joeyh at alioth.debian.org
2007-Aug-15 09:14 UTC
[Secure-testing-commits] r6311 - data/CVE
Author: joeyh Date: 2007-08-15 09:14:07 +0000 (Wed, 15 Aug 2007) New Revision: 6311 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-14 22:35:04 UTC (rev 6310) +++ data/CVE/list 2007-08-15 09:14:07 UTC (rev 6311) @@ -1,7 +1,184 @@ +CVE-2007-4352 + RESERVED +CVE-2007-4351 + RESERVED +CVE-2007-4350 + RESERVED +CVE-2007-4349 + RESERVED +CVE-2007-4348 + RESERVED +CVE-2007-4347 + RESERVED +CVE-2007-4346 + RESERVED +CVE-2007-4345 + RESERVED +CVE-2007-4344 + RESERVED +CVE-2007-4343 + RESERVED +CVE-2007-4342 (PHP remote file inclusion vulnerability in include.php in PHPCentral ...) + TODO: check +CVE-2007-4341 (PHP remote file inclusion vulnerability in adm/my_statistics.php in ...) + TODO: check +CVE-2007-4340 (PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 ...) + TODO: check +CVE-2007-4339 (Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll ...) + TODO: check +CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) 0.6 and ...) + TODO: check +CVE-2007-4337 (Buffer overflow in the httplib_parse_sc_header function in lib/http.c ...) + TODO: check +CVE-2007-4336 (Buffer overflow in the Live Picture Corporation ...) + TODO: check +CVE-2007-4335 (Format string vulnerability in the SMTP server component in Qbik ...) + TODO: check +CVE-2007-4334 (Cross-site scripting (XSS) vulnerability in whois.php in Php-stats ...) + TODO: check +CVE-2007-4333 (Multiple cross-site scripting (XSS) vulnerabilities in signup.php in ...) + TODO: check +CVE-2007-4332 (SQL injection vulnerability in article.php in Article Dashboard, when ...) + TODO: check +CVE-2007-4331 (PHP remote file inclusion vulnerability in index.php in FindNix allows ...) + TODO: check +CVE-2007-4330 (PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox ...) + TODO: check +CVE-2007-4329 (Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 ...) + TODO: check +CVE-2007-4328 (Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder ...) + TODO: check +CVE-2007-4327 (Multiple PHP remote file inclusion vulnerabilities in File Uploader ...) + TODO: check +CVE-2007-4326 (Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader ...) + TODO: check +CVE-2007-4325 (PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 ...) + TODO: check +CVE-2007-4324 (ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0 allows remote ...) + TODO: check +CVE-2007-4323 (DenyHosts 2.6 does not properly parse sshd log files, which allows ...) + TODO: check +CVE-2007-4322 (BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) ...) + TODO: check +CVE-2007-4321 (fail2ban 0.8 and earlier does not properly parse sshd log files, which ...) + TODO: check +CVE-2007-4320 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2007-4319 (The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel ...) + TODO: check +CVE-2007-4318 (Cross-site scripting (XSS) vulnerability in Forms/General_1 in the ...) + TODO: check +CVE-2007-4317 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) + TODO: check +CVE-2007-4316 (The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel ...) + TODO: check +CVE-2007-4315 (The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows ...) + TODO: check +CVE-2007-4314 (pixlie.php in Pixlie 1.7 allows remote attackers to trigger the ...) + TODO: check +CVE-2007-4313 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2007-4312 (SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 ...) + TODO: check +CVE-2007-4311 (The xfer_secondary_pool function in drivers/char/random.c in the Linux ...) + TODO: check +CVE-2007-4310 (The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows ...) + TODO: check +CVE-2007-4309 (IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote ...) + TODO: check +CVE-2007-4308 (The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI ...) + TODO: check +CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 ...) + TODO: check +CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) + TODO: check +CVE-2007-4305 (Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail ...) + TODO: check +CVE-2007-4304 (CerbNG for FreeBSD 4.8 does not properly implement VM protection when ...) + TODO: check +CVE-2007-4303 (Multiple race conditions in (1) certain rules and (2) argument copying ...) + TODO: check +CVE-2007-4302 (Multiple race conditions in certain system call wrappers in Generic ...) + TODO: check +CVE-2007-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...) + TODO: check +CVE-2007-4300 + RESERVED +CVE-2007-4299 + RESERVED +CVE-2007-4298 + RESERVED +CVE-2007-4297 (Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp ...) + TODO: check +CVE-2007-4296 (Unspecified vulnerability in assp.pl in Anti-Spam SMTP Proxy Server ...) + TODO: check +CVE-2007-4295 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote ...) + TODO: check +CVE-2007-4294 (Unspecified vulnerability in Cisco Unified Communications Manager ...) + TODO: check +CVE-2007-4293 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial ...) + TODO: check +CVE-2007-4292 (Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote ...) + TODO: check +CVE-2007-4291 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial ...) + TODO: check +CVE-2007-4290 (** DISPUTED ** ...) + TODO: check +CVE-2007-4289 (Sun Java System Portal Server 7.0 does not properly process XSLT ...) + TODO: check +CVE-2007-4288 (Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted ...) + TODO: check +CVE-2007-4287 (PHP remote file inclusion vulnerability in fc_functions/fc_example.php ...) + TODO: check +CVE-2007-4286 (Buffer overflow in the Next Hop Resolution Protocol (NHRP) ...) + TODO: check +CVE-2007-4285 (Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to ...) + TODO: check +CVE-2007-4284 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified ...) + TODO: check +CVE-2007-4283 (PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in ...) + TODO: check +CVE-2007-4282 (The "Extended properties for entries" (entryproperties) plugin in ...) + TODO: check +CVE-2007-4281 (Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source ...) + TODO: check +CVE-2007-4279 (PHP remote file inclusion vulnerability in config.php in ...) + TODO: check +CVE-2007-4278 + RESERVED +CVE-2007-4277 + RESERVED +CVE-2007-4276 + RESERVED +CVE-2007-4275 + RESERVED +CVE-2007-4274 + REJECTED + TODO: check +CVE-2007-4273 + RESERVED +CVE-2007-4272 + RESERVED +CVE-2007-4271 + RESERVED +CVE-2007-4270 + RESERVED +CVE-2007-4269 + RESERVED +CVE-2007-4268 + RESERVED +CVE-2007-4267 + RESERVED +CVE-2007-4266 + RESERVED +CVE-2007-4265 (Multiple cross-site scripting (XSS) vulnerabilities in VisionProject ...) + TODO: check +CVE-2007-4264 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) + TODO: check CVE-2007-XXXX [serendipity issue in Extended properties for entries plugin] - serendipity 1.1.4-1 [etch] - serendipity <not-affected> (introduced in 1.1.x) -CVE-2007-4280 [asterisk remote DoS] +CVE-2007-4280 (The Skinny channel driver (chan_skinny) in Asterisk Open Source before ...) - asterisk 1:1.4.10~dfsg-1 NOTE: http://ftp.digium.com/pub/asa/ASA-2007-019.html [sarge] - asterisk <not-affected> (not affected according to advisory) @@ -37,7 +214,7 @@ CVE-2007-4251 (OpenOffice.org (OOo) 2.2 does not properly handle files with multiple ...) - openoffice.org (unimportant) NOTE: Only a crasher with malformed documents -CVE-2007-4250 (The isChecked function in Toolbar.DLL in Advanced Searchbar allows ...) +CVE-2007-4250 (The isChecked function in Toolbar.DLL in Advanced Searchbar before ...) NOT-FOR-US: Advanced Searchbar CVE-2007-4249 (The isChecked function in Toolbar.DLL in the ExportNation toolbar for ...) NOT-FOR-US: ExportNation toolbar @@ -778,10 +955,10 @@ RESERVED CVE-2007-3892 RESERVED -CVE-2007-3891 - RESERVED -CVE-2007-3890 - RESERVED +CVE-2007-3891 (Unspecified vulnerability in Windows Vista Weather Gadgets in Windows ...) + TODO: check +CVE-2007-3890 (Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, ...) + TODO: check CVE-2007-3889 (Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and ...) NOT-FOR-US: Insanely Simple Blog CVE-2007-3888 (Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple ...) @@ -816,8 +993,8 @@ RESERVED CVE-2007-3873 RESERVED -CVE-2007-3872 - RESERVED +CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace Service ...) + TODO: check CVE-2007-3871 RESERVED CVE-2006-7221 (Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow ...) @@ -862,16 +1039,16 @@ NOT-FOR-US: Oracle CVE-2007-3853 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...) NOT-FOR-US: Oracle -CVE-2007-3852 - RESERVED -CVE-2007-3851 - RESERVED +CVE-2007-3852 (The init script (sysstat.in) in sysstat creates /tmp/sysstat.run ...) + TODO: check +CVE-2007-3851 (The drm/i915 component in the Linux kernel before 2.6.22.2, when used ...) + TODO: check CVE-2007-3850 RESERVED CVE-2007-3849 RESERVED -CVE-2007-3848 - RESERVED +CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to send ...) + TODO: check CVE-2007-3847 RESERVED CVE-2007-3846 @@ -888,8 +1065,8 @@ - xulrunner 1.8.1.6-1 (medium) - iceape 1.1.3-2 (medium) - icedove <unfixed> (medium) -CVE-2007-3843 - RESERVED +CVE-2007-3843 (The Linux kernel before 2.6.23-rc1 checks the wrong global variable ...) + TODO: check CVE-2007-3842 (Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise ...) NOT-FOR-US: 8e6 R3000 Enterprise Filter CVE-2007-3841 (Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux ...) @@ -1111,7 +1288,7 @@ NOT-FOR-US: Apple Mac OS X CVE-2007-3745 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 ...) NOT-FOR-US: Apple Mac OS X -CVE-2007-3744 (Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized ...) +CVE-2007-3744 (Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device ...) TODO: check CVE-2007-3743 (Stack-based buffer overflow in bookmark handling in Apple Safari 3 ...) TODO: check @@ -1955,18 +2132,18 @@ - libextractor 0.5.12-1 NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed TODO: check ipe (only small parts, but with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp) -CVE-2007-3386 - RESERVED -CVE-2007-3385 - RESERVED +CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager Servlet ...) + TODO: check +CVE-2007-3385 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...) + TODO: check CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in ...) TODO: check CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in the ...) - tomcat4 <removed> (low) [sarge] - tomcat4 <no-dsa> (minor issue) NOTE: affects example app in tomcat4-webapps -CVE-2007-3382 - RESERVED +CVE-2007-3382 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...) + TODO: check CVE-2007-3381 (The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x ...) - gdm 2.18.4-1 (low) [sarge] - gdm <no-dsa> (Minor issue) @@ -2787,26 +2964,26 @@ NOT-FOR-US: Hitachi Collaboration CVE-2007-3042 (Cross-site scripting (XSS) vulnerability in Meneame before 2 allows ...) NOT-FOR-US: Meneame -CVE-2007-3041 - RESERVED +CVE-2007-3041 (Unspecified vulnerability in the pdwizard.ocx ActiveX object for ...) + TODO: check CVE-2007-3040 RESERVED CVE-2007-3039 RESERVED CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64 Edition ...) NOT-FOR-US: Microsoft -CVE-2007-3037 - RESERVED +CVE-2007-3037 (Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, ...) + TODO: check CVE-2007-3036 RESERVED -CVE-2007-3035 - RESERVED -CVE-2007-3034 - RESERVED -CVE-2007-3033 - RESERVED -CVE-2007-3032 - RESERVED +CVE-2007-3035 (Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, ...) + TODO: check +CVE-2007-3034 (Integer overflow in the AttemptWrite function in Graphics Rendering ...) + TODO: check +CVE-2007-3033 (Unspecified vulnerability in Windows Vista Feed Headlines Gadgets in ...) + TODO: check +CVE-2007-3032 (Unspecified vulnerability in Windows Vista Contacts Gadget in Windows ...) + TODO: check CVE-2007-3031 RESERVED CVE-2007-3030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows ...) @@ -2976,10 +3153,10 @@ RESERVED CVE-2007-2957 RESERVED -CVE-2007-2956 - RESERVED -CVE-2007-2955 - RESERVED +CVE-2007-2956 (Stack-based buffer overflow in the readRadianceHeader function in (1) ...) + TODO: check +CVE-2007-2955 (Multiple unspecified "input validation error" vulnerabilities in ...) + TODO: check CVE-2007-2954 RESERVED CVE-2007-2953 (Format string vulnerability in the helptags_one function in ...) @@ -4681,10 +4858,10 @@ RESERVED CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in Windows ...) NOT-FOR-US: Microsoft -CVE-2007-2224 - RESERVED -CVE-2007-2223 - RESERVED +CVE-2007-2224 (Unspecified vulnerability in Object linking and embedding (OLE) ...) + TODO: check +CVE-2007-2223 (Unspecified vulnerability in Microsoft XML Core Services (MSXML) 3.0 ...) + TODO: check CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and ...) NOT-FOR-US: Microsoft CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in Microsoft ...) @@ -4697,8 +4874,8 @@ NOT-FOR-US: Microsoft CVE-2007-2217 RESERVED -CVE-2007-2216 - RESERVED +CVE-2007-2216 (Unspecified vulnerability in the tblinf32.dll (aka vstlbinf.dll) ...) + TODO: check CVE-2007-2215 RESERVED CVE-2007-2214 (Unrestricted file upload vulnerability in includes/upload_file.php in ...) @@ -4785,7 +4962,7 @@ NOT-FOR-US: ZoneAlarm CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and (2) ...) NOT-FOR-US: Gentoo''s packaging of courier -CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 causes RTA_MAX to be used ...) +CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 ...) - linux-2.6 <unfixed> (medium) CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in ...) NOT-FOR-US: Novell GroupWise @@ -5769,8 +5946,8 @@ NOT-FOR-US: Microsoft CVE-2007-1750 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows ...) NOT-FOR-US: Microsoft -CVE-2007-1749 - RESERVED +CVE-2007-1749 (Integer underflow in the CDownloadSink class code in the Vector Markup ...) + TODO: check CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name ...) NOT-FOR-US: Microsoft Windows CVE-2007-1747 (Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, ...) @@ -7999,8 +8176,8 @@ NOT-FOR-US: Fullaspsite ASP Hosting Site CVE-2007-0949 (Stack-based buffer overflow in iTinySoft Studio Total Video Player ...) NOT-FOR-US: iTinySoft -CVE-2007-0948 - RESERVED +CVE-2007-0948 (Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac ...) + TODO: check CVE-2007-0947 (Use-after-free vulnerability in Microsoft Internet Explorer 7 on ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-0946 (Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows ...) @@ -8009,8 +8186,8 @@ NOT-FOR-US: Microsoft Internet Explorer CVE-2007-0944 (Unspecified vulnerability in the CTableCol::OnPropertyChange method in ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2007-0943 - RESERVED +CVE-2007-0943 (Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows ...) + TODO: check CVE-2007-0942 (Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-0941 @@ -11929,7 +12106,7 @@ NOT-FOR-US: Solaris CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net iNews (1) ...) NOT-FOR-US: Expinion.net iNews -CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs file, ...) +CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd log files, ...) - fail2ban <not-affected> (looks fixed in 0.6, see #401793) CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd log files, which allows ...) - denyhosts 2.6-1 (medium; bug #401795)