joeyh at alioth.debian.org
2007-Sep-13 21:14 UTC
[Secure-testing-commits] r6606 - data/CVE
Author: joeyh Date: 2007-09-13 21:14:07 +0000 (Thu, 13 Sep 2007) New Revision: 6606 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-09-13 12:54:13 UTC (rev 6605) +++ data/CVE/list 2007-09-13 21:14:07 UTC (rev 6606) @@ -1,3 +1,49 @@ +CVE-2007-4850 + RESERVED +CVE-2007-4849 (JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly ...) + TODO: check +CVE-2007-4848 (Microsoft Internet Explorer 4.0 through 7 allows remote attackers to ...) + TODO: check +CVE-2007-4847 (Google Picasa allows remote attackers to read image files stored by ...) + TODO: check +CVE-2007-4846 (SQL injection vulnerability in start.php in Webace-Linkscript (wls) ...) + TODO: check +CVE-2007-4845 (Multiple SQL injection vulnerabilities in UPLOAD/index.php in ...) + TODO: check +CVE-2007-4844 (X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly ...) + TODO: check +CVE-2007-4843 (Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 ...) + TODO: check +CVE-2007-4842 (Directory traversal vulnerability in Enriva Development Magellan ...) + TODO: check +CVE-2007-4841 (Mozilla Firefox 2.0.0.6 allows remote attackers to execute arbitrary ...) + TODO: check +CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a ...) + TODO: check +CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...) + TODO: check +CVE-2007-4838 (Multiple buffer overflows in CellFactor Revolution 1.03 and earlier ...) + TODO: check +CVE-2007-4837 (SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows ...) + TODO: check +CVE-2007-4836 (Cross-site scripting (XSS) vulnerability in index.php in phpMyQuote ...) + TODO: check +CVE-2007-4835 (SQL injection vulnerability in index.php in phpMyQuote 0.20 allows ...) + TODO: check +CVE-2007-4834 (Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 ...) + TODO: check +CVE-2007-4833 (Unspecified vulnerability in the Edge Component in IBM WebSphere ...) + TODO: check +CVE-2007-4832 (Format string vulnerability in CellFactor Revolution 1.03 and earlier ...) + TODO: check +CVE-2007-4831 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CVE-2007-4830 (Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in ...) + TODO: check +CVE-2007-4829 + RESERVED +CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API pretty-printing ...) + TODO: check CVE-2007-4827 RESERVED CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows remote BGP peers to cause a denial ...) @@ -219,8 +265,7 @@ RESERVED CVE-2007-4728 RESERVED -CVE-2007-4727 [lighttpd: header overflow when using the mod_fastcgi extension] - RESERVED +CVE-2007-4727 (Buffer overflow in the fcgi_env_add function in ...) - lighttpd 1.4.18-1 (medium; bug #441555) NOTE: http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt NOTE: http://www.lighttpd.net/download/lighttpd-1.4.x_mod_fastcgi_overrun.patch @@ -2097,8 +2142,8 @@ NOT-FOR-US: SSAPI Engine CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace Service ...) NOT-FOR-US: HP OpenView -CVE-2007-3871 - RESERVED +CVE-2007-3871 (Stampit Web uses guessable id values for online stamp purchases, which ...) + TODO: check CVE-2006-7221 (Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow ...) - gftp <unfixed> (unimportant; bug #437710) NOTE: Only a crasher, w/o security impact for a client application like gftp