joeyh at alioth.debian.org
2007-Oct-10 21:14 UTC
[Secure-testing-commits] r6902 - data/CVE
Author: joeyh
Date: 2007-10-10 21:14:14 +0000 (Wed, 10 Oct 2007)
New Revision: 6902
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-10-10 18:08:23 UTC (rev 6901)
+++ data/CVE/list 2007-10-10 21:14:14 UTC (rev 6902)
@@ -1,14 +1,155 @@
-CVE-2007-5301 (Buffer overflow in the vorbis_stream_info function (aka the
vorbis input ...)
+CVE-2007-5357
+ RESERVED
+CVE-2007-5356
+ RESERVED
+CVE-2007-5355
+ RESERVED
+CVE-2007-5354
+ RESERVED
+CVE-2007-5353
+ RESERVED
+CVE-2007-5352
+ RESERVED
+CVE-2007-5351
+ RESERVED
+CVE-2007-5350
+ RESERVED
+CVE-2007-5349
+ RESERVED
+CVE-2007-5348
+ RESERVED
+CVE-2007-5347
+ RESERVED
+CVE-2007-5346
+ RESERVED
+CVE-2007-5345
+ RESERVED
+CVE-2007-5344
+ RESERVED
+CVE-2007-5343
+ RESERVED
+CVE-2007-5342
+ RESERVED
+CVE-2007-5341
+ RESERVED
+CVE-2007-5340
+ RESERVED
+CVE-2007-5339
+ RESERVED
+CVE-2007-5338
+ RESERVED
+CVE-2007-5337
+ RESERVED
+CVE-2007-5336
+ RESERVED
+CVE-2007-5335
+ RESERVED
+CVE-2007-5334
+ RESERVED
+CVE-2007-5333
+ RESERVED
+CVE-2007-5332
+ RESERVED
+CVE-2007-5331
+ RESERVED
+CVE-2007-5330
+ RESERVED
+CVE-2007-5329
+ RESERVED
+CVE-2007-5328
+ RESERVED
+CVE-2007-5327
+ RESERVED
+CVE-2007-5326
+ RESERVED
+CVE-2007-5325
+ RESERVED
+CVE-2007-5324
+ RESERVED
+CVE-2007-5323
+ RESERVED
+CVE-2007-5322 (The FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual
FoxPro ...)
+ TODO: check
+CVE-2007-5321 (Directory traversal vulnerability in index.php in Verlihub
Control ...)
+ TODO: check
+CVE-2007-5320 (Multiple absolute path traversal vulnerabilities in Pegasus
Imaging ...)
+ TODO: check
+CVE-2007-5319 (Unspecified vulnerability in the vuidmice STREAMS modules in Sun
...)
+ TODO: check
+CVE-2007-5318 (Unspecified vulnerability in preview.php in TYPOlight webCMS
2.4.6 ...)
+ TODO: check
+CVE-2007-5317 (Cross-site scripting (XSS) vulnerability in photos.cfm in
Directory ...)
+ TODO: check
+CVE-2007-5316 (SQL injection vulnerability in browsecats.php in Softbiz Jobs
and ...)
+ TODO: check
+CVE-2007-5315 (PHP remote file inclusion vulnerability in common.php in
LiveAlbum ...)
+ TODO: check
+CVE-2007-5314 (PHP remote file inclusion vulnerability in
system/funcs/xkurl.php in ...)
+ TODO: check
+CVE-2007-5313 (PHP remote file inclusion vulnerability in install/config.php in
...)
+ TODO: check
+CVE-2007-5312 (Cross-site scripting (XSS) vulnerability in TorrentTrader
Classic 1.07 ...)
+ TODO: check
+CVE-2007-5311 (Directory traversal vulnerability in backend/admin-functions.php
in ...)
+ TODO: check
+CVE-2007-5310 (PHP remote file inclusion vulnerability in
admin.wmtportfolio.php in ...)
+ TODO: check
+CVE-2007-5309 (PHP remote file inclusion vulnerability in admin.wmtgallery.php
in the ...)
+ TODO: check
+CVE-2007-5308 (SQL injection vulnerability in galerie.php in PHP Homepage M
(phpHPm) ...)
+ TODO: check
+CVE-2007-5307 (ELSEIF CMS Beta 0.6 does not properly unset variables when the
input ...)
+ TODO: check
+CVE-2007-5306 (ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive
...)
+ TODO: check
+CVE-2007-5305 (Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS
Beta ...)
+ TODO: check
+CVE-2007-5304 (Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF
CMS Beta ...)
+ TODO: check
+CVE-2007-5303 (Cross-site scripting (XSS) vulnerability in news_page.php in
SnewsCMS ...)
+ TODO: check
+CVE-2007-5302 (Multiple cross-site scripting (XSS) vulnerabilities in HP System
...)
+ TODO: check
+CVE-2007-5300 (Off-by-one error in the do_login_loop function in ...)
+ TODO: check
+CVE-2007-5299 (Multiple directory traversal vulnerabilities in SkaDate 5.0 and
6.0, ...)
+ TODO: check
+CVE-2007-5298 (Multiple PHP remote file inclusion vulnerabilities in CMS
Creamotion ...)
+ TODO: check
+CVE-2007-5297 (Cross-site scripting (XSS) vulnerability in index.php in Minki
1.30 ...)
+ TODO: check
+CVE-2007-5296 (Multiple cross-site scripting (XSS) vulnerabilities in
dblisttest.asp ...)
+ TODO: check
+CVE-2007-5295 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+ TODO: check
+CVE-2007-5294 (PHP remote file inclusion vulnerability in core/aural.php in
IDMOS ...)
+ TODO: check
+CVE-2007-5293 (Multiple cross-site scripting (XSS) vulnerabilities in IDMOS
1.0-beta ...)
+ TODO: check
+CVE-2007-5292 (Cross-site scripting (XSS) vulnerability in photos.cfm in
Directory ...)
+ TODO: check
+CVE-2007-5291 (Cross-site scripting (XSS) vulnerability in Edit.asp in DB
Manager 2.0 ...)
+ TODO: check
+CVE-2007-5290 (Multiple cross-site scripting (XSS) vulnerabilities in MailBee
WebMail ...)
+ TODO: check
+CVE-2007-5289
+ RESERVED
+CVE-2007-5301 (Buffer overflow in the vorbis_stream_info function in ...)
- alsaplayer <unfixed> (medium; bug #446034)
-CVE-2007-5288 (The TSC Domain Manager in Hitachi TPBroker Object Transaction
Monitor ...)
+CVE-2007-5288
+ REJECTED
NOT-FOR-US: Hitachi TPBroker
-CVE-2007-5287 (Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus
Library ...)
+CVE-2007-5287
+ REJECTED
NOT-FOR-US: Hitachi Cosminexus Agent
-CVE-2007-5286 (The Java Secure Socket Extension (JSSE) in the Hitachi
Cosminexus ...)
+CVE-2007-5286
+ REJECTED
NOT-FOR-US: Hitachi Cosminexus
-CVE-2007-5285 (Multiple cross-site scripting (XSS) vulnerabilities in
messages.jsp in ...)
+CVE-2007-5285
+ REJECTED
NOT-FOR-US: Appfuse
-CVE-2007-5284 (Heap-based buffer overflow in ConeXware PowerArchiver before
10.20.21 ...)
+CVE-2007-5284
+ REJECTED
NOT-FOR-US: PowerArchiver
CVE-2007-5283 (The TSC Domain Manager in Hitachi TPBroker Object Transaction
Monitor ...)
NOT-FOR-US: Hitachi TPBroker
@@ -925,6 +1066,7 @@
CVE-2007-4939 (Heap-based buffer overflow in mplayerc.exe in Media Player
Classic ...)
NOT-FOR-US: Media Player Classic
CVE-2007-4938 (Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer
1.0rc1 ...)
+ {DTSA-65-1}
- mplayer 1.0~rc1-16.1 (bug #443478; low)
NOTE: just a NULL pointer dereference.
CVE-2007-4937 (CS Guestbook stores sensitive information under the web root
with ...)
@@ -1008,7 +1150,7 @@
NOT-FOR-US: Boinc Forum
CVE-2007-4898 (Unspecified vulnerability in the Multiwiki plugin in XWiki
before 1.1 ...)
NOT-FOR-US: Xwiki
-CVE-2007-4897 (The SIPURL::GetHostAddress function in Ekiga (formerly
GnomeMeeting) ...)
+CVE-2007-4897 (pwlib, as used by Ekiga 2.0.5 and possibly other products,
allows ...)
- ekiga 2.0.9-1 (low)
CVE-2007-4896 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Toms Gaestebuch
@@ -2002,8 +2144,8 @@
RESERVED
CVE-2007-4467 (Multiple stack-based buffer overflows in the Oracle JInitiator
ActiveX ...)
NOT-FOR-US: Oracle
-CVE-2007-4466
- RESERVED
+CVE-2007-4466 (Multiple stack-based buffer overflows in Electronic Arts (EA)
...)
+ TODO: check
CVE-2006-7222 (Buffer overflow in the CFLICStream::_deltachunk function in ...)
NOT-FOR-US: Media Player Classic
CVE-2003-1335 (Directory traversal vulnerability in Kai Blankenhorn Bitfolge
simple ...)
@@ -3264,22 +3406,22 @@
RESERVED
CVE-2007-3900
RESERVED
-CVE-2007-3899
- RESERVED
+CVE-2007-3899 (Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002
SP3, ...)
+ TODO: check
CVE-2007-3898
RESERVED
-CVE-2007-3897
- RESERVED
+CVE-2007-3897 (Unspecified vulnerability in Microsoft Outlook Express 6 and
earlier, ...)
+ TODO: check
CVE-2007-3896
RESERVED
CVE-2007-3895
RESERVED
CVE-2007-3894
RESERVED
-CVE-2007-3893
- RESERVED
-CVE-2007-3892
- RESERVED
+CVE-2007-3893 (Unspecified vulnerability in Microsoft Internet Explorer 5.01
through ...)
+ TODO: check
+CVE-2007-3892 (Microsoft Internet Explorer 5.01 through 7 allows remote
attackers to ...)
+ TODO: check
CVE-2007-3891 (Unspecified vulnerability in Windows Vista Weather Gadgets in
Windows ...)
NOT-FOR-US: Windows Vista
CVE-2007-3890 (Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003
SP2, ...)
@@ -6956,7 +7098,7 @@
NOT-FOR-US: Wserve HTTP Server (whttp)
CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows
user-assisted ...)
NOT-FOR-US: Corel
-CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop
Elements ...)
+CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop
Elements ...)
NOT-FOR-US: Adobe
CVE-2007-2364 (Multiple PHP remote file inclusion vulnerabilities in burnCMS
0.2 and ...)
NOT-FOR-US: burnCMS
@@ -7233,7 +7375,7 @@
{DSA-1370-2 DSA-1370-1}
- phpmyadmin 4:2.10.1-1 (low)
NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4
-CVE-2007-2244 (Multiple buffer overflows in Adobe Photoshop CS2 and CS3 allow
...)
+CVE-2007-2244 (Multiple buffer overflows in Adobe Photoshop CS2 and CS3,
Illustrator ...)
NOT-FOR-US: Adobe Photoshop
CVE-2007-2243 (OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is
...)
- openssh <unfixed> (bug #436571; unimportant)
@@ -7276,8 +7418,8 @@
NOT-FOR-US: CA Clever Path
CVE-2007-2229 (Microsoft Windows Vista uses insecure default permissions for
...)
NOT-FOR-US: Microsoft
-CVE-2007-2228
- RESERVED
+CVE-2007-2228 (Unspecified vulnerability in the remote procedure call (RPC)
component ...)
+ TODO: check
CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and
Windows ...)
NOT-FOR-US: Microsoft
CVE-2007-2226
@@ -7298,8 +7440,8 @@
NOT-FOR-US: Microsoft
CVE-2007-2218 (Unspecified vulnerability in the Windows Schannel Security
Package for ...)
NOT-FOR-US: Microsoft
-CVE-2007-2217
- RESERVED
+CVE-2007-2217 (Unspecified vulnerability in Kodak Image Viewer in Microsoft
Windows ...)
+ TODO: check
CVE-2007-2216 (The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet
...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2215