[Secure-testing-commits] r5522 - data/CVE
Kees Cook
keescook-guest at alioth.debian.org
Thu Mar 8 02:29:16 CET 2007
Author: keescook-guest
Date: 2007-03-08 01:29:12 +0000 (Thu, 08 Mar 2007)
New Revision: 5522
Modified:
data/CVE/list
Log:
NFUs: 121
unfixed: blender gnupg iceweasel isdnutils linux-2.6 php4 php5 tomcat5.5 util-linux viewcvs
fixed: icedove iceweasel linux-ftpd wordpress
not-affected: smarty wordpress
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-03-07 22:07:07 UTC (rev 5521)
+++ data/CVE/list 2007-03-08 01:29:12 UTC (rev 5522)
@@ -1,17 +1,18 @@
CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and ...)
- TODO: check
+ - php4 <unfixed> (low)
CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote ...)
- TODO: check
+ - php4 <unfixed> (low)
CVE-2007-1285 (The Zend Engine in PHP 4.x and 5.x allows remote attackers to cause a ...)
- TODO: check
+ - php5 <unfixed> (low)
+ - php4 <unfixed> (low)
CVE-2007-1284
RESERVED
CVE-2007-1283
RESERVED
CVE-2007-1282 (Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey ...)
- TODO: check
+ - icedove 1.5.0.10.dfsg1-1 (medium)
CVE-2007-1281 (Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux ...)
- TODO: check
+ NOT-FOR-US: Kaspersky AntiVirus Engine
CVE-2007-1280
RESERVED
CVE-2007-1279
@@ -19,65 +20,65 @@
CVE-2007-1278
RESERVED
CVE-2007-1277 (WordPress 2.1.1, as downloaded from some official distribution sites ...)
- TODO: check
+ - wordpress <not-affected> (orig.tar.gz not compromised)
CVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in ...)
- TODO: check
+ NOT-FOR-US: Webmin
CVE-2007-1275
RESERVED
CVE-2007-1274
RESERVED
CVE-2006-7134 (Unrestricted file upload vulnerability in main_user.php in Upload Tool ...)
- TODO: check
+ NOT-FOR-US: Upload Tool for PHP
CVE-2006-7133 (Directory traversal vulnerability in upload/bin/download.php in Upload ...)
- TODO: check
+ NOT-FOR-US: Upload Tool for PHP
CVE-2006-7132 (Directory traversal vulnerability in pmd-config.php in PHPMyDesk ...)
- TODO: check
+ NOT-FOR-US: PHPMyDesk
CVE-2006-7131 (PHP remote file inclusion vulnerability in extras/mt.php in Jinzora ...)
- TODO: check
+ NOT-FOR-US: Jinzora
CVE-2006-7130 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Jinzora
CVE-2006-7129 (ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier ...)
- TODO: check
+ NOT-FOR-US: ISS BlackICE
CVE-2006-7128 (PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 ...)
- TODO: check
+ NOT-FOR-US: JAF CMS
CVE-2006-7127 (Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 ...)
- TODO: check
+ NOT-FOR-US: JAF CMS
CVE-2006-7126 (SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 ...)
- TODO: check
+ NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7125 (Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 ...)
- TODO: check
+ NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7124 (PHP remote file inclusion vulnerability in external/rssfeeds.php in ...)
- TODO: check
+ NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7123 (Multiple SQL injection vulnerabilities in BSQ Sitestats (component for ...)
- TODO: check
+ NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7122 (Cross-site scripting (XSS) vulnerability in the IP Address Lookup ...)
- TODO: check
+ NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7121 (The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote ...)
- TODO: check
+ NOT-FOR-US: Linksys SPA-921
CVE-2006-7120 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: OSL maintain
CVE-2006-7119 (PHP remote file inclusion vulnerability in kernel/system/startup.php ...)
- TODO: check
+ NOT-FOR-US: PHPGiggle
CVE-2006-7118 (SQL injection vulnerability in index.asp in DMXReady Site Engine ...)
- TODO: check
+ NOT-FOR-US: DMXReady Site Engine Manager
CVE-2006-7117 (Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier ...)
- TODO: check
+ NOT-FOR-US: Kubix
CVE-2006-7116 (SQL injection vulnerability in includes/functions.php in Kubix 0.7 and ...)
- TODO: check
+ NOT-FOR-US: Kubix
CVE-2006-7115 (SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote ...)
- TODO: check
+ NOT-FOR-US: PHPKit
CVE-2006-7114 (P-News 2.0 stores db/user.txt under the web document root with ...)
- TODO: check
+ NOT-FOR-US: P-News
CVE-2006-7113 (Unrestricted file upload vulnerability in P-News 2.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: P-News
CVE-2006-7112 (Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and ...)
- TODO: check
+ NOT-FOR-US: MD-Pro
CVE-2006-7111 (Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and ...)
- TODO: check
+ NOT-FOR-US: KMail CGI
CVE-2006-7110 (Directory traversal vulnerability in the delete function in IMCE ...)
- TODO: check
+ NOT-FOR-US: Drupal module IMCE
CVE-2006-7109 (Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal ...)
- TODO: check
+ NOT-FOR-US: Drupal module IMCE
CVE-2007-XXXX [buffer overruns in GIT's http-push.c, fixed in 1.5.0.3]
- git-core <unfixed> (bug #413629; low)
CVE-2007-1273
@@ -101,97 +102,98 @@
CVE-2007-1264 (Enigmail 0.94.2 and earlier does not properly use the --status-fd ...)
TODO: check
CVE-2007-1263 (GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the ...)
- TODO: check
+ - gnupg <unfixed> (low)
CVE-2007-1262
RESERVED
CVE-2007-1261 (Unspecified vulnerability in the reports system in OpenBiblio before ...)
- TODO: check
+ NOT-FOR-US: OpenBiblio
CVE-2007-1260 (Stack-based buffer overflow in the connectHandle function in ...)
- TODO: check
+ NOT-FOR-US: WebMod
CVE-2007-1259 (Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have ...)
- TODO: check
+ NOT-FOR-US: WebAPP
CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, ...)
- TODO: check
+ NOT-FOR-US: Cisco Catalyst
CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address ...)
- TODO: check
+ - iceweasel <unfixed> (medium)
CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in ...)
- TODO: check
+ NOT-FOR-US: Connectix Boards
CVE-2007-1254 (SQL injection vulnerability in part.userprofile.php in Connectix ...)
- TODO: check
+ NOT-FOR-US: Connectix Boards
CVE-2007-1253 (Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script ...)
- TODO: check
+ - blender <unfixed> (medium)
CVE-2007-1252 (Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch ...)
- TODO: check
+ NOT-FOR-US: Symantec Mail Security
CVE-2007-1251 (Format string vulnerability in the new_warning function in ...)
- TODO: check
+ NOT-FOR-US: Netrek Vanilla Server
CVE-2007-1250 (SQL injection vulnerability in section/default.asp in ANGEL Learning ...)
- TODO: check
+ NOT-FOR-US: Learning Management Suite
CVE-2007-1249 (MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 ...)
- TODO: check
+ NOT-FOR-US: Contelligent
CVE-2007-1248 (Multiple cross-site scripting (XSS) vulnerabilities in built2go News ...)
- TODO: check
+ NOT-FOR-US: News Manager Blog
CVE-2007-1247 (Multiple PHP remote file inclusion vulnerabilities in aWeb Labs ...)
- TODO: check
+ NOT-FOR-US: aWebNews
CVE-2007-1246 (The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in ...)
TODO: check
CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOT-FOR-US: IrfanView
CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the AdminPanel in ...)
- TODO: check
+ - wordpress 2.1.2-1 (medium)
CVE-2007-1243 (Audins Audiens 3.3 allows remote attackers to bypass authentication ...)
- TODO: check
+ NOT-FOR-US: Audins Audiens
CVE-2007-1242 (SQL injection vulnerability in system/index.php in Audins Audiens 3.3 ...)
- TODO: check
+ NOT-FOR-US: Audins Audiens
CVE-2007-1241 (Cross-site scripting (XSS) vulnerability in setup.php in Audins ...)
- TODO: check
+ NOT-FOR-US: Audins Audiens
CVE-2007-1240 (Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS ...)
- TODO: check
+ NOT-FOR-US: Docebo CMS
CVE-2007-1239 (Microsoft Excel 2003 does not properly parse .XLS files, which allows ...)
TODO: check
CVE-2007-1238 (Microsoft Office 2003 allows user-assisted remote attackers to cause a ...)
TODO: check
CVE-2007-1237 (sitex allows remote attackers to obtain potentially sensitive ...)
- TODO: check
+ NOT-FOR-US: sitex
CVE-2007-1236 (sitex allows remote attackers to obtain sensitive information via a ...)
- TODO: check
+ NOT-FOR-US: sitex
CVE-2007-1235 (Unrestricted file upload vulnerability in sitex allows remote ...)
- TODO: check
+ NOT-FOR-US: sitex
CVE-2007-1234 (Multiple cross-site scripting (XSS) vulnerabilities in sitex allow ...)
- TODO: check
+ NOT-FOR-US: sitex
CVE-2007-1233 (PHP remote file inclusion vulnerability in downloadcounter.php in ...)
- TODO: check
+ NOT-FOR-US: STWC-Counter
CVE-2007-1232 (Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: SQLiteManager
CVE-2007-1231 (Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager ...)
- TODO: check
+ NOT-FOR-US: SQLiteManager
CVE-2007-1230 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ - wordpress 2.1.2-1 (medium)
CVE-2007-1229 (Cross-site scripting (XSS) vulnerability in the Nullsoft ...)
- TODO: check
+ NOT-FOR-US: Nullsoft ShoutcastServer
CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2007-1227 (VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 ...)
- TODO: check
+ NOT-FOR-US: McAfee VirusScan
CVE-2007-1226 (McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak ...)
- TODO: check
+ NOT-FOR-US: McAfee VirusScan
CVE-2007-1225 (The connection log file implementation in Grok Developments NetProxy ...)
- TODO: check
+ NOT-FOR-US: Grok Developments NetProxy
CVE-2007-1224 (Grok Developments NetProxy 4.03 allows remote attackers to bypass URL ...)
- TODO: check
+ NOT-FOR-US: Grok Developments NetProxy
CVE-2007-1223 (Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows ...)
- TODO: check
+ NOT-FOR-US: Hitachi OSAS/FT/W
CVE-2007-1222 (Parallels Desktop for Mac before 20070216 implements Drag and Drop by ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2007-1221 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows ...)
TODO: check
CVE-2007-1220 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not ...)
TODO: check
CVE-2007-1219 (PHP remote file inclusion vulnerability in actions/del.php in Admin ...)
- TODO: check
+ NOT-FOR-US: Phorum
CVE-2007-1217 (Buffer overflow in the bufprint function in capiutil.c in libcapi, as ...)
- TODO: check
+ - isdnutils <unfixed> (low)
+ - linux-2.6 <unfixed> (low)
CVE-2007-1216
RESERVED
CVE-2007-1215
@@ -229,117 +231,117 @@
CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read ...)
TODO: check
CVE-2007-1198 (Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 ...)
- TODO: check
+ NOT-FOR-US: TaskFreak!
CVE-2007-1197 (Multiple unspecified vulnerabilities in Epiware before 4.7.5 have ...)
- TODO: check
+ NOT-FOR-US: Epiware
CVE-2007-1196 (Unspecified vulnerability in Citrix Presentation Server Client for ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2007-1195 (Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow ...)
- TODO: check
+ NOT-FOR-US: XM Easy Personal FTP Server
CVE-2007-1194 (Norman SandBox Analyzer does not use the proper range for Interrupt ...)
- TODO: check
+ NOT-FOR-US: SandBox Analyzer
CVE-2007-1193 (Multiple unspecified vulnerabilities in the Login page in OrangeHRM ...)
- TODO: check
+ NOT-FOR-US: OrangeHRM
CVE-2007-1192 (Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive ...)
- TODO: check
+ NOT-FOR-US: HyperBook Guestbook
CVE-2007-1191 (The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes ...)
- TODO: check
+ NOT-FOR-US: Quicksilver plugin Social Bookmarks
CVE-2007-1190 (Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX ...)
- TODO: check
+ NOT-FOR-US: EmbeddedWB ActiveX control
CVE-2007-1189 (Integer overflow in the envwrite function in the Alcatel-Lucent Bell ...)
- TODO: check
+ NOT-FOR-US: Alcatel-Lucent Bell Labs Plan 9
CVE-2007-1188 (WebAPP before 0.9.9.5 allows remote attackers to submit Search form ...)
- TODO: check
+ NOT-FOR-US: WebAPP
CVE-2007-1187 (WebAPP before 0.9.9.5 allows remote authenticated users, without admin ...)
- TODO: check
+ NOT-FOR-US: WebAPP
CVE-2007-1186 (WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, ...)
- TODO: check
+ NOT-FOR-US: WebAPP
CVE-2007-1185 (The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval ...)
- TODO: check
+ NOT-FOR-US: WebAPP
CVE-2007-1184 (The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA ...)
- TODO: check
+ NOT-FOR-US: WebAPP
CVE-2007-1183 (WebAPP before 0.9.9.5 allows remote authenticated users to spoof ...)
- TODO: check
+ NOT-FOR-US: WebAPP
CVE-2007-1182 (WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest ...)
- TODO: check
+ NOT-FOR-US: WebAPP
CVE-2007-1181 (WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the ...)
- TODO: check
+ NOT-FOR-US: WebAPP
CVE-2007-1180 (WebAPP before 0.9.9.5 does not check referrers in certain forms, which ...)
- TODO: check
+ NOT-FOR-US: WebAPP
CVE-2007-1179 (WebAPP before 0.9.9.5 does not properly manage e-mail addresses in ...)
- TODO: check
+ NOT-FOR-US: WebAPP
CVE-2007-1178 (WebAPP before 0.9.9.5 does not check access in certain contexts ...)
- TODO: check
+ NOT-FOR-US: WebAPP
CVE-2007-1177 (WebAPP before 0.9.9.5 does not properly filter certain characters in ...)
- TODO: check
+ NOT-FOR-US: WebAPP
CVE-2007-1176 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before ...)
- TODO: check
+ NOT-FOR-US: WebAPP
CVE-2007-1175 (Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP ...)
- TODO: check
+ NOT-FOR-US: WebAPP
CVE-2007-1174 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before ...)
- TODO: check
+ NOT-FOR-US: WebAPP
CVE-2007-1173
RESERVED
CVE-2007-1172 (SQL injection vulnerability in nukesentinel.php in NukeSentinel ...)
- TODO: check
+ NOT-FOR-US: WebAPP
CVE-2007-1171 (SQL injection vulnerability in includes/nsbypass.php in NukeSentinel ...)
- TODO: check
+ NOT-FOR-US: NukeSentinel
CVE-2007-1170 (SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends ...)
- TODO: check
+ NOT-FOR-US: SimBin Racing
CVE-2007-1169 (The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, ...)
- TODO: check
+ NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1168 (Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before ...)
- TODO: check
+ NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1167 (inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and ...)
- TODO: check
+ NOT-FOR-US: Clanportal
CVE-2007-1166 (SQL injection vulnerability in result.php in Nabopoll 1.2 allows ...)
- TODO: check
+ NOT-FOR-US: Nabopoll
CVE-2007-1165 (Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 ...)
- TODO: check
+ NOT-FOR-US: DBGuestbook
CVE-2007-1164 (Multiple PHP remote file inclusion vulnerabilities in DBImageGallery ...)
- TODO: check
+ NOT-FOR-US: DBImageGallery
CVE-2007-1163 (SQL injection vulnerability in printview.php in webSPELL 4.01.02 and ...)
- TODO: check
+ NOT-FOR-US: webSPELL
CVE-2007-1162 (A certain ActiveX control in the Common Controls Replacement Project ...)
TODO: check
CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in Call ...)
- TODO: check
+ NOT-FOR-US: Call Center Software
CVE-2006-7108 (login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when ...)
- TODO: check
+ - util-linux <unfixed> (low)
CVE-2006-7107 (PHP remote file inclusion vulnerability in upgrade.php in Coalescent ...)
- TODO: check
+ NOT-FOR-US: freePBX
CVE-2006-7106 (PHP remote file inclusion vulnerability in config.inc.php3 in Power ...)
- TODO: check
+ NOT-FOR-US: Power Phlogger
CVE-2006-7105 (** DISPUTED ** ...)
- TODO: check
+ - smarty <not-affected> (described vulnerability never existed)
CVE-2006-7104 (PHP remote file inclusion vulnerability in htmltemplate.php in the ...)
- TODO: check
+ NOT-FOR-US: MOStlyContent Editor
CVE-2006-7103 (Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 ...)
- TODO: check
+ NOT-FOR-US: EZOnlineGallery
CVE-2006-7102 (Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal ...)
- TODO: check
+ NOT-FOR-US: phpBurningPortal quiz-modul
CVE-2006-7101 (SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier ...)
- TODO: check
+ NOT-FOR-US: PHPWind
CVE-2006-7100 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: phpBB Insert User
CVE-2006-7099 (Directory traversal vulnerability in index.php in SolarPay allows ...)
- TODO: check
+ NOT-FOR-US: SolarPay
CVE-2006-7098 (The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server ...)
- apache 1.3.34-4.1 (low; bug #357561)
CVE-2006-7097 (Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have ...)
- TODO: check
+ NOT-FOR-US: TaskFreak!
CVE-2006-7096 (Buffer overflow in the network_host_handle_join function in host.c in ...)
- TODO: check
+ NOT-FOR-US: dimension 3 engine
CVE-2006-7095 (Integer signedness error in the network_receive_packet function in ...)
- TODO: check
+ NOT-FOR-US: dimension 3 engine
CVE-2006-7094 (ftpd, as used by Gentoo and Debian Linux, sets the gid to the ...)
- TODO: check
+ - linux-ftpd 0.17-23 (bug #384454; low)
CVE-2005-4832 (SQL injection vulnerability in the Oracle Database Server 10g allows ...)
- TODO: check
+ NOT-FOR-US: Oracle Database Server
CVE-2005-4831 (viewcvs in ViewCVS 0.9.2 allows remote attackers to set the ...)
TODO: check
CVE-2005-4830 (CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote ...)
- TODO: check
+ - viewcvs <unfixed> (low)
CVE-2004-2680 (mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly ...)
TODO: check
CVE-2007-1218 (Off-by-one buffer overflow in the parse_elements function in the ...)
@@ -846,7 +848,7 @@
CVE-2007-1006 (Multiple format string vulnerabilities in the ...)
- ekiga 2.0.3-2.1 (bug #411944; high)
CVE-2007-1005 (Heap-based buffer overflow in SW3eng.exe in the eID Engine service in ...)
- TODO: check
+ NOT-FOR-US: eTrust Intrusion Detection
CVE-2007-1004 (Mozilla Firefox mmight allow remote attackers to condut spoofing and ...)
- iceweasel <unfixed> (low)
CVE-2007-1003
@@ -874,7 +876,7 @@
[sarge] - mozilla-firefox <unfixed> (low)
[sarge] - mozilla <unfixed> (low)
CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x ...)
- TODO: check
+ - iceweasel 2.0.0.2+dfsg-2 (medium)
CVE-2007-0993
RESERVED
CVE-2007-0992
@@ -1519,7 +1521,7 @@
[sarge] - mozilla-thunderbird <unfixed> (low)
[sarge] - mozilla <unfixed> (high)
CVE-2007-0774 (Stack-based buffer overflow in the map_uri_to_worker function ...)
- TODO: check
+ - tomcat5.5 <unfixed> (medium)
CVE-2007-0773
RESERVED
CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows ...)
@@ -1668,21 +1670,21 @@
CVE-2007-0719
RESERVED
CVE-2007-0718 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2007-0717 (Integer overflow in Apple QuickTime before 7.1.5 allows remote ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2007-0716 (Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2007-0715 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2007-0714 (Integer overflow in Apple QuickTime before 7.1.5 allows remote ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2007-0713 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2007-0712 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2007-0711 (Integer overflow in Apple QuickTime before 7.1.5, when installed on ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2007-0710 (The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote ...)
NOT-FOR-US: Apple iChat
CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...)
@@ -10191,7 +10193,7 @@
CVE-2006-3893 (Multiple buffer overflows in the ActiveX controls in Newtone ImageKit ...)
NOT-FOR-US: Newtone ImageKit
CVE-2006-3892 (The Management Console server in EMC NetWorker (formerly Legato ...)
- TODO: check
+ NOT-FOR-US: EMC NetWorker
CVE-2006-3891
RESERVED
CVE-2006-3890 (Stack-based buffer overflow in the Sky Software FileView ActiveX ...)
@@ -29273,7 +29275,7 @@
CVE-2005-1731
RESERVED
CVE-2005-1730 (Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in ...)
- TODO: check
+ NOT-FOR-US: Novell iManager
CVE-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...)
NOT-FOR-US: Novell
CVE-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...)
More information about the Secure-testing-commits
mailing list