thr3ads.net - Secure testing commits - [Secure-testing-commits] r6685

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Sep-24 21:14 UTC
[Secure-testing-commits] r6685 - data/CVE

Author: joeyh
Date: 2007-09-24 21:14:07 +0000 (Mon, 24 Sep 2007)
New Revision: 6685

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-09-24 19:34:35 UTC (rev 6684)
+++ data/CVE/list	2007-09-24 21:14:07 UTC (rev 6685)
@@ -1,3 +1,87 @@
+CVE-2007-5052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2007-5051 (Multiple cross-site scripting (XSS) vulnerabilities in
PhpGedView ...)
+	TODO: check
+CVE-2007-5050 (Directory traversal vulnerability in index.php in Neuron News
1.0 ...)
+	TODO: check
+CVE-2007-5049 (Stack-based buffer overflow in the StreamPredictor::getNextLine
...)
+	TODO: check
+CVE-2007-5048 (Heap-based buffer overflow in Lhaplus before 1.55 allows remote
...)
+	TODO: check
+CVE-2007-5047 (Norton Internet Security 2008 15.0.0.60 does not properly
validate ...)
+	TODO: check
+CVE-2007-5046 (Cross-site scripting (XSS) vulnerability in the Webmail
interface for ...)
+	TODO: check
+CVE-2007-5045 (Argument injection vulnerability in Apple QuickTime 7.1.5 and
earlier, ...)
+	TODO: check
+CVE-2007-5044 (ZoneAlarm Pro 7.0.362.000 does not properly validate certain
...)
+	TODO: check
+CVE-2007-5043 (Kaspersky Internet Security 7.0.0.125 does not properly validate
...)
+	TODO: check
+CVE-2007-5042 (Outpost Firewall Pro 4.0.1025.7828 does not properly validate
certain ...)
+	TODO: check
+CVE-2007-5041 (G DATA InternetSecurity 2007 does not properly validate certain
...)
+	TODO: check
+CVE-2007-5040 (Ghost Security Suite alpha 1.200 does not properly validate
certain ...)
+	TODO: check
+CVE-2007-5039 (Ghost Security Suite beta 1.110 does not properly validate
certain ...)
+	TODO: check
+CVE-2007-5038 (The offer_account_by_email function in User.pm in the WebService
for ...)
+	TODO: check
+CVE-2007-5037 (Buffer overflow in the inotifytools_snprintf function in ...)
+	TODO: check
+CVE-2007-5036 (Multiple buffer overflows in the AirDefense Airsensor M520 with
...)
+	TODO: check
+CVE-2007-5035 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-5034 (ELinks before 0.11.3, when sending a POST request for an https
URL, ...)
+	TODO: check
+CVE-2007-5033 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB
XS 2 ...)
+	TODO: check
+CVE-2007-5032 (Cross-site request forgery (CSRF) vulnerability in admin.php in
...)
+	TODO: check
+CVE-2007-5031 (The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in
...)
+	TODO: check
+CVE-2007-5030 (Multiple integer overflows in Dibbler 0.6.0 allow remote
attackers to ...)
+	TODO: check
+CVE-2007-5029 (Dibbler 0.6.0 does not verify that certain length parameters are
...)
+	TODO: check
+CVE-2007-5028 (Dibbler 0.6.0 on Linux uses weak world-writable permissions for
...)
+	TODO: check
+CVE-2007-5027 (Multiple cross-site scripting (XSS) vulnerabilities in
cgi-bin/ddns in ...)
+	TODO: check
+CVE-2007-5026 (dBlog CMS, probably 2.0, stores sensitive information under the
web ...)
+	TODO: check
+CVE-2007-5025 (Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build
54075 ...)
+	TODO: check
+CVE-2007-5024 (EMC VMware Server before 1.0.4 Build 56528 writes passwords in
...)
+	TODO: check
+CVE-2007-5023 (Unquoted Windows search path vulnerability in EMC VMware
Workstation ...)
+	TODO: check
+CVE-2007-5022 (Unspecified vulnerability in certain IBM Tivoli Storage Manager
(TSM) ...)
+	TODO: check
+CVE-2007-5021 (Buffer overflow in the Client Acceptor Daemon (CAD) in certain
IBM ...)
+	TODO: check
+CVE-2007-5020 (Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on
Windows ...)
+	TODO: check
+CVE-2004-2687 (distcc 2.x, as used in XCode 1.5 and others, when not configured
to ...)
+	TODO: check
+CVE-2004-2686 (Directory traversal vulnerability in the vfs_getvfssw function
in ...)
+	TODO: check
+CVE-2003-1339 (Stack-based buffer overflow in eZnet.exe, as used in eZ (a) ...)
+	TODO: check
+CVE-2003-1338 (CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2
and ...)
+	TODO: check
+CVE-2003-1337 (Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2
and ...)
+	TODO: check
+CVE-2003-1336 (Buffer overflow in mIRC before 6.11 allows remote attackers to
execute ...)
+	TODO: check
+CVE-2002-2226 (Buffer overflow in tftpd of TFTP32 2.21 and earlier allows
remote ...)
+	TODO: check
+CVE-2001-1583 (lpd daemon (in.lpd) in Solaris 8 and earlier allows remote
attackers ...)
+	TODO: check
+CVE-2001-1582 (Buffer overflow in the LDAP naming services library (libsldap)
in Sun ...)
+	TODO: check
 CVE-2007-XXXX [mimep insecure tempfile usage and insecure calls to LaTeX and
dvips]
 	- mp 3.7.1-8
 CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in
Java ...)
@@ -58,8 +142,8 @@
 	RESERVED
 CVE-2007-4992
 	RESERVED
-CVE-2007-4991
-	RESERVED
+CVE-2007-4991 (The SOCKS4 Proxy in Microsoft Internet Security and Acceleration
(ISA) ...)
+	TODO: check
 CVE-2007-4990
 	RESERVED
 CVE-2007-4989
@@ -1007,8 +1091,7 @@
 	RESERVED
 CVE-2007-4570
 	RESERVED
-CVE-2007-4569 [unauthorized login problem in kdm]
-	RESERVED
+CVE-2007-4569 (backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when
autologin is ...)
 	- kdebase 4:3.5.7-4
 	NOTE: http://www.kde.org/info/security/advisory-20070919-1.txt
 CVE-2007-4568
@@ -1168,10 +1251,10 @@
 	NOT-FOR-US: American Financing eMail Image Upload
 CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader
...)
 	NOT-FOR-US: Grandstream SIP Phone
-CVE-2007-4497
-	RESERVED
-CVE-2007-4496
-	RESERVED
+CVE-2007-4497 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5
Build ...)
+	TODO: check
+CVE-2007-4496 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5
Build ...)
+	TODO: check
 CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris
10 on ...)
 	NOT-FOR-US: Solaris
 CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9
before ...)
@@ -2114,11 +2197,9 @@
 	NOT-FOR-US: Webyapar
 CVE-2007-4067 (Absolute path traversal vulnerability in the
clInetSuiteX6.clWebDav ...)
 	NOT-FOR-US: Clever Internet ActiveX Suite
-CVE-2007-4066
-	RESERVED
+CVE-2007-4066 (Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0
allow ...)
 	NOTE: svn revisionsions fixing this:
https://bugzilla.redhat.com/show_bug.cgi?id=249780
-CVE-2007-4065
-	RESERVED
+CVE-2007-4065 (lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before
1.2.0 ...)
 	NOTE: svn revisionsions fixing this:
https://bugzilla.redhat.com/show_bug.cgi?id=249780
 CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal
5.x ...)
 	- drupal 4.7.7-1 (low)
@@ -2453,8 +2534,7 @@
 	RESERVED
 CVE-2007-3917
 	RESERVED
-CVE-2007-3916 [skktools insecure tempfile]
-	RESERVED
+CVE-2007-3916 (The main function in skkdic-expr.c in SKK Tools 1.2 allows local
users ...)
 	- skktools 1.2+0.20061004-3
 CVE-2007-3915
 	RESERVED
@@ -4423,7 +4503,7 @@
 	NOTE: Not reproducibly reliably by an attacker, mostly a bug
 	NOTE: This is fixed by 9a08e732533b940d2d31f4e9999dfee5e1ca3914
 	NOTE: in Linus'' tree.
-CVE-2007-3106 (libvorbis 1.1.2, and possibly other versions before 1.2.0,
allows ...)
+CVE-2007-3106 (lib/info.c in libvorbis 1.1.2, and possibly other versions
before ...)
 	- libvorbis 1.2.0.dfsg-1 (medium)
 CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG)
...)
 	{DSA-1363-1}
@@ -12138,12 +12218,12 @@
 	RESERVED
 CVE-2007-0064
 	RESERVED
-CVE-2007-0063
-	RESERVED
-CVE-2007-0062
-	RESERVED
-CVE-2007-0061
-	RESERVED
+CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation
before ...)
+	TODO: check
+CVE-2007-0062 (Integer overflow in the DHCP server in EMC VMware Workstation
before ...)
+	TODO: check
+CVE-2007-0061 (The DHCP server in EMC VMware Workstation before 5.5.5 Build
56455 and ...)
+	TODO: check
 CVE-2007-0060 (Stack-based buffer overflow in the Message Queuing Server
(Cam.exe) in ...)
 	NOT-FOR-US: CA
 CVE-2007-0059 (Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3
...)
@@ -44626,7 +44706,7 @@
 	NOT-FOR-US: Advanced Guestbook
 CVE-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog
Torrent ...)
 	NOT-FOR-US: Blog Torrent
-CVE-2004-1211 (Multiple buffer overflows in Mercury/32 4.01a allow remote ...)
+CVE-2004-1211 (Multiple buffer overflows in the IMAP service in Mercury/32
4.01a ...)
 	NOT-FOR-US: Mercury Mail
 CVE-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in
IPCop ...)
 	NOT-FOR-US: IpCop
Secure testing commits - Sep 2007 - r6685 - data/CVE

[Secure-testing-commits] r6685 - data/CVE
