[Secure-testing-commits] r6340 - data/CVE
stef-guest at alioth.debian.org
stef-guest at alioth.debian.org
Thu Aug 16 20:49:04 UTC 2007
Author: stef-guest
Date: 2007-08-16 20:49:04 +0000 (Thu, 16 Aug 2007)
New Revision: 6340
Modified:
data/CVE/list
Log:
new lwat issue fixed
new issues: wengophone, ice*
new non-issue: konqueror
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-08-16 20:23:54 UTC (rev 6339)
+++ data/CVE/list 2007-08-16 20:49:04 UTC (rev 6340)
@@ -1,41 +1,46 @@
+CVE-2007-XXXX [lwat sometimes logs passwords in access.log]
+ - lwat 0.15-2 (low)
CVE-2007-4371 (Unrestricted file upload vulnerability in admin/pages/blog-add.php in ...)
- TODO: check
+ NOT-FOR-US: Neuron Blog
CVE-2007-4370 (Multiple buffer overflows in the (1) client and (2) server in Racer ...)
- TODO: check
+ NOT-FOR-US: Racer
CVE-2007-4369 (Directory traversal vulnerability in go/_files in SOTEeSKLEP before ...)
- TODO: check
+ NOT-FOR-US: SOTEeSKLEP
CVE-2007-4368 (SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) ...)
- TODO: check
+ NOT-FOR-US: IBM Rational ClearQuest (CQ)
CVE-2007-4367 (Opera before 9.23 allows remote attackers to execute arbitrary code ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2007-4366 (WengoPhone 2.1 allows remote attackers to cause a denial of service ...)
- TODO: check
+ - wengophone <unfixed> (bug #438419)
CVE-2007-4365 (Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier ...)
- TODO: check
+ NOT-FOR-US: eXV2 CMS
CVE-2007-4364 (Fedora Commons before 2.2.1 does not properly handle certain ...)
- TODO: check
+ NOT-FOR-US: Fedora Commons
CVE-2007-4363 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Drupal Content Construction Kit (CCK)
CVE-2007-4362 (SQL injection vulnerability in category.php in Prozilla Webring allows ...)
- TODO: check
+ NOT-FOR-US: Prozilla Webring
CVE-2007-4361 (NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta ...)
- TODO: check
+ NOT-FOR-US: ReadyNAS RAIDiator
CVE-2007-4360 (Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2007-4359 (Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems ...)
- TODO: check
+ NOT-FOR-US: JobLister3
CVE-2007-4358 (Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: Zoidcom
CVE-2007-4357 (Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof ...)
- TODO: check
+ - mozilla-firefox <removed>
+ - mozilla <removed>
+ - iceweasel <unfixed>
+ - iceape <unfixed>
CVE-2007-4356 (Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-4355 (Buffer overflow in the at program on IBM AIX 5.3 allows local users to ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2007-4354 (Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2007-4353 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2007-4352
RESERVED
CVE-2007-4351
@@ -187,7 +192,7 @@
CVE-2007-4279 (PHP remote file inclusion vulnerability in config.php in ...)
NOT-FOR-US: FrontAccounting
CVE-2007-4278 (Stack-based buffer overflow in ESRI ArcSDE service 9.2, as used with ...)
- TODO: check
+ NOT-FOR-US: ESRI ArcSDE
CVE-2007-4277
RESERVED
CVE-2007-4276
@@ -196,7 +201,7 @@
RESERVED
CVE-2007-4274
REJECTED
- TODO: check
+ NOT-FOR-US: Duplicate of CVE-2007-4275
CVE-2007-4273
RESERVED
CVE-2007-4272
@@ -296,7 +301,8 @@
CVE-2007-4230 (** DISPUTED ** ...)
NOT-FOR-US: BellaBiblio
CVE-2007-4229 (Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows ...)
- TODO: check
+ - konqueror <unfixed> (unimportant)
+ NOTE: Browser DoS not treated as vulnerabilities
CVE-2007-4228 (rmpvc on IBM AIX 4.3 allows local users to cause a denial of service ...)
NOT-FOR-US: AIX
CVE-2007-4227 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...)
@@ -350,7 +356,7 @@
CVE-2007-4204 (Hitachi Groupmax Collaboration - Schedule, as used in Groupmax ...)
NOT-FOR-US: Hitachi Groupmax Collaboration
CVE-2007-4203 (Session fixation vulnerability in Mambo 4.6.2 CMS allows remote ...)
- TODO: check
+ NOT-FOR-US: Mambo
CVE-2007-4202 (Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly ...)
NOT-FOR-US: Guidance Software EnCase
CVE-2007-4201 (Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume ...)
@@ -424,7 +430,7 @@
CVE-2007-4170 (Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 ...)
NOT-FOR-US: AL-Athkar
CVE-2007-4169 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: vgallite
CVE-2007-4167 (PHP remote file inclusion vulnerability in cat_viewed.php in ...)
NOT-FOR-US: AL-Caricatier
CVE-2007-4166 (Cross-site scripting (XSS) vulnerability in index.php in the Unnamed ...)
@@ -434,55 +440,55 @@
CVE-2007-4164 (CRLF injection vulnerability in the redirect feature in Sun Java ...)
NOT-FOR-US: IndexScript
CVE-2007-4163 (Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 ...)
- TODO: check
+ NOT-FOR-US: IndexScript
CVE-2007-4162 (TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or ...)
- TODO: check
+ NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4161 (rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might ...)
- TODO: check
+ NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4160 (The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when ...)
- TODO: check
+ NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4159 (index.html in the HTTP administration interface in certain daemons in ...)
- TODO: check
+ NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4158 (Unspecified vulnerability in rvd 7.5.2 in TIBCO Rendezvous (RV) allows ...)
- TODO: check
+ NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4157 (PHPBlogger stores sensitive information under the web root with ...)
- TODO: check
+ NOT-FOR-US: PHPBlogger
CVE-2007-4156 (Multiple SQL injection vulnerabilities in wolioCMS allow remote ...)
- TODO: check
+ NOT-FOR-US: wolioCMS
CVE-2007-4155 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
- TODO: check
+ NOT-FOR-US: EMC VMware
CVE-2007-4154 (SQL injection vulnerability in options.php in WordPress 2.2.1 allows ...)
- wordpress <unfixed>
CVE-2007-4153 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 ...)
- wordpress <unfixed>
CVE-2007-4152 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...)
- TODO: check
+ NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4151 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...)
- TODO: check
+ NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4150 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...)
- TODO: check
+ NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4149 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...)
- TODO: check
+ NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4148 (Heap-based buffer overflow in the Visionsoft Audit on Demand Service ...)
- TODO: check
+ NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4147 (Multiple unspecified vulnerabilities in Interspire ArticleLive NX ...)
- TODO: check
+ NOT-FOR-US: Interspire ArticleLive NX
CVE-2007-4146 (Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent ...)
- TODO: check
+ NOT-FOR-US: WebEvent
CVE-2007-4145 (Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX ...)
- TODO: check
+ NOT-FOR-US: BlueSkychat
CVE-2007-4144 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: MitriDAT eMail Form Processor Pro
CVE-2007-4143 (user.php in the Billing Control Panel in phpCoupon allows remote ...)
- TODO: check
+ NOT-FOR-US: Billing Control Panel in phpCoupon
CVE-2007-4142 (Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server ...)
- TODO: check
+ NOT-FOR-US: BM Lotus Sametime Server
CVE-2007-4141 (OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: OpenRat CMS
CVE-2007-4140 (Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows ...)
- TODO: check
+ NOT-FOR-US: Live for Speed
CVE-2007-4139 (Cross-site scripting (XSS) vulnerability in the Temporary Uploads ...)
- TODO: check
+ NOT-FOR-US: Temporary Uploads
CVE-2007-4138
RESERVED
CVE-2007-4137
More information about the Secure-testing-commits
mailing list