[Secure-testing-commits] r7891 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Sun Jan 13 00:47:16 UTC 2008
Author: nion
Date: 2008-01-13 00:47:15 +0000 (Sun, 13 Jan 2008)
New Revision: 7891
Modified:
data/CVE/list
Log:
NFUs
CVE-2007-0012 unfixed but unimportant
CVE-2007-6532, CVE-2007-6531 fixed in xfce4 4.4.2
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-01-13 00:18:59 UTC (rev 7890)
+++ data/CVE/list 2008-01-13 00:47:15 UTC (rev 7891)
@@ -93,19 +93,19 @@
CVE-2008-0191 (WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ...)
TODO: check
CVE-2008-0190 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: AwesomeTemplateEngine
CVE-2008-0189
RESERVED
CVE-2008-0188
RESERVED
CVE-2008-0187 (SQL injection vulnerability in songinfo.php in SAM Broadcaster ...)
- TODO: check
+ NOT-FOR-US: SAM Broadcaster samPHPweb
CVE-2008-0186 (Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 ...)
- TODO: check
+ NOT-FOR-US: NetRisk
CVE-2008-0185 (SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly ...)
- TODO: check
+ NOT-FOR-US: NetRisk
CVE-2008-0184 (Absolute path traversal vulnerability in index.php in Sys-Hotel on ...)
- TODO: check
+ NOT-FOR-US: Sys-Hotel
CVE-2008-0183
RESERVED
CVE-2008-0182
@@ -153,15 +153,15 @@
CVE-2008-0160
RESERVED
CVE-2007-6680 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2007-6679 (Unspecified vulnerability in the Administrative Console in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-6678 (Untrusted search path vulnerability in yast2-core in SUSE Linux might ...)
- TODO: check
+ NOT-FOR-US: yast2-core
CVE-2007-6677 (Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam ...)
- TODO: check
+ NOT-FOR-US: Peter's Random Anti-Spam Image
CVE-2003-1539 (Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File ...)
- TODO: check
+ NOT-FOR-US: ONEdotOH Simple File
CVE-2008-0173 [SQL injection in gforge]
RESERVED
- gforge <unfixed> (unimportant)
@@ -237,7 +237,7 @@
CVE-2008-0128
RESERVED
CVE-2008-0127 (The administration interface in McAfee E-Business Server 8.5.2 and ...)
- TODO: check
+ NOT-FOR-US: McAfee E-Business Server
CVE-2008-0126
RESERVED
CVE-2008-0125
@@ -767,9 +767,9 @@
CVE-2007-6533 (Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows ...)
NOT-FOR-US: Zoom Player
CVE-2007-6532 (Double-free vulnerability in the Widget Library (libxfcegui4) in Xfce ...)
- TODO: check
+ - xfce4 4.4.2 (low)
CVE-2007-6531 (Stack-based buffer overflow in the Panel (xfce4-panel) component in ...)
- TODO: check
+ - xfce4 4.4.2 (low)
CVE-2007-6530 (Buffer overflow in the XUpload.ocx ActiveX control in Persits Software ...)
NOT-FOR-US: XUpload
CVE-2007-6529 (Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have ...)
@@ -1446,7 +1446,7 @@
CVE-2007-6251
RESERVED
CVE-2007-6250 (Stack-based buffer overflow in AOL AOLMediaPlaybackControl ...)
- TODO: check
+ NOT-FOR-US: AmpX ActiveX control
CVE-2007-6249 (etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the ...)
NOT-FOR-US: Gentoo portage
CVE-2007-6248
@@ -2694,7 +2694,7 @@
CVE-2007-5763
RESERVED
CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, ...)
- TODO: check
+ NOT-FOR-US: Novell NetWare Client
CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 ...)
NOT-FOR-US: Motorola netOctopus
CVE-2007-5760
@@ -3461,7 +3461,7 @@
CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 ...)
NOT-FOR-US: VMware Player
CVE-2007-5616 (ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x ...)
- TODO: check
+ NOT-FOR-US: SSH Tectia Client and Server
CVE-2007-5615 (CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows ...)
- jetty <unfixed> (low; bug #454529)
CVE-2007-5614 (Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote ...)
@@ -4159,13 +4159,13 @@
CVE-2007-5405
RESERVED
CVE-2007-5404 (Layton HelpBox 3.7.1 generates different responses depending on ...)
- TODO: check
+ NOT-FOR-US: Layton HelpBox
CVE-2007-5403 (Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox ...)
- TODO: check
+ NOT-FOR-US: Layton HelpBox
CVE-2007-5402 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow ...)
- TODO: check
+ NOT-FOR-US: Layton HelpBox
CVE-2007-5401 (Unrestricted file upload vulnerability in uploadrequest.asp in Layton ...)
- TODO: check
+ NOT-FOR-US: Layton HelpBox
CVE-2007-5400
RESERVED
CVE-2007-5399
@@ -17973,7 +17973,9 @@
CVE-2007-0013
RESERVED
CVE-2007-0012 (Sun JRE 5.0 before update 14 allows remote attackers to cause a denial ...)
- TODO: check
+ - sun-java5 <unfixed> (unimportant)
+ - sun-java6 <unfixed> (unimportant)
+ NOTE: not a security issue, browser dos treated as regular bugs
CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix Advanced ...)
NOT-FOR-US: Citrix Access Gateway
CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 ...)
More information about the Secure-testing-commits
mailing list