joeyh at alioth.debian.org
2007-Sep-06 21:14 UTC
[Secure-testing-commits] r6525 - data/CVE
Author: joeyh
Date: 2007-09-06 21:14:07 +0000 (Thu, 06 Sep 2007)
New Revision: 6525
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-09-06 19:17:21 UTC (rev 6524)
+++ data/CVE/list 2007-09-06 21:14:07 UTC (rev 6525)
@@ -1,3 +1,169 @@
+CVE-2007-4731
+ RESERVED
+CVE-2007-4730
+ RESERVED
+CVE-2007-4729
+ RESERVED
+CVE-2007-4728
+ RESERVED
+CVE-2007-4727
+ RESERVED
+CVE-2007-4726 (Directory traversal vulnerability in Web Oddity 0.09b allows
remote ...)
+ TODO: check
+CVE-2007-4725 (Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll
before ...)
+ TODO: check
+CVE-2007-4724 (Cross-site request forgery (CSRF) vulnerability in cal2.jsp in
the ...)
+ TODO: check
+CVE-2007-4723 (Directory traversal vulnerability in Ragnarok Online Control
Panel ...)
+ TODO: check
+CVE-2007-4722 (Multiple stack-based buffer overflows in the Quantum Streaming
...)
+ TODO: check
+CVE-2007-4721 (Integer signedness error in the DNP3 dissector in Wireshark
0.99.5 and ...)
+ TODO: check
+CVE-2007-4720 (Unspecified vulnerability in the Shared Trace Service in Hitachi
...)
+ TODO: check
+CVE-2007-4719 (SQL injection vulnerability in read.php in 212cafeBoard 6.30
Beta ...)
+ TODO: check
+CVE-2007-4718 (Directory traversal vulnerability in inc/lib/language.lib.php in
...)
+ TODO: check
+CVE-2007-4717 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline
...)
+ TODO: check
+CVE-2007-4716 (Multiple SQL injection vulnerabilities in PHD Help Desk before
1.31 ...)
+ TODO: check
+CVE-2007-4715 (Multiple PHP remote file inclusion vulnerabilities in
Weblogicnet ...)
+ TODO: check
+CVE-2007-4714 (SQL injection vulnerability in error_view.php in Yvora 1.0
allows ...)
+ TODO: check
+CVE-2007-4713 (Multiple cross-site scripting (XSS) vulnerabilities in
urchin.cgi in ...)
+ TODO: check
+CVE-2007-4712 (PHP remote file inclusion vulnerability in index.php in eNetman
1 ...)
+ TODO: check
+CVE-2007-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Toms
Gaestebuch ...)
+ TODO: check
+CVE-2007-4710
+ RESERVED
+CVE-2007-4709
+ RESERVED
+CVE-2007-4708
+ RESERVED
+CVE-2007-4707
+ RESERVED
+CVE-2007-4706
+ RESERVED
+CVE-2007-4705
+ RESERVED
+CVE-2007-4704
+ RESERVED
+CVE-2007-4703
+ RESERVED
+CVE-2007-4702
+ RESERVED
+CVE-2007-4701
+ RESERVED
+CVE-2007-4700
+ RESERVED
+CVE-2007-4699
+ RESERVED
+CVE-2007-4698
+ RESERVED
+CVE-2007-4697
+ RESERVED
+CVE-2007-4696
+ RESERVED
+CVE-2007-4695
+ RESERVED
+CVE-2007-4694
+ RESERVED
+CVE-2007-4693
+ RESERVED
+CVE-2007-4692
+ RESERVED
+CVE-2007-4691
+ RESERVED
+CVE-2007-4690
+ RESERVED
+CVE-2007-4689
+ RESERVED
+CVE-2007-4688
+ RESERVED
+CVE-2007-4687
+ RESERVED
+CVE-2007-4686
+ RESERVED
+CVE-2007-4685
+ RESERVED
+CVE-2007-4684
+ RESERVED
+CVE-2007-4683
+ RESERVED
+CVE-2007-4682
+ RESERVED
+CVE-2007-4681
+ RESERVED
+CVE-2007-4680
+ RESERVED
+CVE-2007-4679
+ RESERVED
+CVE-2007-4678
+ RESERVED
+CVE-2007-4677
+ RESERVED
+CVE-2007-4676
+ RESERVED
+CVE-2007-4675
+ RESERVED
+CVE-2007-4674
+ RESERVED
+CVE-2007-4673
+ RESERVED
+CVE-2007-4672
+ RESERVED
+CVE-2007-4671
+ RESERVED
+CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact
and ...)
+ TODO: check
+CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote
authenticated ...)
+ TODO: check
+CVE-2007-4668 (Unspecified vulnerability in the server in Firebird before 2.0.2
...)
+ TODO: check
+CVE-2007-4667 (Unspecified vulnerability in the Services API in Firebird before
2.0.2 ...)
+ TODO: check
+CVE-2007-4666 (Unspecified vulnerability in the server in Firebird before
2.0.2, when ...)
+ TODO: check
+CVE-2007-4665 (Unspecified vulnerability in the server in Firebird before 2.0.2
...)
+ TODO: check
+CVE-2007-4664 (Unspecified vulnerability in the (1) attach database and (2)
create ...)
+ TODO: check
+CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows
attackers ...)
+ TODO: check
+CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP
before ...)
+ TODO: check
+CVE-2007-4661 (The chunk_split function in string.c in PHP 5.2.3 does not
properly ...)
+ TODO: check
+CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP
before ...)
+ TODO: check
+CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not
...)
+ TODO: check
+CVE-2007-4658 (The money_format function in PHP before 5.2.4 permits multiple
(1) %i ...)
+ TODO: check
+CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5
before ...)
+ TODO: check
+CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides
the FTP ...)
+ TODO: check
+CVE-2007-4655 (Multiple directory traversal vulnerabilities in CGI RESCUE
Shopping ...)
+ TODO: check
+CVE-2007-4654 (Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1
on ...)
+ TODO: check
+CVE-2007-4653 (SQL injection vulnerability in links.php in the Links MOD 1.2.2
and ...)
+ TODO: check
+CVE-2007-4652 (PHP before 5.2.4 might allow local users to bypass open_basedir
...)
+ TODO: check
+CVE-2007-4651
+ RESERVED
+CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3
allow ...)
+ TODO: check
+CVE-2005-4861 (functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a
allows ...)
+ TODO: check
CVE-2007-XXXX [libgd several issues]
- libgd2 2.0.35.dfsg-2
CVE-2007-4649 (MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1,
and ...)
@@ -377,8 +543,8 @@
TODO: check
CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router
allows ...)
NOT-FOR-US: Planet VC-200M VDSL2 router
-CVE-2007-4476
- RESERVED
+CVE-2007-4476 (Buffer overflow in the safer_name_suffix function in GNU tar has
...)
+ TODO: check
CVE-2007-4475
RESERVED
CVE-2007-4474
@@ -387,8 +553,8 @@
RESERVED
CVE-2007-4472
RESERVED
-CVE-2007-4471
- RESERVED
+CVE-2007-4471 (Multiple unspecified vulnerabilities in the Intuit QuickBooks
Online ...)
+ TODO: check
CVE-2007-4470
RESERVED
CVE-2007-4469
@@ -495,7 +661,7 @@
NOT-FOR-US: Live for Speed
CVE-2007-4424 (Apple Safari for Windows 3.0.3 and earlier does not prompt the
user ...)
NOT-FOR-US: Safari
-CVE-2007-4423 (Unspecified vulnerability in the AUTH_LIST_GROUPS_FOR_AUTHID
function ...)
+CVE-2007-4423 (Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID
...)
NOT-FOR-US: IBM DB2
CVE-2007-4422 (The login interface in Symantec Enterprise Firewall 6.x, when a
VPN ...)
NOT-FOR-US: Symantec Enterprise Firewall
@@ -1122,8 +1288,8 @@
RESERVED
CVE-2007-4136
RESERVED
-CVE-2007-4135
- RESERVED
+CVE-2007-4135 (Unspecified vulnerability in the NFSv4 ID mapper (nfsidmap) on
SUSE ...)
+ TODO: check
CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before
1.5a84 ...)
- star 1.5a67-1.1 (bug #440100; low)
CVE-2007-4133
@@ -1418,20 +1584,18 @@
RESERVED
CVE-2007-4001
RESERVED
-CVE-2007-4000 [kadmind buffer overflow]
- RESERVED
+CVE-2007-4000 (The kadm5_modify_policy_internal function in ...)
- krb5 1.6.dfsg.1-7 (high)
-CVE-2007-3999 [buffer overflow in RPC library]
- RESERVED
+CVE-2007-3999 (Stack-based buffer overflow in the svcauth_gss_validate function
in ...)
{DSA-1368-1 DSA-1367-1}
- librpcsecgss 0.14-3
- krb5 1.6.dfsg.1-7 (high)
-CVE-2007-3998
- RESERVED
-CVE-2007-3997
- RESERVED
-CVE-2007-3996
- RESERVED
+CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before
5.2.4, ...)
+ TODO: check
+CVE-2007-3997 (The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8,
and PHP ...)
+ TODO: check
+CVE-2007-3996 (Multiple integer overflows in libgd in PHP before 5.2.4 allow
remote ...)
+ TODO: check
CVE-2007-3995
RESERVED
CVE-2007-3994
@@ -1739,8 +1903,8 @@
- linux-2.6 2.6.22-4
CVE-2007-3850
RESERVED
-CVE-2007-3849
- RESERVED
+CVE-2007-3849 (Red Hat Enterprise Linux (RHEL) 5 creates the Advanced Intrusion
...)
+ TODO: check
CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to
send ...)
{DSA-1356-1}
- linux-2.6 2.6.22-4
@@ -2874,7 +3038,7 @@
[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-3379
RESERVED
-CVE-2007-3378 (The (1) session_save_path and (2) ini_set functions in PHP 4.4.7
and ...)
+CVE-2007-3378 (The (1) session_save_path, (2) ini_set, and (3) error_log
functions in ...)
- php4 <unfixed> (unimportant)
- php5 <unfixed> (unimportant)
CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates
...)
@@ -7370,7 +7534,7 @@
NOT-FOR-US: McGallery
CVE-2007-1477 (** DISPUTED ** ...)
NOT-FOR-US: Point Of Sale for osCommerce
-CVE-2007-1476 (The SymTDI driver in Symantec Norton Personal Firewall 2006
9.1.1.7 ...)
+CVE-2007-1476 (The SymTDI device driver (SYMTDI.SYS) in Symantec Norton
Personal ...)
NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1475 (Multiple buffer overflows in the (1) ibase_connect and (2) ...)
- php4 <unfixed> (unimportant)
@@ -10577,8 +10741,8 @@
NOT-FOR-US: LizardTech DjVu Browser Plug-in
CVE-2007-0323 (Buffer overflow in the SetLanguage function in Research In
Motion ...)
NOT-FOR-US: Research In Motion (RIM) TeamOn Import Object ActiveX control
-CVE-2007-0322
- RESERVED
+CVE-2007-0322 (Multiple stack-based buffer overflows in the Intuit QuickBooks
Online ...)
+ TODO: check
CVE-2007-0321 (Buffer overflow in the Update Service Agent ActiveX Control in
...)
NOT-FOR-US: FLEXnet Connect
CVE-2007-0320 (Multiple buffer overflows in (a) an ActiveX control (iftw.dll)
and (b) ...)
@@ -45525,7 +45689,7 @@
NOT-FOR-US: MacOS
CVE-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4,
related to ...)
NOT-FOR-US: MacOS
-CVE-2004-0513 (Unknown vulnerability in Mac OS X 10.3.4, related to
"logging when ...)
+CVE-2004-0513 (Unspecified vulnerability in Mac OS X before 10.3.4 has unknown
impact ...)
NOT-FOR-US: MacOS
CVE-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and
...)
NOT-FOR-US: SCO MMDF