diff options
author | Joey Hess <joeyh@debian.org> | 2007-09-24 21:14:07 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2007-09-24 21:14:07 +0000 |
commit | 7ed8906582331bd70ebf18c945929163a9ed70f0 (patch) | |
tree | 680592641b2b82f535645e9698c860dca1394711 /data/CVE | |
parent | 172f17e249cf6ae6b929bb33e2ad5b949373eae4 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6685 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2001.list | 4 | ||||
-rw-r--r-- | data/CVE/2002.list | 2 | ||||
-rw-r--r-- | data/CVE/2003.list | 8 | ||||
-rw-r--r-- | data/CVE/2004.list | 6 | ||||
-rw-r--r-- | data/CVE/2007.list | 104 |
5 files changed, 102 insertions, 22 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list index 0f59d0c8d5..a9d6a9b338 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -1,3 +1,7 @@ +CVE-2001-1583 (lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers ...) + TODO: check +CVE-2001-1582 (Buffer overflow in the LDAP naming services library (libsldap) in Sun ...) + TODO: check CVE-2001-1581 (The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows ...) NOT-FOR-US: MAILsweeper CVE-2001-XXXX [crypt++ passes passwords through the command line] diff --git a/data/CVE/2002.list b/data/CVE/2002.list index 23e96768ef..1d56f412f9 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -1,3 +1,5 @@ +CVE-2002-2226 (Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote ...) + TODO: check CVE-2002-2225 (SafeNet VPN client allows remote attackers to cause a denial of ...) NOT-FOR-US: SafeNet VPN CVE-2002-2224 (Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 ...) diff --git a/data/CVE/2003.list b/data/CVE/2003.list index 0eea26e089..67b7e6ec38 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -1,3 +1,11 @@ +CVE-2003-1339 (Stack-based buffer overflow in eZnet.exe, as used in eZ (a) ...) + TODO: check +CVE-2003-1338 (CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and ...) + TODO: check +CVE-2003-1337 (Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and ...) + TODO: check +CVE-2003-1336 (Buffer overflow in mIRC before 6.11 allows remote attackers to execute ...) + TODO: check CVE-2003-1335 (Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple ...) NOT-FOR-US: snif CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge ...) diff --git a/data/CVE/2004.list b/data/CVE/2004.list index 1ce6a8fd71..9aa2caa203 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -1,3 +1,7 @@ +CVE-2004-2687 (distcc 2.x, as used in XCode 1.5 and others, when not configured to ...) + TODO: check +CVE-2004-2686 (Directory traversal vulnerability in the vfs_getvfssw function in ...) + TODO: check CVE-2004-2685 (Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote ...) NOT-FOR-US: Ccproxy CVE-2004-2684 (Unspecified vulnerability in the %template package in InterSystems ...) @@ -3060,7 +3064,7 @@ CVE-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced NOT-FOR-US: Advanced Guestbook CVE-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent ...) NOT-FOR-US: Blog Torrent -CVE-2004-1211 (Multiple buffer overflows in Mercury/32 4.01a allow remote ...) +CVE-2004-1211 (Multiple buffer overflows in the IMAP service in Mercury/32 4.01a ...) NOT-FOR-US: Mercury Mail CVE-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop ...) NOT-FOR-US: IpCop diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 051a2f9a7d..24a87e73fd 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -1,3 +1,69 @@ +CVE-2007-5052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) + TODO: check +CVE-2007-5051 (Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView ...) + TODO: check +CVE-2007-5050 (Directory traversal vulnerability in index.php in Neuron News 1.0 ...) + TODO: check +CVE-2007-5049 (Stack-based buffer overflow in the StreamPredictor::getNextLine ...) + TODO: check +CVE-2007-5048 (Heap-based buffer overflow in Lhaplus before 1.55 allows remote ...) + TODO: check +CVE-2007-5047 (Norton Internet Security 2008 15.0.0.60 does not properly validate ...) + TODO: check +CVE-2007-5046 (Cross-site scripting (XSS) vulnerability in the Webmail interface for ...) + TODO: check +CVE-2007-5045 (Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, ...) + TODO: check +CVE-2007-5044 (ZoneAlarm Pro 7.0.362.000 does not properly validate certain ...) + TODO: check +CVE-2007-5043 (Kaspersky Internet Security 7.0.0.125 does not properly validate ...) + TODO: check +CVE-2007-5042 (Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain ...) + TODO: check +CVE-2007-5041 (G DATA InternetSecurity 2007 does not properly validate certain ...) + TODO: check +CVE-2007-5040 (Ghost Security Suite alpha 1.200 does not properly validate certain ...) + TODO: check +CVE-2007-5039 (Ghost Security Suite beta 1.110 does not properly validate certain ...) + TODO: check +CVE-2007-5038 (The offer_account_by_email function in User.pm in the WebService for ...) + TODO: check +CVE-2007-5037 (Buffer overflow in the inotifytools_snprintf function in ...) + TODO: check +CVE-2007-5036 (Multiple buffer overflows in the AirDefense Airsensor M520 with ...) + TODO: check +CVE-2007-5035 (** DISPUTED ** ...) + TODO: check +CVE-2007-5034 (ELinks before 0.11.3, when sending a POST request for an https URL, ...) + TODO: check +CVE-2007-5033 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 ...) + TODO: check +CVE-2007-5032 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...) + TODO: check +CVE-2007-5031 (The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in ...) + TODO: check +CVE-2007-5030 (Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to ...) + TODO: check +CVE-2007-5029 (Dibbler 0.6.0 does not verify that certain length parameters are ...) + TODO: check +CVE-2007-5028 (Dibbler 0.6.0 on Linux uses weak world-writable permissions for ...) + TODO: check +CVE-2007-5027 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in ...) + TODO: check +CVE-2007-5026 (dBlog CMS, probably 2.0, stores sensitive information under the web ...) + TODO: check +CVE-2007-5025 (Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 ...) + TODO: check +CVE-2007-5024 (EMC VMware Server before 1.0.4 Build 56528 writes passwords in ...) + TODO: check +CVE-2007-5023 (Unquoted Windows search path vulnerability in EMC VMware Workstation ...) + TODO: check +CVE-2007-5022 (Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM) ...) + TODO: check +CVE-2007-5021 (Buffer overflow in the Client Acceptor Daemon (CAD) in certain IBM ...) + TODO: check +CVE-2007-5020 (Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows ...) + TODO: check CVE-2007-XXXX [mimep insecure tempfile usage and insecure calls to LaTeX and dvips] - mp 3.7.1-8 CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in Java ...) @@ -58,8 +124,8 @@ CVE-2007-4993 RESERVED CVE-2007-4992 RESERVED -CVE-2007-4991 - RESERVED +CVE-2007-4991 (The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) ...) + TODO: check CVE-2007-4990 RESERVED CVE-2007-4989 @@ -999,8 +1065,7 @@ CVE-2007-4571 RESERVED CVE-2007-4570 RESERVED -CVE-2007-4569 [unauthorized login problem in kdm] - RESERVED +CVE-2007-4569 (backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is ...) - kdebase 4:3.5.7-4 NOTE: http://www.kde.org/info/security/advisory-20070919-1.txt CVE-2007-4568 @@ -1160,10 +1225,10 @@ CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American NOT-FOR-US: American Financing eMail Image Upload CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader ...) NOT-FOR-US: Grandstream SIP Phone -CVE-2007-4497 - RESERVED -CVE-2007-4496 - RESERVED +CVE-2007-4497 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...) + TODO: check +CVE-2007-4496 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...) + TODO: check CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on ...) NOT-FOR-US: Solaris CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9 before ...) @@ -2092,11 +2157,9 @@ CVE-2007-4068 (Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remo NOT-FOR-US: Webyapar CVE-2007-4067 (Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ...) NOT-FOR-US: Clever Internet ActiveX Suite -CVE-2007-4066 - RESERVED +CVE-2007-4066 (Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow ...) NOTE: svn revisionsions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780 -CVE-2007-4065 - RESERVED +CVE-2007-4065 (lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 ...) NOTE: svn revisionsions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780 CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x ...) - drupal 4.7.7-1 (low) @@ -2431,8 +2494,7 @@ CVE-2007-3918 RESERVED CVE-2007-3917 RESERVED -CVE-2007-3916 [skktools insecure tempfile] - RESERVED +CVE-2007-3916 (The main function in skkdic-expr.c in SKK Tools 1.2 allows local users ...) - skktools 1.2+0.20061004-3 CVE-2007-3915 RESERVED @@ -4309,7 +4371,7 @@ CVE-2007-3107 (The signal handling in the Linux kernel 2.6.2 and later, when run NOTE: Not reproducibly reliably by an attacker, mostly a bug NOTE: This is fixed by 9a08e732533b940d2d31f4e9999dfee5e1ca3914 NOTE: in Linus' tree. -CVE-2007-3106 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...) +CVE-2007-3106 (lib/info.c in libvorbis 1.1.2, and possibly other versions before ...) - libvorbis 1.2.0.dfsg-1 (medium) CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG) ...) {DSA-1363-1} @@ -11304,12 +11366,12 @@ CVE-2007-0065 RESERVED CVE-2007-0064 RESERVED -CVE-2007-0063 - RESERVED -CVE-2007-0062 - RESERVED -CVE-2007-0061 - RESERVED +CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation before ...) + TODO: check +CVE-2007-0062 (Integer overflow in the DHCP server in EMC VMware Workstation before ...) + TODO: check +CVE-2007-0061 (The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and ...) + TODO: check CVE-2007-0060 (Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in ...) NOT-FOR-US: CA CVE-2007-0059 (Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 ...) |