thr3ads.net - Secure testing commits - [Secure-testing-commits] r8095

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Feb-07 09:14 UTC
[Secure-testing-commits] r8095 - data/CVE

Author: joeyh
Date: 2008-02-07 09:14:13 +0000 (Thu, 07 Feb 2008)
New Revision: 8095

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-02-06 21:14:10 UTC (rev 8094)
+++ data/CVE/list	2008-02-07 09:14:13 UTC (rev 8095)
@@ -1,3 +1,287 @@
+CVE-2008-0641
+	RESERVED
+CVE-2008-0640
+	RESERVED
+CVE-2008-0639
+	RESERVED
+CVE-2008-0638
+	RESERVED
+CVE-2008-0637
+	RESERVED
+CVE-2008-0636
+	RESERVED
+CVE-2008-0635 (Unspecified vulnerability in the delivery engine in Openads
2.4.0 ...)
+	TODO: check
+CVE-2008-0634 (Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX
control in ...)
+	TODO: check
+CVE-2008-0633 (Buffer overflow in Anon Proxy Server 0.102 and earlier, when
user ...)
+	TODO: check
+CVE-2008-0632 (Unrestricted file upload vulnerability in cp_upload_image.php in
...)
+	TODO: check
+CVE-2008-0631 (Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5
allow ...)
+	TODO: check
+CVE-2008-0630 (Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823
...)
+	TODO: check
+CVE-2008-0629 (Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN
before ...)
+	TODO: check
+CVE-2008-0628 (The XML parsing code in Sun Java Runtime Environment JDK and JRE
6 ...)
+	TODO: check
+CVE-2008-0627
+	REJECTED
+	TODO: check
+CVE-2008-0626
+	REJECTED
+	TODO: check
+CVE-2008-0625 (Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll)
in ...)
+	TODO: check
+CVE-2008-0624 (Buffer overflow in the YMP Datagrid ActiveX control
(datagrid.dll) in ...)
+	TODO: check
+CVE-2008-0623 (Stack-based buffer overflow in the YMP Datagrid ActiveX control
...)
+	TODO: check
+CVE-2008-0622 (Cross-site scripting (XSS) vulnerability in RaidenHTTPD 2.0.19
and ...)
+	TODO: check
+CVE-2008-0621 (Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI
7.10 ...)
+	TODO: check
+CVE-2008-0620 (SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint
before ...)
+	TODO: check
+CVE-2008-0619 (Buffer overflow in NeroMediaPlayer.exe in Nero Media Player
1.4.0.35 ...)
+	TODO: check
+CVE-2008-0618 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
+CVE-2008-0617 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
+CVE-2008-0616 (SQL injection vulnerability in the administration panel in the
...)
+	TODO: check
+CVE-2008-0615 (Directory traversal vulnerability in wp-admin/admin.php in the
...)
+	TODO: check
+CVE-2008-0614 (SQL injection vulnerability in index.php in Photokorn Gallery
1.543 ...)
+	TODO: check
+CVE-2008-0613 (Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18
allows ...)
+	TODO: check
+CVE-2008-0612 (Directory traversal vulnerability in htdocs/install/index.php in
XOOPS ...)
+	TODO: check
+CVE-2008-0611 (SQL injection vulnerability in rmgs/images.php in the RMSOFT
Gallery ...)
+	TODO: check
+CVE-2008-0610 (Stack-based buffer overflow in the ...)
+	TODO: check
+CVE-2008-0609 (Directory traversal vulnerability in index.php in DivideConcept
VHD ...)
+	TODO: check
+CVE-2008-0608 (The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in
IPSwitch ...)
+	TODO: check
+CVE-2008-0607 (SQL injection vulnerability in index.php in the Sigsiu Online
Business ...)
+	TODO: check
+CVE-2008-0606 (SQL injection vulnerability in index.php in the Shambo2
(com_shambo2) ...)
+	TODO: check
+CVE-2008-0605 (Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft
...)
+	TODO: check
+CVE-2008-0604 (The LDAP authentication feature in XLight FTP Server before
2.83, when ...)
+	TODO: check
+CVE-2008-0603 (SQL injection vulnerability in index.php in the amazOOP Awesom!
...)
+	TODO: check
+CVE-2008-0602 (Directory traversal vulnerability in index.php in All Club CMS
(ACCMS) ...)
+	TODO: check
+CVE-2008-0601 (SQL injection vulnerability in index.php in All Club CMS (ACCMS)
...)
+	TODO: check
+CVE-2008-0600
+	RESERVED
+CVE-2008-0599
+	RESERVED
+CVE-2008-0598
+	RESERVED
+CVE-2008-0597
+	RESERVED
+CVE-2008-0596
+	RESERVED
+CVE-2008-0595
+	RESERVED
+CVE-2008-0594
+	RESERVED
+CVE-2008-0593
+	RESERVED
+CVE-2008-0592
+	RESERVED
+CVE-2008-0591
+	RESERVED
+CVE-2008-0590 (Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0
allows ...)
+	TODO: check
+CVE-2008-0589 (The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1
allows ...)
+	TODO: check
+CVE-2008-0588 (Buffer overflow in the utape program in devices.scsi.tape.diag
in IBM ...)
+	TODO: check
+CVE-2008-0587 (Buffer overflow in the uspchrp program in devices.chrp.base.diag
in ...)
+	TODO: check
+CVE-2008-0586 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local
users to ...)
+	TODO: check
+CVE-2008-0585 (sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable
...)
+	TODO: check
+CVE-2008-0584 (Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and
5.3 ...)
+	TODO: check
+CVE-2008-0583 (Cross-zone scripting vulnerability in the Internet Explorer web
...)
+	TODO: check
+CVE-2008-0582 (Cross-zone scripting vulnerability in the Internet Explorer web
...)
+	TODO: check
+CVE-2008-0581 (Geert Moernaut LSrunasE allows local users to gain privileges by
...)
+	TODO: check
+CVE-2008-0580 (Geert Moernaut LSrunasE and Supercrypt use an encryption key
composed ...)
+	TODO: check
+CVE-2008-0579 (SQL injection vulnerability in index.php in the buslicense ...)
+	TODO: check
+CVE-2008-0578 (Cross-site scripting (XSS) vulnerability in the web management
login ...)
+	TODO: check
+CVE-2008-0577 (The Project Issue Tracking module 5.x-2.x-dev before 20080130 in
the ...)
+	TODO: check
+CVE-2008-0576 (Cross-site scripting (XSS) vulnerability in the Project Issue
Tracking ...)
+	TODO: check
+CVE-2008-0575 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2008-0574 (Cross-site scripting (XSS) vulnerability in index.php in
webSPELL ...)
+	TODO: check
+CVE-2008-0573 (IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and
SoftRemote ...)
+	TODO: check
+CVE-2008-0572 (Multiple PHP remote file inclusion vulnerabilities in Mindmeld
...)
+	TODO: check
+CVE-2008-0571 (The point moderation form in the Userpoints 4.7.x before
4.7.x-2.3, ...)
+	TODO: check
+CVE-2008-0570 (The OpenID 5.x-1.0 and earlier module for Drupal does not
properly ...)
+	TODO: check
+CVE-2008-0569 (The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1
...)
+	TODO: check
+CVE-2008-0568 (Unspecified vulnerability in the IP-authentication feature in
the ...)
+	TODO: check
+CVE-2008-0567 (Multiple PHP remote file inclusion vulnerabilities in
ChronoEngine ...)
+	TODO: check
+CVE-2008-0566 (PHP remote file inclusion vulnerability in includes/smarty.php
in ...)
+	TODO: check
+CVE-2008-0565 (SQL injection vulnerability in vote.php in DeltaScripts PHP
Links 1.3 ...)
+	TODO: check
+CVE-2008-0563 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2008-0562 (SQL injection vulnerability in index.php in the Restaurant ...)
+	TODO: check
+CVE-2008-0561 (SQL injection vulnerability in index.php in the Arthur Konze
...)
+	TODO: check
+CVE-2008-0560 (** DISPUTED ** ...)
+	TODO: check
+CVE-2008-0559 (Multiple directory traversal vulnerabilities in
Nilson''s Blogger 0.11 ...)
+	TODO: check
+CVE-2008-0558 (Cross-site scripting (XSS) vulnerability in Uniwin eCart
Professional ...)
+	TODO: check
+CVE-2008-0557 (SQL injection vulnerability in index.php in the CatalogShop ...)
+	TODO: check
+CVE-2008-0556
+	RESERVED
+CVE-2008-0555
+	RESERVED
+CVE-2008-0552 (Cross-site scripting (XSS) vulnerability in index.php in eTicket
...)
+	TODO: check
+CVE-2008-0551 (The NamoInstaller.NamoInstall.1 ActiveX control in
NamoInstaller.dll ...)
+	TODO: check
+CVE-2008-0550 (Off-by-one error in Steamcast 0.9.75 and earlier allows remote
...)
+	TODO: check
+CVE-2008-0549 (Integer overflow in the OggHeaderParse function in Steamcast
0.9.75 ...)
+	TODO: check
+CVE-2008-0548 (Steamcast 0.9.75 and earlier allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2008-0547 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2008-0546 (Multiple SQL injection vulnerabilities in CandyPress (CP)
4.1.1.26, ...)
+	TODO: check
+CVE-2008-0545 (Multiple directory traversal vulnerabilities in Bubbling Library
1.32 ...)
+	TODO: check
+CVE-2008-0543 (Multiple SQL injection vulnerabilities in Pre Dynamic
Institution ...)
+	TODO: check
+CVE-2008-0542 (Directory traversal vulnerability in thumbnail.php in Gerd
Tentler ...)
+	TODO: check
+CVE-2008-0541 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php
in ...)
+	TODO: check
+CVE-2008-0540 (Multiple cross-site scripting (XSS) vulnerabilities in trixbox
2.4.2.0 ...)
+	TODO: check
+CVE-2008-0539 (Cross-site scripting (XSS) vulnerability in
dms/policy/rep_request.php ...)
+	TODO: check
+CVE-2008-0538 (Multiple SQL injection vulnerabilities in phpIP Management 4.3.2
allow ...)
+	TODO: check
+CVE-2008-0537
+	RESERVED
+CVE-2008-0536
+	RESERVED
+CVE-2008-0535
+	RESERVED
+CVE-2008-0534
+	RESERVED
+CVE-2008-0533
+	RESERVED
+CVE-2008-0532
+	RESERVED
+CVE-2008-0531
+	RESERVED
+CVE-2008-0530
+	RESERVED
+CVE-2008-0529
+	RESERVED
+CVE-2008-0528
+	RESERVED
+CVE-2008-0527
+	RESERVED
+CVE-2008-0526
+	RESERVED
+CVE-2008-0525 (PatchLink Update client for Unix allows local users to (1)
truncate ...)
+	TODO: check
+CVE-2008-0524 (Cross-site request forgery (CSRF) vulnerability in the
management ...)
+	TODO: check
+CVE-2008-0523 (Multiple cross-site scripting (XSS) vulnerabilities in
SoftCart.exe in ...)
+	TODO: check
+CVE-2008-0522 (Cross-site scripting (XSS) vulnerability in multiple Hal
Networks ...)
+	TODO: check
+CVE-2008-0521 (Multiple directory traversal vulnerabilities in Bubbling Library
1.32 ...)
+	TODO: check
+CVE-2008-0520 (Multiple SQL injection vulnerabilities in main.php in the WassUp
...)
+	TODO: check
+CVE-2008-0519 (SQL injection vulnerability in index.php in the Atapin Jokes
...)
+	TODO: check
+CVE-2008-0518 (SQL injection vulnerability in index.php in the Recipes
(com_recipes) ...)
+	TODO: check
+CVE-2008-0517 (SQL injection vulnerability in index.php in the Darko Selesi
...)
+	TODO: check
+CVE-2008-0516 (PHP remote file inclusion vulnerability in
spaw/dialogs/confirm.php in ...)
+	TODO: check
+CVE-2008-0515 (SQL injection vulnerability in index.php in the musepoes ...)
+	TODO: check
+CVE-2008-0514 (SQL injection vulnerability in index.php in the Glossary ...)
+	TODO: check
+CVE-2008-0513 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2008-0512 (SQL injection vulnerability in index.php in the fq (com_fq)
component ...)
+	TODO: check
+CVE-2008-0511 (SQL injection vulnerability in index.php in the MaMML
(com_mamml) ...)
+	TODO: check
+CVE-2008-0510 (SQL injection vulnerability in index.php in the Newsletter ...)
+	TODO: check
+CVE-2008-0509 (Multiple buffer overflows in IBM AIX 4.3 allow remote attackers
to ...)
+	TODO: check
+CVE-2008-0508 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2008-0507 (SQL injection vulnerability in adclick.php in the AdServe 0.2
plugin ...)
+	TODO: check
+CVE-2008-0506 (include/imageObjectIM.class.php in Coppermine Photo Gallery
(CPG) ...)
+	TODO: check
+CVE-2008-0505 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2008-0504 (Multiple SQL injection vulnerabilities in Coppermine Photo
Gallery ...)
+	TODO: check
+CVE-2008-0503 (Eval injection vulnerability in admin/op/disp.php in Netwerk
Smart ...)
+	TODO: check
+CVE-2008-0502 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-6700 (Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the
web ...)
+	TODO: check
+CVE-2007-6699 (Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX
control ...)
+	TODO: check
+CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36, allows
remote ...)
+	TODO: check
+CVE-2007-6696 (Multiple cross-site scripting (XSS) vulnerabilities in
WebCalendar ...)
+	TODO: check
+CVE-2007-6695 (Cross-site scripting (XSS) vulnerability in index.php in Drake
CMS ...)
+	TODO: check
 CVE-2008-XXXX [unauthorized content modification via xml-rpc in wordpress]
 	- wordpress 2.3.3-1 (medium; bug #464170)
 	NOTE: The blog has to provide user accounts
@@ -5,12 +289,14 @@
 	NOTE: CVE id pending
 	TODO: check if packages embedding xmlrpc share this code
 CVE-2008-0553 [buffer overflow in tk GIF handling]
+	RESERVED
 	- tk8.5 8.5.0-3
 	- tk8.4 8.4.17-2
 	- tk8.3 8.3.5-12
 CVE-2008-0554 [buffer overflow in netpbm GIF handling]
+	RESERVED
 	- netpbm <unfixed> (bug #464056)
-CVE-2008-0564 [mailman xss as list admin]
+CVE-2008-0564 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman
before ...)
 	- mailman <unfixed> (low)
 	[etch] - mailman <no-dsa> (Minor issue)
 	[sarge] - mailman <no-dsa> (Minor issue)
@@ -55,13 +341,11 @@
 	NOT-FOR-US: VB Marketing
 CVE-2008-0487 (Multiple SQL injection vulnerabilities in login.asp in
ASPired2Protect ...)
 	NOT-FOR-US: ASPired2Protect
-CVE-2008-0486 [MPlayer and Xine Buffer overflow in libmpdemux/flac]
-	RESERVED
+CVE-2008-0486 (Array index vulnerability in libmpdemux/demux_audio.c in MPlayer
...)
 	- mplayer <unfixed> (bug #464060)
 	- xine-lib <unfixed>
 	TODO: check embedded code in other packages
-CVE-2008-0485 [MPlayer arbitrary code execution in libmpdemux/mov]
-	RESERVED
+CVE-2008-0485 (Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2
and ...)
 	- mplayer <unfixed> (bug #464060)
 	TODO: check embedded code in other packages
 CVE-2008-0484
@@ -98,7 +382,7 @@
 	NOT-FOR-US: Tiger Php News System
 CVE-2008-0468 (SQL injection vulnerability in category.php in Flinx 1.3 and
earlier ...)
 	NOT-FOR-US: Flinx
-CVE-2008-0467 (Buffer overflow in Firebird before 2.1.0 RC1 might allow remote
...)
+CVE-2008-0467 (Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x
before ...)
 	- firebird2 <removed>
 	- firebird2.0 2.0.3.12981.ds1-5 (medium; bug #463596)
 CVE-2008-0466 (Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text
Editor ...)
@@ -233,10 +517,10 @@
 	- openssh <unfixed> (bug #463011)
 CVE-2008-XXXX [exempi buffer overflow in GIF ReadHeader() function]
 	- exempi 1.99.7-1 (bug #454297)
-CVE-2008-0544 [heap based buffer overflow in IMG_LoadLBM_RW in libsdl-image]
+CVE-2008-0544 (Heap-based buffer overflow in the IMG_LoadLBM_RW function in
IMG_lbm.c ...)
 	- sdl-image1.2 1.2.6-3 (medium)
 	NOTE: maintainer is aware of this
-CVE-2007-6697 [buffer overflow in libsdl-image in GIF handling]
+CVE-2007-6697 (Buffer overflow in the LWZReadByte function in IMG_gif.c in
SDL_image ...)
 	- sdl-image1.2 1.2.6-2 (medium)
 CVE-2008-0410 (HTTP File Server (HFS) before 2.2c allows remote attackers to
obtain ...)
 	NOT-FOR-US: HTTP File Server
@@ -290,8 +574,7 @@
 	[lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1
 	- firebird2 <removed>
 	NOTE: firebird2 in etch is vulnerable
-CVE-2008-0386 [arbitrary code execution in xdg-utils via crafted path name]
-	RESERVED
+CVE-2008-0386 (Xdg-utils 1.0.2 and earlier allows user-assisted remote
attackers to ...)
 	- xdg-utils <not-affected> (Ships a patch that modifies the vulnerable
code and uses sed secure)
 	NOTE: xdg-open-generic replaces the vulnerable code and runs view-mailcap or
sensible-browser
 CVE-2008-0385
@@ -326,9 +609,9 @@
 	NOT-FOR-US: aliTalk
 CVE-2008-0370 (Cross-site scripting (XSS) vulnerability in dohtaccess.html in
cPanel ...)
 	NOT-FOR-US: cPanel
-CVE-2008-0369 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS)
10.x ...)
+CVE-2008-0369 (Multiple unspecified programs in IBM Informix Dynamic Server
(IDS) ...)
 	NOT-FOR-US: IBM Informix Dynamic Server
-CVE-2008-0368 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS)
10.x ...)
+CVE-2008-0368 (onedcu in IBM Informix Dynamic Server (IDS) 10.x before
10.00.xC8 ...)
 	NOT-FOR-US: IBM Informix Dynamic Server
 CVE-2008-0367 (Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions,
when ...)
 	- iceweasel <unfixed> (low)
@@ -692,8 +975,8 @@
 	RESERVED
 CVE-2008-0213
 	RESERVED
-CVE-2008-0212
-	RESERVED
+CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) ...)
+	TODO: check
 CVE-2008-0211
 	RESERVED
 CVE-2008-0210 (Uebimiau Webmail 2.7.10 and 2.7.2 does not protect
authentication ...)
@@ -762,16 +1045,16 @@
 	NOT-FOR-US: Sys-Hotel
 CVE-2008-0183
 	RESERVED
-CVE-2008-0182
-	RESERVED
-CVE-2008-0181
-	RESERVED
-CVE-2008-0180
-	RESERVED
-CVE-2008-0179
-	RESERVED
-CVE-2008-0178
-	RESERVED
+CVE-2008-0182 (Cross-site request forgery (CSRF) vulnerability in the Admin
portlet ...)
+	TODO: check
+CVE-2008-0181 (Cross-site scripting (XSS) vulnerability in the Admin portlet in
...)
+	TODO: check
+CVE-2008-0180 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2008-0179 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2008-0178 (Cross-site scripting (XSS) vulnerability in the Enterprise Admin
...)
+	TODO: check
 CVE-2008-0177
 	RESERVED
 CVE-2008-0176 (Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY
HMI ...)
@@ -1056,8 +1339,8 @@
 	RESERVED
 CVE-2008-0065 (Multiple stack-based buffer overflows in in_mp3.dll in Winamp
5.21, ...)
 	NOT-FOR-US: Winamp
-CVE-2008-0064
-	RESERVED
+CVE-2008-0064 (Stack-based buffer overflow in Pierre-emmanuel Gougelet (1)
XnView ...)
+	TODO: check
 CVE-2008-0063
 	RESERVED
 CVE-2008-0062
@@ -1930,8 +2213,8 @@
 CVE-2007-6341 (Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages
such ...)
 	- libnet-dns-perl <unfixed> (low; bug #457445)
 	NOTE: maybe this should be unimportant as applications using net-dns should
handle this croak
-CVE-2007-6340
-	RESERVED
+CVE-2007-6340 (Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4
stream ...)
+	TODO: check
 CVE-2007-6339
 	RESERVED
 CVE-2007-6338 (SQL injection vulnerability in userlogin.jsp in Trivantis
CourseMill ...)
@@ -2059,11 +2342,11 @@
 	RESERVED
 CVE-2007-6281 (Heap-based buffer overflow in Open File Manager service
(ofmnt.exe) in ...)
 	NOT-FOR-US: St. Bernard Open File Manager
-CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.52, 5.1.x before
...)
+CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before
...)
 	{DSA-1451-1}
 	- mysql-dfsg-5.0 5.0.45-5 (low; bug #455737)
 	- mysql-dfsg-4.1 <removed>
-CVE-2007-6303 (MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before
6.0.4 ...)
+CVE-2007-6303 (MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x
before 6.0.4 ...)
 	- mysql-dfsg-5.0 5.0.45-5 (low; bug #455737)
 	- mysql-dfsg-4.1 <removed>
 CVE-2007-6299 (Multiple SQL injection vulnerabilities in Drupal and vbDrupal
4.7.x ...)
@@ -4206,8 +4489,8 @@
 	RESERVED
 CVE-2007-5603 (Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender
...)
 	NOT-FOR-US: SonicWall SSL-VPN NetExtender
-CVE-2007-5602
-	RESERVED
+CVE-2007-5602 (Multiple stack-based buffer overflows in SwiftView Viewer before
...)
+	TODO: check
 CVE-2007-5601 (Stack-based buffer overflow in the Database Component in
MPAMedia.dll ...)
 	NOT-FOR-US: RealPlayer (windows only issue)
 CVE-2007-5600 (Incomplete blacklist vulnerability in index.php in Artmedic CMS
3.4 ...)
@@ -6125,8 +6408,7 @@
 	NOTE: pending for apache 1.3.34-4.1+etch1 / etch r3
 CVE-2007-4999 (libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML
logging, ...)
 	- pidgin 2.2.2-1 (medium)
-CVE-2007-4998 [cp symlink overwrite]
-	RESERVED
+CVE-2007-4998 (cp, when running with an option to preserve symlinks on multiple
OSes, ...)
 	- coreutils 4.1.2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=356471
 CVE-2007-4997 (Integer underflow in the ieee80211_rx function in ...)
@@ -8181,8 +8463,8 @@
 CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot
function in ...)
 	{DSA-1438-1}
 	- tar 1.18-2 (medium; bug #439335)
-CVE-2007-4130
-	RESERVED
+CVE-2007-4130 (The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise
Linux ...)
+	TODO: check
 CVE-2007-4129 (CoolKey 1.1.0 allows local users to overwrite arbitrary files
via a ...)
 	- coolkey 1.1.0-3
 CVE-2007-4128 (SQL injection vulnerability in index.php in the Firestorm
Technologies ...)
@@ -20552,7 +20834,7 @@
 	NOTE: Mounting filesystem partitions should be limited to root
 CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for
NetGear ...)
 	NOT-FOR-US: NetGear
-CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x up to 2.6.18,
and ...)
+CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x before 2.6.24,
...)
 	{DSA-1436-1}
 	- linux-2.6 2.6.22-6 (unimportant)
 	NOTE: Mounting filesystem partitions should be limited to root
@@ -24661,8 +24943,8 @@
 	NOT-FOR-US: IBM WebSphere Application
 CVE-2006-4221 (Stack-based buffer overflow in the IBM Access Support eGatherer
...)
 	NOT-FOR-US: IBM
-CVE-2006-4220
-	RESERVED
+CVE-2006-4220 (Multiple cross-site scripting (XSS) vulnerabilities in webacc in
...)
+	TODO: check
 CVE-2006-4219 (The Terminal Services COM object (tsuserex.dll) allows remote
...)
 	NOT-FOR-US: Terminal Services COM object
 CVE-2006-4218 (Directory traversal vulnerability in Zen Cart 1.3.0.2 and
earlier ...)
Secure testing commits - Feb 2008 - r8095 - data/CVE

[Secure-testing-commits] r8095 - data/CVE
