Author: nion Date: 2007-09-13 22:01:40 +0000 (Thu, 13 Sep 2007) New Revision: 6607 Modified: data/CVE/list Log: NFUs CVE-2007-4841 note added CVE-2007-4840 affects php5 and php4 CVE-2007-4828 unstable,testing affected, etch unaffected CVE-2007-4849 linux-2.6 affected Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-09-13 21:14:07 UTC (rev 6606) +++ data/CVE/list 2007-09-13 22:01:40 UTC (rev 6607) @@ -1,53 +1,60 @@ CVE-2007-4850 RESERVED CVE-2007-4849 (JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly ...) - TODO: check + - linux-2.6 <unfixed> CVE-2007-4848 (Microsoft Internet Explorer 4.0 through 7 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2007-4847 (Google Picasa allows remote attackers to read image files stored by ...) - TODO: check + NOT-FOR-US: Google Picasa CVE-2007-4846 (SQL injection vulnerability in start.php in Webace-Linkscript (wls) ...) - TODO: check + NOT-FOR-US: Webace-Linkscript CVE-2007-4845 (Multiple SQL injection vulnerabilities in UPLOAD/index.php in ...) - TODO: check + NOT-FOR-US: RW::Download CVE-2007-4844 (X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly ...) - TODO: check + NOT-FOR-US: Unreal Commander CVE-2007-4843 (Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 ...) - TODO: check + NOT-FOR-US: Unreal Commander CVE-2007-4842 (Directory traversal vulnerability in Enriva Development Magellan ...) - TODO: check + NOT-FOR-US: Magellan Explorer CVE-2007-4841 (Mozilla Firefox 2.0.0.6 allows remote attackers to execute arbitrary ...) TODO: check + NOTE: this vulnerability is unspecified CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a ...) - TODO: check + - php5 <unfixed> (low) + - php4 <unfixed> (low) + NOTE: can be reproduced on etch, lenny and sid + NOTE: this might not be a vulnerability in most web server environments + NOTE: that support multiple threads, unless these issues can be demonstrated for + NOTE: code execution. CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2007-4838 (Multiple buffer overflows in CellFactor Revolution 1.03 and earlier ...) - TODO: check + NOT-FOR-US: CellFactor Revolution CVE-2007-4837 (SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows ...) - TODO: check + NOT-FOR-US: Proxy Anket CVE-2007-4836 (Cross-site scripting (XSS) vulnerability in index.php in phpMyQuote ...) - TODO: check + NOT-FOR-US: phpMyQuote CVE-2007-4835 (SQL injection vulnerability in index.php in phpMyQuote 0.20 allows ...) - TODO: check + NOT-FOR-US: phpMyQuote CVE-2007-4834 (Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 ...) - TODO: check + NOT-FOR-US: phpRealty CVE-2007-4833 (Unspecified vulnerability in the Edge Component in IBM WebSphere ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2007-4832 (Format string vulnerability in CellFactor Revolution 1.03 and earlier ...) - TODO: check + NOT-FOR-US: CellFactor Revolution CVE-2007-4831 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: TorrentTrader CVE-2007-4830 (Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in ...) - TODO: check + NOT-FOR-US: DirectAdmin CVE-2007-4829 RESERVED CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API pretty-printing ...) - TODO: check + - mediawiki <unfixed> (low) + [etch] - mediawiki <not-affected> (Does not include the vulnerable code) CVE-2007-4827 RESERVED CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows remote BGP peers to cause a denial ...) - - quagga <unfixed> (low) + - quagga 0.99.9-1 (low; bug #442133) NOTE: Upstream says that this can only be exploited by configured peers. CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier allows ...) - php5 <unfixed> (medium)