thr3ads.net - Secure testing commits - [Secure-testing-commits] r6601

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Sep-12 21:14 UTC
[Secure-testing-commits] r6601 - data/CVE

Author: joeyh
Date: 2007-09-12 21:14:07 +0000 (Wed, 12 Sep 2007)
New Revision: 6601

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-09-12 16:48:48 UTC (rev 6600)
+++ data/CVE/list	2007-09-12 21:14:07 UTC (rev 6601)
@@ -1,3 +1,55 @@
+CVE-2007-4827
+	RESERVED
+CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows remote BGP peers to cause a
denial ...)
+	TODO: check
+CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier
allows ...)
+	TODO: check
+CVE-2007-4824 (Multiple cross-application scripting (XAS) vulnerabilities in
Google ...)
+	TODO: check
+CVE-2007-4823 (Multiple buffer overflows in Google Picasa have unspecified
attack ...)
+	TODO: check
+CVE-2007-4822 (Cross-site request forgery (CSRF) vulnerability in the device
...)
+	TODO: check
+CVE-2007-4821 (Buffer overflow in a certain ActiveX control in officeviewer.ocx
...)
+	TODO: check
+CVE-2007-4820 (Absolute path traversal vulnerability in blanko.preview.php in
Sisfo ...)
+	TODO: check
+CVE-2007-4819 (Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS
0.2 ...)
+	TODO: check
+CVE-2007-4818 (Multiple PHP remote file inclusion vulnerabilities in Txx CMS
0.2 ...)
+	TODO: check
+CVE-2007-4817 (Unrestricted file upload vulnerability in the Restaurante ...)
+	TODO: check
+CVE-2007-4816 (Multiple buffer overflows in the BaoFeng2 storm ActiveX control
in ...)
+	TODO: check
+CVE-2007-4815 (Multiple PHP remote file inclusion vulnerabilities in WebED in
Markus ...)
+	TODO: check
+CVE-2007-4814 (Buffer overflow in the SQLServer ActiveX control in the
Distributed ...)
+	TODO: check
+CVE-2007-4813 (Cross-site scripting (XSS) vulnerability in Domino Blogsphere
3.01 ...)
+	TODO: check
+CVE-2007-4812 (Buffer overflow in Apple Safari 3.0.3 522.15.5 allows remote
attackers ...)
+	TODO: check
+CVE-2007-4811 (Multiple cross-site scripting (XSS) vulnerabilities in Netjuke
1.0-rc2 ...)
+	TODO: check
+CVE-2007-4810 (Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow
remote ...)
+	TODO: check
+CVE-2007-4809 (Multiple PHP remote file inclusion vulnerabilities in Online
Fantasy ...)
+	TODO: check
+CVE-2007-4808 (Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow
remote ...)
+	TODO: check
+CVE-2007-4807 (Multiple PHP remote file inclusion vulnerabilities in Focus/SIS
2.2 ...)
+	TODO: check
+CVE-2007-4806 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-4805 (Directory traversal vulnerability in getgalldata.php in
fuzzylime ...)
+	TODO: check
+CVE-2007-4804 (Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow
remote ...)
+	TODO: check
+CVE-2007-4803 (Buffer overflow in AtomixMP3 2.3 allows user-assisted remote
attackers ...)
+	TODO: check
+CVE-2007-4802 (Multiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow
...)
+	TODO: check
 CVE-2007-4801
 	RESERVED
 CVE-2007-4800
@@ -104,8 +156,7 @@
 	RESERVED
 CVE-2007-4749
 	RESERVED
-CVE-2007-4752 [Unsafe fallback to trusted X11 cookie in openssh]
-	RESERVED
+CVE-2007-4752 (ssh in OpenSSH before 4.7 does not properly handle when an
untrusted ...)
 	- openssh <unfixed> (low)
 	[etch] - openssh <no-dsa> (minor issue in weak security measure)
 	[sarge] - openssh <no-dsa> (minor issue in weak security measure)
@@ -155,10 +206,9 @@
 	- librpcsecgss 0.14-4 (high; bug #441393)
 	NOTE: http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86
 	NOTE: 1.6.dfsg.1-7 somehow already includes the updated version
-CVE-2007-4731
-	RESERVED
-CVE-2007-4730 [xorg composite overflow]
-	RESERVED
+CVE-2007-4731 (Stack-based buffer overflow in the TMregChange function in
TMReg.dll ...)
+	TODO: check
+CVE-2007-4730 (Buffer overflow in the compNewPixmap function in compalloc.c in
the ...)
 	{DSA-1372-1}
 	NOTE: XFree86 is not affected
 CVE-2007-4729
@@ -337,8 +387,8 @@
 	NOT-FOR-US: Cisco Content Services Switch
 CVE-2007-4652 (The session extension in PHP before 5.2.4 might allow local
users to ...)
 	- php5 <unfixed> (unimportant)
-CVE-2007-4651
-	RESERVED
+CVE-2007-4651 (Unspecified vulnerability in Adobe Connect Enterprise Server 6
allows ...)
+	TODO: check
 CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3
allow ...)
 	- gallery2 2.2.3-1
 	[etch] - gallery2 <unfixed> (bug #441407)
@@ -1660,6 +1710,7 @@
 	REJECTED
 	NOTE: Rediscovery / dupe of CVE-2000-1205
 CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in
phpSysInfo ...)
+	{DTSA-58-1}
 	- phpsysinfo 2.5.1-6.1 (low; bug #435935)
 	- phpgroupware 0.9.16.012-1 (low; bug #435936)
 	- egroupware-phpsysinfo 1.2.107-2.dfsg-1.1 (low; bug #435937)
@@ -1728,7 +1779,7 @@
 CVE-2007-4020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php
in ...)
 	NOT-FOR-US: AdMan
 CVE-2007-4019
-	RESERVED
+	REJECTED
 CVE-2007-5645
 	REJECTED
 	NOTE: duplicate of CVE-2006-5645
@@ -4064,16 +4115,16 @@
 	NOT-FOR-US: Meneame
 CVE-2007-3041 (Unspecified vulnerability in the pdwizard.ocx ActiveX object for
...)
 	NOT-FOR-US: Microsoft
-CVE-2007-3040
-	RESERVED
+CVE-2007-3040 (Stack-based buffer overflow in the Agent.Control function in
Microsoft ...)
+	TODO: check
 CVE-2007-3039
 	RESERVED
 CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64
Edition ...)
 	NOT-FOR-US: Microsoft
 CVE-2007-3037 (Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote
...)
 	NOT-FOR-US: Microsoft
-CVE-2007-3036
-	RESERVED
+CVE-2007-3036 (Unspecified vulnerability in the (1) Windows Services for UNIX
3.0 and ...)
+	TODO: check
 CVE-2007-3035 (Unspecified vulnerability in Microsoft Windows Media Player 7.1,
9, ...)
 	NOT-FOR-US: Microsoft
 CVE-2007-3034 (Integer overflow in the AttemptWrite function in Graphics
Rendering ...)
@@ -4309,10 +4360,10 @@
 	NOT-FOR-US: Phil-a-Form
 CVE-2007-2932 (Cross-site scripting (XSS) vulnerability in index.php in
BoastMachine ...)
 	NOT-FOR-US: BoastMachine
-CVE-2007-2931 (Heap-based buffer overflow in Microsoft MSN Messenger 7.x and
Live ...)
+CVE-2007-2931 (Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0,
and ...)
 	NOT-FOR-US: MSN Messenger
-CVE-2007-2930
-	RESERVED
+CVE-2007-2930 (The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms
in ISC ...)
+	TODO: check
 CVE-2007-2929 (The IBM Lenovo Access Support acpRunner ActiveX control, as ...)
 	NOT-FOR-US: IBM Lenovo Access Support
 CVE-2007-2928 (Format string vulnerability in the IBM Lenovo Access Support
acpRunner ...)
@@ -13559,7 +13610,7 @@
 	NOT-FOR-US: IBM WebSphere
 CVE-2006-6134 (Heap-based buffer overflow in the WMCheckURLScheme function in
...)
 	NOT-FOR-US: Windows Media
-CVE-2006-6133 (Stack-based buffer overflow in Business Objects Crystal Reports
XI ...)
+CVE-2006-6133 (Stack-based buffer overflow in Visual Studio Crystal Reports for
...)
 	NOT-FOR-US: Business Objects Crystal Reports
 CVE-2006-6132 (Multiple SQL injection vulnerabilities in Link Exchange Lite
allow ...)
 	NOT-FOR-US: Link Exchange Lite
Secure testing commits - Sep 2007 - r6601 - data/CVE

[Secure-testing-commits] r6601 - data/CVE
