joeyh at alioth.debian.org
2007-Nov-15 21:14 UTC
[Secure-testing-commits] r7310 - data/CVE
Author: joeyh Date: 2007-11-15 21:14:10 +0000 (Thu, 15 Nov 2007) New Revision: 7310 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-11-15 19:41:17 UTC (rev 7309) +++ data/CVE/list 2007-11-15 21:14:10 UTC (rev 7310) @@ -1,3 +1,75 @@ +CVE-2007-5989 + RESERVED +CVE-2007-5988 (blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user ...) + TODO: check +CVE-2007-5987 (details.php in BtiTracker before 1.4.5, when torrent viewing is ...) + TODO: check +CVE-2007-5986 (SQL injection vulnerability in include/functions.php in BtiTracker ...) + TODO: check +CVE-2007-5985 (Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker ...) + TODO: check +CVE-2007-5984 (classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 ...) + TODO: check +CVE-2007-5983 (Cross-site scripting (XSS) vulnerability in index.php in Justin ...) + TODO: check +CVE-2007-5982 (Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, ...) + TODO: check +CVE-2007-5981 (Lantronix SCS3200 does not properly handle public-key requests, which ...) + TODO: check +CVE-2007-5980 (Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog ...) + TODO: check +CVE-2007-5979 (Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 ...) + TODO: check +CVE-2007-5978 (SQL injection vulnerability in brokenlink.php in the mylinks module ...) + TODO: check +CVE-2007-5977 (Cross-site scripting (XSS) vulnerability in db_create.php in ...) + TODO: check +CVE-2007-5976 (SQL injection vulnerability in db_create.php in phpMyAdmin before ...) + TODO: check +CVE-2007-5975 (SQL injection vulnerability in index.php in TBSource, as used in (1) ...) + TODO: check +CVE-2007-5974 (SQL injection vulnerability in mailer.php in JPortal 2 allows remote ...) + TODO: check +CVE-2007-5973 (SQL injection vulnerability in articles.php in JPortal 2.3.1 and ...) + TODO: check +CVE-2007-5972 + RESERVED +CVE-2007-5971 + RESERVED +CVE-2007-5970 + RESERVED +CVE-2007-5969 + RESERVED +CVE-2007-5968 + RESERVED +CVE-2007-5967 + RESERVED +CVE-2007-5966 + RESERVED +CVE-2007-5965 + RESERVED +CVE-2007-5964 + RESERVED +CVE-2007-5963 + RESERVED +CVE-2007-5962 + RESERVED +CVE-2007-5961 + RESERVED +CVE-2007-5960 + RESERVED +CVE-2007-5959 + RESERVED +CVE-2007-5958 + RESERVED +CVE-2006-7229 (The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly ...) + TODO: check +CVE-2006-7228 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...) + TODO: check +CVE-2006-7227 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...) + TODO: check +CVE-2005-4872 (Perl-Compatible Regular Expression (PCRE) library before 6.2 does not ...) + TODO: check CVE-2007-5957 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2007-5956 (Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) ...) @@ -92,7 +164,7 @@ NOT-FOR-US: Solaris CVE-2007-5920 (index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote ...) NOT-FOR-US: Domenico Mancini PicoFlat CMS -CVE-2007-5919 (MyWebFTP stores sensitive information under the web root with ...) +CVE-2007-5919 (MyWebFTP, possibly 5.3.2, stores sensitive information under the web ...) NOT-FOR-US: MyWebFTP CVE-2007-5918 (Cross-site request forgery (CSRF) vulnerability in edit.php in the MS ...) NOT-FOR-US: MS TopSites @@ -147,7 +219,8 @@ RESERVED CVE-2007-5894 RESERVED -CVE-2006-7224 (Multiple integer overflows in Perl-Compatible Regular Expression ...) +CVE-2006-7224 + REJECTED - pcre3 6.7-1 CVE-2004-2748 (viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition ...) NOT-FOR-US: WebTrends Reporting Center @@ -3512,7 +3585,7 @@ NOT-FOR-US: Microsoft SQL Server Enterprise Manager CVE-2007-4813 (Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 ...) NOT-FOR-US: Domino Blogsphere -CVE-2007-4812 (Buffer overflow in Apple Safari 3.0.3 522.15.5 allows remote attackers ...) +CVE-2007-4812 (Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions ...) NOT-FOR-US: Mac OS CVE-2007-4811 (Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 ...) NOT-FOR-US: Netjuke @@ -3770,54 +3843,54 @@ RESERVED CVE-2007-4702 RESERVED -CVE-2007-4701 - RESERVED -CVE-2007-4700 - RESERVED -CVE-2007-4699 - RESERVED -CVE-2007-4698 - RESERVED -CVE-2007-4697 - RESERVED -CVE-2007-4696 - RESERVED -CVE-2007-4695 - RESERVED -CVE-2007-4694 - RESERVED -CVE-2007-4693 - RESERVED -CVE-2007-4692 - RESERVED -CVE-2007-4691 - RESERVED -CVE-2007-4690 - RESERVED -CVE-2007-4689 - RESERVED -CVE-2007-4688 - RESERVED -CVE-2007-4687 - RESERVED -CVE-2007-4686 - RESERVED -CVE-2007-4685 - RESERVED -CVE-2007-4684 - RESERVED -CVE-2007-4683 - RESERVED -CVE-2007-4682 - RESERVED -CVE-2007-4681 - RESERVED -CVE-2007-4680 - RESERVED -CVE-2007-4679 - RESERVED -CVE-2007-4678 - RESERVED +CVE-2007-4701 (WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create ...) + TODO: check +CVE-2007-4700 (Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through ...) + TODO: check +CVE-2007-4699 (The default configuration of Safari in Apple Mac OS X 10.4 through ...) + TODO: check +CVE-2007-4698 (Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 ...) + TODO: check +CVE-2007-4697 (Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through ...) + TODO: check +CVE-2007-4696 (Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 ...) + TODO: check +CVE-2007-4695 (Unspecified "input validation" vulnerability in WebCore in Apple Mac ...) + TODO: check +CVE-2007-4694 (Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers ...) + TODO: check +CVE-2007-4693 (The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows ...) + TODO: check +CVE-2007-4692 (The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 ...) + TODO: check +CVE-2007-4691 (The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs ...) + TODO: check +CVE-2007-4690 (Double-free vulnerability in the NFS component in Apple Mac OS X 10.4 ...) + TODO: check +CVE-2007-4689 (Double-free vulnerability in the Networking component in Apple Mac OS ...) + TODO: check +CVE-2007-4688 (The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows ...) + TODO: check +CVE-2007-4687 (The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 ...) + TODO: check +CVE-2007-4686 (The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users ...) + TODO: check +CVE-2007-4685 (The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users ...) + TODO: check +CVE-2007-4684 (Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 ...) + TODO: check +CVE-2007-4683 (Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 ...) + TODO: check +CVE-2007-4682 (CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to ...) + TODO: check +CVE-2007-4681 (Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 ...) + TODO: check +CVE-2007-4680 (CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not ...) + TODO: check +CVE-2007-4679 (CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows ...) + TODO: check +CVE-2007-4678 (AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows ...) + TODO: check CVE-2007-4677 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2007-4676 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...) @@ -3830,7 +3903,7 @@ NOT-FOR-US: Apple QuickTime CVE-2007-4672 (Stack-based buffer overflow in Apple QuickTime before 7.3 allows ...) NOT-FOR-US: Apple QuickTime -CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1 allows ...) +CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari ...) NOT-FOR-US: Safari CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact and ...) - php5 <unfixed> (unimportant) @@ -4780,12 +4853,12 @@ NOT-FOR-US: IBM DB2 CVE-2007-4270 (Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...) NOT-FOR-US: IBM DB2 -CVE-2007-4269 - RESERVED -CVE-2007-4268 - RESERVED -CVE-2007-4267 - RESERVED +CVE-2007-4269 (Integer overflow in the Networking component in Apple Mac OS X 10.4 ...) + TODO: check +CVE-2007-4268 (Integer signedness error in the Networking component in Apple Mac OS X ...) + TODO: check +CVE-2007-4267 (Stack-based buffer overflow in the Networking component in Apple Mac ...) + TODO: check CVE-2007-4266 RESERVED CVE-2007-4265 (Multiple cross-site scripting (XSS) vulnerabilities in VisionProject ...) @@ -5961,11 +6034,11 @@ NOT-FOR-US: Safari CVE-2007-3759 (Safari in Apple iPhone 1.1.1, when requested to disable Javascript, ...) NOT-FOR-US: Safari -CVE-2007-3758 (Safari in Apple iPhone 1.1.1 allows remote attackers to set Javascript ...) +CVE-2007-3758 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...) NOT-FOR-US: Safari CVE-2007-3757 (Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to ...) NOT-FOR-US: Safari -CVE-2007-3756 (Safari in Apple iPhone 1.1.1 allows remote attackers to obtain ...) +CVE-2007-3756 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...) NOT-FOR-US: Safari CVE-2007-3755 (Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to ...) NOT-FOR-US: Aplle iPhone @@ -5979,8 +6052,8 @@ NOT-FOR-US: Apple QuickTime CVE-2007-3750 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...) NOT-FOR-US: Apple QuickTime -CVE-2007-3749 - RESERVED +CVE-2007-3749 (The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the ...) + TODO: check CVE-2007-3748 (Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized ...) NOT-FOR-US: iChat on Apple Mac OS X CVE-2007-3747 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 ...) @@ -6131,8 +6204,7 @@ NOT-FOR-US: CA ERwin Data Model Validator CVE-2007-3695 (Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly ...) NOT-FOR-US: CA ERwin -CVE-2007-3694 - RESERVED +CVE-2007-3694 (Cross-site scripting (XSS) vulnerability in login.php in Miro Project ...) NOT-FOR-US: Broadcast Machine CVE-2007-3693 (Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built ...) NOT-FOR-US: gobi @@ -13869,7 +13941,7 @@ NOT-FOR-US: Cisco CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote ...) NOT-FOR-US: AppleKit -CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3 allows remote ...) +CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple ...) NOT-FOR-US: iMovie CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote ...) NOT-FOR-US: iPhoto