diff options
author | Joey Hess <joeyh@debian.org> | 2007-07-19 09:14:07 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2007-07-19 09:14:07 +0000 |
commit | 8f241847d8101c88586b7e543aa0fb6bf93fea7f (patch) | |
tree | ba8e23cdb2ce28b1ef6be6ca2d4d567ca308aa40 /data | |
parent | 1de80880a9d769ed357ab03498f394b1fd074c35 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6153 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/1999.list | 2 | ||||
-rw-r--r-- | data/CVE/2005.list | 9 | ||||
-rw-r--r-- | data/CVE/2006.list | 19 | ||||
-rw-r--r-- | data/CVE/2007.list | 313 |
4 files changed, 277 insertions, 66 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list index 878f4a5dfb..8810df6b48 100644 --- a/data/CVE/1999.list +++ b/data/CVE/1999.list @@ -2839,7 +2839,7 @@ CVE-1999-0527 (The permissions for system-critical data in an anonymous FTP acco NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0525 (IP traceroute is allowed from arbitrary hosts. ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-1999-0524 (ICMP information such as netmask and timestamp is allowed from ...) +CVE-1999-0524 (ICMP information such as (1) netmask and (2) timestamp is allowed from ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0523 (ICMP echo (ping) is allowed from arbitrary hosts. ...) NOT-FOR-US: Data pre-dating the Security Tracker diff --git a/data/CVE/2005.list b/data/CVE/2005.list index c2291c430d..51942432a9 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -3381,7 +3381,7 @@ CVE-2005-3358 (Linux kernel before 2.6.15 allows local users to cause a denial o - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11) CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...) - apache2 2.0.55-4 (bug #351246; low) - [sarge] - apache2 2.0.54-5sarge2 + [sarge] - apache2 2.0.54-5sarge2 CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations, ...) {DSA-1017-1} - linux-2.6 2.6.15-4 @@ -3402,7 +3402,7 @@ CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module o {DSA-1167-1} - apache 1.3.34-2 (bug #343466; low) - apache2 2.0.55-4 (bug #343467; bug #349793; low) - [sarge] - apache2 2.0.54-5sarge2 + [sarge] - apache2 2.0.54-5sarge2 NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected NOTE: Means oldstable and stable are affected CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...) @@ -4458,7 +4458,7 @@ CVE-2005-2971 (Heap-based buffer overflow in the KWord RTF importer for KOffice - koffice 1:1.3.5-5 (bug #333497; medium) CVE-2005-2970 (Memory leak in the worker MPM (worker.c) for Apache 2, in certain ...) - apache2 2.0.55-1 (bug #340337; low) - [sarge] - apache2 2.0.54-5sarge2 + [sarge] - apache2 2.0.54-5sarge2 NOTE: this occurs in the binary package apache2-mpm-worker CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...) {DSA-888-1 DSA-882-1 DSA-881-1 DSA-875-1} @@ -7003,8 +7003,7 @@ CVE-2005-1926 RESERVED CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 ...) NOT-FOR-US: Tikiwiki -CVE-2005-1924 [squirrelmail gpg plugin] - RESERVED +CVE-2005-1924 (The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote ...) NOT-FOR-US: External Squirrelmail plugin not packaged in Debian CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...) {DSA-737-1 DTSA-3-1} diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 900ccbfb10..1c4cac89a7 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -3213,9 +3213,9 @@ CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux . - linux-2.6 <unfixed> CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the ...) - apache2 <unfixed> (low) - [sarge] - apache2 2.0.54-5sarge2 + [sarge] - apache2 2.0.54-5sarge2 - apache <removed> (low) - TODO: sf, when was this fixed in apache2 for unstable? + TODO: sf, when was this fixed in apache2 for unstable? CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...) {DSA-1233} - linux-2.6 2.6.18-8 (medium) @@ -4252,10 +4252,10 @@ CVE-2006-5280 (PHP remote file inclusion vulnerability in includes/import-archiv NOT-FOR-US: communityPortals CVE-2006-5279 RESERVED -CVE-2006-5278 - RESERVED -CVE-2006-5277 - RESERVED +CVE-2006-5278 (Integer overflow in the Real-Time Information Server (RIS) Data ...) + TODO: check +CVE-2006-5277 (Off-by-one error in the Certificate Trust List (CTL) Provider service ...) + TODO: check CVE-2006-5276 (Stack-based buffer overflow in the DCE/RPC preprocessor in Snort ...) - snort <not-affected> (snort versions 2.3.x do not contain the DCE RPC preprocessor) CVE-2006-5275 @@ -5918,6 +5918,7 @@ CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 ...) NOT-FOR-US: Novell eDirectory CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP before ...) + {DSA-1335-1} TODO: check CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Qbik WinGate @@ -6725,8 +6726,8 @@ CVE-2006-4171 RESERVED CVE-2006-4170 REJECTED -CVE-2006-4169 - RESERVED +CVE-2006-4169 (Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin ...) + TODO: check CVE-2006-4168 (Integer overflow in the exif_data_load_data_entry function in ...) {DSA-1310-1} - libexif 0.6.16-1 (bug #430012) @@ -7279,7 +7280,7 @@ CVE-2006-3919 (SQL injection vulnerability in index.php in SD Studio CMS allows CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 ...) {DSA-1167-1} - apache2 2.0.55-4.1 (bug #381376; low) - [sarge] - apache2 2.0.54-5sarge2 + [sarge] - apache2 2.0.54-5sarge2 - apache 1.3.34-3 (bug #381381; low) CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in R. ...) NOT-FOR-US: PHP Forge diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 7bdf836258..2553e2ffa4 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -1,3 +1,221 @@ +CVE-2007-3870 (Multiple unspecified vulnerabilities in the Human Capital Management ...) + TODO: check +CVE-2007-3869 (Multiple unspecified vulnerabilities in the Customer Relationship ...) + TODO: check +CVE-2007-3868 (Multiple unspecified vulnerabilities in PeopleTools in Oracle ...) + TODO: check +CVE-2007-3867 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...) + TODO: check +CVE-2007-3866 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...) + TODO: check +CVE-2007-3865 (Unspecified vulnerability in the Oracle Customer Intelligence ...) + TODO: check +CVE-2007-3864 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...) + TODO: check +CVE-2007-3863 (Unspecified vulnerability in Oracle JDeveloper for Application Server ...) + TODO: check +CVE-2007-3862 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and ...) + TODO: check +CVE-2007-3861 (Unspecified vulnerability in Oracle Jdeveloper in Oracle Application ...) + TODO: check +CVE-2007-3860 (Unspecified vulnerability in Oracle Application Express (formerly ...) + TODO: check +CVE-2007-3859 (Unspecified vulnerability in the Oracle Internet Directory component ...) + TODO: check +CVE-2007-3858 (Multiple unspecified vulnerabilities in in Oracle Database 10.2.0.3 ...) + TODO: check +CVE-2007-3857 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow ...) + TODO: check +CVE-2007-3856 (Unspecified vulnerability in the Oracle Data Mining component for ...) + TODO: check +CVE-2007-3855 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...) + TODO: check +CVE-2007-3854 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...) + TODO: check +CVE-2007-3853 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...) + TODO: check +CVE-2007-3852 + RESERVED +CVE-2007-3851 + RESERVED +CVE-2007-3850 + RESERVED +CVE-2007-3849 + RESERVED +CVE-2007-3848 + RESERVED +CVE-2007-3847 + RESERVED +CVE-2007-3846 + RESERVED +CVE-2007-3845 + RESERVED +CVE-2007-3844 + RESERVED +CVE-2007-3843 + RESERVED +CVE-2007-3842 (Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise ...) + TODO: check +CVE-2007-3841 (Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux ...) + TODO: check +CVE-2007-3840 (SQL injection vulnerability in referralUrl.php in Traffic Stats allows ...) + TODO: check +CVE-2007-3839 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in ...) + TODO: check +CVE-2007-3838 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in ...) + TODO: check +CVE-2007-3837 (Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC ...) + TODO: check +CVE-2007-3836 (Format string vulnerability in HydraIRC 0.3.151 allows remote ...) + TODO: check +CVE-2007-3835 (Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and ...) + TODO: check +CVE-2007-3834 (Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH ...) + TODO: check +CVE-2007-3833 (The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios ...) + TODO: check +CVE-2007-3832 (Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in ...) + TODO: check +CVE-2007-3831 (PHP remote file inclusion in main.php in ISS Proventia Network IPS ...) + TODO: check +CVE-2007-3830 (Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia ...) + TODO: check +CVE-2007-3829 (Multiple stack-based buffer overflows in (a) InterActual Player ...) + TODO: check +CVE-2007-3828 (Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows ...) + TODO: check +CVE-2007-3827 (Mozilla Firefox allows for cookies to be set with a null domain (aka ...) + TODO: check +CVE-2007-3826 (Microsoft Internet Explorer 7 on Windows XP SP2 allows remote ...) + TODO: check +CVE-2007-3825 + RESERVED +CVE-2007-3824 (SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows ...) + TODO: check +CVE-2007-3823 (The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows ...) + TODO: check +CVE-2007-3822 (Multiple cross-site scripting (XSS) vulnerabilities in Webcit before ...) + TODO: check +CVE-2007-3821 (Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 ...) + TODO: check +CVE-2007-3820 (konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to ...) + TODO: check +CVE-2007-3819 (Opera 9.21 allows remote attackers to spoof the data: URI scheme in ...) + TODO: check +CVE-2007-3818 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module ...) + TODO: check +CVE-2007-3817 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module ...) + TODO: check +CVE-2007-3816 (JWIG might allow context-dependent attackers to cause a denial of ...) + TODO: check +CVE-2007-3815 (Buffer overflow in pirs32.exe in Poslovni informator Republike ...) + TODO: check +CVE-2007-3814 (Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote ...) + TODO: check +CVE-2007-3813 (PHP remote file inclusion vulnerability in include/user.php in the ...) + TODO: check +CVE-2007-3812 (SQL injection vulnerability in forums.php in CMScout 1.23 and earlier ...) + TODO: check +CVE-2007-3811 (Multiple SQL injection vulnerabilities in eSyndiCat allow remote ...) + TODO: check +CVE-2007-3810 (SQL injection vulnerability in index.php in Realtor 747 allows remote ...) + TODO: check +CVE-2007-3809 (Multiple SQL injection vulnerabilities in Prozilla Directory Script ...) + TODO: check +CVE-2007-3808 (SQL injection vulnerability in includes/search.php in paFileDB 3.6 ...) + TODO: check +CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum ...) + TODO: check +CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent attackers to ...) + TODO: check +CVE-2007-3805 (The IKE implementation in Clavister CorePlus before 8.80.03, and ...) + TODO: check +CVE-2007-3804 (The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before ...) + TODO: check +CVE-2007-3803 (The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does ...) + TODO: check +CVE-2007-3802 (The Decomposer component in multiple Symantec products may allow ...) + TODO: check +CVE-2007-3801 (The Decomposer component in multiple Symantec products allows remote ...) + TODO: check +CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan) component ...) + TODO: check +CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7 and ...) + TODO: check +CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 ...) + TODO: check +CVE-2007-3797 + RESERVED +CVE-2007-3796 (The password reset feature in the Spam Quarantine HTTP interface for ...) + TODO: check +CVE-2007-3795 (Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, ...) + TODO: check +CVE-2007-3794 (Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit ...) + TODO: check +CVE-2007-3793 (SQL injection vulnerability in Job Management Partner 1/NETM/DM ...) + TODO: check +CVE-2007-3792 (Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold ...) + TODO: check +CVE-2007-3791 (Buffer overflow in the w_read function in sockets.c in Cami Sardinha ...) + TODO: check +CVE-2007-3790 (The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 ...) + TODO: check +CVE-2007-3789 (SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows ...) + TODO: check +CVE-2007-3788 (The eSoft InstaGate EX2 UTM device stores the admin password within ...) + TODO: check +CVE-2007-3787 (The eSoft InstaGate EX2 UTM device does not require entry of the old ...) + TODO: check +CVE-2007-3786 (** DISPUTED ** ...) + TODO: check +CVE-2007-3785 (Absolute path traversal vulnerability in a certain ActiveX control in ...) + TODO: check +CVE-2007-3784 (Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router ...) + TODO: check +CVE-2007-3783 (SQL injection vulnerability in default.asp in enVivo!CMS allows remote ...) + TODO: check +CVE-2007-3782 (MySQL Community Server before 5.0.45 allows remote authenticated users ...) + TODO: check +CVE-2007-3781 (MySQL Community Server before 5.0.45 does not require privileges such ...) + TODO: check +CVE-2007-3780 (MySQL Community Server before 5.0.45 allows remote attackers to cause ...) + TODO: check +CVE-2007-3779 (PHP local file inclusion vulnerability in gpg_pop_init.php in the ...) + TODO: check +CVE-2007-3778 (The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for ...) + TODO: check +CVE-2007-3777 (avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free ...) + TODO: check +CVE-2007-3776 (Cisco Unified Communications Manager (CUCM, formerly CallManager) and ...) + TODO: check +CVE-2007-3775 (Unspecified vulnerability in Cisco Unified Communications Manager ...) + TODO: check +CVE-2007-3774 (Dvbbs 7.1.0 SP1 stores sensitive information under the web root with ...) + TODO: check +CVE-2007-3773 (Cross-site request forgery (CSRF) vulnerability in the Email-Template ...) + TODO: check +CVE-2007-3772 (Directory traversal vulnerability in news/show.php in PsNews 1.1 ...) + TODO: check +CVE-2007-3771 (Stack-based buffer overflow in the Internet E-mail Auto-Protect ...) + TODO: check +CVE-2007-3770 (The terminal_helper_execute function in terminal/terminal.c in Xfce ...) + TODO: check +CVE-2007-3769 (Cross-site scripting (XSS) vulnerability in the mirrored server ...) + TODO: check +CVE-2007-3768 (The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote ...) + TODO: check +CVE-2007-3767 + RESERVED +CVE-2007-3766 + RESERVED +CVE-2007-3765 (The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW ...) + TODO: check +CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and ...) + TODO: check +CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and ...) + TODO: check +CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in ...) + TODO: check CVE-2007-XXXX [konqueror data: URL address bar spoofing] - kdebase <unfixed> (bug #433072; low) NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2 @@ -47,21 +265,16 @@ CVE-2007-3740 RESERVED CVE-2007-3739 RESERVED -CVE-2007-3738 [Firefox XPCNativeWrapper code injection] - RESERVED +CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 ...) - iceweasel <unfixed> (medium) -CVE-2007-3737 [Firefox insecure event handler code injection] - RESERVED +CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to execute ...) - iceweasel <unfixed> -CVE-2007-3736 [Firefox addEventListener() and setTimeout () same-origin bypass] - RESERVED +CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...) - iceweasel <unfixed> (high) -CVE-2007-3735 [memory corruption in layout engine] - RESERVED +CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in ...) - iceweasel <unfixed> (high) - icedove <unfixed> (high) -CVE-2007-3734 [memory corruption in js engine] - RESERVED +CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel <unfixed> (high) - icedove <unfixed> (high) CVE-2007-3733 @@ -184,8 +397,8 @@ CVE-2007-3675 RESERVED CVE-2007-3674 RESERVED -CVE-2007-3673 - RESERVED +CVE-2007-3673 (Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus ...) + TODO: check CVE-2007-3672 (Cross-site scripting (XSS) vulnerability in ecrire/tools.php in ...) TODO: check CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows Vista has ...) @@ -241,18 +454,15 @@ CVE-2007-3647 (The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 TODO: check CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7 and ...) TODO: check -CVE-2007-3645 - RESERVED +CVE-2007-3645 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...) - libarchive 2.2.4-1 (bug #432924; low) -CVE-2007-3644 - RESERVED +CVE-2007-3644 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...) - libarchive 2.2.4-1 (bug #432924; low) CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges ...) TODO: check CVE-2007-3642 (The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c ...) TODO: check -CVE-2007-3641 - RESERVED +CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not ...) - libarchive 2.2.4-1 (bug #432924; low) CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent ...) TODO: check @@ -264,7 +474,7 @@ CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote attac TODO: check CVE-2007-3636 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for ...) TODO: check -CVE-2007-3635 (Unspecified vulnerability in the G/PGP (GPG) Plugin before 2.1 for ...) +CVE-2007-3635 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before ...) TODO: check CVE-2007-3634 (Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for ...) TODO: check @@ -406,8 +616,8 @@ CVE-2007-3566 RESERVED CVE-2007-3565 RESERVED -CVE-2007-3564 [curl doesn't check certificate parameters in GNUTLS mode] - RESERVED +CVE-2007-3564 (libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does ...) + {DSA-1333-1} - curl <unfixed> (low) CVE-2007-3563 (SQL injection vulnerability in includes/view_page.php in AV Arcade ...) TODO: check @@ -648,11 +858,11 @@ CVE-2007-3458 (The libsldap library in Sun Solaris 8, 9, and 10 allows local use NOT-FOR-US: Sun Solaris libsldap CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP ...) TODO: check -CVE-2007-3456 (Unspecified vulnerability in Adobe Flash Player 9.0.45.0 and earlier ...) +CVE-2007-3456 (Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might ...) TODO: check CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan ...) NOT-FOR-US: Trend Micro OfficeScan Corporate Edition -CVE-2007-3454 (Buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro ...) +CVE-2007-3454 (Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in ...) NOT-FOR-US: Trend Micro OfficeScan Corporate Edition CVE-2007-3453 (SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows ...) NOT-FOR-US: Papoo @@ -1018,7 +1228,7 @@ CVE-2007-3287 RESERVED CVE-2007-3286 RESERVED -CVE-2007-3285 (Mozilla Firefox allows remote attackers to bypass file type checks via ...) +CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote ...) - iceweasel <unfixed> (low) - iceape <unfixed> (low) - firefox <removed> (low) @@ -1437,8 +1647,8 @@ CVE-2007-3105 RESERVED CVE-2007-3104 (The sysfs_readdir function in the Linux kernel in Red Hat Enterprise ...) - linux-2.6 <unfixed> -CVE-2007-3103 - RESERVED +CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on Red Hat ...) + TODO: check CVE-2007-3102 RESERVED CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSF ...) @@ -1471,7 +1681,7 @@ CVE-2007-3090 (Mozilla Firefox does not properly manage a delay timer used in .. - firefox <removed> (medium) - mozilla <removed> (medium) - xulrunner <unfixed> (medium) -CVE-2007-3089 (Mozilla Firefox does not prevent use of document.write to replace an ...) +CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of document.write ...) - iceweasel <unfixed> (low) - iceape <unfixed> (low) - firefox <removed> (low) @@ -1623,18 +1833,18 @@ CVE-2007-3020 RESERVED CVE-2007-3019 RESERVED -CVE-2007-3018 - RESERVED -CVE-2007-3017 - RESERVED +CVE-2007-3018 (activeWeb contentserver CMS before 5.6.2964 does not limit the ...) + TODO: check +CVE-2007-3017 (The WYSIWYG editor applet in activeWeb contentserver CMS before ...) + TODO: check CVE-2007-3016 RESERVED CVE-2007-3015 RESERVED -CVE-2007-3014 - RESERVED -CVE-2007-3013 - RESERVED +CVE-2007-3014 (Multiple cross-site scripting (XSS) vulnerabilities in activeWeb ...) + TODO: check +CVE-2007-3013 (SQL injection vulnerability in activeWeb contentserver before 5.6.2964 ...) + TODO: check CVE-2007-3012 (The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch ...) TODO: check CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens ...) @@ -1773,6 +1983,7 @@ CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KV CVE-2007-2950 RESERVED CVE-2007-2949 (Integer overflow in the seek_to_and_unpack_pixeldata function in the ...) + {DSA-1335-1} - gimp 2.2.16-1 (medium) - ingimp 2.2.16.20070710-1 NOTE: http://secunia.com/secunia_research/2007-63/advisory @@ -2237,7 +2448,7 @@ CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted . CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in ...) NOT-FOR-US: PrecisionID CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and ...) - {DSA-1302-1} + {DSA-1334-1 DSA-1302-1} - freetype 2.2.1-6 (bug #425625) CVE-2007-2753 (RunawaySoft Haber portal 1.0 stores sensitive information under the ...) NOT-FOR-US: RunawaySoft @@ -2978,8 +3189,8 @@ CVE-2007-2419 (Multiple buffer overflows in an ActiveX control (boisweb.dll) in NOT-FOR-US: Macrovision CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging ...) NOT-FOR-US: Cerulean Trillian -CVE-2007-2417 - RESERVED +CVE-2007-2417 (Heap-based buffer overflow in _mprosrv.exe in Progress Software ...) + TODO: check CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote ...) NOT-FOR-US: E-Annu CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial ...) @@ -3008,8 +3219,8 @@ CVE-2007-2404 RESERVED CVE-2007-2403 RESERVED -CVE-2007-2402 - RESERVED +CVE-2007-2402 (QuickTime for Java in Apple Quicktime before 7.2 does not perform ...) + TODO: check CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, and ...) NOT-FOR-US: Apple CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, ...) @@ -3018,18 +3229,18 @@ CVE-2007-2399 (WebKit in Apple Mac OS X 10.3.9, and 10.4.9 and later performs an NOT-FOR-US: Apple CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers ...) NOT-FOR-US: Apple Safari -CVE-2007-2397 - RESERVED -CVE-2007-2396 - RESERVED +CVE-2007-2397 (QuickTime for Java in Apple Quicktime before 7.2 does not properly ...) + TODO: check +CVE-2007-2396 (The JDirect support in QuickTime for Java in Apple Quicktime before ...) + TODO: check CVE-2007-2395 RESERVED -CVE-2007-2394 - RESERVED -CVE-2007-2393 - RESERVED -CVE-2007-2392 - RESERVED +CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and ...) + TODO: check +CVE-2007-2393 (The design of QuickTime for Java in Apple Quicktime before 7.2 allows ...) + TODO: check +CVE-2007-2392 (Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows ...) + TODO: check CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 ...) NOT-FOR-US: Apple CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows ...) @@ -4192,7 +4403,7 @@ CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4. - php5 5.2.2-1 CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server (httpd), ...) - apache2 2.2.4-1 (low) - [sarge] - apache2 2.0.54-5sarge2 + [sarge] - apache2 2.0.54-5sarge2 TODO: check apache 1 NOTE: see http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/cache_util.c?view=markup&pathrev=551944 CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...) |