joeyh at alioth.debian.org
2007-Aug-16 09:14 UTC
[Secure-testing-commits] r6334 - data/CVE
Author: joeyh
Date: 2007-08-16 09:14:10 +0000 (Thu, 16 Aug 2007)
New Revision: 6334
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-08-16 01:47:51 UTC (rev 6333)
+++ data/CVE/list 2007-08-16 09:14:10 UTC (rev 6334)
@@ -1,3 +1,41 @@
+CVE-2007-4371 (Unrestricted file upload vulnerability in
admin/pages/blog-add.php in ...)
+ TODO: check
+CVE-2007-4370 (Multiple buffer overflows in the (1) client and (2) server in
Racer ...)
+ TODO: check
+CVE-2007-4369 (Directory traversal vulnerability in go/_files in SOTEeSKLEP
before ...)
+ TODO: check
+CVE-2007-4368 (SQL injection vulnerability in /main in IBM Rational ClearQuest
(CQ) ...)
+ TODO: check
+CVE-2007-4367 (Opera before 9.23 allows remote attackers to execute arbitrary
code ...)
+ TODO: check
+CVE-2007-4366 (WengoPhone 2.1 allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2007-4365 (Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and
earlier ...)
+ TODO: check
+CVE-2007-4364 (Fedora Commons before 2.2.1 does not properly handle certain
...)
+ TODO: check
+CVE-2007-4363 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
+CVE-2007-4362 (SQL injection vulnerability in category.php in Prozilla Webring
allows ...)
+ TODO: check
+CVE-2007-4361 (NETGEAR (formerly Infrant) ReadyNAS RAIDiator before
4.00b2-p2-T1 beta ...)
+ TODO: check
+CVE-2007-4360 (Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4)
with ...)
+ TODO: check
+CVE-2007-4359 (Multiple SQL injection vulnerabilities in SkilMatch Staffing
Systems ...)
+ TODO: check
+CVE-2007-4358 (Zoidcom 0.6.7 and earlier allows remote attackers to cause a
denial of ...)
+ TODO: check
+CVE-2007-4357 (Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to
spoof ...)
+ TODO: check
+CVE-2007-4356 (Microsoft Internet Explorer 6 and 7 embeds FTP credentials in
HTML ...)
+ TODO: check
+CVE-2007-4355 (Buffer overflow in the at program on IBM AIX 5.3 allows local
users to ...)
+ TODO: check
+CVE-2007-4354 (Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2
and 5.3 ...)
+ TODO: check
+CVE-2007-4353 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local
users in ...)
+ TODO: check
CVE-2007-4352
RESERVED
CVE-2007-4351
@@ -28,7 +66,7 @@
NOT-FOR-US: PHPCentral Poll Script
CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) 0.6 and
...)
NOT-FOR-US: Family Connections
-CVE-2007-4337 (Buffer overflow in the httplib_parse_sc_header function in
lib/http.c ...)
+CVE-2007-4337 (Multiple buffer overflows in the httplib_parse_sc_header
function in ...)
- streamripper 1.62.2-1 (medium)
CVE-2007-4336 (Buffer overflow in the Live Picture Corporation ...)
NOT-FOR-US: Microsoft
@@ -148,8 +186,8 @@
NOT-FOR-US: KnowledgeTree
CVE-2007-4279 (PHP remote file inclusion vulnerability in config.php in ...)
NOT-FOR-US: FrontAccounting
-CVE-2007-4278
- RESERVED
+CVE-2007-4278 (Stack-based buffer overflow in ESRI ArcSDE service 9.2, as used
with ...)
+ TODO: check
CVE-2007-4277
RESERVED
CVE-2007-4276
@@ -548,8 +586,7 @@
NOT-FOR-US: Minb Is Not a Blog (minb)
CVE-2007-4092 (Directory traversal vulnerability in index.php in iFoto 1.0.1
and ...)
NOT-FOR-US: iFoto
-CVE-2007-4091
- RESERVED
+CVE-2007-4091 (Multiple off-by-one errors in the sender.c in rsync 2.6.9 might
allow ...)
- rsync 2.6.9-5 (bug #438125; medium)
CVE-2007-4090 (Multiple cross-site scripting (XSS) vulnerabilities in
Vikingboard ...)
NOT-FOR-US: Vikingboard
@@ -1048,7 +1085,7 @@
NOT-FOR-US: Oracle
CVE-2007-3853 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5
and ...)
NOT-FOR-US: Oracle
-CVE-2007-3852 (The init script (sysstat.in) in sysstat creates /tmp/sysstat.run
...)
+CVE-2007-3852 (The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6
creates ...)
TODO: check
CVE-2007-3851 (The drm/i915 component in the Linux kernel before 2.6.22.2, when
used ...)
TODO: check
@@ -2987,7 +3024,7 @@
RESERVED
CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64
Edition ...)
NOT-FOR-US: Microsoft
-CVE-2007-3037 (Unspecified vulnerability in Microsoft Windows Media Player 7.1,
9, ...)
+CVE-2007-3037 (Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote
...)
NOT-FOR-US: Microsoft
CVE-2007-3036
RESERVED
@@ -2995,7 +3032,7 @@
NOT-FOR-US: Microsoft
CVE-2007-3034 (Integer overflow in the AttemptWrite function in Graphics
Rendering ...)
NOT-FOR-US: Microsoft
-CVE-2007-3033 (Unspecified vulnerability in Windows Vista Feed Headlines
Gadgets in ...)
+CVE-2007-3033 (Cross-site scripting (XSS) vulnerability in Windows Vista Feed
...)
NOT-FOR-US: Microsoft
CVE-2007-3032 (Unspecified vulnerability in Windows Vista Contacts Gadget in
Windows ...)
NOT-FOR-US: Microsoft
@@ -3226,10 +3263,10 @@
RESERVED
CVE-2007-2930
RESERVED
-CVE-2007-2929
- RESERVED
-CVE-2007-2928
- RESERVED
+CVE-2007-2929 (The IBM Lenovo Access Support acpRunner ActiveX control, as ...)
+ TODO: check
+CVE-2007-2928 (Format string vulnerability in the IBM Lenovo Access Support
acpRunner ...)
+ TODO: check
CVE-2007-2927 (Unspecified vulnerability in Atheros 802.11 a/b/g wireless
adapter ...)
NOT-FOR-US: Windows Atheros drivers
CVE-2007-2926 (ISC BIND 9 through 9.5.0a5 uses a weak random number generator
during ...)
@@ -4023,7 +4060,7 @@
CVE-2007-2590 (Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2,
...)
NOT-FOR-US: Nokia
CVE-2007-2589 (Cross-site request forgery (CSRF) vulnerability in compose.php
in ...)
- {DSA-1290-1}
+ {}
- squirrelmail 2:1.4.10a-1 (low)
NOTE: This has been addressed in DSA-1290
NOTE: CVE id has later been assigned to a part of this issue
@@ -4843,8 +4880,8 @@
- bind9 1:9.4.1-1 (medium)
[etch] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
[sarge] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
-CVE-2007-2240
- RESERVED
+CVE-2007-2240 (The IBM Lenovo Access Support acpRunner ActiveX control, as ...)
+ TODO: check
CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS
Camera ...)
NOT-FOR-US: AXIS Camera Control
CVE-2007-2238
@@ -4876,9 +4913,9 @@
RESERVED
CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in
Windows ...)
NOT-FOR-US: Microsoft
-CVE-2007-2224 (Unspecified vulnerability in Object linking and embedding (OLE)
...)
+CVE-2007-2224 (Object linking and embedding (OLE) Automation, as used in
Microsoft ...)
NOT-FOR-US: Microsoft
-CVE-2007-2223 (Unspecified vulnerability in Microsoft XML Core Services (MSXML)
3.0 ...)
+CVE-2007-2223 (Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows
remote ...)
NOT-FOR-US: Microsoft XML
CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll)
and ...)
NOT-FOR-US: Microsoft
@@ -9832,8 +9869,8 @@
NOT-FOR-US: FLEXnet Connect
CVE-2007-0320 (Multiple buffer overflows in (a) an ActiveX control (iftw.dll)
and (b) ...)
NOT-FOR-US: InstallFromTheWeb
-CVE-2007-0319
- RESERVED
+CVE-2007-0319 (Multiple stack-based buffer overflows in the Motive ...)
+ TODO: check
CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows ...)
NOT-FOR-US: Apple Mac OS
CVE-2007-0317 (Format string vulnerability in the LogMessage function in
FileZilla ...)
@@ -39924,7 +39961,7 @@
NOT-FOR-US: eXPerience2
CVE-2005-0721 (PHP remote file inclusion vulnerability in modules.php in
eXPerience2 ...)
NOT-FOR-US: eXPerience2
-CVE-2005-0720 (PHP remote file inclusion vulnerability in header.php in PHP
mcNews ...)
+CVE-2005-0720 (PHP remote file inclusion vulnerability in admin/header.php in
PHP ...)
NOT-FOR-US: mcNews
CVE-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64
Unix ...)
NOT-FOR-US: Tru64