stef-guest at alioth.debian.org
2007-Aug-28 20:58 UTC
[Secure-testing-commits] r6418 - data/CVE
Author: stef-guest Date: 2007-08-28 20:58:20 +0000 (Tue, 28 Aug 2007) New Revision: 6418 Modified: data/CVE/list Log: manual automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-28 20:57:52 UTC (rev 6417) +++ data/CVE/list 2007-08-28 20:58:20 UTC (rev 6418) @@ -1,3 +1,239 @@ +CVE-2007-4580 (Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows ...) + TODO: check +CVE-2007-4579 (Heap-based buffer overflow in Microsoft MSN Messenger 7.x and Live ...) + TODO: check +CVE-2007-4578 (Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows ...) + TODO: check +CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers ...) + TODO: check +CVE-2007-4576 + RESERVED +CVE-2007-4575 + RESERVED +CVE-2007-4574 + RESERVED +CVE-2007-4573 + RESERVED +CVE-2007-4572 + RESERVED +CVE-2007-4571 + RESERVED +CVE-2007-4570 + RESERVED +CVE-2007-4569 + RESERVED +CVE-2007-4568 + RESERVED +CVE-2007-4567 + RESERVED +CVE-2007-4566 (Multiple buffer overflows in the login mechanism in sidvault in Alpha ...) + TODO: check +CVE-2007-4565 (fetchmail before 6.3.9 allows context-dependent attackers to cause a ...) + TODO: check +CVE-2007-4564 (Cosminexus Manager in Cosminexus Application Server 07-00 and later ...) + TODO: check +CVE-2007-4563 (Cosminexus Manager in Cosminexus Application Server 06-50 and later ...) + TODO: check +CVE-2007-4562 (Unspecified vulnerability in Hitachi DABroker before 03-02-/D and ...) + TODO: check +CVE-2007-4561 (Heap-based buffer overflow in the RTSP service in Helix DNA Server ...) + TODO: check +CVE-2007-4560 (clamav-milter in ClamAV before 0.91.2, when run in black hole mode, ...) + TODO: check +CVE-2007-4559 (Directory traversal vulnerability in the (1) extract and (2) ...) + TODO: check +CVE-2007-4558 (Directory traversal vulnerability in extract.c in star before 1.5a84 ...) + TODO: check +CVE-2007-4557 (Cross-site scripting (XSS) vulnerability in the webacc servlet in ...) + TODO: check +CVE-2007-4556 (Struts support in OpenSymphony XWork before 1.2.3, and 2.x before ...) + TODO: check +CVE-2007-4555 (Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows ...) + TODO: check +CVE-2007-4554 (Cross-site scripting (XSS) vulnerability in tiki-remind_password.php ...) + TODO: check +CVE-2007-4553 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote ...) + TODO: check +CVE-2007-4552 (SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 ...) + TODO: check +CVE-2007-4551 (PHP remote file inclusion vulnerability in index.php in Agares Media ...) + TODO: check +CVE-2007-4550 (Format string vulnerability in ALPass 2.7 English and 3.02 Korean ...) + TODO: check +CVE-2007-4549 (Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow ...) + TODO: check +CVE-2007-4548 (The login method in LoginModule implementations in Apache Geronimo 2.0 ...) + TODO: check +CVE-2007-4547 (Unreal Commander 0.92 build 565 and 573 writes portions of heap memory ...) + TODO: check +CVE-2007-4546 (Unreal Commander 0.92 build 565 and 573 lists the filenames from the ...) + TODO: check +CVE-2007-4545 (Multiple directory traversal vulnerabilities in Unreal Commander 0.92 ...) + TODO: check +CVE-2007-4544 (Cross-site scripting (XSS) vulnerability in wp-newblog.php in ...) + TODO: check +CVE-2007-4543 (Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla ...) + TODO: check +CVE-2007-4542 (Multiple cross-site scripting (XSS) vulnerabilities in MapServer ...) + TODO: check +CVE-2007-4541 (Multiple cross-site scripting (XSS) vulnerabilities in Olate Download ...) + TODO: check +CVE-2007-4540 (Multiple SQL injection vulnerabilities in download.php in Olate ...) + TODO: check +CVE-2007-4539 (The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 ...) + TODO: check +CVE-2007-4538 (email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers ...) + TODO: check +CVE-2007-4537 (Heap-based buffer overflow in the Huffman decompression algorithm ...) + TODO: check +CVE-2007-4536 (TorrentTrader 1.07 and earlier sets insecure permissions for files in ...) + TODO: check +CVE-2007-4535 (The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows ...) + TODO: check +CVE-2007-4534 (Buffer overflow in the VThinker::BroadcastPrintf function in ...) + TODO: check +CVE-2007-4533 (Format string vulnerability in the Say command in sv_main.cpp in ...) + TODO: check +CVE-2007-4532 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and ...) + TODO: check +CVE-2007-4531 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and ...) + TODO: check +CVE-2007-4530 (Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak ...) + TODO: check +CVE-2007-4529 (The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote ...) + TODO: check +CVE-2007-4528 (The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not ...) + TODO: check +CVE-2007-4527 (Unrestricted file upload vulnerability in phUploader.php in phphq.Net ...) + TODO: check +CVE-2007-4526 (The Client Login Extension (CLE) in Novell Identity Manager before ...) + TODO: check +CVE-2007-4525 (** DISPUTED ** ...) + TODO: check +CVE-2007-4524 (PHP remote file inclusion vulnerability in adisplay.php in PhPress ...) + TODO: check +CVE-2007-4523 (Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website ...) + TODO: check +CVE-2007-4522 (Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 ...) + TODO: check +CVE-2007-4521 (Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an ...) + TODO: check +CVE-2007-4520 + RESERVED +CVE-2007-4519 + RESERVED +CVE-2007-4518 + RESERVED +CVE-2007-4517 + RESERVED +CVE-2007-4516 + RESERVED +CVE-2007-4515 + RESERVED +CVE-2007-4514 + RESERVED +CVE-2007-4513 + RESERVED +CVE-2007-4512 + RESERVED +CVE-2007-4511 (The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply ...) + TODO: check +CVE-2007-4510 (ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and ...) + TODO: check +CVE-2007-4509 (SQL injection vulnerability in index.php in the EventList component ...) + TODO: check +CVE-2007-4508 (Stack-based buffer overflow in Rebellion Asura engine, as used for the ...) + TODO: check +CVE-2007-4507 (Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 ...) + TODO: check +CVE-2007-4506 (SQL injection vulnerability in index.php in the NeoRecruit component ...) + TODO: check +CVE-2007-4505 (SQL injection vulnerability in index.php in the RemoSitory component ...) + TODO: check +CVE-2007-4504 (Directory traversal vulnerability in index.php in the RSfiles ...) + TODO: check +CVE-2007-4503 (SQL injection vulnerability in index.php in the Nice Talk component ...) + TODO: check +CVE-2007-4502 (SQL injection vulnerability in index.php in the BibTeX component ...) + TODO: check +CVE-2007-4501 (Unspecified vulnerability in PassphraseRequester in SSHKeychain before ...) + TODO: check +CVE-2007-4500 (Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 ...) + TODO: check +CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American ...) + TODO: check +CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader ...) + TODO: check +CVE-2007-4497 + RESERVED +CVE-2007-4496 + RESERVED +CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on ...) + TODO: check +CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9 before ...) + TODO: check +CVE-2007-4493 (eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check ...) + TODO: check +CVE-2007-4492 (Multiple unspecified vulnerabilities in the ata disk driver in Sun ...) + TODO: check +CVE-2007-4491 (SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows ...) + TODO: check +CVE-2007-4490 (Multiple buffer overflows in EarthAgent.exe in Trend Micro ...) + TODO: check +CVE-2007-4489 (Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 ...) + TODO: check +CVE-2007-4488 (Multiple cross-site scripting (XSS) vulnerabilities in the Siemens ...) + TODO: check +CVE-2007-4487 (Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision ...) + TODO: check +CVE-2007-4486 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...) + TODO: check +CVE-2007-4485 (PHP remote file inclusion vulnerability in visitor.php in Butterfly ...) + TODO: check +CVE-2007-4484 (PHP remote file inclusion vulnerability in login.php in My_REFERER ...) + TODO: check +CVE-2007-4483 (Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...) + TODO: check +CVE-2007-4482 (Cross-site scripting (XSS) vulnerability in index.php in the Pool ...) + TODO: check +CVE-2007-4481 (Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix ...) + TODO: check +CVE-2007-4480 (Cross-site scripting (XSS) vulnerability in index.php in the Sirius ...) + TODO: check +CVE-2007-4479 (Cross-site scripting (XSS) vulnerability in search.html in Search ...) + TODO: check +CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) + TODO: check +CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router allows ...) + TODO: check +CVE-2007-4476 + RESERVED +CVE-2007-4475 + RESERVED +CVE-2007-4474 + RESERVED +CVE-2007-4473 + RESERVED +CVE-2007-4472 + RESERVED +CVE-2007-4471 + RESERVED +CVE-2007-4470 + RESERVED +CVE-2007-4469 + RESERVED +CVE-2007-4468 + RESERVED +CVE-2007-4467 + RESERVED +CVE-2007-4466 + RESERVED +CVE-2006-7222 (Buffer overflow in the CFLICStream::_deltachunk function in ...) + TODO: check +CVE-2003-1335 (Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple ...) + TODO: check +CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge ...) + TODO: check CVE-2007-4465 RESERVED CVE-2007-4464 (CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total ...) @@ -11,7 +247,7 @@ [etch] - nufw <not-affected> CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) ...) - id3lib3.8.3 3.8.3-7 (bug #438540) -CVE-2007-4459 (The Cisco IP Phone 7940 with P0S3-08-6-00 firmware allows remote ...) +CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP ...) NOT-FOR-US: Cisco IP Phone CVE-2007-4458 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Firesoft @@ -158,7 +394,7 @@ NOT-FOR-US: winamp CVE-2007-4391 (Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger ...) NOT-FOR-US: kakadu -CVE-2007-4390 (The Command Line Interface (CLI) on the BlueCat Networks Adonis ...) +CVE-2007-4390 (The Command Line Interface (CLI), aka Adonis Administration Console, ...) NOT-FOR-US: BlueCat CVE-2007-4389 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire ...) NOT-FOR-US: 2wire @@ -290,7 +526,7 @@ NOT-FOR-US: phpDVD CVE-2007-4339 (Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll ...) NOT-FOR-US: PHPCentral Poll Script -CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) 0.6 and ...) +CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 ...) NOT-FOR-US: Family Connections CVE-2007-4337 (Multiple buffer overflows in the httplib_parse_sc_header function in ...) - streamripper 1.62.2-1 (medium) @@ -493,7 +729,7 @@ NOT-FOR-US: Justsystem Ichitaro CVE-2007-4245 (Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa ...) NOT-FOR-US: DiMeMa CONTENTdm -CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in the J! ...) +CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in J! ...) NOT-FOR-US: com_jreactions for Joomla! CVE-2007-4243 (Unspecified vulnerability in pfilter-reporter.pl in Astaro Security ...) NOT-FOR-US: Astaro Security Gateway @@ -548,10 +784,10 @@ RESERVED CVE-2007-4220 RESERVED -CVE-2007-4219 - RESERVED -CVE-2007-4218 - RESERVED +CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as ...) + TODO: check +CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) ...) + TODO: check CVE-2007-4217 RESERVED CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before ...) @@ -730,8 +966,8 @@ RESERVED CVE-2007-4132 RESERVED -CVE-2007-4131 - RESERVED +CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in ...) + TODO: check CVE-2007-4130 RESERVED CVE-2007-4129 @@ -905,7 +1141,8 @@ NOT-FOR-US: UltraDefrag CVE-2007-4050 (Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta ...) NOT-FOR-US: ADempiere Bazaar -CVE-2007-4049 (Cross-site scripting (XSS) vulnerability in the printenv.pl test CGI ...) +CVE-2007-4049 + REJECTED NOTE: Rediscovery / dupe of CVE-2000-1205 CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo ...) - phpsysinfo <unfixed> (low; bug #435935) @@ -1270,8 +1507,8 @@ NOT-FOR-US: CA Anti-Virus CVE-2007-3874 RESERVED -CVE-2007-3873 - RESERVED +CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI ...) + TODO: check CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace Service ...) NOT-FOR-US: HP OpenView CVE-2007-3871 @@ -1330,10 +1567,10 @@ CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to send ...) {DSA-1356-1} TODO: check -CVE-2007-3847 - RESERVED -CVE-2007-3846 - RESERVED +CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in ...) + TODO: check +CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as used ...) + TODO: check CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x ...) {DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1} - iceweasel 2.0.0.6-1 (medium) @@ -1583,8 +1820,8 @@ NOT-FOR-US: Apple Safari CVE-2007-3742 (WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before ...) NOT-FOR-US: Apple Safari -CVE-2007-3741 - RESERVED +CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp ...) + TODO: check CVE-2007-3740 RESERVED CVE-2007-3739 @@ -3450,8 +3687,8 @@ NOT-FOR-US: Scallywag CVE-2007-2959 (SQL injection vulnerability in manufacturer.php in cpCommerce before ...) NOT-FOR-US: cpCommerce -CVE-2007-2958 - RESERVED +CVE-2007-2958 (Format string vulnerability in the inc_put_error function in src/inc.c ...) + TODO: check CVE-2007-2957 RESERVED CVE-2007-2956 (Stack-based buffer overflow in the readRadianceHeader function in (1) ...) @@ -3855,8 +4092,7 @@ CVE-2007-XXXX [NTFS driver for FUSE unspecified issue] - ntfs-3g 1:1.516-1 NOTE: local root exploit -CVE-2007-2797 [xterm world-writable tty] - RESERVED +CVE-2007-2797 (xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in ...) - xterm <not-affected> (Debian uses safe compile-time settings) CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial of ...) NOT-FOR-US: Arris Cadant @@ -4183,7 +4419,8 @@ NOT-FOR-US: NetWin CVE-2007-2654 (xfs_fsr in xfsdump creates a .fsr temporary directory with insecure ...) - xfsdump 2.2.45-1 (bug #417894; low) -CVE-2007-2653 (Unspecified vulnerability in Vim (Vi IMproved) before 7.1 has ...) +CVE-2007-2653 + REJECTED NOT-FOR-US: This is bogus, the annoucement refers to the recently discovered modelines issues CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow ...) NOT-FOR-US: Free-SA @@ -7238,7 +7475,7 @@ {DSA-1304 DSA-1286-1} - linux-2.6 2.6.20-1 CVE-2007-1356 - RESERVED + REJECTED CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - tomcat4 <removed> (low) - tomcat5 <unfixed> (low) @@ -33594,7 +33831,7 @@ - kernel-source-2.4.27 2.4.27-11 (medium) CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...) NOT-FOR-US: Greasemonkey -CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and .0.0 and 7.0.1, uses insecure ...) +CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure ...) NOT-FOR-US: IBM Lotus Notes CVE-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...) NOT-FOR-US: NetworkActiv Web Server