Author: keescook-guest Date: 2007-03-15 01:14:28 +0000 (Thu, 15 Mar 2007) New Revision: 5547 Modified: data/CVE/list Log: fixed syntax error in mysql-dfsg-5.0 addition NFUs: 104 unfixed: conquest kdepim linux-2.6 moodle pennmush phpmyadmin sql-ledger webcalendar fixed: asterisk putty not-affected: libtool wordpress removed: acroread libapache-mod-security Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-03-14 21:14:12 UTC (rev 5546) +++ data/CVE/list 2007-03-15 01:14:28 UTC (rev 5547) @@ -1,51 +1,51 @@ CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger ...) - TODO: check + - sql-ledger <unfixed> (bug #409703) CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and ...) - TODO: check + - sql-ledger <unfixed> (bug #409703) CVE-2007-1435 (Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to ...) - TODO: check + NOT-FOR-US: D-Link TFTP Server CVE-2007-1434 (SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly ...) - TODO: check + NOT-FOR-US: Grayscale Blog CVE-2007-1433 (Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and ...) - TODO: check + NOT-FOR-US: Grayscale Blog CVE-2007-1432 (Grayscale Blog 0.8.0, and possibly earlier versions, allows remote ...) - TODO: check + NOT-FOR-US: Grayscale Blog CVE-2007-1431 (Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 ...) - TODO: check + - pennmush <unfixed> CVE-2007-1430 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: ClipShare CVE-2007-1429 (Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 ...) - TODO: check + - moodle <unfixed> CVE-2007-1428 (SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 ...) - TODO: check + NOT-FOR-US: JobSitePro CVE-2007-1427 (Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a ...) - TODO: check + NOT-FOR-US: AssetMan CVE-2007-1426 (AstroCam before 2.6.6 allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: AstroCam CVE-2007-1425 (SQL injection vulnerability in index.php in Triexa SonicMailer Pro ...) - TODO: check + NOT-FOR-US: SonicMailer Pro CVE-2007-1424 (Multiple PHP remote file inclusion vulnerabilities in Softnews Media ...) - TODO: check + NOT-FOR-US: DataLife Engine CVE-2007-1423 (Multiple PHP remote file inclusion vulnerabilities in WORK system ...) - TODO: check + NOT-FOR-US: WORK system e-commerce CVE-2007-1422 (SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti ...) - TODO: check + NOT-FOR-US: Duyuru Scripti CVE-2007-1421 (Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 ...) - TODO: check + NOT-FOR-US: SubDog CVE-2007-1420 (MySQL 5.x before 5.0.37 allows local users to cause a denial of ...) - mysql-dfsg-5.0 <unfixed> (bug #414790) + - mysql-dfsg-5.0 <unfixed> (bug #414790) CVE-2007-1419 (The Java Management Extensions Remote API Remote Method Invocation ...) - TODO: check + NOT-FOR-US: JMX RMI-IIOP CVE-2007-1418 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: DekiWiki CVE-2007-1417 (SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows ...) - TODO: check + NOT-FOR-US: NEWSSYSTEM CVE-2007-1416 (PHP remote file inclusion vulnerability in createurl.php in JCcorp ...) - TODO: check + NOT-FOR-US: URLshrink CVE-2007-1415 (Multiple PHP remote file inclusion vulnerabilities in PMB Services ...) - TODO: check + NOT-FOR-US: PMB Services CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo ...) - TODO: check + NOT-FOR-US: Coppermine Photo Gallery CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension in PHP ...) TODO: check CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 ...) @@ -53,51 +53,51 @@ CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 ...) TODO: check CVE-2007-1410 (SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal ...) - TODO: check + NOT-FOR-US: GaziYapBoz Game Portal CVE-2007-1409 (WordPress allows remote attackers to obtain sensitive information via ...) - TODO: check + - wordpress <not-affected> (Path disclosure) CVE-2007-1408 (Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) ...) - TODO: check + NOT-FOR-US: Vallheru CVE-2007-1407 (Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has ...) - TODO: check + NOT-FOR-US: Quick.Cart CVE-2007-1406 (Trac before 0.10.3.1 does not send a Content-Disposition HTTP header ...) TODO: check CVE-2007-1405 (Cross-site scripting (XSS) vulnerability in the "download wiki page as ...) TODO: check CVE-2007-1404 (tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote ...) - TODO: check + NOT-FOR-US: ProSysInfo TFTP Server CVE-2007-1403 (Multiple stack-based buffer overflows in an ActiveX control in ...) TODO: check CVE-2007-1402 (The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows ...) - TODO: check + NOT-FOR-US: Rediff Toolbar ActiveX control CVE-2007-1401 (Buffer overflow in the crack extension (CrackLib), as bundled with PHP ...) TODO: check CVE-2007-1400 (Plash permits sandboxed processes to open /dev/tty, which allows local ...) - TODO: check + NOT-FOR-US: Plash CVE-2007-1399 (Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP ...) TODO: check CVE-2007-1398 (The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when ...) TODO: check CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) ...) - TODO: check + NOT-FOR-US: FiSH IRC Encryption CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 5.2.1, when ...) TODO: check CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 ...) - TODO: check + - phpmyadmin <unfixed> (medium) CVE-2007-1394 (Direct static code injection vulnerability in startsession.php in Flat ...) - TODO: check + NOT-FOR-US: Flat Chat CVE-2007-1393 (PHP remote file inclusion vulnerability in mysave.php in Magic CMS ...) - TODO: check + NOT-FOR-US: Magic CMS CVE-2007-1392 (Directory traversal vulnerability in down.php in netForo! 0.1g allows ...) - TODO: check + NOT-FOR-US: netForo! CVE-2007-1391 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: WEBO CVE-2007-1390 (Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 ...) - TODO: check + NOT-FOR-US: dynalias CVE-2007-1389 (dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication ...) - TODO: check + NOT-FOR-US: dynalias CVE-2007-1388 (The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux ...) - TODO: check + - linux-2.6 <unfixed> CVE-2007-1387 (The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer ...) TODO: check CVE-2007-1386 @@ -125,25 +125,25 @@ CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and ...) TODO: check CVE-2007-1374 (Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz ...) - TODO: check + NOT-FOR-US: Snitz Forums CVE-2007-1373 (Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport ...) - TODO: check + NOT-FOR-US: Mercury Mail Transport System CVE-2007-1372 (PHP remote file inclusion vulnerability in styles/internal/header.php ...) - TODO: check + NOT-FOR-US: PostGuestbook CVE-2007-1371 (Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local ...) - TODO: check + - conquest <unfixed> (medium) CVE-2007-1370 (Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and ...) - TODO: check + NOT-FOR-US: Zend Platform CVE-2007-1369 (ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows ...) - TODO: check + NOT-FOR-US: Zend Platform CVE-2007-1368 (The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before ...) - TODO: check + NOT-FOR-US: Drupal module Project CVE-2007-1367 (Cross-site scripting (XSS) vulnerability in the login page in Avaya ...) - TODO: check + NOT-FOR-US: Avaya Communications Manager CVE-2007-1366 RESERVED CVE-2007-1365 (Unspecified vulnerability in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 ...) - TODO: check + NOT-FOR-US: OpenBSD Kernel CVE-2007-1364 RESERVED CVE-2007-1363 @@ -151,11 +151,11 @@ CVE-2007-1362 RESERVED CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in ...) - TODO: check + NOT-FOR-US: VirtueMart CVE-2007-1360 (Unspecified vulnerability in the Nodefamily module for Drupal 5.x ...) - TODO: check + NOT-FOR-US: Drupal module Nodefamily CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and ...) - TODO: check + - libapache-mod-security <removed> CVE-2007-1358 RESERVED CVE-2007-1357 @@ -173,7 +173,7 @@ CVE-2007-1351 RESERVED CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 ...) - TODO: check + NOT-FOR-US: Novell NetMail CVE-2007-1349 RESERVED CVE-2007-1348 @@ -181,23 +181,23 @@ CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and ...) TODO: check CVE-2007-1346 (Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 ...) - TODO: check + NOT-FOR-US: Sun Fire Server CVE-2007-1345 (Unspecified vulnerability in cube.exe in the GINA component for CA ...) - TODO: check + NOT-FOR-US: CA eTrust Admin CVE-2007-1344 (Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 ...) - TODO: check + NOT-FOR-US: Ezstream CVE-2007-1343 (includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does ...) - TODO: check + - webcalendar <unfixed> (high) CVE-2007-1342 (Cross-site scripting (XSS) vulnerability in admincp/index.php in ...) - TODO: check + NOT-FOR-US: vBulletin CVE-2007-1341 (include/auth/auth.php in Simple Invoices before 2007 03 05 does not ...) - TODO: check + NOT-FOR-US: Simple Invoices CVE-2007-1340 (PHP remote file inclusion vulnerability in eintrag.php in Weltennetz ...) - TODO: check + NOT-FOR-US: News-Letterman CVE-2007-1339 (SQL injection vulnerability in index.php in Links Management ...) - TODO: check + NOT-FOR-US: Links Management Application CVE-2007-1338 (The default configuration of the AirPort utility in Apple AirPort ...) - TODO: check + NOT-FOR-US: Apple AirPort Extreme CVE-2007-1337 RESERVED CVE-2007-1336 @@ -209,23 +209,23 @@ CVE-2007-1333 RESERVED CVE-2007-1332 (Multiple cross-site request forgery (CSRF) vulnerabilities in TKS ...) - TODO: check + NOT-FOR-US: TKS Banking Solutions ePortfolio CVE-2007-1331 (Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking ...) - TODO: check + NOT-FOR-US: TKS Banking Solutions ePortfolio CVE-2007-1330 (Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) ...) - TODO: check + NOT-FOR-US: Comodo Firewall Pro CVE-2007-1329 (Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...) - TODO: check + - sql-ledger <unfixed> (bug #409703) CVE-2007-1328 (Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard ...) - TODO: check + NOT-FOR-US: JOLY BJ Webring CVE-2007-1327 (The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in ...) - TODO: check + NOT-FOR-US: silc daemon CVE-2007-1326 (SQL injection vulnerability in index.php in Serendipity 1.1.1 allows ...) - TODO: check + NOT-FOR-US: Serendipity CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php in ...) - TODO: check + - phpmyadmin <unfixed> CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the ...) - TODO: check + NOT-FOR-US: SnapGear CVE-2007-1323 RESERVED CVE-2007-1322 @@ -255,107 +255,107 @@ CVE-2007-1310 RESERVED CVE-2007-1309 (Novell Access Management 3 SSLVPN Server allows remote authenticated ...) - TODO: check + NOT-FOR-US: Novell Access Management CVE-2007-1308 (ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE ...) TODO: check CVE-2007-1307 (Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before ...) - TODO: check + NOT-FOR-US: Microsoft Windows Driver for Intel PRO/1000 LAN CVE-2007-1306 (Unspecified vulnerability in Asterisk 1.4 before 1.4.1 and 1.2 before ...) - TODO: check + - asterisk 1:1.2.16~dfsg-1 (medium) CVE-2007-1305 (Multiple cross-site scripting (XSS) vulnerabilities in add2.php in ...) - TODO: check + NOT-FOR-US: Sava''s Guestbook CVE-2007-1304 (Multiple SQL injection vulnerabilities in add2.php in Sava''s Guestbook ...) - TODO: check + NOT-FOR-US: Sava''s Guestbook CVE-2007-1303 (Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and ...) - TODO: check + NOT-FOR-US: RRDBrowse CVE-2007-1302 (SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when ...) - TODO: check + NOT-FOR-US: LI-Guestbook CVE-2007-1301 (Stack-based buffer overflow in the IMAP service in MailEnable ...) - TODO: check + NOT-FOR-US: MailEnable Enterprise CVE-2007-1300 (DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier ...) - TODO: check + NOT-FOR-US: ISPUtil CVE-2007-1299 (PHP remote file inclusion vulnerability in index.php in Mani Stats ...) - TODO: check + NOT-FOR-US: Mani Stats Reader CVE-2007-1298 (SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows ...) - TODO: check + NOT-FOR-US: AJ Auction CVE-2007-1297 (SQL injection vulnerability in view_profile.php in AJDating 1.0 allows ...) - TODO: check + NOT-FOR-US: AJ Dating CVE-2007-1296 (SQL injection vulnerability in postingdetails.php in AJ Classifieds ...) - TODO: check + NOT-FOR-US: AJ Classifieds CVE-2007-1295 (SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows ...) - TODO: check + NOT-FOR-US: AJ Forum CVE-2007-1294 (A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in ...) TODO: check CVE-2007-1293 (SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when ...) - TODO: check + NOT-FOR-US: Rigter Portal System CVE-2007-1292 (SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin ...) - TODO: check + NOT-FOR-US: vBulletin CVE-2007-1291 (Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug ...) - TODO: check + NOT-FOR-US: TygerBT CVE-2007-1290 (SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking ...) - TODO: check + NOT-FOR-US: TygerBT CVE-2007-1289 (SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking ...) - TODO: check + NOT-FOR-US: TygerBT CVE-2007-1288 (Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News ...) - TODO: check + NOT-FOR-US: WB News CVE-2006-7163 (DreameeSoft Password Master 1.0 stores the database in an unencrypted ...) - TODO: check + NOT-FOR-US: DreameeSoft Password Master CVE-2006-7162 (PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files ...) - TODO: check + - putty 0.59-1 (bug #400804; medium) CVE-2006-7161 (SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows ...) - TODO: check + NOT-FOR-US: Hazir Site CVE-2006-7160 (The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly ...) - TODO: check + NOT-FOR-US: Outpost Firewall PRO CVE-2006-7159 (Directory traversal vulnerability in include/prune_torrents.php in ...) - TODO: check + NOT-FOR-US: BTI-Tracker CVE-2006-7158 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...) - TODO: check + NOT-FOR-US: Oracle Application Express CVE-2006-7157 (Buffer overflow in Google Earth v4.0.2091 (beta) allows remote ...) - TODO: check + NOT-FOR-US: Google Earth CVE-2006-7156 (PHP remote file inclusion vulnerability in addon_keywords.php in ...) - TODO: check + NOT-FOR-US: miniBB module Keyword Replacer CVE-2006-7155 (Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the ...) - TODO: check + NOT-FOR-US: Novell BorderManager CVE-2006-7154 (Iono allows remote attackers to obtain the full server path via ...) - TODO: check + NOT-FOR-US: Iono CVE-2006-7153 (PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 ...) - TODO: check + NOT-FOR-US: MiniBB Forum CVE-2006-7152 (default.asp in ASP-Nuke Community 1.5 and earlier allows remote ...) - TODO: check + NOT-FOR-US: ASP-Nuke Community CVE-2006-7151 (Untrusted search path vulnerability in the libtool-ltdl library ...) - TODO: check + - libtool <not-affected> (Specific to Fedora build) CVE-2006-7150 (Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote ...) - TODO: check + NOT-FOR-US: Mambo CVE-2006-7149 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x ...) - TODO: check + NOT-FOR-US: Mambo CVE-2006-7148 (PHP remote file inclusion vulnerability in includes/bb_usage_stats.php ...) - TODO: check + NOT-FOR-US: phpBB module maluinfo CVE-2006-7147 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: phpBB module Import Tools CVE-2006-7146 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: communityPortals CVE-2006-7145 (edit_user.php in Call Center Software 0.93 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Call Center Software CVE-2006-7144 (SQL injection vulnerability in Call Center Software 0.93 and earlier ...) - TODO: check + NOT-FOR-US: Call Center Software CVE-2006-7143 (Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 ...) - TODO: check + NOT-FOR-US: Call Center Software CVE-2006-7142 (The centralized management feature for Utimaco Safeguard stores ...) - TODO: check + NOT-FOR-US: Utimaco Safeguard CVE-2006-7141 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Oracle Database CVE-2006-7140 (The libike library, as used by in.iked, elfsign, and kcfd in Sun ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2006-7139 (Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, ...) - TODO: check + - kdepim <unfixed> (low) CVE-2006-7138 (SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in ...) - TODO: check + NOT-FOR-US: Oracle APEX CVE-2006-7137 (Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 ...) - TODO: check + NOT-FOR-US: TinyPortal CVE-2006-7136 (Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator ...) - TODO: check + NOT-FOR-US: PHP Poll Creator CVE-2006-7135 (PHP remote file inclusion vulnerability in lib/functions.inc.php in ...) - TODO: check + NOT-FOR-US: PHP Poll Creator CVE-2007-XXXX [unsafe temporary file in lintian''s objdump-info] - lintian 1.23.28 (low) CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and ...) @@ -443,7 +443,7 @@ - git-core 1.5.0.3-1 (bug #413629; low) [etch] - git-core 1:1.4.4.4-2 (bug #413629; low) CVE-2007-1273 (Integer overflow in the ktruser function in NetBSD-current before ...) - TODO: check + NOT-FOR-US: NetBSD Kernel CVE-2007-1272 RESERVED CVE-2007-1271 @@ -599,7 +599,7 @@ CVE-2007-1200 RESERVED CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read ...) - TODO: check + - acroread <removed> (medium) CVE-2007-1198 (Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 ...) NOT-FOR-US: TaskFreak! CVE-2007-1197 (Multiple unspecified vulnerabilities in Epiware before 4.7.5 have ...) @@ -1228,7 +1228,7 @@ CVE-2007-1001 RESERVED CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the ...) - TODO: check + - linux-2.6 <unfixed> (medium) CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other ...) - ekiga 2.0.3-5 (bug #414069; high) CVE-2007-0998 @@ -4343,7 +4343,7 @@ CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...) - linux-2.6 <unfixed> CVE-2007-0005 (Multiple buffer overflows in the (1) read and (2) write handlers in ...) - TODO: check + - linux-2.6 <unfixed> CVE-2007-0004 RESERVED CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers ...)