[Secure-testing-commits] r6215 - data/CVE
stef-guest at alioth.debian.org
stef-guest at alioth.debian.org
Thu Aug 2 19:10:41 UTC 2007
Author: stef-guest
Date: 2007-08-02 19:10:40 +0000 (Thu, 02 Aug 2007)
New Revision: 6215
Modified:
data/CVE/list
Log:
new: teamspeak-server, bandersnatch, zoph
already fixed: sun-java[56]
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-08-02 18:21:36 UTC (rev 6214)
+++ data/CVE/list 2007-08-02 19:10:40 UTC (rev 6215)
@@ -1,3 +1,5 @@
+CVE-2007-XXXX [teamspeak-server arbitrary file disclosure]
+ - teamspeak-server <unfixed> (bug #435707; medium)
CVE-2007-XXXX [tor insufficient authentication on control port]
- tor 0.1.2.16-1
CVE-2007-4116 (SQL injection vulnerability in philboard_forum.asp in Metyus Forum ...)
@@ -333,7 +335,7 @@
CVE-2007-3957 (Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote ...)
NOT-FOR-US: Nipun Jain xserver
CVE-2007-3956 (TeamSpeak WebServer 2.0 for Windows does not validate parameter value ...)
- TODO: check
+ - teamspeak-server <unfixed> (bug #435707)
CVE-2007-3955 (Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in ...)
NOT-FOR-US: LinkedIn Toolbar
CVE-2007-3954 (Argument injection vulnerability in Microsoft Internet Explorer, when ...)
@@ -381,27 +383,29 @@
CVE-2007-3933 (SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and ...)
NOT-FOR-US: QuickEStore
CVE-2007-3932 (uploadimg.php in the Expose RC35 and earlier (com_expose) component ...)
- TODO: check
+ NOT-FOR-US: Expose RC35 for Joomla
CVE-2007-3931 (The wrap_setuid_third_party_application function in the installation ...)
- TODO: check
+ NOT-FOR-US: Samsung SCX-4200 Driver installation script
CVE-2007-3930 (Interpretation conflict between Microsoft Internet Explorer and ...)
NOT-FOR-US: Microsoft
CVE-2007-3929 (Use-after-free vulnerability in the BitTorrent support in Opera before ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2007-3928 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...)
- TODO: check
+ NOT-FOR-US: Yahoo! Messenger
CVE-2007-3927 (Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 ...)
NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3926 (Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to ...)
NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3925 (Multiple buffer overflows in the IMAP service (imapd32.exe) in ...)
- TODO: check
+ NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3924 (Argument injection vulnerability in Microsoft Internet Explorer, when ...)
NOT-FOR-US: Microsoft
CVE-2007-3923 (The Common Internet File System (CIFS) optimization in Cisco Wide Area ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-3922 (Unspecified vulnerability in the Java Runtime Environment (JRE) Applet ...)
- TODO: check
+ - sun-java5 1.5.0-12-2
+ [etch] - sun-java5 <no-dsa> (non-free not supported)
+ - sun-java6 6-02-1
CVE-2007-3921
RESERVED
CVE-2007-3920
@@ -423,19 +427,19 @@
CVE-2007-3912
RESERVED
CVE-2007-3911 (Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka ...)
- TODO: check
+ NOT-FOR-US: BakBone NetVault Reporter
CVE-2007-3910 (Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows ...)
- TODO: check
+ - bandersnatch <unfixed> (low; bug #435709)
CVE-2007-3909 (Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow ...)
- TODO: check
+ - bandersnatch <unfixed> (low; bug #435709)
CVE-2007-3908 (Unspecified vulnerability in HP ServiceGuard for Linux for Red Hat ...)
- TODO: check
+ NOT-FOR-US: HP ServiceGuard
CVE-2007-3907 (Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 ...)
- TODO: check
+ NOT-FOR-US: LedgerSMB
CVE-2007-3906 (Unspecified vulnerability in Kaspersky Anti-Virus for Check Point ...)
NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-3905 (SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote ...)
- TODO: check
+ - zoph <unfixed> (bug filed)
CVE-2007-3904
RESERVED
CVE-2007-3903
@@ -467,23 +471,23 @@
CVE-2007-3890
RESERVED
CVE-2007-3889 (Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and ...)
- TODO: check
+ NOT-FOR-US: Insanely Simple Blog
CVE-2007-3888 (Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple ...)
- TODO: check
+ NOT-FOR-US: Insanely Simple Blog
CVE-2007-3887 (Multiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp ...)
- TODO: check
+ NOT-FOR-US: ASP Ziyaretci Defteri
CVE-2007-3886 (Cross-site scripting (XSS) vulnerability in default.asp in Element CMS ...)
- TODO: check
+ NOT-FOR-US: Element CMS
CVE-2007-3885 (Cross-site scripting (XSS) vulnerability in philboard_search.asp in ...)
- TODO: check
+ NOT-FOR-US: husrevforum
CVE-2007-3884 (SQL injection vulnerability in philboard_forum.asp in husrevforum ...)
- TODO: check
+ NOT-FOR-US: husrevforum
CVE-2007-3883 (The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.1 and ...)
- TODO: check
+ NOT-FOR-US: Data Dynamics ActiveBar ActiveX control
CVE-2007-3882 (SQL injection vulnerability in index.php in Expert Advisor allows ...)
- TODO: check
+ NOT-FOR-US: Expert Advisor
CVE-2007-3881 (SQL injection vulnerability in index.php in Pictures Rating (Picture ...)
- TODO: check
+ NOT-FOR-US: Pictures Rating
CVE-2007-3880
RESERVED
CVE-2007-3879
@@ -495,7 +499,7 @@
CVE-2007-3876
RESERVED
CVE-2007-3875 (arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) ...)
- TODO: check
+ NOT-FOR-US: CA Anti-Virus
CVE-2007-3874
RESERVED
CVE-2007-3873
@@ -510,41 +514,41 @@
- dokuwiki 0.0.20070626b-1 (unimportant; bug #434134)
NOTE: IE browser bug are not treated as security issues in packages applications
CVE-2007-3870 (Multiple unspecified vulnerabilities in the Human Capital Management ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3869 (Multiple unspecified vulnerabilities in the Customer Relationship ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3868 (Multiple unspecified vulnerabilities in PeopleTools in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3867 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3866 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3865 (Unspecified vulnerability in the Oracle Customer Intelligence ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3864 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3863 (Unspecified vulnerability in Oracle JDeveloper for Application Server ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3862 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3861 (Unspecified vulnerability in Oracle Jdeveloper in Oracle Application ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3860 (Unspecified vulnerability in Oracle Application Express (formerly ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3859 (Unspecified vulnerability in the Oracle Internet Directory component ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3858 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3857 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3856 (Unspecified vulnerability in the Oracle Data Mining component for ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3855 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3854 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3853 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-3852
RESERVED
CVE-2007-3851
@@ -574,7 +578,7 @@
CVE-2007-3843
RESERVED
CVE-2007-3842 (Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise ...)
- TODO: check
+ NOT-FOR-US: 8e6 R3000 Enterprise Filter
CVE-2007-3841 (Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux ...)
TODO: check
CVE-2007-3840 (SQL injection vulnerability in referralUrl.php in Traffic Stats allows ...)
More information about the Secure-testing-commits
mailing list