[Secure-testing-commits] r5464 - data/CVE
Kees Cook
keescook-guest at alioth.debian.org
Fri Feb 16 23:16:41 UTC 2007
Author: keescook-guest
Date: 2007-02-17 00:16:38 +0100 (Sat, 17 Feb 2007)
New Revision: 5464
Modified:
data/CVE/list
Log:
NFUs, and critical firefox vuln
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-16 20:14:34 UTC (rev 5463)
+++ data/CVE/list 2007-02-16 23:16:38 UTC (rev 5464)
@@ -1,69 +1,69 @@
CVE-2007-0981 (Mozilla based browsers allows remote attackers to bypass the same ...)
- TODO: check
+ - iceweasel <unfixed> (high)
CVE-2007-0980 (Unspecified vulnerability in HP Serviceguard for Linux; packaged for ...)
- TODO: check
+ NOT-FOR-US: HP Serviceguard
CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before ...)
- TODO: check
+ NOT-FOR-US: LifeType
CVE-2007-0978 (Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain ...)
TODO: check
CVE-2007-0977 (IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all ...)
- TODO: check
+ NOT-FOR-US: IBM Lotus Domino
CVE-2007-0976 (Buffer overflow in the ActSoft DVD-Tools ActiveX control ...)
- TODO: check
+ NOT-FOR-US: ActSoft DVD-Tools ActiveX control
CVE-2007-0975 (Variable extraction vulnerability in Ian Bezanson Apache Stats before ...)
- TODO: check
+ NOT-FOR-US: Apache Stats
CVE-2007-0974 (Multiple unspecified vulnerabilities in Ian Bezanson DropBox before ...)
- TODO: check
+ NOT-FOR-US: DropBox
CVE-2007-0973 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- TODO: check
+ NOT-FOR-US: Jupiter CMS
CVE-2007-0972 (Unrestricted file upload vulnerability in modules/emoticons.php in ...)
- TODO: check
+ NOT-FOR-US: Jupiter CMS
CVE-2007-0971 (Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow ...)
- TODO: check
+ NOT-FOR-US: Jupiter CMS
CVE-2007-0970 (Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and ...)
- TODO: check
+ NOT-FOR-US: WebTester
CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester ...)
- TODO: check
+ NOT-FOR-US: WebTester
CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) ...)
- TODO: check
+ NOT-FOR-US: Cisco FWSM
CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows ...)
- TODO: check
+ NOT-FOR-US: Cisco FWSM
CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the ...)
- TODO: check
+ NOT-FOR-US: Cisco FWSM
CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to ...)
- TODO: check
+ NOT-FOR-US: Cisco FWSM
CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to ...)
- TODO: check
+ NOT-FOR-US: Cisco FWSM
CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x ...)
- TODO: check
+ NOT-FOR-US: Cisco FWSM
CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before ...)
- TODO: check
+ NOT-FOR-US: Cisco PIX
CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before ...)
- TODO: check
+ NOT-FOR-US: Cisco PIX
CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series ...)
- TODO: check
+ NOT-FOR-US: Cisco PIX
CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when ...)
- TODO: check
+ NOT-FOR-US: Cisco PIX
CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable ...)
- TODO: check
+ - linux-2.6 <unfixed> (unimportant)
CVE-2007-0957
RESERVED
CVE-2007-0956
RESERVED
CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable ...)
- TODO: check
+ NOT-FOR-US: Mail Enable Professional
CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for use of ...)
- TODO: check
+ NOT-FOR-US: MOHA Chat
CVE-2007-0953 (Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 ...)
- TODO: check
+ NOT-FOR-US: @Mail
CVE-2007-0952 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...)
- TODO: check
+ NOT-FOR-US: Virtual Calendar
CVE-2007-0951 (SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting ...)
- TODO: check
+ NOT-FOR-US: Fullaspsite ASP Hosting Site
CVE-2007-0950 (Cross-site scripting (XSS) vulnerability in listmain.asp in ...)
- TODO: check
+ NOT-FOR-US: Fullaspsite ASP Hosting Site
CVE-2007-0949 (Stack-based buffer overflow in iTinySoft Studio Total Video Player ...)
- TODO: check
+ NOT-FOR-US: iTinySoft
CVE-2007-0948
RESERVED
CVE-2007-0947
@@ -97,73 +97,73 @@
CVE-2007-0933
RESERVED
CVE-2007-0932 (Unspecified vulnerability in Aruba Mobility Controller 200, 800, 2400, ...)
- TODO: check
+ NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0931 (Buffer overflow in the management interface for Aruba Mobility ...)
- TODO: check
+ NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0930 (Variable extract vulnerability in Apache Stats before 0.0.3beta allows ...)
- TODO: check
+ NOT-FOR-US: Apache Stats
CVE-2007-0929 (Directory traversal vulnerability in php rrd browser before 0.2.1 ...)
- TODO: check
+ NOT-FOR-US: prb (php rrd browser)
CVE-2007-0928 (Virtual Calendar stores sensitive information under the web root with ...)
- TODO: check
+ NOT-FOR-US: Virtual Calendar
CVE-2007-0927 (Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: uTorrent
CVE-2007-0926 (The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows ...)
- TODO: check
+ NOT-FOR-US: KvGuestbook
CVE-2007-0925 (Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx ...)
- TODO: check
+ NOT-FOR-US: Community Server
CVE-2007-0924 (Till Gerken phpPolls 1.0.3 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: phpPolls
CVE-2007-0923 (buscador/buscador.htm in Portal Search allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Portal Search
CVE-2007-0922 (Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in ...)
- TODO: check
+ NOT-FOR-US: Portal Search
CVE-2007-0921 (Portal Search allows remote attackers to redirect a URL to an ...)
- TODO: check
+ NOT-FOR-US: Portal Search
CVE-2007-0920 (SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 ...)
- TODO: check
+ NOT-FOR-US: Philboard
CVE-2007-0919 (Directory traversal vulnerability in Nickolas Grigoriadis Mini Web ...)
- TODO: check
+ NOT-FOR-US: MiniWebsvr
CVE-2007-0918 (The ATOMIC.TCP signature engine in the Intrusion Prevention System ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2007-0917 (The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2007-0914 (Race condition in the TCP subsystem for Solaris 10 allows remote ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2007-0913 (Unspecified vulnerability in Microsoft Powerpoint allows remote ...)
TODO: check
CVE-2006-7024 (Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 ...)
- TODO: check
+ NOT-FOR-US: Harpia CMS
CVE-2006-7023 (Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 ...)
- TODO: check
+ NOT-FOR-US: fx-APP
CVE-2006-7022 (The Tools module in fx-APP 0.0.8.1 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: fx-APP
CVE-2006-7021 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Plume CMS
CVE-2006-7020 (CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php ...)
- TODO: check
+ NOT-FOR-US: phpwcms
CVE-2006-7019 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote ...)
- TODO: check
+ NOT-FOR-US: phpwcms
CVE-2006-7018 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote ...)
- TODO: check
+ NOT-FOR-US: phpwcms
CVE-2006-7017 (Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 ...)
- TODO: check
+ NOT-FOR-US: Indexu
CVE-2006-7016 (phpjobboard allows remote attackers to bypass authentication and gain ...)
- TODO: check
+ NOT-FOR-US: Jobline
CVE-2006-7015 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Jobline
CVE-2006-7014 (admin.php in BloggIT 1.01 and earlier does not properly establish a ...)
- TODO: check
+ NOT-FOR-US: BloggIT
CVE-2006-7013 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Simple Machine Forum
CVE-2006-7012 (scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary ...)
- TODO: check
+ NOT-FOR-US: SCart
CVE-2006-7011 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: FlashChat
CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php ...)
NOT-FOR-US: JPortal
CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...)
@@ -318,7 +318,7 @@
CVE-2007-0860 (** DISPUTED ** ...)
NOT-FOR-US: local Calendar System
CVE-2007-0859 (The Find feature in Palm OS Treo smart phones operates despite the ...)
- TODO: check
+ NOT-FOR-US: Palm OS Treo
CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote ...)
NOT-FOR-US: GoSuRF Browser
CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote ...)
@@ -819,9 +819,9 @@
CVE-2007-0653
RESERVED
CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable Professional ...)
- TODO: check
+ NOT-FOR-US: MailEnable Professional
CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable ...)
- TODO: check
+ NOT-FOR-US: MailEnable Professional
CVE-2007-0650 (Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 ...)
- tetex-bin <not-affected> (Only vulnerable if compiled w/o kpathsea support, Debian does)
CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR ...)
@@ -1584,7 +1584,7 @@
CVE-2007-0325
RESERVED
CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in ...)
- TODO: check
+ NOT-FOR-US: LizardTech DjVu Browser Plug-in
CVE-2007-0323
RESERVED
CVE-2007-0322
@@ -4749,9 +4749,9 @@
CVE-2006-5861 (The Independent Management Architecture (IMA) service (ImaSrv.exe) in ...)
NOT-FOR-US: Citrix
CVE-2006-5860 (Cross-site scripting (XSS) vulnerability in the administrator console ...)
- TODO: check
+ NOT-FOR-US: Adobe JRun
CVE-2006-5859 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2006-5858 (Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft ...)
NOT-FOR-US: Adobe
CVE-2006-5857 (Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote ...)
More information about the Secure-testing-commits
mailing list