[Secure-testing-commits] r6199 - data/CVE
stef-guest at alioth.debian.org
stef-guest at alioth.debian.org
Tue Jul 31 19:50:34 UTC 2007
Author: stef-guest
Date: 2007-07-31 19:50:33 +0000 (Tue, 31 Jul 2007)
New Revision: 6199
Modified:
data/CVE/list
Log:
CVEified: drupal
bugnum
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-07-31 19:33:49 UTC (rev 6198)
+++ data/CVE/list 2007-07-31 19:50:33 UTC (rev 6199)
@@ -83,7 +83,7 @@
CVE-2007-4075 (Cross-site scripting (XSS) vulnerability in index.asp in Alisveris ...)
NOT-FOR-US: Alisveris Sitesi Scripti
CVE-2007-4074 (The default configuration of Centre for Speech Technology Research ...)
- - festival <unfixed> (bug filed; low)
+ - festival <unfixed> (bug #435445; low)
CVE-2007-4073 (Webbler CMS before 3.1.6 does not properly restrict use of "mail a ...)
TODO: check
CVE-2007-4072 (Webbler CMS before 3.1.6 provides the full installation path within ...)
@@ -103,9 +103,12 @@
CVE-2007-4065
RESERVED
CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x ...)
- TODO: check
+ - drupal 4.7.7-1 (low)
+ - drupal5 5.2-1 (low)
+ NOTE: DRUPAL-SA-2007-018
CVE-2007-4063 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal ...)
- TODO: check
+ - drupal5 5.2-1 (low)
+ NOTE: DRUPAL-SA-2007-017
CVE-2007-4062 (The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus ...)
TODO: check
CVE-2007-4061 (Directory traversal vulnerability in a certain ActiveX control in ...)
@@ -172,13 +175,6 @@
TODO: check
CVE-2007-4030
RESERVED
-CVE-2007-XXXX [Drupal CSRF]
- - drupal5 5.2-1 (low)
- NOTE: DRUPAL-SA-2007-017
-CVE-2007-XXXX [Drupal multiple XSS]
- - drupal 4.7.7-1 (low)
- - drupal5 5.2-1 (low)
- NOTE: DRUPAL-SA-2007-018
CVE-2007-4029 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...)
TODO: check
CVE-2007-4028 (Absolute path traversal vulnerability in index.php in Webspell 4.01.02 ...)
@@ -217,9 +213,9 @@
CVE-2007-4013 (Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka ...)
TODO: check
CVE-2007-4012 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-4011 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-4010 (The win32std extension in PHP 5.2.3 does not follow safe_mode and ...)
TODO: check
CVE-2007-4009 (PHP remote file inclusion vulnerability in ...)
@@ -321,11 +317,11 @@
CVE-2007-3961 (Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib ...)
TODO: check
CVE-2007-3960 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2007-3959 (The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier ...)
TODO: check
CVE-2007-3958 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-3957 (Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote ...)
TODO: check
CVE-2007-3956 (TeamSpeak WebServer 2.0 for Windows does not validate parameter value ...)
@@ -333,13 +329,13 @@
CVE-2007-3955 (Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in ...)
TODO: check
CVE-2007-3954 (Argument injection vulnerability in Microsoft Internet Explorer, when ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-3953 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote ...)
- TODO: check
+ NOT-FOR-US: Norman Antivirus
CVE-2007-3952 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote ...)
- TODO: check
+ NOT-FOR-US: Norman Antivirus
CVE-2007-3951 (Multiple buffer overflows in Norman Antivirus 5.90 allow remote ...)
- TODO: check
+ NOT-FOR-US: Norman Antivirus
CVE-2007-3950 (lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers ...)
TODO: check
CVE-2007-3949 (mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters ...)
@@ -381,7 +377,7 @@
CVE-2007-3931 (The wrap_setuid_third_party_application function in the installation ...)
TODO: check
CVE-2007-3930 (Interpretation conflict between Microsoft Internet Explorer and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-3929 (Use-after-free vulnerability in the BitTorrent support in Opera before ...)
TODO: check
CVE-2007-3928 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...)
@@ -393,7 +389,7 @@
CVE-2007-3925 (Multiple buffer overflows in the IMAP service (imapd32.exe) in ...)
TODO: check
CVE-2007-3924 (Argument injection vulnerability in Microsoft Internet Explorer, when ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-3923 (The Common Internet File System (CIFS) optimization in Cisco Wide Area ...)
TODO: check
CVE-2007-3922 (Unspecified vulnerability in the Java Runtime Environment (JRE) Applet ...)
More information about the Secure-testing-commits
mailing list