thr3ads.net - Secure testing commits - [Secure-testing-commits] r7522

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Dec-05 21:14 UTC
[Secure-testing-commits] r7522 - data/CVE

Author: joeyh
Date: 2007-12-05 21:14:11 +0000 (Wed, 05 Dec 2007)
New Revision: 7522

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-12-05 21:10:54 UTC (rev 7521)
+++ data/CVE/list	2007-12-05 21:14:11 UTC (rev 7522)
@@ -1,3 +1,99 @@
+CVE-2007-6259
+	RESERVED
+CVE-2007-6258
+	RESERVED
+CVE-2007-6257
+	RESERVED
+CVE-2007-6256
+	RESERVED
+CVE-2007-6255
+	RESERVED
+CVE-2007-6254
+	RESERVED
+CVE-2007-6253
+	RESERVED
+CVE-2007-6252
+	RESERVED
+CVE-2007-6251
+	RESERVED
+CVE-2007-6250
+	RESERVED
+CVE-2007-6249
+	RESERVED
+CVE-2007-6248
+	RESERVED
+CVE-2007-6247
+	RESERVED
+CVE-2007-6246
+	RESERVED
+CVE-2007-6245
+	RESERVED
+CVE-2007-6244
+	RESERVED
+CVE-2007-6243
+	RESERVED
+CVE-2007-6242
+	RESERVED
+CVE-2007-6241 (Multiple unspecified vulnerabilities in Beehive Forum 0.7.1 have
...)
+	TODO: check
+CVE-2007-6240 (SQL injection vulnerability in active.asp in Snitz Forums 2000
3.4.06 ...)
+	TODO: check
+CVE-2007-6239 (The &quot;cache update reply processing&quot;
functionality in Squid 2.x before ...)
+	TODO: check
+CVE-2007-6238 (Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP
allows ...)
+	TODO: check
+CVE-2007-6237 (cp.php in DeluxeBB 1.09 does not verify that the membercookie
...)
+	TODO: check
+CVE-2007-6236 (Microsoft Windows Media Player (WMP) allows remote attackers to
cause ...)
+	TODO: check
+CVE-2007-6235 (A certain ActiveX control in RealNetworks RealPlayer 11 allows
remote ...)
+	TODO: check
+CVE-2007-6234 (index.php in FTP Admin 0.1.0 allows remote attackers to bypass
...)
+	TODO: check
+CVE-2007-6233 (Directory traversal vulnerability in index.php in FTP Admin
0.1.0 ...)
+	TODO: check
+CVE-2007-6232 (Cross-site scripting (XSS) vulnerability in index.php in FTP
Admin ...)
+	TODO: check
+CVE-2007-6231 (Multiple PHP remote file inclusion vulnerabilities in tellmatic
1.0.7 ...)
+	TODO: check
+CVE-2007-6230 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2007-6229 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-6228 (Stack-based buffer overflow in the Helper class in the
yt.ythelper.2 ...)
+	TODO: check
+CVE-2007-6227 (QEMU 0.9.0 allows local users of a Windows XP SP2 guest
operating ...)
+	TODO: check
+CVE-2007-6226 (The American Power Conversion (APC) AP7932 0u 30amp Switched
Rack ...)
+	TODO: check
+CVE-2007-6225 (Unspecified vulnerability in Sun Solaris 10, when 64bit mode is
used ...)
+	TODO: check
+CVE-2007-6224 (The RealNetworks RealAudioObjects.RealAudio ActiveX control in
...)
+	TODO: check
+CVE-2007-6223 (SQL injection vulnerability in garage.php in phpBB Garage 1.2.0
Beta3 ...)
+	TODO: check
+CVE-2007-6222 (The CheckCustomerAccess function in functions.php in CRM-CTT
...)
+	TODO: check
+CVE-2007-6221 (TuMusika Evolution 1.7R5 allows remote attackers to obtain ...)
+	TODO: check
+CVE-2007-6220 (typespeed before 0.6.4 allows remote attackers to cause a denial
of ...)
+	TODO: check
+CVE-2007-6219 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool
...)
+	TODO: check
+CVE-2007-6218 (Multiple PHP remote file inclusion vulnerabilities in Ossigeno
CMS 2.2 ...)
+	TODO: check
+CVE-2007-6217 (Multiple SQL injection vulnerabilities in login.asp in Irola
My-Time ...)
+	TODO: check
+CVE-2007-6216 (Race condition in the Fibre Channel protocol (fcp) driver and
Devices ...)
+	TODO: check
+CVE-2007-6215 (Multiple directory traversal vulnerabilities in play.php in
Web-MeetMe ...)
+	TODO: check
+CVE-2007-6214 (Directory traversal vulnerability in include/file_download.php
in ...)
+	TODO: check
+CVE-2007-6213 (Multiple directory traversal vulnerabilities in
mod/chat/index.php in ...)
+	TODO: check
+CVE-2007-6212 (Directory traversal vulnerability in region.php in KML share 1.1
...)
+	TODO: check
 CVE-2008-0010
 	RESERVED
 CVE-2008-0009
@@ -35,13 +131,14 @@
 	NOTE: apache 1.3 is not vulnerable
 CVE-2007-6208 (sylprint.pl in claws mail tools (claws-mail-tools) allows local
users ...)
 	- claws-mail 3.1.0-2 (low; bug #454089)
-CVE-2007-6210 (zabbix_agentd 1.1.4 in ZABBIX runs
&quot;UserParameter&quot; scripts with gid 0, ...)
+CVE-2007-6210 (zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs
&quot;UserParameter&quot; ...)
+	{DSA-1420-1}
 	- zabbix <unfixed> (bug #452682)
 CVE-2007-6202 (SQL injection vulnerability in plugins/search/search.php in
Neocrome ...)
 	NOT-FOR-US: Neocrome Seditio CMS
-CVE-2007-6211 (Send Nasty ICMP Garbage (sing) on Debian GNU/Linux allows local
users ...)
+CVE-2007-6211 (Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local
users ...)
 	- sing 1.1-16 (low; bug #454167)
-CVE-2007-6209 (difflog.pl in zsh 4.3.4 allows local users to overwrite
arbitrary ...)
+CVE-2007-6209 (Util/difflog.pl in zsh 4.3.4 allows local users to overwrite
arbitrary ...)
 	- zsh 4.3.4-dev-3-2 (low; bug #454073)
 	[etch] - zsh <no-dsa> (Minor issue)
 	[sarge] - zsh <no-dsa> (Minor issue)
@@ -461,8 +558,8 @@
 	RESERVED
 CVE-2007-6015
 	RESERVED
-CVE-2007-6014
-	RESERVED
+CVE-2007-6014 (SQL injection vulnerability in post.php in Beehive Forum 0.7.1
and ...)
+	TODO: check
 CVE-2007-6013 (Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5
hash ...)
 	- wordpress <unfixed> (low; bug #452251)
 	NOTE: if untrusted people are allowed to read the database they could still
@@ -1844,12 +1941,12 @@
 	NOT-FOR-US: VMware Player
 CVE-2007-5616
 	RESERVED
-CVE-2007-5615
-	RESERVED
-CVE-2007-5614
-	RESERVED
-CVE-2007-5613
-	RESERVED
+CVE-2007-5615 (CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0
allows ...)
+	TODO: check
+CVE-2007-5614 (Mortbay Jetty before 6.1.6rc1 does not properly handle
&quot;certain quote ...)
+	TODO: check
+CVE-2007-5613 (Cross-site scripting (XSS) vulnerability in Dump Servlet in
Mortbay ...)
+	TODO: check
 CVE-2007-5612 (CIM Server in IBM Director 5.20.1 and earlier allows remote
attackers ...)
 	NOT-FOR-US: IBM Director
 CVE-2007-5611
@@ -2785,8 +2882,8 @@
 	RESERVED
 CVE-2007-5356
 	RESERVED
-CVE-2007-5355
-	RESERVED
+CVE-2007-5355 (The Web Proxy Auto-Discovery (WPAD) feature in Microsoft
Internet ...)
+	TODO: check
 CVE-2007-5354
 	RESERVED
 CVE-2007-5353
@@ -4472,7 +4569,7 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2007-4687 (The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10
...)
 	NOT-FOR-US: Apple Mac OS X
-CVE-2007-4686 (The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local
users ...)
+CVE-2007-4686 (Integer signedness error in the ttioctl function in
bsd/kern/tty.c in ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2007-4685 (The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local
users ...)
 	NOT-FOR-US: Apple Mac OS X
@@ -4745,6 +4842,7 @@
 	RESERVED
 CVE-2007-4575
 	RESERVED
+	{DSA-1419-1}
 	- openoffice.org 2.3.1~rc1-1 (medium; bug #454463)
 	- hsqldb 1.8.0.9-1
 CVE-2007-4574 (Unspecified vulnerability in the &quot;stack unwinder
fixes&quot; in kernel in ...)
@@ -8275,7 +8373,7 @@
 CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG)
...)
 	{DSA-1363-1}
 	- linux-2.6 2.6.22-4
-CVE-2007-3104 (The sysfs_readdir function in the Linux kernel in Red Hat
Enterprise ...)
+CVE-2007-3104 (The sysfs_readdir function in the Linux kernel 2.6, as used in
Red Hat ...)
 	- linux-2.6 2.6.22-4 (low)
 CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on various
Linux ...)
 	{DSA-1342-1}
Secure testing commits - Dec 2007 - r7522 - data/CVE

[Secure-testing-commits] r7522 - data/CVE
