Secure testing commits - May 2007 - r5776 - data/CVE

Author: joeyh
Date: 2007-05-03 21:14:33 +0000 (Thu, 03 May 2007)
New Revision: 5776

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-05-03 19:30:54 UTC (rev 5775)
+++ data/CVE/list	2007-05-03 21:14:33 UTC (rev 5776)
@@ -1,3 +1,123 @@
+CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote
attackers ...)
+	TODO: check
+CVE-2007-2478 (Multiple heap-based buffer overflows in the IRC component in
Cerulean ...)
+	TODO: check
+CVE-2007-2477 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-2476 (Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1
before ...)
+	TODO: check
+CVE-2007-2475 (Unspecified vulnerability in the ADSCHEMA utility in Novell ...)
+	TODO: check
+CVE-2007-2474 (Multiple PHP remote file inclusion vulnerabilities in Turnkey
Web ...)
+	TODO: check
+CVE-2007-2473 (SQL injection vulnerability in stylesheet.php in CMS Made Simple
1.0.5 ...)
+	TODO: check
+CVE-2007-2472 (Cross-site scripting (XSS) vulnerability in sendcard.php in
Sendcard ...)
+	TODO: check
+CVE-2007-2471 (Directory traversal vulnerability in sendcard.php in Sendcard
3.4.1 ...)
+	TODO: check
+CVE-2007-2470 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2007-2469 (SQL injection vulnerability in index.php in FileRun 1.0 and
earlier ...)
+	TODO: check
+CVE-2007-2468 (Unspecified vulnerability in HP OpenVMS for Integrity Servers
8.2-1 ...)
+	TODO: check
+CVE-2007-2467 (ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier
versions ...)
+	TODO: check
+CVE-2007-2466 (Unspecified vulnerability in the LDAP Software Development Kit
(SDK) ...)
+	TODO: check
+CVE-2007-2465 (Unspecified vulnerability in Sun Solaris 9, when Solaris
Auditing ...)
+	TODO: check
+CVE-2007-2464 (Race condition in Cisco Adaptive Security Appliance (ASA) and
PIX 7.1 ...)
+	TODO: check
+CVE-2007-2463 (Unspecified vulnerability in Cisco Adaptive Security Appliance
(ASA) ...)
+	TODO: check
+CVE-2007-2462 (Unspecified vulnerability in Cisco Adaptive Security Appliance
(ASA) ...)
+	TODO: check
+CVE-2007-2461 (The DHCP relay agent in Cisco Adaptive Security Appliance (ASA)
and ...)
+	TODO: check
+CVE-2007-2460 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-2459 (Buffer overflow in the read_4bit_bmp function in bmp.c in Imager
0.56 ...)
+	TODO: check
+CVE-2007-2458 (Multiple PHP remote file inclusion vulnerabilities in Pixaria
Gallery ...)
+	TODO: check
+CVE-2007-2457 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-2456 (Multiple PHP remote file inclusion vulnerabilities in FireFly
1.1.01 ...)
+	TODO: check
+CVE-2007-2455 (Parallels allows local users to cause a denial of service
(virtual ...)
+	TODO: check
+CVE-2007-2454 (Heap-based buffer overflow in the VGA device in Parallels allows
local ...)
+	TODO: check
+CVE-2007-2453
+	RESERVED
+CVE-2007-2452
+	RESERVED
+CVE-2007-2451
+	RESERVED
+CVE-2007-2450
+	RESERVED
+CVE-2007-2449
+	RESERVED
+CVE-2007-2448
+	RESERVED
+CVE-2007-2447
+	RESERVED
+CVE-2007-2446
+	RESERVED
+CVE-2007-2445
+	RESERVED
+CVE-2007-2444
+	RESERVED
+CVE-2007-2443
+	RESERVED
+CVE-2007-2442
+	RESERVED
+CVE-2007-2441
+	RESERVED
+CVE-2007-2440
+	RESERVED
+CVE-2007-2439
+	RESERVED
+CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1)
writefile, ...)
+	TODO: check
+CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0,
7.1, ...)
+	TODO: check
+CVE-2007-2436 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux
Kernel ...)
+	TODO: check
+CVE-2007-2435 (Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and
Java ...)
+	TODO: check
+CVE-2007-2434 (Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows
...)
+	TODO: check
+CVE-2007-2433 (Cross-site scripting (XSS) vulnerability in index.php in Ariadne
2.4.1 ...)
+	TODO: check
+CVE-2007-2432 (Cross-site scripting (XSS) vulnerability in utilities/search.asp
in ...)
+	TODO: check
+CVE-2007-2431 (Dynamic variable evaluation vulnerability in ...)
+	TODO: check
+CVE-2007-2430 (shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows
remote ...)
+	TODO: check
+CVE-2007-2429 (ManageEngine PasswordManager Pro (PMP) allows remote attackers
to ...)
+	TODO: check
+CVE-2007-2428 (Multiple PHP remote file inclusion vulnerabilities in page.php
in ...)
+	TODO: check
+CVE-2007-2427 (SQL injection vulnerability in index.php in the pnFlashGames 1.5
...)
+	TODO: check
+CVE-2007-2426 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-2425 (Directory traversal vulnerability in fileview.php in Imageview
5.3 ...)
+	TODO: check
+CVE-2007-2424 (PHP remote file inclusion vulnerability in help/index.php in The
...)
+	TODO: check
+CVE-2007-2423 (Cross-site scripting (XSS) vulnerability in index.php in
MoinMoin ...)
+	TODO: check
+CVE-2007-2422 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-2421 (Buffer overflow in Hitachi Groupmax Mobile Option for
Mobile-Phone ...)
+	TODO: check
+CVE-2007-2420 (SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0
allows ...)
+	TODO: check
 CVE-2007-XXXX [Tomcat does not enforce HTTPS for SSO cookies]
 	- tomcat5 <unfixed> (medium)
 	- tomcat5.5 <unfixed> (medium)
@@ -6,8 +126,8 @@
 	NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
 CVE-2007-2419
 	RESERVED
-CVE-2007-2418
-	RESERVED
+CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible
Messaging ...)
+	TODO: check
 CVE-2007-2417
 	RESERVED
 CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote
...)
@@ -307,7 +427,7 @@
 	NOT-FOR-US: DCP-Portal
 CVE-2007-2277 (Session fixation vulnerability in Plogger allows remote
attackers to ...)
 	NOT-FOR-US: Plogger
-CVE-2007-2276 (3Com TippingPoint IPS allows remote attackers to cause a denial
of ...)
+CVE-2007-2276 (** DISPUTED ** ...)
 	NOT-FOR-US: TippingPoint IPS
 CVE-2007-2275 (Unspecified vulnerability in HP StorageWorks Command View
Advanced ...)
 	NOT-FOR-US: HP StorageWorks
@@ -386,8 +506,8 @@
 	- kfreebsd-5 <unfixed> (low)
 	NOTE: This should be off by default, tweakable by a simple knob.
 	NOTE: (FreeBSD has it turned on for hosts, too.)
-CVE-2007-2241
-	RESERVED
+CVE-2007-2241 (Unspecified vulnerability in query.c in ISC BIND 9.4.0, and
9.5.0a1 ...)
+	TODO: check
 CVE-2007-2240
 	RESERVED
 CVE-2007-2239
@@ -519,7 +639,7 @@
 	NOT-FOR-US: Microgaming Download Helper
 CVE-2007-2176 (Unspecified vulnerability in Mozilla Firefox allows remote
attackers ...)
 	- iceweasel <unfixed> (low)
-CVE-2007-2175 (Unspecified vulnerability in Apple QuickTime, as used in Safari
and ...)
+CVE-2007-2175 (Apple QuickTime Java extensions (QTJava.dll), as used in Safari
and ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2007-2174 (The IOCTL handling in srescan.sys in the ZoneAlarm Spyware
Removal ...)
 	NOT-FOR-US: ZoneAlarm
@@ -1175,10 +1295,10 @@
 	NOT-FOR-US: KL.SysInfo ActiveX control
 CVE-2007-1878 (Cross-zone scripting vulnerability in the DOM templates
(domplates) ...)
 	NOT-FOR-US: Firebug extension for Firefox
-CVE-2007-1877
-	RESERVED
-CVE-2007-1876
-	RESERVED
+CVE-2007-1877 (VMware Workstation before 5.5.4 allows attackers to cause a
denial of ...)
+	TODO: check
+CVE-2007-1876 (VMware Workstation before 5.5.4, when running a 64-bit Windows
guest ...)
+	TODO: check
 CVE-2007-1875
 	RESERVED
 CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure
permissions ...)
@@ -1212,8 +1332,8 @@
 	- linux-2.6 <unfixed>
 CVE-2007-1860
 	RESERVED
-CVE-2007-1859
-	RESERVED
+CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for
...)
+	TODO: check
 CVE-2007-1858
 	RESERVED
 CVE-2007-1857
@@ -1484,8 +1604,8 @@
 CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in
Clam ...)
 	{DSA-1281-1}
 	- clamav 0.90.2-1 (high)
-CVE-2007-1744
-	RESERVED
+CVE-2007-1744 (Directory traversal vulnerability in the Shared Folders feature
for ...)
+	TODO: check
 CVE-2007-1743 (suexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...)
 	- apache2 <unfixed> (unimportant)
 CVE-2007-1742 (suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial
comparison ...)
@@ -2387,9 +2507,9 @@
 	NOT-FOR-US: Drupal module Project
 CVE-2007-1367 (Cross-site scripting (XSS) vulnerability in the login page in
Avaya ...)
 	NOT-FOR-US: Avaya Communications Manager
-CVE-2007-1366
-	RESERVED
+CVE-2007-1366 (QEMU 0.8.2 allows local users to crash a virtual machine via the
...)
 	{DSA-1284-1}
+	TODO: check
 CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0
allows ...)
 	NOT-FOR-US: OpenBSD Kernel
 CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain
...)
@@ -2449,8 +2569,8 @@
 	NOT-FOR-US: Links Management Application
 CVE-2007-1338 (The default configuration of the AirPort utility in Apple
AirPort ...)
 	NOT-FOR-US: Apple AirPort Extreme
-CVE-2007-1337
-	RESERVED
+CVE-2007-1337 (The virtual machine process (VMX) in VMware Workstation before
5.5.4 ...)
+	TODO: check
 CVE-2007-1336
 	RESERVED
 CVE-2007-1335
@@ -2483,15 +2603,15 @@
 CVE-2007-1323
 	RESERVED
 	{DSA-1284-1}
-CVE-2007-1322
-	RESERVED
+CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by
executing ...)
 	{DSA-1284-1}
+	TODO: check
 CVE-2007-1321
 	RESERVED
 	{DSA-1284-1}
-CVE-2007-1320
-	RESERVED
+CVE-2007-1320 (Multiple heap-based buffer overflows in the
cirrus_invalidate_region ...)
 	{DSA-1284-1}
+	TODO: check
 CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup
function in ...)
 	NOT-FOR-US: DeviceXPlorer OLE
 CVE-2007-1318
@@ -3192,8 +3312,8 @@
 	NOT-FOR-US: Cisco Unified IP Phone
 CVE-2007-1071 (Integer overflow in the gifGetBandProc function in ImageIO in
Apple ...)
 	NOT-FOR-US: Apple ImageIO
-CVE-2007-1069
-	RESERVED
+CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows
...)
+	TODO: check
 CVE-2007-1068 (The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS
PAP, ...)
 	NOT-FOR-US: Cisco Secure Services Client
 CVE-2007-1067 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and
2.x, ...)
@@ -4182,8 +4302,8 @@
 	RESERVED
 CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1
allows ...)
 	- linux-2.6 2.6.18.dfsg.1-11
-CVE-2007-0771
-	RESERVED
+CVE-2007-0771 (Unspecified vulnerability in the utrace support for Linux kernel
...)
+	TODO: check
 CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows
user-assisted ...)
 	{DSA-1260}
 	- graphicsmagick 1.1.7-12
@@ -4278,8 +4398,8 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2007-0746 (Heap-based buffer overflow in the VideoConference framework in
Apple ...)
 	NOT-FOR-US: Apple Mac OS X
-CVE-2007-0745
-	RESERVED
+CVE-2007-0745 (The Apple Security Update 2007-004 uses an incorrect
configuration ...)
+	TODO: check
 CVE-2007-0744 (SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly
clean ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2007-0743 (URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the
username ...)
@@ -4477,8 +4597,8 @@
 	[etch] - nexuiz <not-affected> (Vulnerable code not present, was
introduced in 2.2.2)
 CVE-2007-0656 (PHP remote file inclusion vulnerability in
includes/functions.php in ...)
 	NOT-FOR-US: phpBB2-MODificat it is a module to phpbb2
-CVE-2007-0655
-	RESERVED
+CVE-2007-0655 (The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld
Technologies eScan ...)
+	TODO: check
 CVE-2007-0654 (Integer underflow in X MultiMedia System (xmms) 1.2.10 allows
...)
 	{DSA-1277-1}
 	- xmms 1:1.2.10+20070301-2 (bug #416423; low)