[Secure-testing-commits] r5482 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Thu Feb 22 18:55:55 UTC 2007
Author: stef-guest
Date: 2007-02-22 19:55:52 +0100 (Thu, 22 Feb 2007)
New Revision: 5482
Modified:
data/CVE/list
Log:
- CVE-2007-0988: new php issue
- CVE-2006-5754: new linux issue
- CVE-2007-1030: new libevent issue
- NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-22 00:38:54 UTC (rev 5481)
+++ data/CVE/list 2007-02-22 18:55:52 UTC (rev 5482)
@@ -13,17 +13,18 @@
CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) ...)
NOT-FOR-US: JBoss
CVE-2007-1035 (Unspecified vulnerability in certain demonstration scripts in getID3 ...)
- TODO: check
+ NOT-FOR-US: Mediafield and Audio modules for Drupal
+ NOTE: this is not a php-getid3 problem, but related to the way these modules embed getid3
CVE-2007-1034 (SQL injection vulnerability in modules.php in the Emporium 2.3.0 and ...)
- TODO: check
+ NOT-FOR-US: Emporium for PHP-Nuke
CVE-2007-1033 (Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and ...)
- TODO: check
+ NOT-FOR-US: Secure site for Drupal
CVE-2007-1032 (Unspecified vulnerability in phpMyFAQ before 1.6.9, when ...)
NOT-FOR-US: phpMyFAQ
CVE-2007-1031 (Directory traversal vulnerability in include/db_conn.php in SpoonLabs ...)
NOT-FOR-US: Vivvo Article Management CMS
CVE-2007-1030 (Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a ...)
- TODO: check
+ - libevent <unfixed> (bug #411996)
CVE-2007-1029 (Stack-based buffer overflow in the Connect method in the IMAP4 ...)
NOT-FOR-US: Quiksoft EasyMail Objects
CVE-2007-1028 (Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image ...)
@@ -107,7 +108,8 @@
CVE-2007-0989
RESERVED
CVE-2007-0988 (The zend_hash_init function in PHP, when running on a 64-bit platform, ...)
- TODO: check
+ - php4 <unfixed>
+ - php5 <unfixed>
CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 ...)
NOT-FOR-US: Jupiter CMS
CVE-2007-0986 (PHP remote file inclusion vulnerability in index.php in Jupiter CMS ...)
@@ -138,7 +140,7 @@
CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before ...)
NOT-FOR-US: LifeType
CVE-2007-0978 (Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2007-0977 (IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all ...)
NOT-FOR-US: IBM Lotus Domino
CVE-2007-0976 (Buffer overflow in the ActSoft DVD-Tools ActiveX control ...)
@@ -268,7 +270,7 @@
CVE-2007-0914 (Race condition in the TCP subsystem for Solaris 10 allows remote ...)
NOT-FOR-US: Sun Solaris
CVE-2007-0913 (Unspecified vulnerability in Microsoft Powerpoint allows remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-7024 (Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 ...)
NOT-FOR-US: Harpia CMS
CVE-2006-7023 (Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 ...)
@@ -400,7 +402,7 @@
CVE-2007-0879 (Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows ...)
NOT-FOR-US: PEBrowse
CVE-2007-0878 (Unspecified vulnerability in Microsoft Internet Explorer on Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0877 (Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital ...)
NOT-FOR-US: March Networks DVR
CVE-2007-0876 (Cross-site scripting (XSS) vulnerability in Quick Digital Image ...)
@@ -456,7 +458,7 @@
CVE-2007-XXXX [dokuwiki conf directory accessible by web users]
- dokuwiki 0.0.20061106-3 (bug #410557)
CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0869 (Cross-site scripting (XSS) vulnerability in the Attachment Manager ...)
NOT-FOR-US: vBulletin
CVE-2007-0868 (Unspecified vulnerability in the Chat Room functionality in Yahoo! ...)
@@ -548,7 +550,7 @@
CVE-2007-0843
RESERVED
CVE-2007-0842 (The 64-bit versions of Microsoft Visual C++ 8.0 standard library ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have ...)
NOT-FOR-US: vbDrupal
CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows ...)
@@ -610,7 +612,7 @@
CVE-2007-0812 (SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) ...)
NOT-FOR-US: Woltlab Burning Board
CVE-2007-0811 (Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0810 (PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in ...)
NOT-FOR-US: GeekLog
CVE-2007-0809 (PHP remote file inclusion vulnerability in includes/class_template.php ...)
@@ -723,7 +725,7 @@
CVE-2006-6971 (Mozilla Firefox 2.0, possibly only when running on Windows, allows ...)
- iceweasel <not-affected> (Windows only)
CVE-2006-6970 (Opera 9.10 Final allows remote attackers to bypass the Fraud ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2006-6969 (Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 ...)
NOT-FOR-US: Jetty
CVE-2005-4827 (Internet Explorer 6.0, and possibly other versions, allows remote ...)
@@ -851,7 +853,7 @@
CVE-2007-0711
RESERVED
CVE-2007-0710 (The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote ...)
- TODO: check
+ NOT-FOR-US: Apple iChat
CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...)
NOT-FOR-US: Comodo Firewall Pro
CVE-2007-0708 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...)
@@ -1273,7 +1275,7 @@
CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users with ...)
NOT-FOR-US: Yana
CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0514 (Multiple cross-site scripting (XSS) vulnerabilities in multiple ...)
NOT-FOR-US: Hitachi
CVE-2007-0513 (Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and ...)
@@ -1425,9 +1427,9 @@
CVE-2007-0466 (Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 ...)
NOT-FOR-US: Telestream
CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2007-0464 (The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 ...)
- TODO: check
+ NOT-FOR-US: CFNetwork on Apple Mac OS
CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X ...)
NOT-FOR-US: Apple
CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by ...)
@@ -1988,29 +1990,29 @@
CVE-2007-0220
RESERVED
CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0218
RESERVED
CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0216
RESERVED
CVE-2007-0215
RESERVED
CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0213
RESERVED
CVE-2007-0212
RESERVED
CVE-2007-0211 (The hardware detection functionality in the Windows Shell in Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0210 (The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0209 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0208 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0207
RESERVED
CVE-2007-0206 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
@@ -2360,7 +2362,8 @@
CVE-2007-0087 (** DISPUTED ** ...)
NOT-FOR-US: Microsoft IIS
CVE-2007-0086 (** DISPUTED ** ...)
- TODO: check
+ - apache <unfixed> (unimportant)
+ - apache2 <unfixed> (unimportant)
CVE-2007-0085 (Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics ...)
NOT-FOR-US: OpenBSD VGA wscons driver
CVE-2007-0084 (** DISPUTED ** ...)
@@ -2609,9 +2612,9 @@
CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...)
NOT-FOR-US: Microsoft Excel
CVE-2007-0026 (The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML) implementation ...)
NOT-FOR-US: Microsoft IE
CVE-2007-0023 (The CFUserNotificationSendRequest function in ...)
@@ -3572,7 +3575,7 @@
CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the Dialog Wrapper ...)
NOT-FOR-US: ICONICS
CVE-2006-6487 (Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook ...)
- TODO: check
+ NOT-FOR-US: DT Guestbook
CVE-2006-6486 (SQL injection vulnerability in EasyPage allows remote attackers to ...)
NOT-FOR-US: EasyPage
CVE-2006-6485 (Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 ...)
@@ -5145,7 +5148,7 @@
CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does not ...)
- linux-2.6 2.6.18.dfsg.1-10
CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux ...)
- linux-2.6 <unfixed>
CVE-2006-5752
@@ -6224,7 +6227,7 @@
CVE-2006-5271
RESERVED
CVE-2006-5270 (Integer overflow in the Microsoft Malware Protection Engine ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-5269
RESERVED
CVE-2006-5268
@@ -7462,7 +7465,7 @@
CVE-2006-4698
RESERVED
CVE-2006-4697 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft Windows ...)
NOT-FOR-US: Microsoft
CVE-2006-4695
@@ -10385,7 +10388,7 @@
CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, ...)
NOT-FOR-US: Microsoft
CVE-2006-3448 (Buffer overflow in the Step-by-Step Interactive Training in Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3447
RESERVED
CVE-2006-3446
@@ -15505,7 +15508,7 @@
CVE-2006-1312
RESERVED
CVE-2006-1311 (The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-1310
RESERVED
CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...)
More information about the Secure-testing-commits
mailing list