thr3ads.net - Secure testing commits - [Secure-testing-commits] r5996

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Jun-12 21:14 UTC
[Secure-testing-commits] r5996 - data/CVE

Author: joeyh
Date: 2007-06-12 21:14:09 +0000 (Tue, 12 Jun 2007)
New Revision: 5996

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-06-12 19:05:03 UTC (rev 5995)
+++ data/CVE/list	2007-06-12 21:14:09 UTC (rev 5996)
@@ -1,3 +1,121 @@
+CVE-2007-3183
+	RESERVED
+CVE-2007-3182
+	RESERVED
+CVE-2007-3181
+	RESERVED
+CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP
systems ...)
+	TODO: check
+CVE-2007-3179 (Multiple SQL injection vulnerabilities in archives.php in
Particle ...)
+	TODO: check
+CVE-2007-3178 (Multiple SQL injection vulnerabilities in Zindizayn Okul Web
Sistemi ...)
+	TODO: check
+CVE-2007-3177 (Ingate Firewall and SIParator before 4.5.2 allow remote
attackers to ...)
+	TODO: check
+CVE-2007-3176 (Unspecified vulnerability in Ingate Firewall and SIParator
before ...)
+	TODO: check
+CVE-2007-3175 (Multiple SQL injection vulnerabilities in W2B Online Banking
allow ...)
+	TODO: check
+CVE-2007-3174 (Cross-site scripting (XSS) vulnerability in auth.w2b in W2B
Online ...)
+	TODO: check
+CVE-2007-3173 (Almnzm allows remote attackers to obtain sensitive information
via an ...)
+	TODO: check
+CVE-2007-3172 (Directory traversal vulnerability in demo/pop3/error.php in
Uebimiau ...)
+	TODO: check
+CVE-2007-3171 (Uebimiau Webmail allows remote attackers to obtain sensitive
...)
+	TODO: check
+CVE-2007-3170 (Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau
...)
+	TODO: check
+CVE-2007-3169 (Buffer overflow in a certain ActiveX control in the EDraw Office
...)
+	TODO: check
+CVE-2007-3168 (A certain ActiveX control in the EDraw Office Viewer Component
...)
+	TODO: check
+CVE-2007-3167 (Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX
control ...)
+	TODO: check
+CVE-2007-3166 (Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted,
...)
+	TODO: check
+CVE-2007-3165 (Tor before 0.1.2.14 can construct circuits in which an entry
guard is ...)
+	TODO: check
+CVE-2007-3164 (Microsoft Internet Explorer 7, when prompting for HTTP Basic
...)
+	TODO: check
+CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in
Frederico ...)
+	TODO: check
+CVE-2007-3162 (Buffer overflow in the NotSafe function in the idaiehlp ActiveX
...)
+	TODO: check
+CVE-2007-3161 (Buffer overflow in Ace-FTP Client 1.24a allows user-assisted,
remote ...)
+	TODO: check
+CVE-2007-3160 (PHP remote file inclusion vulnerability in admin/header.php in
PHP ...)
+	TODO: check
+CVE-2007-3159 (http.c in MiniWeb Http Server 0.8.x allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2007-3158 (download_script.asp in ASP Folder Gallery allows remote
attackers to ...)
+	TODO: check
+CVE-2007-3157 (IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0
Build ...)
+	TODO: check
+CVE-2007-3156 (Multiple cross-site scripting (XSS) vulnerabilities in
pam_login.cgi ...)
+	TODO: check
+CVE-2007-3155 (Unspecified vulnerability in eGroupWare before 1.2.107-2 has
unknown ...)
+	TODO: check
+CVE-2007-3154 (Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka ...)
+	TODO: check
+CVE-2007-3153 (The ares_init:randomize_key function in c-ares, on platforms
other ...)
+	TODO: check
+CVE-2007-3152 (c-ares before 1.4.0 uses a predictable seed for the random
number ...)
+	TODO: check
+CVE-2007-3151 (rpttop.htm in the web management interface in Packeteer
PacketShaper ...)
+	TODO: check
+CVE-2007-3150 (Google Desktop allows user-assisted remote attackers to execute
...)
+	TODO: check
+CVE-2007-3149 (sudo, when linked with MIT Kerberos 5 (krb5), does not properly
check ...)
+	TODO: check
+CVE-2007-3148 (Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in
...)
+	TODO: check
+CVE-2007-3147 (Buffer overflow in the Yahoo! Webcam Upload ActiveX control in
...)
+	TODO: check
+CVE-2007-3146 (Zen Help Desk 2.1 stores sensitive information under the web
root with ...)
+	TODO: check
+CVE-2007-3145 (Visual truncation vulnerability in Galeon 2.0.1 allows remote
...)
+	TODO: check
+CVE-2007-3144 (Visual truncation vulnerability in Mozilla 1.7.12 allows remote
...)
+	TODO: check
+CVE-2007-3143 (Visual truncation vulnerability in Konqueror 3.5.5 allows remote
...)
+	TODO: check
+CVE-2007-3142 (Visual truncation vulnerability in Opera 9.21 allows remote
attackers ...)
+	TODO: check
+CVE-2007-3141 (PHP remote file inclusion vulnerability in core/editor.php in
...)
+	TODO: check
+CVE-2007-3140 (SQL injection vulnerability in xmlrpc.php in WordPress 2.2
allows ...)
+	TODO: check
+CVE-2007-3139 (config/general.php in Quick.Cart 2.2 and earlier uses a default
...)
+	TODO: check
+CVE-2007-3138 (Directory traversal vulnerability in index.php in Open Solution
...)
+	TODO: check
+CVE-2007-3137 (Multiple cross-site scripting (XSS) vulnerabilities in
4print.asp in ...)
+	TODO: check
+CVE-2007-3136 (PHP remote file inclusion vulnerability in inc/nuke_include.php
in ...)
+	TODO: check
+CVE-2007-3135 (Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in
Atom ...)
+	TODO: check
+CVE-2007-3134 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2007-3133 (SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket
0.1 ...)
+	TODO: check
+CVE-2007-3132 (Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0
and ...)
+	TODO: check
+CVE-2007-3131 (Cross-site scripting (XSS) vulnerability in add_comment.php in
Light ...)
+	TODO: check
+CVE-2007-3130 (Multiple PHP remote file inclusion vulnerabilities in the
OpenWiki ...)
+	TODO: check
+CVE-2005-4845 (The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the
1.4.2_03 and ...)
+	TODO: check
+CVE-2005-4844 (The CLSID_ApprenticeICW control allows remote attackers to cause
a ...)
+	TODO: check
+CVE-2005-4843 (The SmartConnect Class control allows remote attackers to cause
a ...)
+	TODO: check
+CVE-2005-4842 (The System Monitor Source Properties control allows remote
attackers ...)
+	TODO: check
+CVE-2005-4841 (The Outlook Progress Ctl control allows remote attackers to
cause a ...)
+	TODO: check
 CVE-2007-XXXX [jffnms multiple issues]
 	- jffnms 0.8.3dfsg.1-4
 CVE-2007-3129
@@ -204,8 +322,8 @@
 	RESERVED
 CVE-2007-3028
 	RESERVED
-CVE-2007-3027
-	RESERVED
+CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7
allows ...)
+	TODO: check
 CVE-2007-3026
 	RESERVED
 CVE-2007-3025 (Unspecified vulnerability in libclamav/phishcheck.c in ClamAV
before ...)
@@ -430,8 +548,8 @@
 	RESERVED
 CVE-2007-2921
 	RESERVED
-CVE-2007-2920
-	RESERVED
+CVE-2007-2920 (Multiple stack-based buffer overflows in the Zoomify Viewer
ActiveX ...)
+	TODO: check
 CVE-2007-2919 (Multiple stack-based buffer overflows in the FViewerLoading
ActiveX ...)
 	TODO: check
 CVE-2007-2918 (Multiple stack-based buffer overflows in ActiveX controls (1)
VibeC in ...)
@@ -518,14 +636,14 @@
 	- linux-2.6 2.6.21-3
 CVE-2007-2877 (Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before
8.5a6 ...)
 	NOTE: Not a security issue; Windows-only anyway.
-CVE-2007-2876
-	RESERVED
-CVE-2007-2875
-	RESERVED
+CVE-2007-2876 (The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2)
...)
+	TODO: check
+CVE-2007-2875 (Integer underflow in the cpuset_tasks_read function in the Linux
...)
+	TODO: check
 CVE-2007-2874
 	RESERVED
-CVE-2007-2873
-	RESERVED
+CVE-2007-2873 (SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when
running as ...)
+	TODO: check
 CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5
before ...)
 	- php5 <unfixed>
 	NOTE: Fix from 5.2.3 was ineffective
@@ -738,8 +856,8 @@
 CVE-2007-2797 [xterm world-writable tty]
 	RESERVED
 	- xterm <not-affected> (Debian uses safe compile-time settings)
-CVE-2007-2796
-	RESERVED
+CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial
of ...)
+	TODO: check
 CVE-2007-2795
 	RESERVED
 CVE-2007-2794
@@ -1470,8 +1588,8 @@
 	NOT-FOR-US: Parallels
 CVE-2007-2454 (Heap-based buffer overflow in the VGA device in Parallels allows
local ...)
 	NOT-FOR-US: Parallels
-CVE-2007-2453
-	RESERVED
+CVE-2007-2453 (The random number feature in Linux kernel 2.6 before 2.6.20.13,
and ...)
+	TODO: check
 CVE-2007-2452 (Heap-based buffer overflow in the visit_old_format function in
...)
 	- findutils 4.2.31-1 (low; bug #426862)
 CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in
GEODE-AES ...)
@@ -1996,8 +2114,8 @@
 	[sarge] - dovecot <not-affected> (Vulnerable code not present)
 CVE-2007-2230 (SQL injection vulnerability in CA Clever Path Portal allows
remote ...)
 	NOT-FOR-US: CA Clever Path
-CVE-2007-2229
-	RESERVED
+CVE-2007-2229 (Microsoft Windows Vista uses insecure default permissions for
...)
+	TODO: check
 CVE-2007-2228
 	RESERVED
 CVE-2007-2227
@@ -2010,16 +2128,16 @@
 	RESERVED
 CVE-2007-2223
 	RESERVED
-CVE-2007-2222
-	RESERVED
+CVE-2007-2222 (Multiple unspecified vulnerabilities in speech control ActiveX
...)
+	TODO: check
 CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in
Microsoft ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-2220
 	RESERVED
-CVE-2007-2219
-	RESERVED
-CVE-2007-2218
-	RESERVED
+CVE-2007-2219 (Unspecified vulnerability in the Win32 API on Microsoft Windows
2000, ...)
+	TODO: check
+CVE-2007-2218 (Unspecified vulnerability in the Windows Schannel Security
Package for ...)
+	TODO: check
 CVE-2007-2217
 	RESERVED
 CVE-2007-2216
@@ -3071,12 +3189,12 @@
 	RESERVED
 CVE-2007-1753
 	RESERVED
-CVE-2007-1752
-	RESERVED
-CVE-2007-1751
-	RESERVED
-CVE-2007-1750
-	RESERVED
+CVE-2007-1752 (Microsoft Internet Explorer 7 allows remote attackers to spoof
web ...)
+	TODO: check
+CVE-2007-1751 (Microsoft Internet Explorer 5.01, 6, and 7 allows remote
attackers to ...)
+	TODO: check
+CVE-2007-1750 (Unspecified vulnerability in Microsoft Internet Explorer 6
allows ...)
+	TODO: check
 CVE-2007-1749
 	RESERVED
 CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain
Name ...)
@@ -3228,8 +3346,8 @@
 	NOT-FOR-US: iPIX Image Well ActiveX control
 CVE-2007-1686
 	RESERVED
-CVE-2007-1685
-	RESERVED
+CVE-2007-1685 (Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection
3.2.36, ...)
+	TODO: check
 CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in
...)
 	NOT-FOR-US: sldimdownload ActiveX control
 CVE-2007-1683 (Stack-based buffer overflow in the DoWebMenuAction function in
the ...)
@@ -5305,12 +5423,12 @@
 	NOT-FOR-US: Microsoft Content Management Server
 CVE-2007-0937
 	RESERVED
-CVE-2007-0936
-	RESERVED
+CVE-2007-0936 (Multiple unspecified vulnerabilities in Microsoft Visio 2002
allow ...)
+	TODO: check
 CVE-2007-0935
 	RESERVED
-CVE-2007-0934
-	RESERVED
+CVE-2007-0934 (Unspecified vulnerability in Microsoft Visio 2002 allows remote
...)
+	TODO: check
 CVE-2007-0933 (Buffer overflow in the wireless driver 6.0.0.18 for D-Link
DWL-G650+ ...)
 	TODO: check
 CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and
(2) ...)
@@ -7082,6 +7200,7 @@
 	- gforge-plugin-scmcvs 4.5.14-6
 CVE-2007-0245
 	RESERVED
+	{DSA-1307-1}
 CVE-2007-0244 (pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd)
before ...)
 	{DSA-1288-1}
 	- pptpd 1.3.4-1
@@ -7152,8 +7271,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM
objects ...)
 	NOT-FOR-US: Microsoft
-CVE-2007-0218
-	RESERVED
+CVE-2007-0218 (Microsoft Internet Explorer 5.01 and 6 allows remote attackers
to ...)
+	TODO: check
 CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer
5.01 ...)
 	NOT-FOR-US: Microsoft
 CVE-2007-0216
@@ -11275,7 +11394,7 @@
 	NOT-FOR-US: Oracle
 CVE-2006-5331
 	RESERVED
-CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16
for ...)
+CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16
and ...)
 	- flashplugin-nonfree 9.0.31.0.1 (bug #402822; medium)
 	NOTE: It is not clear if this is already fix in 9.0.21.78.X (previous version)
 	NOTE: or not but it''s fix in 9.0.31.0.1 for sure.
@@ -14330,8 +14449,8 @@
 	NOT-FOR-US: CA eTrust Antivirus WebScan
 CVE-2006-3975 (Unspecified vulnerability in CA eTrust Antivirus WebScan allows
remote ...)
 	NOT-FOR-US: CA eTrust Antivirus WebScan
-CVE-2006-3974
-	RESERVED
+CVE-2006-3974 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin in
3Com ...)
+	TODO: check
 CVE-2006-3973 (My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe
is ...)
 	NOT-FOR-US: My Firewall Plus
 CVE-2006-3972 (Directory traversal vulnerability in ...)
Secure testing commits - Jun 2007 - r5996 - data/CVE

[Secure-testing-commits] r5996 - data/CVE
