thr3ads.net - Secure testing commits - [Secure-testing-commits] r5983

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Jun-08 21:14 UTC
[Secure-testing-commits] r5983 - data/CVE

Author: joeyh
Date: 2007-06-08 21:14:08 +0000 (Fri, 08 Jun 2007)
New Revision: 5983

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-06-08 18:04:03 UTC (rev 5982)
+++ data/CVE/list	2007-06-08 21:14:08 UTC (rev 5983)
@@ -1,3 +1,329 @@
+CVE-2007-3129
+	RESERVED
+CVE-2007-3128
+	RESERVED
+CVE-2007-3127
+	RESERVED
+CVE-2007-3126 (Gimp 2.3.14 allows context-dependent attackers to cause a denial
of ...)
+	TODO: check
+CVE-2007-3125 (Format string vulnerability in the inputAnswer function in
file.c in ...)
+	TODO: check
+CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup
utility) in ...)
+	TODO: check
+CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before
0.91rc1 ...)
+	TODO: check
+CVE-2007-3122 (The parsing engine in ClamAV before 0.90.3 and 0.91 before
0.91rc1 ...)
+	TODO: check
+CVE-2007-3121 (Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in
the ...)
+	TODO: check
+CVE-2007-3120 (Cross-site scripting (XSS) vulnerability in
public/code/cp_dpage.php ...)
+	TODO: check
+CVE-2007-3119 (SQL injection vulnerability in news.asp in Kartli Alisveris
Sistemi ...)
+	TODO: check
+CVE-2007-3118 (Multiple PHP remote file inclusion vulnerabilities in Kravchuk
letter ...)
+	TODO: check
+CVE-2007-3117 (Cross-site scripting (XSS) vulnerability in the SEO module in
ADPLAN 3 ...)
+	TODO: check
+CVE-2007-3116 (Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05
allows ...)
+	TODO: check
+CVE-2007-3115 (Multiple memory leaks in server/MaraDNS.c in MaraDNS before
1.2.12.06, ...)
+	TODO: check
+CVE-2007-3114 (Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and
1.3.x ...)
+	TODO: check
+CVE-2007-3113 (Cacti 0.8.6i, and possibly other versions, allows remote
authenticated ...)
+	TODO: check
+CVE-2007-3112 (Cacti 0.8.6i, and possibly other versions, allows remote
authenticated ...)
+	TODO: check
+CVE-2007-3111 (Buffer overflow in the Provideo Camimage ActiveX control in ...)
+	TODO: check
+CVE-2007-3110 (Cross-site scripting (XSS) vulnerability in the Andy Frank
Beatnik 1.0 ...)
+	TODO: check
+CVE-2007-3109 (The CERN Image Map Dispatcher (htimage.exe) in Microsoft
FrontPage ...)
+	TODO: check
+CVE-2007-3108
+	RESERVED
+CVE-2007-3107
+	RESERVED
+CVE-2007-3106
+	RESERVED
+CVE-2007-3105
+	RESERVED
+CVE-2007-3104
+	RESERVED
+CVE-2007-3103
+	RESERVED
+CVE-2007-3102
+	RESERVED
+CVE-2007-3101
+	RESERVED
+CVE-2007-3100
+	RESERVED
+CVE-2007-3099
+	RESERVED
+CVE-2007-3098 (The SNMPc Server (crserv.exe) process in Castle Rock Computing
SNMPc ...)
+	TODO: check
+CVE-2007-3097 (my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote
attackers ...)
+	TODO: check
+CVE-2007-3096 (Directory traversal vulnerability in login.php in PBLang (PBL)
...)
+	TODO: check
+CVE-2007-3095 (Unspecified vulnerability in Symantec Reporting Server
1.0.197.0, and ...)
+	TODO: check
+CVE-2007-3094 (Unspecified vulnerability in the authentication mechanism in
Solaris ...)
+	TODO: check
+CVE-2007-3093 (Unspecified vulnerability in the logging mechanism in Solaris
...)
+	TODO: check
+CVE-2007-3092 (Microsoft Internet Explorer 6 allows remote attackers to spoof
the URL ...)
+	TODO: check
+CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 and 7 allows
remote ...)
+	TODO: check
+CVE-2007-3090 (Mozilla Firefox does not properly manage a delay timer used in
...)
+	TODO: check
+CVE-2007-3089 (Mozilla Firefox does not prevent use of document.write to
replace an ...)
+	TODO: check
+CVE-2007-3088 (SQL injection vulnerability in index.php in Comicsense allows
remote ...)
+	TODO: check
+CVE-2007-3087 (Peercast places a cleartext password in a query string, which
might ...)
+	TODO: check
+CVE-2007-3086 (Unrestricted critical resource lock in Agnitum Outpost Firewall
PRO ...)
+	TODO: check
+CVE-2007-3085 (Multiple PHP remote file inclusion vulnerabilities in PBSite
allow ...)
+	TODO: check
+CVE-2007-3084 (PHP remote file inclusion vulnerability in sampleblogger.php in
Comdev ...)
+	TODO: check
+CVE-2007-3083 (Z-Blog 1.7 stores sensitive information under the web root with
...)
+	TODO: check
+CVE-2007-3082 (Directory traversal vulnerability in sendcard.php in Sendcard
3.4.1 ...)
+	TODO: check
+CVE-2007-3081 (PHP remote file inclusion vulnerability in sampleecommerce.php
in ...)
+	TODO: check
+CVE-2007-3080 (SQL injection vulnerability in haberoku.asp in Hunkaray Okul
Portaly ...)
+	TODO: check
+CVE-2007-3079 (listmembers.php in EQdkp 1.3.2c and earlier allows remote
attackers to ...)
+	TODO: check
+CVE-2007-3078 (Multiple cross-site scripting (XSS) vulnerabilities in Aigaion
before ...)
+	TODO: check
+CVE-2007-3077 (SQL injection vulnerability in listmembers.php in EQdkp 1.3.2
and ...)
+	TODO: check
+CVE-2007-3076 (A certain ActiveX control in sasatl.dll in Zenturi
ProgramChecker ...)
+	TODO: check
+CVE-2007-3075 (Directory traversal vulnerability in Microsoft Internet Explorer
...)
+	TODO: check
+CVE-2007-3074 (Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to
read ...)
+	TODO: check
+CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and
...)
+	TODO: check
+CVE-2007-3072 (Directory traversal vulnerability in Mozilla Firefox before
2.0.0.4 on ...)
+	TODO: check
+CVE-2007-3071 (Buffer overflow in the GetWebStoreURL function in a certain
ActiveX ...)
+	TODO: check
+CVE-2007-3070 (Cross-site scripting (XSS) vulnerability in index.php in
BDigital Web ...)
+	TODO: check
+CVE-2007-3069 (xscreensaver in Sun Solaris 10 before 20070604, when a GNOME
session ...)
+	TODO: check
+CVE-2007-3068 (Stack-based buffer overflow in DVD X Player 4.1 Professional
allows ...)
+	TODO: check
+CVE-2007-3067 (Cross-site scripting (XSS) vulnerability in the Attunement and
Key ...)
+	TODO: check
+CVE-2007-3066 (Multiple PHP remote file inclusion vulnerabilities in
php(Reactor) ...)
+	TODO: check
+CVE-2007-3065 (SQL injection vulnerability in viewimage.php in Particle Soft
Particle ...)
+	TODO: check
+CVE-2007-3064 (Cross-site scripting (XSS) vulnerability in diary.php in My
Databook ...)
+	TODO: check
+CVE-2007-3063 (SQL injection vulnerability in diary.php in My Databook allows
remote ...)
+	TODO: check
+CVE-2007-3062 (Cross-site scripting (XSS) vulnerability in HP System Management
...)
+	TODO: check
+CVE-2007-3061 (Cactushop 6 and earlier stores sensitive information under the
web ...)
+	TODO: check
+CVE-2007-3060 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live!
3.2.2 ...)
+	TODO: check
+CVE-2007-3059 (SendCard 3.3.0 allows remote attackers to obtain sensitive
information ...)
+	TODO: check
+CVE-2007-3058 (Multiple PHP remote file inclusion vulnerabilities in Madirish
Webmail ...)
+	TODO: check
+CVE-2007-3057 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-3056 (Cross-site scripting (XSS) vulnerability in filedetails.php in
WebSVN ...)
+	TODO: check
+CVE-2007-3055 (Cross-site scripting (XSS) vulnerability in index.php in Codelib
...)
+	TODO: check
+CVE-2007-3054 (Cross-site scripting (XSS) vulnerability in search.php in
Codelib ...)
+	TODO: check
+CVE-2007-3053 (Session fixation vulnerability in Calimero.CMS 3.3.1232 and
earlier ...)
+	TODO: check
+CVE-2007-3052 (SQL injection vulnerability in index.php in the PNphpBB2 1.2i
and ...)
+	TODO: check
+CVE-2007-3051 (SQL injection vulnerability in inc/class_users.php in RevokeSoft
...)
+	TODO: check
+CVE-2007-3050 (Session fixation vulnerability in chameleon cms 3.0 and earlier
allows ...)
+	TODO: check
+CVE-2007-3049 (Cross-site scripting (XSS) vulnerability in index.php in
Buttercup web ...)
+	TODO: check
+CVE-2007-3048 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-3047 (The Vonage VoIP Telephone Adapter has a default administrator
username ...)
+	TODO: check
+CVE-2007-3046 (Buffer overflow in Advanced Software Production Line Vortex
Library ...)
+	TODO: check
+CVE-2007-3045 (Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on
...)
+	TODO: check
+CVE-2007-3044 (Unspecified vulnerability in the Map I/O Service (xpwmap) in
Hitachi ...)
+	TODO: check
+CVE-2007-3043 (Cross-site scripting (XSS) vulnerability in Collaboration - File
...)
+	TODO: check
+CVE-2007-3042 (Cross-site scripting (XSS) vulnerability in Meneame before 2
allows ...)
+	TODO: check
+CVE-2007-3041
+	RESERVED
+CVE-2007-3040
+	RESERVED
+CVE-2007-3039
+	RESERVED
+CVE-2007-3038
+	RESERVED
+CVE-2007-3037
+	RESERVED
+CVE-2007-3036
+	RESERVED
+CVE-2007-3035
+	RESERVED
+CVE-2007-3034
+	RESERVED
+CVE-2007-3033
+	RESERVED
+CVE-2007-3032
+	RESERVED
+CVE-2007-3031
+	RESERVED
+CVE-2007-3030
+	RESERVED
+CVE-2007-3029
+	RESERVED
+CVE-2007-3028
+	RESERVED
+CVE-2007-3027
+	RESERVED
+CVE-2007-3026
+	RESERVED
+CVE-2007-3025 (Unspecified vulnerability in libclamav/phishcheck.c in ClamAV
before ...)
+	TODO: check
+CVE-2007-3024 (libclamav/others.c in ClamAV before 0.90.3 and 0.91 before
0.91rc1 ...)
+	TODO: check
+CVE-2007-3023 (unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not
...)
+	TODO: check
+CVE-2007-3022 (Symantec Reporting Server 1.0.197.0, and other versions before
...)
+	TODO: check
+CVE-2007-3021 (Symantec Reporting Server 1.0.197.0, and other versions before
...)
+	TODO: check
+CVE-2007-3020
+	RESERVED
+CVE-2007-3019
+	RESERVED
+CVE-2007-3018
+	RESERVED
+CVE-2007-3017
+	RESERVED
+CVE-2007-3016
+	RESERVED
+CVE-2007-3015
+	RESERVED
+CVE-2007-3014
+	RESERVED
+CVE-2007-3013
+	RESERVED
+CVE-2007-3012
+	RESERVED
+CVE-2007-3011
+	RESERVED
+CVE-2007-3010
+	RESERVED
+CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent
function in ...)
+	TODO: check
+CVE-2007-3008 (Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method,
which has ...)
+	TODO: check
+CVE-2007-3007 (PHP 5 before 5.2.3 does not enforce the open_basedir or
safe_mode ...)
+	TODO: check
+CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows
user-assisted ...)
+	TODO: check
+CVE-2007-3005 (Unspecified vulnerability in the Sun Java Runtime Environment in
JDK ...)
+	TODO: check
+CVE-2007-3004 (Buffer overflow in the image parsing implementation in the Sun
Java ...)
+	TODO: check
+CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and
earlier ...)
+	TODO: check
+CVE-2007-3002 (PHP JackKnife (PHPJK) allows remote attackers to obtain
sensitive ...)
+	TODO: check
+CVE-2007-3001 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
JackKnife ...)
+	TODO: check
+CVE-2007-3000 (Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK)
allow ...)
+	TODO: check
+CVE-2007-2999 (Microsoft Windows Server 2003, when time restrictions are in
effect ...)
+	TODO: check
+CVE-2007-2998 (The Pascal run-time library (PAS$RTL.EXE) before 20070418 on
OpenVMS ...)
+	TODO: check
+CVE-2007-2997 (Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp
in ...)
+	TODO: check
+CVE-2007-2996 (Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95
on IBM ...)
+	TODO: check
+CVE-2007-2995 (Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0
and ...)
+	TODO: check
+CVE-2007-2994 (SQL injection vulnerability in news.php in DGNews 2.1 allows
remote ...)
+	TODO: check
+CVE-2007-2993 (Multiple cross-site scripting (XSS) vulnerabilities in
OmegaMw7.asp in ...)
+	TODO: check
+CVE-2007-2992 (Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA
(aka ...)
+	TODO: check
+CVE-2007-2991 (Cross-site scripting (XSS) vulnerability in
includes/send.inc.php in ...)
+	TODO: check
+CVE-2007-2990 (Unspecified vulnerability in inetd in Sun Solaris 10 before
20070529 ...)
+	TODO: check
+CVE-2007-2989 (The libike library in Sun Solaris 9 before 20070529 contains a
logic ...)
+	TODO: check
+CVE-2007-2988 (A certain admin script in Inout Meta Search Engine sends a
redirect to ...)
+	TODO: check
+CVE-2007-2987 (Multiple buffer overflows in certain ActiveX controls in
sasatl.dll in ...)
+	TODO: check
+CVE-2007-2986 (PHP remote file inclusion vulnerability in
lib/live_status.lib.php in ...)
+	TODO: check
+CVE-2007-2985 (Pheap 2.0 allows remote attackers to bypass authentication by
setting ...)
+	TODO: check
+CVE-2007-2984 (Multiple stack-based buffer overflows in the Media Technology
Group ...)
+	TODO: check
+CVE-2007-2982 (Multiple buffer overflows in the British Telecommunications
Business ...)
+	TODO: check
+CVE-2007-2981 (Buffer overflow in a certain ActiveX control in LEAD
Technologies ...)
+	TODO: check
+CVE-2007-2980 (Heap-based buffer overflow in a certain ActiveX control in
LEADTOOLS ...)
+	TODO: check
+CVE-2007-2979 (Techno Dreams Web Directory / Search Engine 2.0 stores sensitive
...)
+	TODO: check
+CVE-2007-2978 (Session fixation vulnerability in eggblog 3.1.0 and earlier
allows ...)
+	TODO: check
+CVE-2007-2977 (Buffer overflow in the receive function in submit/submitcommon.c
in ...)
+	TODO: check
+CVE-2007-2976 (Centrinity FirstClass 8.3 and earlier, and Server and Internet
...)
+	TODO: check
+CVE-2007-2975 (Unspecified vulnerability in the built-in admin console in
Ignite ...)
+	TODO: check
+CVE-2007-2974 (Buffer overflow in the file parsing engine in Avira Antivir
Antivirus ...)
+	TODO: check
+CVE-2007-2973 (Avira Antivir Antivirus before 7.03.00.09 allows remote
attackers to ...)
+	TODO: check
+CVE-2007-2972 (The file parsing engine in Avira Antivir Antivirus before
7.04.00.24 ...)
+	TODO: check
+CVE-2007-2971 (SQL injection vulnerability in getnewsitem.php in gCards 1.46
and ...)
+	TODO: check
+CVE-2007-2970 (Multiple cross-site scripting (XSS) vulnerabilities in
cgi/block.cgi ...)
+	TODO: check
+CVE-2007-2969 (PHP remote file inclusion vulnerability in newsletter.php in
...)
+	TODO: check
+CVE-2007-2968 (Cross-site scripting (XSS) vulnerability in register.php in
cpCommerce ...)
+	TODO: check
+CVE-2005-4840 (The Outlook Express Address Book control, when using Internet
Explorer ...)
+	TODO: check
+CVE-2000-1243 (Privacy leak in Dansie Shopping Cart 3.04, and probably earlier
...)
+	TODO: check
 CVE-2007-XXXX [wordpress SQL injection]
 	- wordpress <unfixed> (bug #428073)
 CVE-2007-XXXX [webpy HTTP response splitting vulnerability]
@@ -46,8 +372,7 @@
 	RESERVED
 CVE-2007-2949
 	RESERVED
-CVE-2007-2948 [stack overflow in mplayer cddb queries]
-	RESERVED
+CVE-2007-2948 (Multiple stack-based buffer overflows in stream/stream_cddb.c in
...)
 	- mplayer 1.0~rc1-14
 CVE-2007-2947 (Multiple PHP remote file inclusion vulnerabilities in OpenBASE
Alpha ...)
 	NOT-FOR-US: OpenBASE Alpha
@@ -105,12 +430,12 @@
 	RESERVED
 CVE-2007-2920
 	RESERVED
-CVE-2007-2919
-	RESERVED
-CVE-2007-2918
-	RESERVED
-CVE-2007-2917
-	RESERVED
+CVE-2007-2919 (Multiple stack-based buffer overflows in the FViewerLoading
ActiveX ...)
+	TODO: check
+CVE-2007-2918 (Multiple stack-based buffer overflows in ActiveX controls (1)
VibeC in ...)
+	TODO: check
+CVE-2007-2917 (Multiple buffer overflows in a certain ActiveX control in
odapi.dll in ...)
+	TODO: check
 CVE-2007-2916 (Cross-site scripting (XSS) vulnerability in showown.php in GMTT
Music ...)
 	NOT-FOR-US: GMTT Music Distro
 CVE-2007-2915 (Cross-site scripting (XSS) vulnerability in RM EasyMail Plus
allows ...)
@@ -199,8 +524,7 @@
 	RESERVED
 CVE-2007-2873
 	RESERVED
-CVE-2007-2872 [php5 chunk_split() integer overflow]
-	RESERVED
+CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5
before ...)
 	- php5 <unfixed>
 	NOTE: Fix from 5.2.3 was ineffective
 CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4,
and ...)
@@ -232,10 +556,10 @@
 	NOT-FOR-US: PHPEcho CMS
 CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in
phpPgAdmin ...)
 	- phppgadmin 4.1.2-1 (low; bug #427151)
-CVE-2007-2864
-	RESERVED
-CVE-2007-2863
-	RESERVED
+CVE-2007-2864 (Stack-based buffer overflow in the Anti-Virus engine before
content ...)
+	TODO: check
+CVE-2007-2863 (Stack-based buffer overflow in the Anti-Virus engine before
content ...)
+	TODO: check
 CVE-2007-2862 (Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might
allow ...)
 	NOT-FOR-US: CubeCart
 CVE-2007-2861 (Multiple PHP remote file inclusion vulnerabilities in Simple
...)
@@ -988,12 +1312,12 @@
 	RESERVED
 CVE-2007-2515
 	RESERVED
-CVE-2007-2514
-	RESERVED
-CVE-2007-2513
-	RESERVED
-CVE-2007-2512
-	RESERVED
+CVE-2007-2514 (Stack-based buffer overflow in XferWan.exe as used in multiple
...)
+	TODO: check
+CVE-2007-2513 (Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before
6.5 ...)
+	TODO: check
+CVE-2007-2512 (Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0
and ...)
+	TODO: check
 CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in
PHP ...)
 	{DTSA-39-1}
 	- php5 5.2.2-1 (unimportant)
@@ -1125,8 +1449,7 @@
 	NOT-FOR-US: Parallels
 CVE-2007-2453
 	RESERVED
-CVE-2007-2452 [locate heap buffer overflow]
-	RESERVED
+CVE-2007-2452 (Heap-based buffer overflow in the visit_old_format function in
...)
 	- findutils 4.2.31-1 (low; bug #426862)
 CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in
GEODE-AES ...)
 	- linux-2.6 2.6.21-3
@@ -1213,8 +1536,8 @@
 	NOTE: SSO cookies sent over secure connections do not require
 	NOTE: secure connections, possibly defeating HTTPS encryption.
 	NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
-CVE-2007-2419
-	RESERVED
+CVE-2007-2419 (Multiple buffer overflows in an ActiveX control (boisweb.dll) in
...)
+	TODO: check
 CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible
Messaging ...)
 	NOT-FOR-US: Cerulean Trillian
 CVE-2007-2417
@@ -1275,10 +1598,10 @@
 	NOT-FOR-US: Apple
 CVE-2007-2389 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not
clear ...)
 	NOT-FOR-US: Apple
-CVE-2007-2388 (Unspecified vulnerability in Apple QuickTime for Java 7.1.6 on
Mac OS ...)
+CVE-2007-2388 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not
...)
 	NOT-FOR-US: Apple
-CVE-2007-2387
-	RESERVED
+CVE-2007-2387 (Apple Xserve Lights-Out Management before Firmware Update 1.0 on
Intel ...)
+	TODO: check
 CVE-2007-2386 (Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to
10.4.9 ...)
 	TODO: check
 CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object
...)
@@ -1534,8 +1857,8 @@
 	RESERVED
 CVE-2007-2280
 	RESERVED
-CVE-2007-2279
-	RESERVED
+CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage
...)
+	TODO: check
 CVE-2007-2278 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal
6.1.1 ...)
 	NOT-FOR-US: DCP-Portal
 CVE-2007-2277 (Session fixation vulnerability in Plogger allows remote
attackers to ...)
@@ -1631,8 +1954,8 @@
 	NOT-FOR-US: AXIS Camera Control
 CVE-2007-2238
 	RESERVED
-CVE-2007-2237
-	RESERVED
+CVE-2007-2237 (Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll)
allows ...)
+	TODO: check
 CVE-2007-2236 (footer.php in PunBB 1.2.14 and earlier allows remote attackers
to ...)
 	NOT-FOR-US: PunBB
 CVE-2007-2235 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB
1.2.14 ...)
@@ -2000,7 +2323,7 @@
 	NOT-FOR-US: ActionPoll
 CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert
...)
 	NOT-FOR-US: ActionPoll
-CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0, when
_BPX_BATCH_UMASK is ...)
+CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure ...)
 	NOT-FOR-US: IBM zOS
 CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows
...)
 	NOT-FOR-US: VCDGear
@@ -2426,7 +2749,7 @@
 	RESERVED
 CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure
permissions ...)
 	NOT-FOR-US: Adobe ColdFusion MX
-CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in mephisto 0.7.3
allows ...)
+CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3
allows ...)
 	NOT-FOR-US: mephisto
 CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3
allows ...)
 	NOT-FOR-US: toendaCMS
@@ -2449,8 +2772,8 @@
 	- php5 5.2.2-1
 CVE-2007-1863
 	RESERVED
-CVE-2007-1862
-	RESERVED
+CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4
does not ...)
+	TODO: check
 CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux
Kernel ...)
 	{DSA-1289-1}
 	- linux-2.6 2.6.21-1
@@ -2686,7 +3009,8 @@
 	NOT-FOR-US: Ay System Solutions Web Content System
 CVE-2007-1770 (Buffer overflow in the ArcSDE service (giomgr) in Environmental
...)
 	NOT-FOR-US: ArcSDE
-CVE-2007-1769 (Cross-site scripting (XSS) vulnerability in /search in Mephisto
0.7.3 ...)
+CVE-2007-1769
+	REJECTED
 	NOT-FOR-US: Mephisto
 CVE-2007-1768 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Mephisto
@@ -3074,8 +3398,8 @@
 	NOT-FOR-US: NFN Address Book
 CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in
Asterisk ...)
 	- asterisk <unfixed> (low)
-CVE-2007-1593
-	RESERVED
+CVE-2007-1593 (The administrative service in Symantec Veritas Volume Replicator
(VVR) ...)
+	TODO: check
 CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
 	{DSA-1286-1}
 	- linux-2.6 2.6.20-1 (medium)
@@ -4820,7 +5144,7 @@
 CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x
...)
 	- iceweasel 2.0.0.2+dfsg-2 (medium)
 CVE-2007-0993
-	RESERVED
+	REJECTED
 CVE-2007-0992
 	RESERVED
 CVE-2007-0991
@@ -4952,8 +5276,8 @@
 	RESERVED
 CVE-2007-0934
 	RESERVED
-CVE-2007-0933
-	RESERVED
+CVE-2007-0933 (Buffer overflow in the wireless driver 6.0.0.18 for D-Link
DWL-G650+ ...)
+	TODO: check
 CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and
(2) ...)
 	NOT-FOR-US: Aruba Mobility Controller
 CVE-2007-0931 (Heap-based buffer overflow in the management interfaces in (1)
Aruba ...)
@@ -7201,10 +7525,10 @@
 	RESERVED
 CVE-2007-0069
 	RESERVED
-CVE-2007-0068
-	RESERVED
-CVE-2007-0067
-	RESERVED
+CVE-2007-0068 (IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the
signature ...)
+	TODO: check
+CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0,
6.5.x ...)
+	TODO: check
 CVE-2007-0066
 	RESERVED
 CVE-2007-0065
Secure testing commits - Jun 2007 - r5983 - data/CVE

[Secure-testing-commits] r5983 - data/CVE
