joeyh at alioth.debian.org
2007-Sep-11 21:14 UTC
[Secure-testing-commits] r6582 - data/CVE
Author: joeyh
Date: 2007-09-11 21:14:12 +0000 (Tue, 11 Sep 2007)
New Revision: 6582
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-09-11 20:23:42 UTC (rev 6581)
+++ data/CVE/list 2007-09-11 21:14:12 UTC (rev 6582)
@@ -1,3 +1,77 @@
+CVE-2007-4801
+ RESERVED
+CVE-2007-4800
+ RESERVED
+CVE-2007-4799 (The perfstat kernel extension in bos.perf.perfstat in AIX 5.3
does not ...)
+ TODO: check
+CVE-2007-4798 (Unspecified vulnerability in invscout in Inventory Scout in ...)
+ TODO: check
+CVE-2007-4797 (Multiple buffer overflows in unspecified svprint (System V
print) ...)
+ TODO: check
+CVE-2007-4796 (Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3
allows ...)
+ TODO: check
+CVE-2007-4795 (Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and
5.3 ...)
+ TODO: check
+CVE-2007-4794 (Buffer overflow in fcstat in devices.common.IBM.fc.rte in IBM
AIX 5.2 ...)
+ TODO: check
+CVE-2007-4793 (Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and
5.3 ...)
+ TODO: check
+CVE-2007-4792 (Buffer overflow in ibstat in devices.common.IBM.ib.rte in IBM
AIX 5.3 ...)
+ TODO: check
+CVE-2007-4791 (Buffer overflow in the swcons command in bos.rte.console in IBM
AIX ...)
+ TODO: check
+CVE-2007-4790 (Stack-based buffer overflow in a certain ActiveX control in
FPOLE.OCX ...)
+ TODO: check
+CVE-2007-4789 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and
Cisco ...)
+ TODO: check
+CVE-2007-4788 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.3a, and
Cisco ...)
+ TODO: check
+CVE-2007-4787 (The virus detection engine in Sophos Anti-Virus before 2.49.0
does not ...)
+ TODO: check
+CVE-2007-4786 (Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before
...)
+ TODO: check
+CVE-2007-4785 (Sony Micro Vault Fingerprint Access Software, as distributed
with Sony ...)
+ TODO: check
+CVE-2007-4784 (The setlocale function in PHP before 5.2.4 allows
context-dependent ...)
+ TODO: check
+CVE-2007-4783 (The iconv_substr function in PHP 5.2.4 and earlier allows ...)
+ TODO: check
+CVE-2007-4782 (PHP before 5.2.3 allows context-dependent attackers to cause a
denial ...)
+ TODO: check
+CVE-2007-4781 (administrator/index.php in the installer component
(com_installer) in ...)
+ TODO: check
+CVE-2007-4780 (Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to
obtain ...)
+ TODO: check
+CVE-2007-4779 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before
RC2 ...)
+ TODO: check
+CVE-2007-4778 (Multiple SQL injection vulnerabilities in the content component
...)
+ TODO: check
+CVE-2007-4777 (SQL injection vulnerability in Joomla! 1.5 before RC2 (aka
Endeleo) ...)
+ TODO: check
+CVE-2007-4776 (Buffer overflow in Microsoft Visual Basic 6.0 allows
user-assisted ...)
+ TODO: check
+CVE-2007-4775
+ RESERVED
+CVE-2007-4774
+ RESERVED
+CVE-2007-4773
+ RESERVED
+CVE-2007-4772
+ RESERVED
+CVE-2007-4771
+ RESERVED
+CVE-2007-4770
+ RESERVED
+CVE-2007-4769
+ RESERVED
+CVE-2007-4768
+ RESERVED
+CVE-2007-4767
+ RESERVED
+CVE-2007-4766
+ RESERVED
+CVE-2007-4765
+ RESERVED
CVE-2007-XXXX [wordpress: Users without unfiltered_html capability can post
arbitrary html]
- wordpress 2.2.3-1
CVE-2007-4764 (Directory traversal vulnerability in pawfaliki.php in Pawfaliki
0.5.1 ...)
@@ -261,7 +335,7 @@
NOT-FOR-US: SSHield
CVE-2007-4653 (SQL injection vulnerability in links.php in the Links MOD 1.2.2
and ...)
NOT-FOR-US: Cisco Content Services Switch
-CVE-2007-4652 (PHP before 5.2.4 might allow local users to bypass open_basedir
...)
+CVE-2007-4652 (The session extension in PHP before 5.2.4 might allow local
users to ...)
- php5 <unfixed> (unimportant)
CVE-2007-4651
RESERVED
@@ -575,8 +649,8 @@
RESERVED
CVE-2007-4513
RESERVED
-CVE-2007-4512
- RESERVED
+CVE-2007-4512 (Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus
for ...)
+ TODO: check
CVE-2007-4511 (The Sun Admin Console in Sun Application Server 9.0_0.1 does not
apply ...)
NOT-FOR-US: Sun Application Server
CVE-2007-4510 (ClamAV before 0.91.2, as used in Kolab Server 2.0 through
2.2beta1 and ...)
@@ -661,8 +735,8 @@
NOT-FOR-US: Broderbund Expressit
CVE-2007-4471 (Multiple unspecified vulnerabilities in the Intuit QuickBooks
Online ...)
NOT-FOR-US: QuickBooks
-CVE-2007-4470
- RESERVED
+CVE-2007-4470 (Multiple stack-based buffer overflows in the Earth Resource
Mapping ...)
+ TODO: check
CVE-2007-4469
RESERVED
CVE-2007-4468
@@ -1319,7 +1393,7 @@
NOT-FOR-US: EQDKP Plus
CVE-2007-4175 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
NOT-FOR-US: Openrat CMS
-CVE-2007-4174 (Unspecified vulnerability in Tor before 0.1.2.16, when
ControlPort is ...)
+CVE-2007-4174 (Tor before 0.1.2.16, when ControlPort is enabled, does not
properly ...)
- tor 0.1.2.16-1 (medium)
CVE-2007-4173 (SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul
Portali ...)
NOT-FOR-US: Hunkaray Okul Portali
@@ -1699,7 +1773,7 @@
[etch] - krb5 <not-affected> (Vulnerable code not present)
[sarge] - krb5 <not-affected> (Vulnerable code not present)
CVE-2007-3999 (Stack-based buffer overflow in the svcauth_gss_validate function
in ...)
- {DSA-1368-1}
+ {DSA-1368-1 DSA-1367-1}
- librpcsecgss 0.14-3
- krb5 1.6.dfsg.1-7 (high)
[sarge] - krb5 <not-affected> (Vulnerable code not present)
@@ -1882,8 +1956,7 @@
CVE-2007-3913 (SQL injection vulnerability in Gforge before 3.1 allows remote
...)
{DSA-1369-1 DTSA-57-1}
- gforge 4.6.99+svn6086-1
-CVE-2007-3912 [debian-goodies checkrestart missing shell metachar escaping]
- RESERVED
+CVE-2007-3912 (checkrestart in debian-goodies before 0.34 allows local users to
gain ...)
- debian-goodies 0.34 (bug #440411; medium)
CVE-2007-3911 (Multiple heap-based buffer overflows in (1) clsscheduler.exe
(aka ...)
NOT-FOR-US: BakBone NetVault Reporter