joeyh at alioth.debian.org
2007-Nov-14 21:14 UTC
[Secure-testing-commits] r7300 - data/CVE
Author: joeyh Date: 2007-11-14 21:14:11 +0000 (Wed, 14 Nov 2007) New Revision: 7300 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-11-14 12:04:29 UTC (rev 7299) +++ data/CVE/list 2007-11-14 21:14:11 UTC (rev 7300) @@ -1,3 +1,69 @@ +CVE-2007-5957 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) ...) + TODO: check +CVE-2007-5956 (Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) ...) + TODO: check +CVE-2007-5955 (Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET ...) + TODO: check +CVE-2007-5954 (Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo ...) + TODO: check +CVE-2007-5953 (Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before ...) + TODO: check +CVE-2007-5952 (Cross-site scripting (XSS) vulnerability in admin/index.php in Helios ...) + TODO: check +CVE-2007-5951 (SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows ...) + TODO: check +CVE-2007-5950 (Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, ...) + TODO: check +CVE-2007-5949 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk ...) + TODO: check +CVE-2007-5948 (Multiple cross-site scripting (XSS) vulnerabilities in main.php in ...) + TODO: check +CVE-2007-5947 (The jar protocol handler in Mozilla Firefox retrieves the inner URL ...) + TODO: check +CVE-2007-5946 (Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX ...) + TODO: check +CVE-2007-5945 (USVN before 0.6.5 allows remote attackers to obtain a list of ...) + TODO: check +CVE-2007-5944 (Cross-site scripting (XSS) vulnerability in Servlet Engine / Web ...) + TODO: check +CVE-2007-5943 (Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a ...) + TODO: check +CVE-2007-5942 (Bandersnatch 0.4 allows remote attackers to obtain sensitive ...) + TODO: check +CVE-2007-5941 (Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in ...) + TODO: check +CVE-2007-5940 (feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users ...) + TODO: check +CVE-2007-5939 + RESERVED +CVE-2007-5938 + RESERVED +CVE-2007-5937 (Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive ...) + TODO: check +CVE-2007-5936 (dvips in teTeX and TeXlive 2007 and earlier allows local users to ...) + TODO: check +CVE-2007-5935 (Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive ...) + TODO: check +CVE-2007-5934 (The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request ...) + TODO: check +CVE-2007-5933 (Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to ...) + TODO: check +CVE-2006-7226 + RESERVED +CVE-2006-7225 + RESERVED +CVE-2004-2753 (Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and ...) + TODO: check +CVE-2004-2752 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...) + TODO: check +CVE-2004-2751 (SQL injection vulnerability in the members_list module in PostNuke ...) + TODO: check +CVE-2004-2750 (Directory traversal vulnerability in browser.php in JBrowser 1.0 ...) + TODO: check +CVE-2004-2749 (Directory traversal vulnerability in wra/public/wralogin in 2Wire ...) + TODO: check +CVE-2003-1537 (Directory traversal vulnerability in PostNuke 0.723 and earlier allows ...) + TODO: check CVE-2007-5932 (Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content ...) NOT-FOR-US: Fatwire Content Server CVE-2007-5931 (The reDirect function in lib/controllers/RepViewController.php in ...) @@ -236,7 +302,7 @@ NOT-FOR-US: Avaya Messaging Storage Server CVE-2007-5829 (The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and ...) NOT-FOR-US: Symantec AntiVirus -CVE-2007-5828 (Cross-site request forgery (CSRF) vulnerability in the admin panel in ...) +CVE-2007-5828 (** DISPUTED ** ...) - python-django <unfixed> (unimportant) NOTE: this is documented in docs/csrf.txt included in the python-django package and NOTE: there is a plugin enabling this feature. This is intended behaviour. @@ -305,8 +371,8 @@ NOT-FOR-US: Apache Geronimo CVE-2007-5796 (Cross-site scripting (XSS) vulnerability in the management console in ...) NOT-FOR-US: Blue Coat ProxySG -CVE-2007-5794 - RESERVED +CVE-2007-5794 (Race condition in nss_ldap, when used in applications that use pthread ...) + TODO: check CVE-2007-5839 (The e_hostname function in commands.c in BitchX 1.1a allows local ...) - ircii-pana <unfixed> (low; bug #449149) CVE-2007-5795 (The hack-local-variables function in Emacs before 22.2, when ...) @@ -359,8 +425,8 @@ NOT-FOR-US: Flatnuke CVE-2007-5771 (Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain ...) NOT-FOR-US: Flatnuke -CVE-2007-5770 - RESERVED +CVE-2007-5770 (The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, ...) + TODO: check CVE-2007-5769 RESERVED CVE-2007-5768 (The Globe7 soft phone client 7.3 sends username and password ...) @@ -387,10 +453,10 @@ RESERVED CVE-2007-5757 RESERVED -CVE-2007-5756 - RESERVED -CVE-2007-5755 - RESERVED +CVE-2007-5756 (Multiple array index errors in the bpf_filter_init function in NPF.SYS ...) + TODO: check +CVE-2007-5755 (Multiple stack-based buffer overflows in the AOL AmpX ActiveX control ...) + TODO: check CVE-2007-5754 (PHP remote file inclusion vulnerability in urlinn_includes/config.php ...) NOT-FOR-US: phpFaber CVE-2007-5753 (Unspecified vulnerability in Light FMan PHP (lfman or lightfman) ...) @@ -652,7 +718,7 @@ CVE-2007-5691 (ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers ...) - iceweasel 2.0.0.8-1 (unimportant) NOTE: Browser crashes not treated as security problems -CVE-2007-5690 (Buffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1 might ...) +CVE-2007-5690 (** DISPUTED ** ...) - zaptel <unfixed> (unimportant; bug #448763) NOTE: zaptel does copy argv[1] into ifr_name but zaptel is not suid root or something NOTE: similar so this is no security issue in Debian even if sethdl-new will segfault @@ -892,8 +958,8 @@ RESERVED CVE-2007-5668 RESERVED -CVE-2007-5667 - RESERVED +CVE-2007-5667 (NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, ...) + TODO: check CVE-2007-5666 RESERVED CVE-2007-5665 @@ -5001,8 +5067,8 @@ CVE-2007-4137 (Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech ...) - qt-x11-free 3:3.3.7-8 (medium; bug #442780) - qt4-x11 <not-affected> (Not exploitable according to upstream) -CVE-2007-4136 - RESERVED +CVE-2007-4136 (The ricci daemon in Conga 0.10.0 allows remote attackers to cause a ...) + TODO: check CVE-2007-4135 (The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle ...) - libnfsidmap 0.18-0 (low; bug #442935) NOTE: https://issues.rpath.com/browse/RPL-1731 @@ -5541,11 +5607,11 @@ RESERVED CVE-2007-3899 (Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, ...) NOT-FOR-US: Microsoft Word -CVE-2007-3898 - RESERVED +CVE-2007-3898 (The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 ...) + TODO: check CVE-2007-3897 (Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, ...) NOT-FOR-US: Outlook Express -CVE-2007-3896 (The URL handling in Windows XP and Windows Server 2003, with Windows ...) +CVE-2007-3896 (The URL handling in Shell32.dll in the Windows shell in Microsoft ...) NOT-FOR-US: Windows CVE-2007-3895 RESERVED @@ -5577,8 +5643,8 @@ NOT-FOR-US: Expert Advisor CVE-2007-3881 (SQL injection vulnerability in index.php in Pictures Rating (Picture ...) NOT-FOR-US: Pictures Rating -CVE-2007-3880 - RESERVED +CVE-2007-3880 (Format string vulnerability in srsexec in Sun Remote Services (SRS) ...) + TODO: check CVE-2007-3879 RESERVED CVE-2007-3878 @@ -10973,7 +11039,8 @@ NOT-FOR-US: Active Photo Gallery CVE-2007-1628 (Multiple PHP remote file inclusion vulnerabilities in Study planner ...) NOT-FOR-US: Study planner -CVE-2007-1627 (Multiple SQL injection vulnerabilities in php-revista 1.1.2 and ...) +CVE-2007-1627 + REJECTED NOT-FOR-US: php-revista CVE-2007-1626 (PHP remote file inclusion vulnerability in iframe.php in the iFrame ...) NOT-FOR-US: iFrame Module for PHP-NUKE @@ -14347,7 +14414,7 @@ NOT-FOR-US: BEA CVE-2007-0414 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 ...) NOT-FOR-US: BEA -CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 improperly cleartext data in a ...) +CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a ...) NOT-FOR-US: BEA CVE-2007-0412 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 ...) NOT-FOR-US: BEA