[Secure-testing-commits] r6567 - data/CVE
keescook-guest at alioth.debian.org
keescook-guest at alioth.debian.org
Mon Sep 10 23:03:17 UTC 2007
Author: keescook-guest
Date: 2007-09-10 23:03:16 +0000 (Mon, 10 Sep 2007)
New Revision: 6567
Modified:
data/CVE/list
Log:
NFUs: 31
unfixed: alien-arena tomcat5.5
fixed: dar nvclock sun-java6 wordpress
not-affected: apache2
removed: tomcat5
fixed name of t1lib
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-09-10 21:14:09 UTC (rev 6566)
+++ data/CVE/list 2007-09-10 23:03:16 UTC (rev 6567)
@@ -1,27 +1,27 @@
CVE-2007-4764 (Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 ...)
- TODO: check
+ NOT-FOR-US: Pawfaliki
CVE-2007-4763 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: PHPOF
CVE-2007-4762 (Multiple SQL injection vulnerabilities in embadmin/login.asp in ...)
- TODO: check
+ NOT-FOR-US: E-SMARTCART
CVE-2007-4761 (Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 ...)
- TODO: check
+ NOT-FOR-US: Barbo91
CVE-2007-4760 (The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus ...)
- TODO: check
+ NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4759 (Multiple unspecified vulnerabilities in the image-processing APIs in ...)
- TODO: check
+ NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4758 (Multiple buffer overflows in the image-processing APIs in Cosminexus ...)
- TODO: check
+ NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4757 (PHP remote file inclusion vulnerability in menu.php in phpMytourney ...)
- TODO: check
+ NOT-FOR-US: phpMytourney
CVE-2007-4756 (Directory traversal vulnerability in the FTP client in Total Commander ...)
- TODO: check
+ NOT-FOR-US: Total Commander
CVE-2007-4755 (Alien Arena 2007 6.10 and earlier allows remote attackers to cause a ...)
- TODO: check
+ - alien-arena <unfixed> (low)
CVE-2007-4754 (Format string vulnerability in the safe_bprintf function in ...)
- TODO: check
+ - alien-arena <unfixed> (medium)
CVE-2007-4753 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: Thomson ST 2030 SIP phone
CVE-2007-4751
RESERVED
CVE-2007-4750
@@ -609,13 +609,13 @@
CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on ...)
NOT-FOR-US: Solaris
CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9 before ...)
- TODO: check
+ NOT-FOR-US: eZ publish
CVE-2007-4493 (eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check ...)
- TODO: check
+ NOT-FOR-US: eZ publish
CVE-2007-4492 (Multiple unspecified vulnerabilities in the ata disk driver in Sun ...)
NOT-FOR-US: Solaris
CVE-2007-4491 (SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows ...)
- TODO: check
+ NOT-FOR-US: Gurur haber
CVE-2007-4490 (Multiple buffer overflows in EarthAgent.exe in Trend Micro ...)
NOT-FOR-US: Trend Micro
CVE-2007-4489 (Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 ...)
@@ -627,19 +627,19 @@
CVE-2007-4486 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
NOT-FOR-US: Linkliste
CVE-2007-4485 (PHP remote file inclusion vulnerability in visitor.php in Butterfly ...)
- TODO: check
+ NOT-FOR-US: Butterfly online visitors counter
CVE-2007-4484 (PHP remote file inclusion vulnerability in login.php in My_REFERER ...)
- TODO: check
+ NOT-FOR-US: My_REFERER
CVE-2007-4483 (Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...)
- TODO: check
+ - wordpress 2.1.3-1 (medium)
CVE-2007-4482 (Cross-site scripting (XSS) vulnerability in index.php in the Pool ...)
- TODO: check
+ NOT-FOR-US: Pool 1.0.7 theme for WordPress
CVE-2007-4481 (Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix ...)
- TODO: check
+ NOT-FOR-US: Rus themes for WordPress
CVE-2007-4480 (Cross-site scripting (XSS) vulnerability in index.php in the Sirius ...)
- TODO: check
+ NOT-FOR-US: Sirius 1.0 theme for WordPress
CVE-2007-4479 (Cross-site scripting (XSS) vulnerability in search.html in Search ...)
- TODO: check
+ NOT-FOR-US: Search Engine Builder
CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
TODO: check
CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router allows ...)
@@ -851,7 +851,7 @@
CVE-2007-4383 (** DISPUTED ** ...)
NOT-FOR-US: Trackeur
CVE-2007-4382 (CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote ...)
- TODO: check
+ NOT-FOR-US: CounterPath X-Lite
CVE-2007-4381 (Unspecified vulnerability in the font parsing implementation in Sun ...)
- sun-java5 1.5.0-10-1
CVE-2007-4380 (Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 ...)
@@ -1216,9 +1216,9 @@
CVE-2007-4220 (Directory traversal vulnerability in Motorola Timbuktu Pro before ...)
NOT-FOR-US: Motorola Timbuktu
CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as ...)
- TODO: check
+ NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) ...)
- TODO: check
+ NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-4217
RESERVED
CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before ...)
@@ -1613,7 +1613,7 @@
CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! ...)
NOT-FOR-US: Yahoo! Widgets
CVE-2007-4033 (Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in PHP ...)
- - libt1 <unfixed> (bug #439927)
+ - t1lib <unfixed> (bug #439927)
NOTE: originally posted as a php vuln, actually in libt1
NOTE: http://www.securityfocus.com/bid/25079 (particularly the discussions)
CVE-2007-4032 (Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote ...)
@@ -1950,7 +1950,7 @@
CVE-2007-3874
RESERVED
CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI ...)
- TODO: check
+ NOT-FOR-US: SSAPI Engine
CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace Service ...)
NOT-FOR-US: HP OpenView
CVE-2007-3871
@@ -2005,14 +2005,15 @@
CVE-2007-3850
RESERVED
CVE-2007-3849 (Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced ...)
- TODO: check
+ NOT-FOR-US: RedHat Advanced Intrusion Detection Environment
CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to send ...)
{DSA-1356-1}
- linux-2.6 2.6.22-4
CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in ...)
- TODO: check
+ - apache2 <not-affected> (low)
+ NOTE: Only 2.3.0 affected
CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as used ...)
- TODO: check
+ NOT-FOR-US: TortoiseSVN on Windows
CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x ...)
{DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
- iceweasel 2.0.0.6-1 (medium)
@@ -2346,7 +2347,7 @@
CVE-2007-3717 (rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call ...)
NOT-FOR-US: Sun Solaris
CVE-2007-3716 (The Java XML Digital Signature implementation in Sun JDK and JRE 6 ...)
- TODO: check
+ - sun-java6 6-02-1 (medium)
CVE-2007-3715 (Sun Java System Application Server and Web Server 7.0 through 9.0 ...)
NOT-FOR-US: Sun Java System Application Server and Web Server
CVE-2007-3714 (Directory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 ...)
@@ -2380,7 +2381,7 @@
CVE-2007-3701 (TippingPoint IPS before 20070710 does not properly handle a ...)
NOT-FOR-US: TippingPoint IPS
CVE-2007-3700 (Sun Java System Access Manager (formerly Java System Identity Server) ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Access Manager
CVE-2007-3699
RESERVED
CVE-2007-3698 (The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 ...)
@@ -2556,7 +2557,7 @@
CVE-2007-3619 (Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 ...)
NOT-FOR-US: Maia Mailguard
CVE-2007-3618 (Stack-based buffer overflow in the NetWorker Remote Exec Service ...)
- TODO: check
+ NOT-FOR-US: EMC Software NetWorker
CVE-2007-3617 (The report module in vtiger CRM before 5.0.3 does not properly apply ...)
NOT-FOR-US: vtiger CRM
CVE-2007-3616 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...)
@@ -2736,13 +2737,13 @@
[sarge] - nvidia-kernel-common <no-dsa> (Contrib and non-free not supported)
[etch] - nvidia-kernel-common <no-dsa> (Contrib and non-free not supported)
CVE-2007-3531 (The set_default_speeds function in backend/backend.c in NVidia NVClock ...)
- TODO: check
+ - nvclock 0.8b-1 (low)
CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and ...)
NOT-FOR-US: PHPDirector
CVE-2007-3529 (videos.php in PHPDirector 0.21 and earlier allows remote attackers to ...)
NOT-FOR-US: PHPDirector
CVE-2007-3528 (The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC ...)
- TODO: check
+ - dar 2.3.3-1 (low; bug #425335)
CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated users ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
[etch] - firebird2 <unfixed>
@@ -3121,17 +3122,19 @@
NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
TODO: check ipe (only small parts, but with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp)
CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager Servlet ...)
- TODO: check
+ - tomcat5.5 <unfixed>
CVE-2007-3385 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...)
- TODO: check
+ - tomcat5.5 <unfixed>
+ - tomcat5 <removed>
CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: tomcat 3.3
CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in the ...)
- tomcat4 <removed> (low)
[sarge] - tomcat4 <no-dsa> (minor issue)
NOTE: affects example app in tomcat4-webapps
CVE-2007-3382 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...)
- TODO: check
+ - tomcat5.5 <unfixed>
+ - tomcat5.5 <removed>
CVE-2007-3381 (The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x ...)
- gdm 2.18.4-1 (low)
[sarge] - gdm <no-dsa> (Minor issue)
@@ -4162,7 +4165,7 @@
CVE-2007-2955 (Multiple unspecified "input validation error" vulnerabilities in ...)
NOT-FOR-US: Norton Antivirus/Internet Security/System Works
CVE-2007-2954 (Multiple stack-based buffer overflows in the Spooler service ...)
- TODO: check
+ NOT-FOR-US: Novell Client
CVE-2007-2953 (Format string vulnerability in the helptags_one function in ...)
{DSA-1364-1}
- vim 1:7.1-056+1 (low)
@@ -10584,7 +10587,7 @@
CVE-2007-0438
RESERVED
CVE-2007-0437 (Multiple cross-site scripting (XSS) vulnerabilities in the sample ...)
- TODO: check
+ NOT-FOR-US: InterSystems Cache
CVE-2007-0436 (Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install ...)
NOT-FOR-US: X-Kryptor
CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in ...)
@@ -32630,7 +32633,7 @@
- pine 4.64-1 (medium; bug #348407)
[sarge] - pine <no-dsa> (pine is non-free; doesn't permit distribution of modified binaries)
CVE-2005-2932 (Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, ...)
- TODO: check
+ NOT-FOR-US: Check Point Zone Labs ZoneAlarm
CVE-2005-2931 (Format string vulnerability in the SMTP service in IMail Server 8.20 ...)
NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-2929 (Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote ...)
More information about the Secure-testing-commits
mailing list