diff options
author | Joey Hess <joeyh@debian.org> | 2007-10-05 21:14:08 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2007-10-05 21:14:08 +0000 |
commit | df639181415174d6b931b59da9518e9335616556 (patch) | |
tree | e0df25bb0da89426e467d371772f378f68f63e63 | |
parent | 6918b93c8beaa74403e6c773fb1c0e3e24b9a696 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6808 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/list | 92 |
1 files changed, 82 insertions, 10 deletions
diff --git a/data/CVE/list b/data/CVE/list index a8665020f0..76f20edb59 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,71 @@ +CVE-2007-5225 (Unspecified vulnerability in Named Pipes on Sun Solaris 8 through 10 ...) + TODO: check +CVE-2007-5224 (inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows ...) + TODO: check +CVE-2007-5223 (Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network ...) + TODO: check +CVE-2007-5222 (SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) ...) + TODO: check +CVE-2007-5221 (PHP remote file inclusion vulnerability in mail/childwindow.inc.php in ...) + TODO: check +CVE-2007-5220 (SQL injection vulnerability in catalog.asp in ASP Product Catalog ...) + TODO: check +CVE-2007-5219 (Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ...) + TODO: check +CVE-2007-5218 (Cross-site scripting (XSS) vulnerability in index.php in Don Barnes ...) + TODO: check +CVE-2007-5217 (Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in ...) + TODO: check +CVE-2007-5216 (Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 ...) + TODO: check +CVE-2007-5215 (Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle ...) + TODO: check +CVE-2007-5214 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 ...) + TODO: check +CVE-2007-5213 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...) + TODO: check +CVE-2007-5212 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 ...) + TODO: check +CVE-2007-5211 (Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks ...) + TODO: check +CVE-2007-5210 (Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before ...) + TODO: check +CVE-2007-5209 (Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock ...) + TODO: check +CVE-2007-5208 + RESERVED +CVE-2007-5206 + RESERVED +CVE-2007-5205 + RESERVED +CVE-2007-5204 + RESERVED +CVE-2007-5203 + RESERVED +CVE-2007-5202 + RESERVED +CVE-2007-5201 (The FTP backend for Duplicity sends the password as a command line ...) + TODO: check +CVE-2007-5200 + RESERVED +CVE-2007-5199 + RESERVED +CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios ...) + TODO: check +CVE-2007-5197 + RESERVED +CVE-2007-5196 + RESERVED +CVE-2007-5195 + RESERVED +CVE-2007-5194 (The Chroot server in rMake 1.0.11 creates a /dev/zero device file with ...) + TODO: check +CVE-2007-5192 + RESERVED +CVE-2007-5191 (mount and umount in util-linux call the setuid and setgid functions in ...) + TODO: check +CVE-2007-5190 + RESERVED CVE-2007-5189 (Multiple SQL injection vulnerabilities in mes_add.php in x-script ...) NOT-FOR-US: X-Script CVE-2007-5188 (Unspecified vulnerability in the XOOPS uploader class in Xoops ...) @@ -32,9 +100,9 @@ CVE-2007-5174 (Directory traversal vulnerability in phpinc/news.php in actSite 1 NOT-FOR-US: actSite CVE-2007-5173 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: phpBB Openid -CVE-2007-5207 [insecure handling of temporary files in guilt] +CVE-2007-5207 (guilt 0.27 allows local users to overwrite arbitrary files via a ...) - guilt <unfixed> (medium; bug #445308) -CVE-2007-5193 [possible information disclosure because of unsecure temp file handling in twiki] +CVE-2007-5193 (The default configuration for twiki 4.1.2 on Debian GNU/Linux, and ...) - twiki <unfixed> (bug #444982; low) CVE-2007-5172 (Quicksilver Forums before 1.4.1 allows remote attackers to obtain ...) NOT-FOR-US: Quicksilver Forums @@ -235,8 +303,8 @@ CVE-2007-5080 RESERVED CVE-2007-5079 (Red Hat Enterprise Linux 4 does not properly compile and link gdm with ...) - gdm <not-affected> (Red Hat-specific packaging flaw) -CVE-2007-5078 - RESERVED +CVE-2007-5078 (Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager ...) + TODO: check CVE-2007-5077 RESERVED CVE-2007-5076 @@ -447,14 +515,18 @@ CVE-2007-4990 CVE-2007-4989 RESERVED CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick ...) + {DTSA-63-1} - imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267) - graphicsmagick <unfixed> (medium; bug #444266) CVE-2007-4987 (Off-by-one error in the ReadBlobString function in blob.c in ...) + {DTSA-63-1} - imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267) CVE-2007-4986 (Multiple integer overflows in ImageMagick before 6.3.5-9 allow ...) + {DTSA-63-1} - imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267) - graphicsmagick <unfixed> (medium; bug #444266) CVE-2007-4985 (ImageMagick before 6.3.5-9 allows context-dependent attackers to cause ...) + {DTSA-63-1} - imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267) - graphicsmagick <unfixed> (medium; bug #444266) CVE-2007-4984 (SQL injection vulnerability in index.php in the Ktauber.com StylesDemo ...) @@ -1146,8 +1218,8 @@ CVE-2007-4675 RESERVED CVE-2007-4674 RESERVED -CVE-2007-4673 - RESERVED +CVE-2007-4673 (Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP ...) + TODO: check CVE-2007-4672 RESERVED CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1 allows ...) @@ -2374,9 +2446,9 @@ CVE-2007-4135 (The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly hand NOTE: https://issues.rpath.com/browse/RPL-1731 CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before 1.5a84 ...) - star 1.5a67-1.1 (bug #440100; low) -CVE-2007-4133 - RESERVED +CVE-2007-4133 (The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions ...) {DSA-1381-2} + TODO: check CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 ...) NOT-FOR-US: Red Hat Satellite Server CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in ...) @@ -4108,7 +4180,7 @@ CVE-2007-3388 (Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) - qt4-x11 4.3.0-5 NOTE: there is some dissagreement whether qt4 is affected CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor function in ...) - {DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1 DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1} + {DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1 DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1 DTSA-62-1} - poppler 0.5.4-6.1 (bug #435460) - gpdf <removed> - xpdf 3.02-1.1 (bug #435462) @@ -14601,7 +14673,7 @@ CVE-2006-6088 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar NOT-FOR-US: i-Gallery CVE-2006-6087 (Cross-site scripting (XSS) vulnerability in weblog.php in my little ...) NOT-FOR-US: my little weblog -CVE-2006-6086 (PHP remote file inclusion vulnerability in ark_inc.php in e-Ark 1.0 ...) +CVE-2006-6086 (PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark ...) NOT-FOR-US: e-Ark CVE-2006-6085 (Kile before 1.9.3 does not assign a backup file the same permissions ...) - kile 1:1.9.3-1 (low) |