[Secure-testing-commits] r6990 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Tue Oct 16 21:43:44 UTC 2007
Author: nion
Date: 2007-10-16 21:43:43 +0000 (Tue, 16 Oct 2007)
New Revision: 6990
Modified:
data/CVE/list
Log:
CVE-2007-5471 fixed in libgssapi 0.8-1
new issue: CVE-2007-5469 openser
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-16 21:19:01 UTC (rev 6989)
+++ data/CVE/list 2007-10-16 21:43:43 UTC (rev 6990)
@@ -1,25 +1,26 @@
CVE-2007-5471 (libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in ...)
- TODO: check
+ - libgssapi 0.8-1
CVE-2007-5470 (Microsoft Expression Media stores the catalog password in cleartext in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Expression Media
CVE-2007-5469 (OpenSER 1.2.2 does not verify the Digest authentication header URI ...)
- TODO: check
+ - openser <unfixed> (low)
+ NOTE: should be only "exploitable" in local network with untrusted users
CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-5467 (Unspecified vulnerability in eXtremail 2.1.1 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: eXtremail
CVE-2007-5466 (Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote ...)
- TODO: check
+ NOT-FOR-US: eXtremail
CVE-2007-5465 (Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: doop CMS
CVE-2007-5464 (Buffer overflow in Live for Speed 0.5X10 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: Live for Speed
CVE-2007-5463 (ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta ...)
- TODO: check
+ NOT-FOR-US: ViArt Shop
CVE-2007-5462 (Unspecified vulnerability in the Sun Solaris RPC services library ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2007-5460 (Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak ...)
- TODO: check
+ NOT-FOR-US: Microsoft ActiveSync
CVE-2007-5459 (Cross-site scripting (XSS) vulnerability in the sidebar HTML page in ...)
NOT-FOR-US: MouseoverDictionary
CVE-2007-5458 (SQL injection vulnerability in index.php in the newsletter module 1.0 ...)
More information about the Secure-testing-commits
mailing list