joeyh at alioth.debian.org
2007-Sep-14 21:14 UTC
[Secure-testing-commits] r6611 - data/CVE
Author: joeyh
Date: 2007-09-14 21:14:09 +0000 (Fri, 14 Sep 2007)
New Revision: 6611
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-09-14 17:31:11 UTC (rev 6610)
+++ data/CVE/list 2007-09-14 21:14:09 UTC (rev 6611)
@@ -1,3 +1,89 @@
+CVE-2007-4891 (A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier
in ...)
+ TODO: check
+CVE-2007-4890 (Absolute directory traversal vulnerability in a certain ActiveX
...)
+ TODO: check
+CVE-2007-4889 (The MySQL extension in PHP 5.2.4 and earlier allows remote
attackers ...)
+ TODO: check
+CVE-2007-4888 (The "You are not allowed..." error handler in
XWiki 1.0 B1 and 1.0 B2 ...)
+ TODO: check
+CVE-2007-4887 (The dl function in PHP 5.2.4 and earlier allows
context-dependent ...)
+ TODO: check
+CVE-2007-4886 (Incomplete blacklist vulnerability in index.php in AuraCMS 1.x
and ...)
+ TODO: check
+CVE-2007-4885 (Avnex AV MP3 Player allows user-assisted remote attackers to
cause a ...)
+ TODO: check
+CVE-2007-4884 (Media Player Classic (MPC) allows user-assisted remote attackers
to ...)
+ TODO: check
+CVE-2007-4883 (Cross-site scripting (XSS) vulnerability in the BotQuery
extension in ...)
+ TODO: check
+CVE-2007-4882 (Multiple cross-site scripting (XSS) vulnerabilities in TechExcel
...)
+ TODO: check
+CVE-2007-4881 (SQL injection vulnerability in profile/myprofile.php in
psi-labs.com ...)
+ TODO: check
+CVE-2007-4880
+ RESERVED
+CVE-2007-4879 (Mozilla Firefox 2.0.x can automatically install TLS client ...)
+ TODO: check
+CVE-2007-4878
+ RESERVED
+CVE-2007-4877
+ RESERVED
+CVE-2007-4876
+ RESERVED
+CVE-2007-4875
+ RESERVED
+CVE-2007-4874
+ RESERVED
+CVE-2007-4873
+ RESERVED
+CVE-2007-4872
+ RESERVED
+CVE-2007-4871
+ RESERVED
+CVE-2007-4870
+ RESERVED
+CVE-2007-4869
+ RESERVED
+CVE-2007-4868
+ RESERVED
+CVE-2007-4867
+ RESERVED
+CVE-2007-4866
+ RESERVED
+CVE-2007-4865
+ RESERVED
+CVE-2007-4864
+ RESERVED
+CVE-2007-4863
+ RESERVED
+CVE-2007-4862
+ RESERVED
+CVE-2007-4861
+ RESERVED
+CVE-2007-4860
+ RESERVED
+CVE-2007-4859
+ RESERVED
+CVE-2007-4858
+ RESERVED
+CVE-2007-4857
+ RESERVED
+CVE-2007-4856
+ RESERVED
+CVE-2007-4855
+ RESERVED
+CVE-2007-4854
+ RESERVED
+CVE-2007-4853
+ RESERVED
+CVE-2007-4852
+ RESERVED
+CVE-2007-4851
+ RESERVED
+CVE-2006-7223 (PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the
...)
+ TODO: check
+CVE-2005-4862 (The search functionality in XWiki 0.9.793 indexes cleartext user
...)
+ TODO: check
CVE-2007-4850
RESERVED
CVE-2007-4849 (JFFS2, as used on One Laptop Per Child (OLPC) build 542 and
possibly ...)
@@ -215,8 +301,8 @@
RESERVED
CVE-2007-4750
RESERVED
-CVE-2007-4749
- RESERVED
+CVE-2007-4749 (The cmdjob utility in Autodesk Backburner 3.0.2 allows remote
...)
+ TODO: check
CVE-2007-4752 (ssh in OpenSSH before 4.7 does not properly handle when an
untrusted ...)
- openssh <unfixed> (low)
[etch] - openssh <no-dsa> (minor issue in weak security measure)
@@ -865,8 +951,8 @@
NOT-FOR-US: snif
CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn
Bitfolge ...)
NOT-FOR-US: snif
-CVE-2007-4465
- RESERVED
+CVE-2007-4465 (Cross-site scripting (XSS) vulnerability in mod_autoindex.c in
the ...)
+ TODO: check
CVE-2007-4464 (CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for
Total ...)
NOT-FOR-US: Total Commander
CVE-2007-4463 (The Fileinfo 2.0.9 plugin for Total Commander allows
user-assisted ...)
@@ -941,7 +1027,7 @@
NOT-FOR-US: SUSE
CVE-2007-4431 (Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and
...)
NOT-FOR-US: Safari/windows
-CVE-2007-4430 (Unspecified vulnerability in Cisco IOS allows context-dependent
...)
+CVE-2007-4430 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows
...)
NOT-FOR-US: Cisco IOS
CVE-2007-4429 (Unspecified vulnerability in Skype allows remote attackers to
cause a ...)
NOT-FOR-US: Skype
@@ -1577,8 +1663,7 @@
NOT-FOR-US: Live for Speed
CVE-2007-4139 (Cross-site scripting (XSS) vulnerability in the Temporary
Uploads ...)
NOT-FOR-US: Temporary Uploads
-CVE-2007-4138 [samba incorrect primary group assignment for domain users using
the rfc2307 or sfu winbind nss info plugin]
- RESERVED
+CVE-2007-4138 (The Winbind nss_info extension (nsswitch/idmap_ad.c) in
idmap_ad.so in ...)
- samba 3.0.26-1
[etch] - samba <not-affected> (Vulnerable code was introduced in 3.0.25)
[sarge] - samba <not-affected> (Vulnerable code was introduced in
3.0.25)
@@ -2475,10 +2560,10 @@
- gimp 2.4.0~rc1-1 (low)
NOTE: lenny is affected but there is a bugfix release for 2.2.16
NOTE: http://developer.gimp.org/NEWS-2.2
-CVE-2007-3740
- RESERVED
-CVE-2007-3739
- RESERVED
+CVE-2007-3740 (The CIFS filesystem, when Unix extension support is enabled,
does not ...)
+ TODO: check
+CVE-2007-3739 (mm/mmap.c in the hugetlb kernel, when run on PowerPC systems,
does not ...)
+ TODO: check
CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before
2.0.0.5 ...)
{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
- iceape 1.1.3-1 (medium)
@@ -4183,7 +4268,7 @@
NOT-FOR-US: Meneame
CVE-2007-3041 (Unspecified vulnerability in the pdwizard.ocx ActiveX object for
...)
NOT-FOR-US: Microsoft
-CVE-2007-3040 (Stack-based buffer overflow in the Agent.Control function in
Microsoft ...)
+CVE-2007-3040 (Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in
Microsoft ...)
TODO: check
CVE-2007-3039
RESERVED
@@ -7348,8 +7433,8 @@
NOT-FOR-US: Second Sight Software
CVE-2007-1689 (Buffer overflow in the ISAlertDataCOM ActiveX control in
ISLALERT.DLL ...)
NOT-FOR-US: Norton
-CVE-2007-1688
- RESERVED
+CVE-2007-1688 (Buffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in
...)
+ TODO: check
CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation
iPIX ...)
NOT-FOR-US: iPIX Image Well ActiveX control
CVE-2007-1686