Application Firewall in Apple Mac OS X 10.5 does not prevent
a ...)
+ TODO: check
+CVE-2007-4702 (The Application Firewall in Apple Mac OS X 10.5, when
"Block all ...)
+ TODO: check
CVE-2007-4701 (WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create
...)
NOT-FOR-US: Apple Mac OS X
CVE-2007-4700 (Unspecified vulnerability in WebKit on Apple Mac OS X 10.4
through ...)
@@ -4105,7 +4153,7 @@
NOT-FOR-US: Micro-CMS
CVE-2007-4600 (The "Protect Worksheet" functionality in
Mathsoft Mathcad 12 through ...)
NOT-FOR-US: Mathsoft Mathcad
-CVE-2007-4599 (Stack-based buffer overflow in RealNetworks RealPlayer 10, and
RealOne ...)
+CVE-2007-4599 (Stack-based buffer overflow in RealNetworks RealPlayer 10 and
possibly ...)
NOT-FOR-US: RealPlayer
CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of
"12345" for the manager ...)
NOT-FOR-US: IBM
@@ -4712,8 +4760,8 @@
RESERVED
CVE-2007-4345 (Buffer overflow in IMail Client 9.22, as shipped with IPSwitch
IMail ...)
NOT-FOR-US: IMail Client
-CVE-2007-4344
- RESERVED
+CVE-2007-4344 (Multiple input validation errors in ACD ACDSee Photo Manager 9.0
build ...)
+ TODO: check
CVE-2007-4343 (Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows
...)
NOT-FOR-US: IrfanView
CVE-2007-4342 (PHP remote file inclusion vulnerability in include.php in
PHPCentral ...)
@@ -5156,7 +5204,7 @@
CVE-2007-4137 (Off-by-one error in the QUtf8Decoder::toUnicode function in
Trolltech ...)
- qt-x11-free 3:3.3.7-8 (medium; bug #442780)
- qt4-x11 <not-affected> (Not exploitable according to upstream)
-CVE-2007-4136 (The ricci daemon in Conga 0.10.0 allows remote attackers to
cause a ...)
+CVE-2007-4136 (The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers
to ...)
NOT-FOR-US: Conga
CVE-2007-4135 (The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly
handle ...)
- libnfsidmap 0.18-0 (low; bug #442935)
@@ -6092,25 +6140,25 @@
{DSA-1378-2 DSA-1378-1}
- linux-2.6 <unfixed>
CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before
2.0.0.5 ...)
- {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-80-1}
+ {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
- iceape 1.1.3-1 (medium)
- xulrunner 1.8.1.5-1 (medium)
- iceweasel 2.0.0.5-1 (medium)
NOTE: MFSA2007-25
CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to
execute ...)
- {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-80-1}
+ {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
- iceweasel 2.0.0.5-1 (high)
NOTE: MFSA2007-21
CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox
before ...)
- {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-80-1}
+ {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
- iceweasel 2.0.0.5-1 (high)
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
NOTE: MFSA2007-19
CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in
...)
- {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1
DTSA-71-1 DTSA-80-1}
+ {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1
DTSA-71-1}
- iceweasel 2.0.0.5-1 (high)
- icedove <unfixed> (low)
NOTE: Affects only broken setups, enabling js in Icedove is strongly not
recommended
@@ -6118,7 +6166,7 @@
- xulrunner 1.8.1.5-1 (high)
NOTE: MFSA2007-18
CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1
DTSA-71-1 DTSA-80-1}
+ {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1
DTSA-71-1}
- iceweasel 2.0.0.5-1 (high)
- icedove 2.0.0.6-1 (high; bug #444010)
- iceape 1.1.3-1 (high)
@@ -6299,7 +6347,7 @@
CVE-2007-3657 (** DISPUTED ** ...)
NOTE: Disputed Firefox issue, browser crashes not treated as security problems
anyway
CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does
not ...)
- {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-80-1}
+ {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
- iceweasel 2.0.0.5-1 (high)
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
@@ -6649,7 +6697,7 @@
CVE-2007-3512 (Stack-based buffer overflow in Lhaca File Archiver before 1.22
allows ...)
NOT-FOR-US: Lhaca
CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox
...)
- {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1}
+ {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
- iceweasel 2.0.0.8-1 (bug #438873; low)
- xulrunner 1.8.1.9-1
- iceape 1.1.5
@@ -7216,7 +7264,6 @@
CVE-2007-3286 (Multiple buffer overflows in unspecified ActiveX controls in COM
...)
NOT-FOR-US: Avaya IP Softphone
CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows
remote ...)
- {DTSA-80-1}
- iceweasel <not-affected> (Affects only Firefox in Windows)
NOTE: MFSA2007-22
CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows
allows ...)
@@ -7712,7 +7759,7 @@
[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
- xulrunner <unfixed> (medium)
CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of
document.write ...)
- {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-80-1}
+ {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
- iceweasel 2.0.0.5-1 (low; bug #427691)
- iceape 1.1.3-1 (low)
- xulrunner 1.8.1.5-1 (low)
@@ -9582,7 +9629,7 @@
[lenny] - asterisk <not-affected> (vulnerable code not present)
NOTE: http://ftp.digium.com/pub/asa/ASA-2007-010.html
CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication
support for ...)
- {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1}
+ {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
- iceweasel 2.0.0.8-1 (low)
- xulrunner 1.8.1.9-1
- iceape 1.1.5
@@ -9642,9 +9689,9 @@
NOT-FOR-US: Progress Webspeed Messenger
CVE-2007-2265 (Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha
allows ...)
NOT-FOR-US: YA Book
-CVE-2007-2264 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, and
10.1; ...)
+CVE-2007-2264 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10,
10.1, and ...)
NOT-FOR-US: RealPlayer
-CVE-2007-2263 (Heap-based buffer overflow in RealNetworks RealPlayer 10.0 and
10.1, ...)
+CVE-2007-2263 (Heap-based buffer overflow in RealNetworks RealPlayer 10.0,
10.1, and ...)
NOT-FOR-US: RealPlayer
CVE-2006-7197 (The AJP connector in Apache Tomcat 5.5.15 uses an incorrect
length for ...)
- tomcat5.5 5.5.17-1 (low)
@@ -12571,7 +12618,7 @@
CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in
VirtueMart ...)
NOT-FOR-US: VirtueMart
CVE-2007-1095 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not
...)
- {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1}
+ {DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
- iceweasel 2.0.0.8-1 (low; bug #445514)
- xulrunner 1.8.1.9-1
- iceape 1.1.5
@@ -24617,7 +24664,7 @@
CVE-2006-2895 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up
to ...)
- mediawiki <not-affected> (Affects only 1.6.0-1.6.6)
CVE-2006-2894 (Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite
1.7.13, ...)
- {DSA-1401-1 DSA-1392-1 DTSA-69-1}
+ {DSA-1401-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
- iceweasel 2.0.0.8
- xulrunner 1.8.1.9-1
- iceape 1.1.5