joeyh at alioth.debian.org
2007-Jul-03 21:14 UTC
[Secure-testing-commits] r6090 - data/CVE
Author: joeyh
Date: 2007-07-03 21:14:12 +0000 (Tue, 03 Jul 2007)
New Revision: 6090
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-07-03 08:21:44 UTC (rev 6089)
+++ data/CVE/list 2007-07-03 21:14:12 UTC (rev 6090)
@@ -1,3 +1,133 @@
+CVE-2007-3514 (Cross-domain vulnerability in Apple Safari for Windows 3.0.2
allows ...)
+ TODO: check
+CVE-2007-3513 (The lcd_write function in drivers/usb/misc/usblcd.c in the Linux
...)
+ TODO: check
+CVE-2007-3512 (Stack-based buffer overflow in Lhaca File Archiver before 1.22
allows ...)
+ TODO: check
+CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox
1.5.0.12 ...)
+ TODO: check
+CVE-2007-3510
+ RESERVED
+CVE-2007-3509
+ RESERVED
+CVE-2007-3508
+ RESERVED
+CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value
function ...)
+ TODO: check
+CVE-2007-3506 (The ft_bitmap_assure_buffer function in src/base/ftbimap.c in
FreeType ...)
+ TODO: check
+CVE-2007-3505 (Multiple directory traversal vulnerabilities in QuickTalk forum
1.3 ...)
+ TODO: check
+CVE-2007-3504 (Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and
Java ...)
+ TODO: check
+CVE-2007-3503 (The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate
HTML ...)
+ TODO: check
+CVE-2007-3502 (Unspecified vulnerability in the web-based product configuration
...)
+ TODO: check
+CVE-2007-3501 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in
...)
+ TODO: check
+CVE-2007-3500 (Xeweb XEForum allows remote attackers to gain privileges via a
...)
+ TODO: check
+CVE-2007-3499 (SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as
...)
+ TODO: check
+CVE-2007-3498 (Cross-site scripting (XSS) vulnerability in
smoketests/configForm.php ...)
+ TODO: check
+CVE-2007-3497 (Microsoft Internet Explorer 7 allows remote attackers to
determine the ...)
+ TODO: check
+CVE-2007-3496 (Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java
...)
+ TODO: check
+CVE-2007-3495 (Multiple cross-site scripting (XSS) vulnerabilities in the SAP
...)
+ TODO: check
+CVE-2007-3494 (Papoo CMS 3.6, and possibly earlier, does not verify user
privileges ...)
+ TODO: check
+CVE-2007-3493 (A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148
in ...)
+ TODO: check
+CVE-2007-3492 (Conti FtpServer 1.0 allows remote authenticated users to cause a
...)
+ TODO: check
+CVE-2007-3491 (Buffer overflow in _mprosrv in Progress Software OpenEdge before
...)
+ TODO: check
+CVE-2007-3490 (Unspecified vulnerability in Microsoft Excel 2003 SP2 allows
remote ...)
+ TODO: check
+CVE-2007-3489 (Cross-site request forgery (CSRF) vulnerability in pop/WizU.html
in ...)
+ TODO: check
+CVE-2007-3488 (Heap-based buffer overflow in the viewer ActiveX control in Sony
...)
+ TODO: check
+CVE-2007-3487 (Absolute directory traversal in a certain ActiveX control in
...)
+ TODO: check
+CVE-2007-3486 (Cross-site scripting (XSS) vulnerability in AltaVista search
engine ...)
+ TODO: check
+CVE-2007-3485 (Multiple cross-site scripting (XSS) vulnerabilities in
Yandex.Server ...)
+ TODO: check
+CVE-2007-3484 (Cross-site scripting (XSS) vulnerability in search.php in Google
...)
+ TODO: check
+CVE-2007-3483 (Research in Motion BlackBerry Enterprise Server 4.0 through 4.1
has a ...)
+ TODO: check
+CVE-2007-3482 (Cross-domain vulnerability in Apple Safari allows remote
attackers to ...)
+ TODO: check
+CVE-2007-3481 (Cross-domain vulnerability in Microsoft Internet Explorer allows
...)
+ TODO: check
+CVE-2007-3480 (PCSoft WinDEV 11 (01F110053p) allows user-assisted remote
attackers to ...)
+ TODO: check
+CVE-2007-3479 (Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p)
allows ...)
+ TODO: check
+CVE-2007-3478 (Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c
in ...)
+ TODO: check
+CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics
...)
+ TODO: check
+CVE-2007-3476 (Array index error in gd_gif_in.c in the GD Graphics Library
(libgd) ...)
+ TODO: check
+CVE-2007-3475 (The GD Graphics Library (libgd) before 2.0.35 allows
user-assisted ...)
+ TODO: check
+CVE-2007-3474 (Multiple unspecified vulnerabilities in the GIF reader in the GD
...)
+ TODO: check
+CVE-2007-3473 (The gdImageCreateXbm function in the GD Graphics Library (libgd)
...)
+ TODO: check
+CVE-2007-3472 (Integer overflow in gdImageCreateTrueColor function in the GD
Graphics ...)
+ TODO: check
+CVE-2007-3471 (Buffer overflow in the dtsession Common Desktop Environment
(CDE) ...)
+ TODO: check
+CVE-2007-3470 (Multiple unspecified vulnerabilities in the KSSL kernel module
in Sun ...)
+ TODO: check
+CVE-2007-3469 (Unspecified vulnerability in the TCP Loopback/Fusion
implementation in ...)
+ TODO: check
+CVE-2007-3468 (input.c in VideoLAN VLC Media Player before 0.8.6c allows remote
...)
+ TODO: check
+CVE-2007-3467 (Integer overflow in the __status_Update function in stats.c
VideoLAN ...)
+ TODO: check
+CVE-2007-3466
+ RESERVED
+CVE-2007-3465 (Check Point SofaWare Safe at Office, with firmware before
Embedded NGX ...)
+ TODO: check
+CVE-2007-3464 (Check Point SofaWare Safe at Office, with firmware before
Embedded NGX ...)
+ TODO: check
+CVE-2007-3463 (** DISPUTED ** ...)
+ TODO: check
+CVE-2007-3462 (Cross-site request forgery (CSRF) vulnerability in Check Point
...)
+ TODO: check
+CVE-2007-3461 (SQL injection vulnerability in property.php in elkagroup Image
Gallery ...)
+ TODO: check
+CVE-2007-3460 (Multiple PHP remote file inclusion vulnerabilities in index.php3
in ...)
+ TODO: check
+CVE-2007-3459 (A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech
Avax ...)
+ TODO: check
+CVE-2007-3458 (The libsldap library in Sun Solaris 8, 9, and 10 allows local
users to ...)
+ TODO: check
+CVE-2007-3457
+ RESERVED
+CVE-2007-3456
+ RESERVED
+CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow
remote ...)
+ TODO: check
+CVE-2006-7213 (Firebird 1.5 allows remote authenticated users without SYSDBA
and ...)
+ TODO: check
+CVE-2006-7212 (Multiple buffer overflows in Firebird 1.5, one of which affects
WNET, ...)
+ TODO: check
+CVE-2006-7211 (fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the
...)
+ TODO: check
+CVE-2006-7210 (Microsoft Windows 2000, XP, and Server 2003 allows remote
attackers to ...)
+ TODO: check
+CVE-2005-4848 (Buffer overflow in the decompression algorithm in Research in
Motion ...)
+ TODO: check
CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan
...)
NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2007-3454 (Buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend
Micro ...)
@@ -88,7 +218,7 @@
NOT-FOR-US: ClickGallery Server
CVE-2007-3411 (SQL injection vulnerability in edit_image.asp in ClickGallery
Server ...)
NOT-FOR-US: ClickGallery Server
-CVE-2007-3410 (Buffer overflow in the wallclock functionality ...)
+CVE-2007-3410 (Stack-based buffer overflow in the
SmilTimeValue::parseWallClockValue ...)
- helix-player <not-affected> (Debian versions of Helix player not
affected according to maintainer)
CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to
cause ...)
TODO: check
@@ -118,7 +248,8 @@
NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3396 (Cross-site scripting (XSS) vulnerability in index.wkf in
KeyFocus (KF) ...)
NOT-FOR-US: KeyFocus
-CVE-2007-3395 (Directory traversal vulnerability in session.rb in Hiki 0.8.0
through ...)
+CVE-2007-3395
+ REJECTED
- hiki 0.8.7-1 (bug #430691; medium)
NOTE: Duplicate of CVE-2007-2836
CVE-2007-3394 (Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow
remote ...)
@@ -143,15 +274,14 @@
RESERVED
CVE-2007-3379
RESERVED
-CVE-2007-3378 [php htaccess safe_mode basedir_bypasses]
- RESERVED
+CVE-2007-3378 (The (1) session_save_path and (2) ini_set functions in PHP 4.4.7
and ...)
- php4 <unfixed> (unimportant)
- php5 <unfixed> (unimportant)
CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates
...)
TODO: check
CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows
...)
TODO: check
-CVE-2007-3375 (Stack-based buffer overflow in Lhaca File Archiver allows ...)
+CVE-2007-3375 (Stack-based buffer overflow in Lhaca File Archiver before 1.21
allows ...)
NOT-FOR-US: Lhaca
CVE-2007-3374 (Buffer overflow in cluster/cman/daemon/daemon.c in cman ...)
- redhat-cluster <unfixed> (medium)
@@ -253,7 +383,7 @@
NOT-FOR-US: Movable Type
CVE-2007-3341 (Unspecified vulnerability in the FTP implementation in Microsoft
...)
NOT-FOR-US: Microsoft
-CVE-2007-3340 (HTTP SERVER 1.6.2 allows remote attackers to cause a denial of
service ...)
+CVE-2007-3340 (BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers
to ...)
NOT-FOR-US: HTTP Server 1.6.2
CVE-2007-3339 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: ColdFusion
@@ -331,7 +461,7 @@
NOT-FOR-US: MiniBill
CVE-2007-3305 (Heap-based buffer overflow in Cerulean Studios Trillian 3.x
before ...)
NOT-FOR-US: Cerulean Studios Trillian
-CVE-2007-3304 (Apache httpd 1.3.37, and 2.0.59 and 2.2.4 with the Prefork MPM
module, ...)
+CVE-2007-3304 (Apache httpd 1.3.37, and 2.2.4 with the Prefork MPM module,
allows ...)
- apache <removed> (low)
[etch] - apache <unfixed> (low)
[sarge] - apache <unfixed> (low)
@@ -435,18 +565,18 @@
NOT-FOR-US: HP System Management Homepage
CVE-2007-3259 (Calendarix 0.7.20070307 allows remote attackers to obtain
sensitive ...)
NOT-FOR-US: Calendarix
-CVE-2007-3258
- RESERVED
+CVE-2007-3258 (calendar.php in Calendarix 0.7.20070307 allows remote attackers
to ...)
+ TODO: check
CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for
Evolution Data ...)
{DSA-1325-1 DSA-1321-1}
- evolution-data-server 1.10.2-2 (bug #429876)
[sarge] - evolution-data-server <not-affected> (Vulnerable code present
in a different source package)
-CVE-2007-3256
- RESERVED
-CVE-2007-3255
- RESERVED
-CVE-2007-3254
- RESERVED
+CVE-2007-3256 (Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL),
and ...)
+ TODO: check
+CVE-2007-3255 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Xythos ...)
+ TODO: check
+CVE-2007-3254 (Multiple cross-site scripting (XSS) vulnerabilities in Xythos
...)
+ TODO: check
CVE-2007-3253 (Multiple unspecified vulnerabilities in Astaro Security Gateway
(ASG) ...)
NOT-FOR-US: Astaro Security Gateway
CVE-2007-3252 (PortalApp stores sensitive information under the web root with
...)
@@ -1410,21 +1540,19 @@
RESERVED
CVE-2007-2839
RESERVED
-CVE-2007-2838
- RESERVED
+CVE-2007-2838 (The populate_conns function in src/populate_conns.c in GSAMBAD
0.1.4 ...)
{DSA-1327-1}
- gsambad 0.1.6-2 (bug #431331)
CVE-2007-2837
RESERVED
{DSA-1326-1}
-CVE-2007-2836 [hiki file deletion vulnerability]
- RESERVED
+CVE-2007-2836 (Directory traversal vulnerability in session.rb in Hiki 0.8.0
through ...)
{DSA-1324-1}
- hiki 0.8.7-1 (bug #430691; medium)
[sarge] - hiki <not-affected> (Vulnerable code not present)
-CVE-2007-2835
- RESERVED
+CVE-2007-2835 (Multiple stack-based buffer overflows in (1) CCE_pinyin.c and
(2) ...)
{DSA-1328-1}
+ TODO: check
CVE-2007-2834
RESERVED
CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of
service ...)
@@ -1496,10 +1624,10 @@
NOT-FOR-US: Vizayn Urun Tanitim Sitesi
CVE-2007-2802 (Cross-site scripting (XSS) vulnerability in
cp/ps/Main/login/Login in ...)
NOT-FOR-US: RM EasyMail Plus
-CVE-2007-2801
- RESERVED
-CVE-2007-2800
- RESERVED
+CVE-2007-2801 (Multiple cross-site scripting (XSS) vulnerabilities in open.php
in ...)
+ TODO: check
+CVE-2007-2800 (index.php in eTicket 1.5.5.1 and earlier allows remote attackers
to ...)
+ TODO: check
CVE-2007-2799 (Integer overflow in the "file" program 4.20,
when running on 32-bit ...)
- file 4.21-1 (medium)
CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc
function in ...)
@@ -3604,8 +3732,7 @@
CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before
4.4.7, ...)
- php4 <unfixed>
- php5 5.2.2-1
-CVE-2007-1863 [apache segfault in mod_cache]
- RESERVED
+CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server
(httpd), ...)
- apache2 <unfixed>
TODO: check apache 1
NOTE: see
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/cache_util.c?view=markup&pathrev=551944
@@ -3771,8 +3898,8 @@
NOTE: Duplicate of CVE-2006-3805
CVE-2007-1793 (SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33
and ...)
NOT-FOR-US: Symantec Norton Personal Firewall
-CVE-2007-1792
- RESERVED
+CVE-2007-1792 (libdayzero.dll in the Filter Hub Service (filter-hub.exe) in
Symantec ...)
+ TODO: check
CVE-2007-1791 (SQL injection vulnerability in wall.php in Picture-Engine 1.2.0
and ...)
NOT-FOR-US: Picture-Engine
CVE-2007-1790 (Multiple PHP remote file inclusion vulnerabilities in Kaqoo
Auction ...)
@@ -4630,7 +4757,7 @@
NOT-FOR-US: Woltlab Burning Board
CVE-2007-1442 (Oracle Database 10g uses a NULL pDacl parameter when calling the
...)
NOT-FOR-US: Oracle Database
-CVE-2007-1441 (The 4thPass browser on the RIM BlackBerry 8100 (Pearl) before
4.2.1 ...)
+CVE-2007-1441 (The 4thPass browser (BlackBerry Browser) on the RIM BlackBerry
8100 ...)
NOT-FOR-US: BlackBerry 8100
CVE-2007-1440 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1
allows ...)
NOT-FOR-US: JGBBS
@@ -11165,8 +11292,8 @@
CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux
...)
{DSA-1304}
- linux-2.6 <unfixed>
-CVE-2006-5752
- RESERVED
+CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the
...)
+ TODO: check
CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
{DSA-1233}
- linux-2.6 2.6.18-8 (medium)