Author: nion Date: 2008-01-13 00:47:15 +0000 (Sun, 13 Jan 2008) New Revision: 7891 Modified: data/CVE/list Log: NFUs CVE-2007-0012 unfixed but unimportant CVE-2007-6532, CVE-2007-6531 fixed in xfce4 4.4.2 Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-01-13 00:18:59 UTC (rev 7890) +++ data/CVE/list 2008-01-13 00:47:15 UTC (rev 7891) @@ -93,19 +93,19 @@ CVE-2008-0191 (WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ...) TODO: check CVE-2008-0190 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: AwesomeTemplateEngine CVE-2008-0189 RESERVED CVE-2008-0188 RESERVED CVE-2008-0187 (SQL injection vulnerability in songinfo.php in SAM Broadcaster ...) - TODO: check + NOT-FOR-US: SAM Broadcaster samPHPweb CVE-2008-0186 (Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 ...) - TODO: check + NOT-FOR-US: NetRisk CVE-2008-0185 (SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly ...) - TODO: check + NOT-FOR-US: NetRisk CVE-2008-0184 (Absolute path traversal vulnerability in index.php in Sys-Hotel on ...) - TODO: check + NOT-FOR-US: Sys-Hotel CVE-2008-0183 RESERVED CVE-2008-0182 @@ -153,15 +153,15 @@ CVE-2008-0160 RESERVED CVE-2007-6680 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2007-6679 (Unspecified vulnerability in the Administrative Console in IBM ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2007-6678 (Untrusted search path vulnerability in yast2-core in SUSE Linux might ...) - TODO: check + NOT-FOR-US: yast2-core CVE-2007-6677 (Cross-site scripting (XSS) vulnerability in Peter''s Random Anti-Spam ...) - TODO: check + NOT-FOR-US: Peter''s Random Anti-Spam Image CVE-2003-1539 (Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File ...) - TODO: check + NOT-FOR-US: ONEdotOH Simple File CVE-2008-0173 [SQL injection in gforge] RESERVED - gforge <unfixed> (unimportant) @@ -237,7 +237,7 @@ CVE-2008-0128 RESERVED CVE-2008-0127 (The administration interface in McAfee E-Business Server 8.5.2 and ...) - TODO: check + NOT-FOR-US: McAfee E-Business Server CVE-2008-0126 RESERVED CVE-2008-0125 @@ -767,9 +767,9 @@ CVE-2007-6533 (Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows ...) NOT-FOR-US: Zoom Player CVE-2007-6532 (Double-free vulnerability in the Widget Library (libxfcegui4) in Xfce ...) - TODO: check + - xfce4 4.4.2 (low) CVE-2007-6531 (Stack-based buffer overflow in the Panel (xfce4-panel) component in ...) - TODO: check + - xfce4 4.4.2 (low) CVE-2007-6530 (Buffer overflow in the XUpload.ocx ActiveX control in Persits Software ...) NOT-FOR-US: XUpload CVE-2007-6529 (Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have ...) @@ -1446,7 +1446,7 @@ CVE-2007-6251 RESERVED CVE-2007-6250 (Stack-based buffer overflow in AOL AOLMediaPlaybackControl ...) - TODO: check + NOT-FOR-US: AmpX ActiveX control CVE-2007-6249 (etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the ...) NOT-FOR-US: Gentoo portage CVE-2007-6248 @@ -2694,7 +2694,7 @@ CVE-2007-5763 RESERVED CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, ...) - TODO: check + NOT-FOR-US: Novell NetWare Client CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 ...) NOT-FOR-US: Motorola netOctopus CVE-2007-5760 @@ -3461,7 +3461,7 @@ CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 ...) NOT-FOR-US: VMware Player CVE-2007-5616 (ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x ...) - TODO: check + NOT-FOR-US: SSH Tectia Client and Server CVE-2007-5615 (CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows ...) - jetty <unfixed> (low; bug #454529) CVE-2007-5614 (Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote ...) @@ -4159,13 +4159,13 @@ CVE-2007-5405 RESERVED CVE-2007-5404 (Layton HelpBox 3.7.1 generates different responses depending on ...) - TODO: check + NOT-FOR-US: Layton HelpBox CVE-2007-5403 (Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox ...) - TODO: check + NOT-FOR-US: Layton HelpBox CVE-2007-5402 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow ...) - TODO: check + NOT-FOR-US: Layton HelpBox CVE-2007-5401 (Unrestricted file upload vulnerability in uploadrequest.asp in Layton ...) - TODO: check + NOT-FOR-US: Layton HelpBox CVE-2007-5400 RESERVED CVE-2007-5399 @@ -17973,7 +17973,9 @@ CVE-2007-0013 RESERVED CVE-2007-0012 (Sun JRE 5.0 before update 14 allows remote attackers to cause a denial ...) - TODO: check + - sun-java5 <unfixed> (unimportant) + - sun-java6 <unfixed> (unimportant) + NOTE: not a security issue, browser dos treated as regular bugs CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix Advanced ...) NOT-FOR-US: Citrix Access Gateway CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 ...)