[Secure-testing-commits] r6991 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Tue Oct 16 22:24:05 UTC 2007
Author: nion
Date: 2007-10-16 22:24:05 +0000 (Tue, 16 Oct 2007)
New Revision: 6991
Modified:
data/CVE/list
Log:
CVE-2002-2255 fixed in phpbb2 2.0.13-6sarge3
CVE-2002-2254 linux-2.4 removed
CVE-2002-2253 libsieve not-affected
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-16 21:43:43 UTC (rev 6990)
+++ data/CVE/list 2007-10-16 22:24:05 UTC (rev 6991)
@@ -3,7 +3,7 @@
CVE-2007-5470 (Microsoft Expression Media stores the catalog password in cleartext in ...)
NOT-FOR-US: Microsoft Expression Media
CVE-2007-5469 (OpenSER 1.2.2 does not verify the Digest authentication header URI ...)
- - openser <unfixed> (low)
+ - openser <unfixed> (low; bug #446956)
NOTE: should be only "exploitable" in local network with untrusted users
CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest ...)
NOT-FOR-US: Cisco
@@ -204,61 +204,63 @@
CVE-2002-2256 (Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier ...)
NOT-FOR-US: pWins
CVE-2002-2255 (Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 ...)
- TODO: check
+ - phpbb2 2.0.13-6sarge3
+ NOTE: might be fixed in prior versions
CVE-2002-2254 (The experimental IP packet queuing feature in Netfilter / IPTables in ...)
- TODO: check
+ - linux-2.4 <removed>
CVE-2002-2253 (Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier ...)
- TODO: check
+ - libsieve <not-affected> (was fixed in 2.1.3 before debian version was uploaded)
CVE-2002-2252 (SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and ...)
- TODO: check
+ NOT-FOR-US: Thatware
CVE-2002-2251 (Buffer overflow in the changevalue function in libcgi.h for Marcos ...)
- TODO: check
+ NOT-FOR-US: Marcos Luiz Onisto
CVE-2002-2250 (Multiple buffer overflows in Sybase Adaptive Server 12.0 and 12.5 ...)
- TODO: check
+ NOT-FOR-US: Sybase
CVE-2002-2249 (PHP remote file inclusion vulnerability in News Evolution 2.0 allows ...)
- TODO: check
+ NOT-FOR-US: News Evolution
CVE-2002-2248 (Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class ...)
- TODO: check
+ NOT-FOR-US: Netscape
CVE-2002-2247 (The administrator/phpinfo.php script in Mambo Site Server 4.0.11 ...)
- TODO: check
+ NOT-FOR-US: Mambo
+ NOTE: mambo is in experimental
CVE-2002-2246 (Cross-site scripting (XSS) vulnerability in VisNetic Website before ...)
- TODO: check
+ NOT-FOR-US: VisNetic Website
CVE-2002-2245 (ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a ...)
- TODO: check
+ NOT-FOR-US: NetBSD ftpd
CVE-2002-2244 (Akfingerd 0.5 and earlier versions allow local users to cause a denial ...)
- TODO: check
+ NOT-FOR-US: Akfingerd
CVE-2002-2243 (Akfingerd 0.5 and possibly earlier versions only allows one connection ...)
- TODO: check
+ NOT-FOR-US: Akfingerd
CVE-2002-2242 (The Apple Package Manager in KisMAC 0.02a and earlier modifies file ...)
- TODO: check
+ NOT-FOR-US: Apple Package Manager of KisMAC
CVE-2002-2241 (Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before ...)
- TODO: check
+ NOT-FOR-US: Deerfield VisNetic WebSite
CVE-2002-2240 (Directory traversal vulnerability in MyServer 0.11 and 0.2 allows ...)
- TODO: check
+ NOT-FOR-US: MyServer
CVE-2002-2239 (The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2002-2238 (Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 ...)
- TODO: check
+ NOT-FOR-US: Kunani ODBC FTP Server
CVE-2002-2237 (tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: tftp32 TFTP
CVE-2002-2236 (Format string vulnerability in the awp_log function in apt-www-proxy ...)
- TODO: check
+ NOT-FOR-US: apt-www-proxy
CVE-2002-2235 (member2.php in vBulletin 2.2.9 and earlier does not properly restrict ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2002-2234 (NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the ...)
- TODO: check
+ NOT-FOR-US: NetScreen ScreenOS
CVE-2002-2233 (Directory traversal vulnerability in Enceladus Server Suite 3.9 allows ...)
- TODO: check
+ NOT-FOR-US: Enceladus Server Suite
CVE-2002-2232 (Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Enceladus Server Suite
CVE-2002-2231 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows ...)
- TODO: check
+ NOT-FOR-US: Ikonboard
CVE-2002-2230 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows ...)
- TODO: check
+ NOT-FOR-US: Ikonboard
CVE-2002-2229 (Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 ...)
- TODO: check
+ NOT-FOR-US: WebReflex
CVE-2002-2228 (MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers ...)
- TODO: check
+ - mailscanner 4.22.5-1
CVE-2007-5461 (Absolute path traversal vulnerability in Apache Tomcat, under certain ...)
TODO: check
CVE-2007-5391 (Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 ...)
More information about the Secure-testing-commits
mailing list