thr3ads.net - Secure testing commits - [Secure-testing-commits] r7594

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Dec-11 21:14 UTC
[Secure-testing-commits] r7594 - data/CVE

Author: joeyh
Date: 2007-12-11 21:14:14 +0000 (Tue, 11 Dec 2007)
New Revision: 7594

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-12-11 19:13:44 UTC (rev 7593)
+++ data/CVE/list	2007-12-11 21:14:14 UTC (rev 7594)
@@ -1,10 +1,54 @@
-CVE-2007-6304 [potential DoS by remote MySQL servers via a response that lacks
the minimum required number of columns]
+CVE-2007-6305 (Multiple unspecified vulnerabilities in IBM Hardware Management
...)
+	TODO: check
+CVE-2007-6302 (Unspecified vulnerability in Novell NetMail 3.5.2 before
Messaging ...)
+	TODO: check
+CVE-2007-6301 (Cross-site scripting (XSS) vulnerability in compose.php in ...)
+	TODO: check
+CVE-2007-6300 (Cross-site request forgery (CSRF) vulnerability in Fusion News
3.9.0 ...)
+	TODO: check
+CVE-2007-6298 (Cross-site scripting (XSS) vulnerability in the Shoutbox module
for ...)
+	TODO: check
+CVE-2007-6297 (Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat
...)
+	TODO: check
+CVE-2007-6296 (PHP remote file inclusion vulnerability in users_popupL.php3 in
...)
+	TODO: check
+CVE-2007-6295 (Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame
page ...)
+	TODO: check
+CVE-2007-6294 (Multiple unspecified vulnerabilities in IBM Hardware Management
...)
+	TODO: check
+CVE-2007-6293 (Multiple unspecified vulnerabilities in IBM Hardware Management
...)
+	TODO: check
+CVE-2007-6292 (SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4
and ...)
+	TODO: check
+CVE-2007-6291 (SQL injection vulnerability in abm.aspx in Xigla Absolute Banner
...)
+	TODO: check
+CVE-2007-6290 (Multiple directory traversal vulnerabilities in js/get_js.php in
...)
+	TODO: check
+CVE-2007-6289 (Multiple PHP remote file inclusion vulnerabilities in SerWeb
2.0.0 ...)
+	TODO: check
+CVE-2007-6288 (Multiple SQL injection vulnerabilities in TCExam before 5.1.000
allow ...)
+	TODO: check
+CVE-2007-6287 (Cross-site scripting (XSS) vulnerability in the login page in
Lxlabs ...)
+	TODO: check
+CVE-2007-6286
+	RESERVED
+CVE-2007-6285
+	RESERVED
+CVE-2007-6284
+	RESERVED
+CVE-2007-6283
+	RESERVED
+CVE-2007-6282
+	RESERVED
+CVE-2007-6281
+	RESERVED
+CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.52, 5.1.x before
...)
 	- mysql-dfsg-5.0 <unfixed> (low; bug #455737)
 	TODO: check mysql4
-CVE-2007-6303 [remote authenticated users can gain privileges via a sequence of
statements]
+CVE-2007-6303 (MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before
6.0.4 ...)
 	- mysql-dfsg-5.0 <unfixed> (low; bug #455737)
 	TODO: check mysql4
-CVE-2007-6299 [SQL injection in Drupal when certain contributed modules are
enabled]
+CVE-2007-6299 (Multiple SQL injection vulnerabilities in Drupal and vbDrupal
4.7.x ...)
 	- drupal5 5.5-1
 	- drupal 4.7.10-1
 CVE-2007-XXXX [Roundcube webmail does not sanitize javascript expression calls
in stylesheets]
@@ -744,15 +788,12 @@
 	NOTE: potential attackers must have privileges to store the krb5kdc master key
 CVE-2007-5971 (Double-free vulnerability in the gss_krb5int_make_seal_token_v3
...)
 	- krb5 <unfixed> (bug #454974)
-CVE-2007-5970
-	RESERVED
+CVE-2007-5970 (MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote
...)
 	- mysql-dfsg-5.0 <unfixed>
-CVE-2007-5969
-	RESERVED
+CVE-2007-5969 (MySQL Community Server before 5.0.51, when a table relies on
symlinks ...)
 	- mysql-dfsg-5.0 5.0.45-4 (low; bug #455010)
 	TODO: check mysql 4
-CVE-2007-5968
-	RESERVED
+CVE-2007-5968 (MySQL 5.1.x before 5.1.23 might allow attackers to gain
privileges via ...)
 	- mysql-dfsg-5.0 <unfixed> (bug #455737)
 CVE-2007-5967
 	RESERVED
@@ -937,6 +978,7 @@
 CVE-2007-5905 (Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack
sessions ...)
 	NOT-FOR-US: Adobe ColdFusion
 CVE-2007-5904 (Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and
...)
+	{DSA-1428-1}
 	- linux-2.6 <unfixed>
 CVE-2007-5903
 	RESERVED
@@ -2487,6 +2529,7 @@
 	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in
2.6.21)
 	NOTE:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=96a2d41a3e495734b63bff4e5dd0112741b93b38
 CVE-2007-5500 (The wait_task_stopped function in the Linux kernel before
2.6.23.8 ...)
+	{DSA-1428-1}
 	- linux-2.6 2.6.23-1
 	NOTE: kernel-sec is already tracking this
 CVE-2007-5499
@@ -3946,6 +3989,7 @@
 CVE-2007-4998
 	RESERVED
 CVE-2007-4997 (Integer underflow in the ieee80211_rx function in ...)
+	{DSA-1428-1}
 	- linux-2.6 <unfixed>
 CVE-2007-4996 (libpurple in Pidgin before 2.2.1 does not properly handle MSN
nudge ...)
 	- pidgin 2.2.1-1 (medium)
@@ -8469,6 +8513,7 @@
 	{DSA-1363-1}
 	- linux-2.6 2.6.22-4
 CVE-2007-3104 (The sysfs_readdir function in the Linux kernel 2.6, as used in
Red Hat ...)
+	{DSA-1428-1}
 	- linux-2.6 2.6.22-4 (low)
 CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on various
Linux ...)
 	{DSA-1342-1}
Secure testing commits - Dec 2007 - r7594 - data/CVE

[Secure-testing-commits] r7594 - data/CVE
