[Secure-testing-commits] r5783 - data/CVE
Florian Weimer
fw at alioth.debian.org
Fri May 4 18:17:31 UTC 2007
Author: fw
Date: 2007-05-04 18:17:26 +0000 (Fri, 04 May 2007)
New Revision: 5783
Modified:
data/CVE/list
Log:
Normalize NFUs for Cisco products
The previous attempt at separating things was rather inconsistent,
which is no surprise given Cisco's product portfolio. Some of the CVE
split decisions do not obey product boundaries, either
(e.g. CVE-2004-1775).
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-05-04 18:06:41 UTC (rev 5782)
+++ data/CVE/list 2007-05-04 18:17:26 UTC (rev 5783)
@@ -32,11 +32,11 @@
CVE-2007-2465 (Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing ...)
NOT-FOR-US: Sun Solaris
CVE-2007-2464 (Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 ...)
- NOT-FOR-US: CIsco
+ NOT-FOR-US: Cisco
CVE-2007-2463 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...)
- NOT-FOR-US: CIsco
+ NOT-FOR-US: Cisco
CVE-2007-2462 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...)
- NOT-FOR-US: CIsco
+ NOT-FOR-US: Cisco
CVE-2007-2461 (The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and ...)
NOT-FOR-US: Cisco
CVE-2007-2460 (PHP remote file inclusion vulnerability in ...)
@@ -1398,9 +1398,9 @@
- php5 <unfixed> (unimportant)
NOTE: open_basedir bypasses not supported
CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco ...)
- NOT-FOR-US: Cisco Unified Presence Server
+ NOT-FOR-US: Cisco
CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco ...)
- NOT-FOR-US: Cisco Unified CallManager
+ NOT-FOR-US: Cisco
CVE-2007-1832 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
NOT-FOR-US: WebAPP
CVE-2007-1831 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
@@ -1414,7 +1414,7 @@
CVE-2007-1827 (Multiple unspecified vulnerabilities in form input validation in ...)
NOT-FOR-US: WebAPP
CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco ...)
- NOT-FOR-US: Cisco Unified CallManager
+ NOT-FOR-US: Cisco
CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before ...)
NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 ...)
@@ -1467,7 +1467,7 @@
CVE-2007-1801 (Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta ...)
NOT-FOR-US: sBLOG
CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco Trust ...)
- NOT-FOR-US: Cisco Secure ACS
+ NOT-FOR-US: Cisco
CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...)
- ktorrent <unfixed> (medium)
CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows ...)
@@ -2260,7 +2260,7 @@
CVE-2007-1468 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest ...)
NOT-FOR-US: IBM Rational ClearQuest
CVE-2007-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- NOT-FOR-US: Cisco Secure Access Control Server
+ NOT-FOR-US: Cisco
CVE-2007-1466 (Integer overflow in the the WP6GeneralTextPacket::_readContents ...)
- libwpd 0.8.9-1 (medium)
[etch] - libwpd 0.8.7-6
@@ -2873,9 +2873,9 @@
CVE-2007-1259 (Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have ...)
NOT-FOR-US: WebAPP
CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and ...)
- NOT-FOR-US: Cisco IOS
+ NOT-FOR-US: Cisco
CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, ...)
- NOT-FOR-US: Cisco Catalyst
+ NOT-FOR-US: Cisco
CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address ...)
- iceweasel <unfixed> (medium)
CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in ...)
@@ -3314,25 +3314,25 @@
CVE-2007-1073 (Static code injection vulnerability in install.php in mcRefer allows ...)
NOT-FOR-US: mcRefer
CVE-2007-1072 (The command line interface (CLI) in Cisco Unified IP Phone 7906G, ...)
- NOT-FOR-US: Cisco Unified IP Phone
+ NOT-FOR-US: Cisco
CVE-2007-1071 (Integer overflow in the gifGetBandProc function in ImageIO in Apple ...)
NOT-FOR-US: Apple ImageIO
CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows ...)
TODO: check
CVE-2007-1068 (The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, ...)
- NOT-FOR-US: Cisco Secure Services Client
+ NOT-FOR-US: Cisco
CVE-2007-1067 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
- NOT-FOR-US: Cisco Secure Services Client
+ NOT-FOR-US: Cisco
CVE-2007-1066 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
- NOT-FOR-US: Cisco Secure Services Client
+ NOT-FOR-US: Cisco
CVE-2007-1065 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
- NOT-FOR-US: Cisco Secure Services Client
+ NOT-FOR-US: Cisco
CVE-2007-1064 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
- NOT-FOR-US: Cisco Secure Services Client
+ NOT-FOR-US: Cisco
CVE-2007-1063 (The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, ...)
- NOT-FOR-US: Cisco Unified IP Phone
+ NOT-FOR-US: Cisco
CVE-2007-1062 (The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and ...)
- NOT-FOR-US: Cisco Unified IP Conference Station
+ NOT-FOR-US: Cisco
CVE-2007-1061 (SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke ...)
NOT-FOR-US: PHP-Nuke
CVE-2007-1060 (Multiple PHP remote file inclusion vulnerabilities in Interspire ...)
@@ -3722,25 +3722,25 @@
CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester ...)
NOT-FOR-US: WebTester
CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) ...)
- NOT-FOR-US: Cisco FWSM
+ NOT-FOR-US: Cisco
CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows ...)
- NOT-FOR-US: Cisco FWSM
+ NOT-FOR-US: Cisco
CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the ...)
- NOT-FOR-US: Cisco FWSM
+ NOT-FOR-US: Cisco
CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to ...)
- NOT-FOR-US: Cisco FWSM
+ NOT-FOR-US: Cisco
CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to ...)
- NOT-FOR-US: Cisco FWSM
+ NOT-FOR-US: Cisco
CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x ...)
- NOT-FOR-US: Cisco FWSM
+ NOT-FOR-US: Cisco
CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before ...)
- NOT-FOR-US: Cisco PIX
+ NOT-FOR-US: Cisco
CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before ...)
- NOT-FOR-US: Cisco PIX
+ NOT-FOR-US: Cisco
CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series ...)
- NOT-FOR-US: Cisco PIX
+ NOT-FOR-US: Cisco
CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when ...)
- NOT-FOR-US: Cisco PIX
+ NOT-FOR-US: Cisco
CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable ...)
{DSA-1286-1}
- linux-2.6 2.6.20-1 (unimportant)
@@ -3825,9 +3825,9 @@
CVE-2007-0919 (Directory traversal vulnerability in Nickolas Grigoriadis Mini Web ...)
NOT-FOR-US: MiniWebsvr
CVE-2007-0918 (The ATOMIC.TCP signature engine in the Intrusion Prevention System ...)
- NOT-FOR-US: Cisco IOS
+ NOT-FOR-US: Cisco
CVE-2007-0917 (The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to ...)
- NOT-FOR-US: Cisco IOS
+ NOT-FOR-US: Cisco
CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
NOT-FOR-US: HP-UX
CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers ...)
@@ -9243,7 +9243,7 @@
CVE-2006-5554 (Directory traversal vulnerability in index.php in Imageview 5 allows ...)
NOT-FOR-US: Imageview
CVE-2006-5553 (Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 ...)
- NOT-FOR-US: Cisco Security Agent
+ NOT-FOR-US: Cisco
CVE-2006-5552 (Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and ...)
NOT-FOR-US: RevilloC MailServer
CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow ...)
@@ -13419,11 +13419,11 @@
CVE-2006-3735 (Multiple PHP remote file inclusion vulnerabilities in Mail2Forum ...)
NOT-FOR-US: Mail2Forum
CVE-2006-3734 (Multiple unspecified vulnerabilities in the Command Line Interface ...)
- NOT-FOR-US: CS-MARS
+ NOT-FOR-US: Cisco
CVE-2006-3733 (jmx-console/HtmlAdaptor in the jmx-console in the JBoss web ...)
- NOT-FOR-US: Cisco / JBoss
+ NOT-FOR-US: Cisco
CVE-2006-3732 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
- NOT-FOR-US: CS-MARS
+ NOT-FOR-US: Cisco
CVE-2006-3731 (Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted ...)
- firefox 1.5.dfsg+1.5.0.6-1 (bug #379050; low)
[sarge] - mozilla-firefox <not-affected> (Unreproducible on Sarge)
@@ -14522,7 +14522,7 @@
CVE-2006-3227 (Interpretation conflict between Internet Explorer and other web ...)
NOT-FOR-US: Internet Explorer
CVE-2006-3226 (Cisco Secure Access Control Server (ACS) 4.x for Windows uses the ...)
- NOT-FOR-US: Cisco Secure Access Control Server
+ NOT-FOR-US: Cisco
CVE-2006-3225 (Cross-site scripting (XSS) vulnerability in Sun ONE Application Server ...)
NOT-FOR-US: Sun ONE Application Server
CVE-2006-3224 (Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote ...)
@@ -14775,7 +14775,7 @@
CVE-2006-3110 (Cross-site scripting (XSS) vulnerability in main.php in Chipmailer ...)
NOT-FOR-US: Chipmailer
CVE-2006-3109 (Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 ...)
- NOT-FOR-US: Cisco CallManager
+ NOT-FOR-US: Cisco
CVE-2006-3108 (Cross-site scripting (XSS) vulnerability in EmailArchitect Email ...)
NOT-FOR-US: EmailArchitect
CVE-2006-3107 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
@@ -14791,7 +14791,7 @@
CVE-2006-3102 (Race condition in articles/BitArticle.php in Bitweaver 1.3, when run ...)
NOT-FOR-US: Bitweaver
CVE-2006-3101 (Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco ...)
- NOT-FOR-US: Cisco Secure ACS
+ NOT-FOR-US: Cisco
CVE-2006-3099
RESERVED
CVE-2006-3098
@@ -14855,7 +14855,7 @@
CVE-2006-3074 (klif.sys in Kaspersky Anti-Virus 6.0.0.300 and earlier, Internet ...)
NOT-FOR-US: Several Kaspersky products
CVE-2006-3073 (Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN ...)
- NOT-FOR-US: Cisco VPN products
+ NOT-FOR-US: Cisco
CVE-2006-3072 (M4 Macro Library in Symantec Security Information Manager before ...)
NOT-FOR-US: Symantec Security Information Manager
CVE-2006-3071 (Cross-site scripting (XSS) vulnerability in index.php in MP3 ...)
@@ -15794,7 +15794,7 @@
CVE-2006-2680 (Cross-site scripting (XSS) vulnerability in index.php in AZ Photo ...)
NOT-FOR-US: AZ Photo Album
CVE-2006-2679 (Unspecified vulnerability in the VPN Client for Windows Graphical User ...)
- NOT-FOR-US: Cisco VPN Client
+ NOT-FOR-US: Cisco
CVE-2006-2678 (Multiple cross-site scripting (XSS) vulnerabilities in Pre News ...)
NOT-FOR-US: Pre News Manager
CVE-2006-2677 (SiteScape Forum 7.2 and possibly earlier stores the avf.rc ...)
@@ -18261,11 +18261,11 @@
CVE-2006-1673 (Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard ...)
NOT-FOR-US: Dark_Wizard vBug Tracker
CVE-2006-1672 (The installation of Cisco Transport Controller (CTC) for Cisco Optical ...)
- NOT-FOR-US: Cisco Optical Networking
+ NOT-FOR-US: Cisco
CVE-2006-1671 (Control cards for Cisco Optical Networking System (ONS) 15000 series ...)
- NOT-FOR-US: Cisco Optical Networking
+ NOT-FOR-US: Cisco
CVE-2006-1670 (Control cards for Cisco Optical Networking System (ONS) 15000 series ...)
- NOT-FOR-US: Cisco Optical Networking
+ NOT-FOR-US: Cisco
CVE-2006-1669 (SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team ...)
NOT-FOR-US: PHPMyChat
CVE-2006-1668 (newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka ...)
@@ -21119,7 +21119,7 @@
CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the FACE ...)
NOT-FOR-US: FACE CONTROL product
CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0 through ...)
- NOT-FOR-US: Cisco VPN 3000
+ NOT-FOR-US: Cisco
CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...)
{DSA-1017-1}
- linux-2.6 2.6.15-4
@@ -21472,9 +21472,9 @@
- mysql-dfsg-4.1 <unfixed> (unimportant)
NOTE: This isn't a security hole, it's expected behaviour
CVE-2006-0368 (Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before ...)
- NOT-FOR-US: Cisco CallManager
+ NOT-FOR-US: Cisco
CVE-2006-0367 (Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 ...)
- NOT-FOR-US: Cisco CallManager
+ NOT-FOR-US: Cisco
CVE-2006-0366 (Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) ...)
NOT-FOR-US: Phpclanwebsite
CVE-2006-0365 (Cross-site scripting (XSS) vulnerability in XMB (aka extreme message ...)
@@ -21500,7 +21500,7 @@
CVE-2006-0355 (Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers ...)
NOT-FOR-US: Helmsman Research (aka CoolUtils) HomeFtp
CVE-2006-0354 (Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) ...)
- NOT-FOR-US: Cisco IOS
+ NOT-FOR-US: Cisco
CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs ...)
NOT-FOR-US: Fluffington FLog
CVE-2006-0351 (Unspecified "critical denial-of-service vulnerability" in MyDNS before ...)
@@ -21530,7 +21530,7 @@
CVE-2006-0341 (Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe ...)
NOT-FOR-US: RockLiffe MailSite
CVE-2006-0340 (Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) ...)
- NOT-FOR-US: Cisco IOS
+ NOT-FOR-US: Cisco
CVE-2006-0339 (Buffer overflow in BitComet Client 0.60 allows remote attackers to ...)
NOT-FOR-US: BitComet
CVE-2006-0338 (Multiple F-Secure Anti-Virus products and versions for Windows and ...)
@@ -21966,11 +21966,11 @@
CVE-2006-0182 (login.php in ACal Calendar Project 2.2.5 allows remote attackers to ...)
NOT-FOR-US: ACal Calendar Project
CVE-2006-0181 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
- NOT-FOR-US: Cisco CS-MARS
+ NOT-FOR-US: Cisco
CVE-2006-0180 (Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 ...)
NOT-FOR-US: CaLogic Calendars
CVE-2006-0179 (The Cisco IP Phone 7940 allows remote attackers to cause a denial of ...)
- NOT-FOR-US: Cisco IP Phone
+ NOT-FOR-US: Cisco
CVE-2006-0178 (Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local ...)
NOT-FOR-US: Cray UNICOS
CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local ...)
@@ -23187,7 +23187,7 @@
CVE-2005-4259 (Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote ...)
NOT-FOR-US: ASPBB
CVE-2005-4258 (Unspecified Cisco Catalyst Switches allow remote attackers to cause a ...)
- NOT-FOR-US: Cisco hardware
+ NOT-FOR-US: Cisco
CVE-2005-4257 (Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial ...)
NOT-FOR-US: Linksys hardware
CVE-2005-4256 (Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM ...)
@@ -24104,7 +24104,7 @@
CVE-2005-3887 (Gadu-Gadu 7.20 does not properly handle MS-DOS device names in ...)
NOT-FOR-US: Gadu-Gadu
CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and ...)
- NOT-FOR-US: Cisco Security Agent
+ NOT-FOR-US: Cisco
CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before ...)
{DSA-916-1}
- inkscape 0.42-1 (bug #321501; low)
@@ -24266,9 +24266,9 @@
CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in Linux ...)
- linux-2.6 2.6.14-1 (medium)
CVE-2005-3804 (Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support ...)
- NOT-FOR-US: Cisco hardware
+ NOT-FOR-US: Cisco
CVE-2005-3803 (Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ...)
- NOT-FOR-US: Cisco hardware
+ NOT-FOR-US: Cisco
CVE-2005-3802 (Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 ...)
NOT-FOR-US: Belkin hardware
CVE-2005-3801 (CounterPane PasswordSafe 1.x and 2.x allows local users to test ...)
@@ -24300,7 +24300,7 @@
CVE-2005-3789 (Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow ...)
NOT-FOR-US: phpwcms
CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), ...)
- NOT-FOR-US: Cisco appliance
+ NOT-FOR-US: Cisco
CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
{DSA-880-1}
- phpmyadmin 4:2.6.4-pl4-1 (bug #360726)
@@ -24421,7 +24421,7 @@
CVE-2005-3775 (PHP remote file inclusion vulnerability in pollvote.php in PollVote ...)
NOT-FOR-US: PollVote
CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of ...)
- NOT-FOR-US: Cisco hardware
+ NOT-FOR-US: Cisco
CVE-2005-3773 (Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact ...)
NOT-FOR-US: Joomla
CVE-2005-3772 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow ...)
@@ -24656,7 +24656,7 @@
CVE-2005-3670 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...)
NOT-FOR-US: HP-UX's IKE implementation
CVE-2005-3669 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...)
- NOT-FOR-US: Cisco's IKE implementation
+ NOT-FOR-US: Cisco
CVE-2005-3668 (Multiple buffer overflows in multiple unspecified implementations of ...)
NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3667 (Multiple unspecified vulnerabilities in multiple unspecified ...)
@@ -25523,7 +25523,7 @@
{DSA-887-1 DTSA-21-1}
- clamav 0.87.1-1 (medium)
CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in ...)
- NOT-FOR-US: Cisco hardware
+ NOT-FOR-US: Cisco
CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute ...)
NOT-FOR-US: IOS
CVE-2005-3480 (login.asp in Ringtail CaseBook 6.1.0 displays different error messages ...)
@@ -25635,7 +25635,7 @@
CVE-2005-3427 (The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit ...)
NOT-FOR-US: IPS Sensors
CVE-2005-3426 (Cisco CSS 11500 Content Services Switch (CSS) with SSL termination ...)
- NOT-FOR-US: Cisco hardware
+ NOT-FOR-US: Cisco
CVE-2005-3425 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 ...)
{DSA-877-1}
- gnump3d 2.9.6-1
@@ -29882,13 +29882,13 @@
CVE-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers ...)
NOT-FOR-US: BIG-IP
CVE-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and ...)
- NOT-FOR-US: Cisco CallManager
+ NOT-FOR-US: Cisco
CVE-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and ...)
- NOT-FOR-US: Cisco CallManager
+ NOT-FOR-US: Cisco
CVE-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
- NOT-FOR-US: Cisco CallManager
+ NOT-FOR-US: Cisco
CVE-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
- NOT-FOR-US: Cisco CallManager
+ NOT-FOR-US: Cisco
CVE-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...)
{DSA-1003-1}
- xpvm 1.2.5-8 (bug #318285; medium)
@@ -31475,7 +31475,7 @@
CVE-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 ...)
NOT-FOR-US: Loki download manager
CVE-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to ...)
- NOT-FOR-US: Cisco hardware issue
+ NOT-FOR-US: Cisco
CVE-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) ...)
NOT-FOR-US: SilverCity
CVE-2005-1940
@@ -34221,7 +34221,7 @@
CVE-1999-1583 (Buffer overflow in nslookup for AIX 4.3 allows local users to execute ...)
NOT-FOR-US: AIX
CVE-1999-1582 (By design, the "established" command on the Cisco PIX firewall allows ...)
- NOT-FOR-US: Cisco PIX
+ NOT-FOR-US: Cisco
CVE-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent ...)
NOT-FOR-US: Windows
CVE-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding ...)
@@ -34809,7 +34809,7 @@
CVE-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) ...)
NOT-FOR-US: Microsoft
CVE-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and ...)
- NOT-FOR-US: Cisco Hardware issue
+ NOT-FOR-US: Cisco
CVE-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...)
NOT-FOR-US: Sybase ASE
CVE-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...)
@@ -37662,7 +37662,7 @@
CVE-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc toolbar ...)
NOT-FOR-US: AtHoc toolbar
CVE-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS ...)
- NOT-FOR-US: CIsco
+ NOT-FOR-US: Cisco
CVE-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows ...)
NOT-FOR-US: NodeManager Professional
CVE-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin ...)
@@ -38301,7 +38301,7 @@
CVE-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow ...)
NOT-FOR-US: Netbsd
CVE-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft ...)
- NOT-FOR-US: Microsoft/Cisco
+ NOT-FOR-US: Cisco
CVE-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...)
NOT-FOR-US: Asante FM2008
CVE-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...)
@@ -40620,7 +40620,7 @@
CVE-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of ...)
- apache 1.3.31-2
CVE-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...)
- NOT-FOR-US: Cisco Wireless LAN Solution Engine
+ NOT-FOR-US: Cisco
CVE-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style ...)
NOT-FOR-US: SCO OpenServer
CVE-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...)
@@ -40897,7 +40897,7 @@
CVE-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of ...)
NOT-FOR-US: Web Crossing
CVE-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch ...)
- NOT-FOR-US: Cisco Systems
+ NOT-FOR-US: Cisco
CVE-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, ...)
NOT-FOR-US: AIX
CVE-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...)
@@ -41244,7 +41244,7 @@
- tcpdump 3.8.3-1
NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier.
CVE-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
- NOT-FOR-US: Cisco IOS
+ NOT-FOR-US: Cisco
CVE-2004-0053 (Multiple content security gateway and antivirus products allow remote ...)
NOT-FOR-US: Multiple security gateways MIME parsing stuff
CVE-2004-0052 (Multiple content security gateway and antivirus products allow remote ...)
@@ -41468,7 +41468,7 @@
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.24-rc1)
CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...)
- NOT-FOR-US: Cisco Unity on IBM servers
+ NOT-FOR-US: Cisco
CVE-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...)
NOT-FOR-US: Cisco
CVE-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...)
@@ -42516,7 +42516,7 @@
CVE-2003-0512 (Cisco IOS 12.2 and earlier generates a "% Login invalid" message ...)
NOT-FOR-US: Cisco
CVE-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...)
- NOT-FOR-US: Cisco Aironet AP1x00 Series Wireless devices
+ NOT-FOR-US: Cisco
CVE-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...)
NOT-FOR-US: ezbounce
CVE-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...)
@@ -44093,7 +44093,7 @@
CVE-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...)
NOT-FOR-US: Sabre Desktop
CVE-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which ...)
- NOT-FOR-US: Cisco IOS
+ NOT-FOR-US: Cisco
CVE-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: Microsoft IIS
CVE-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...)
@@ -45185,7 +45185,7 @@
CVE-2002-1493 (Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook ...)
NOT-FOR-US: Lycos
CVE-2002-1491 (The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most ...)
- NOT-FOR-US: Cisco VPN 5000 Client for MacOS
+ NOT-FOR-US: Cisco
CVE-2002-1490 (NetBSD 1.4 through 1.6 beta allows local users to cause a denial of ...)
NOT-FOR-US: NetBSD
CVE-2002-1479 (Cacti before 0.6.8 stores a MySQL username and password in plaintext ...)
@@ -45213,7 +45213,7 @@
CVE-2002-1448 (An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya ...)
NOT-FOR-US: Avaya P330, P130, and M770-ATM Cajun products
CVE-2002-1447 (Buffer overflow in the vpnclient program for UNIX VPN Client before ...)
- NOT-FOR-US: Cisco vpn client for UNIX
+ NOT-FOR-US: Cisco
CVE-2002-1446 (The error checking routine used for the C_Verify call on a symmetric ...)
NOT-FOR-US: nCipher PKCS#11 library
CVE-2002-1443 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...)
More information about the Secure-testing-commits
mailing list