Author: stef-guest Date: 2007-02-22 19:55:52 +0100 (Thu, 22 Feb 2007) New Revision: 5482 Modified: data/CVE/list Log: - CVE-2007-0988: new php issue - CVE-2006-5754: new linux issue - CVE-2007-1030: new libevent issue - NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-02-22 00:38:54 UTC (rev 5481) +++ data/CVE/list 2007-02-22 18:55:52 UTC (rev 5482) @@ -13,17 +13,18 @@ CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) ...) NOT-FOR-US: JBoss CVE-2007-1035 (Unspecified vulnerability in certain demonstration scripts in getID3 ...) - TODO: check + NOT-FOR-US: Mediafield and Audio modules for Drupal + NOTE: this is not a php-getid3 problem, but related to the way these modules embed getid3 CVE-2007-1034 (SQL injection vulnerability in modules.php in the Emporium 2.3.0 and ...) - TODO: check + NOT-FOR-US: Emporium for PHP-Nuke CVE-2007-1033 (Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and ...) - TODO: check + NOT-FOR-US: Secure site for Drupal CVE-2007-1032 (Unspecified vulnerability in phpMyFAQ before 1.6.9, when ...) NOT-FOR-US: phpMyFAQ CVE-2007-1031 (Directory traversal vulnerability in include/db_conn.php in SpoonLabs ...) NOT-FOR-US: Vivvo Article Management CMS CVE-2007-1030 (Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a ...) - TODO: check + - libevent <unfixed> (bug #411996) CVE-2007-1029 (Stack-based buffer overflow in the Connect method in the IMAP4 ...) NOT-FOR-US: Quiksoft EasyMail Objects CVE-2007-1028 (Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image ...) @@ -107,7 +108,8 @@ CVE-2007-0989 RESERVED CVE-2007-0988 (The zend_hash_init function in PHP, when running on a 64-bit platform, ...) - TODO: check + - php4 <unfixed> + - php5 <unfixed> CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 ...) NOT-FOR-US: Jupiter CMS CVE-2007-0986 (PHP remote file inclusion vulnerability in index.php in Jupiter CMS ...) @@ -138,7 +140,7 @@ CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before ...) NOT-FOR-US: LifeType CVE-2007-0978 (Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2007-0977 (IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all ...) NOT-FOR-US: IBM Lotus Domino CVE-2007-0976 (Buffer overflow in the ActSoft DVD-Tools ActiveX control ...) @@ -268,7 +270,7 @@ CVE-2007-0914 (Race condition in the TCP subsystem for Solaris 10 allows remote ...) NOT-FOR-US: Sun Solaris CVE-2007-0913 (Unspecified vulnerability in Microsoft Powerpoint allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-7024 (Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 ...) NOT-FOR-US: Harpia CMS CVE-2006-7023 (Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 ...) @@ -400,7 +402,7 @@ CVE-2007-0879 (Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows ...) NOT-FOR-US: PEBrowse CVE-2007-0878 (Unspecified vulnerability in Microsoft Internet Explorer on Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0877 (Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital ...) NOT-FOR-US: March Networks DVR CVE-2007-0876 (Cross-site scripting (XSS) vulnerability in Quick Digital Image ...) @@ -456,7 +458,7 @@ CVE-2007-XXXX [dokuwiki conf directory accessible by web users] - dokuwiki 0.0.20061106-3 (bug #410557) CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0869 (Cross-site scripting (XSS) vulnerability in the Attachment Manager ...) NOT-FOR-US: vBulletin CVE-2007-0868 (Unspecified vulnerability in the Chat Room functionality in Yahoo! ...) @@ -548,7 +550,7 @@ CVE-2007-0843 RESERVED CVE-2007-0842 (The 64-bit versions of Microsoft Visual C++ 8.0 standard library ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have ...) NOT-FOR-US: vbDrupal CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows ...) @@ -610,7 +612,7 @@ CVE-2007-0812 (SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) ...) NOT-FOR-US: Woltlab Burning Board CVE-2007-0811 (Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0810 (PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in ...) NOT-FOR-US: GeekLog CVE-2007-0809 (PHP remote file inclusion vulnerability in includes/class_template.php ...) @@ -723,7 +725,7 @@ CVE-2006-6971 (Mozilla Firefox 2.0, possibly only when running on Windows, allows ...) - iceweasel <not-affected> (Windows only) CVE-2006-6970 (Opera 9.10 Final allows remote attackers to bypass the Fraud ...) - TODO: check + NOT-FOR-US: Opera CVE-2006-6969 (Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 ...) NOT-FOR-US: Jetty CVE-2005-4827 (Internet Explorer 6.0, and possibly other versions, allows remote ...) @@ -851,7 +853,7 @@ CVE-2007-0711 RESERVED CVE-2007-0710 (The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote ...) - TODO: check + NOT-FOR-US: Apple iChat CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...) NOT-FOR-US: Comodo Firewall Pro CVE-2007-0708 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...) @@ -1273,7 +1275,7 @@ CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users with ...) NOT-FOR-US: Yana CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0514 (Multiple cross-site scripting (XSS) vulnerabilities in multiple ...) NOT-FOR-US: Hitachi CVE-2007-0513 (Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and ...) @@ -1425,9 +1427,9 @@ CVE-2007-0466 (Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 ...) NOT-FOR-US: Telestream CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X ...) - TODO: check + NOT-FOR-US: Apple CVE-2007-0464 (The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 ...) - TODO: check + NOT-FOR-US: CFNetwork on Apple Mac OS CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X ...) NOT-FOR-US: Apple CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by ...) @@ -1988,29 +1990,29 @@ CVE-2007-0220 RESERVED CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0218 RESERVED CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0216 RESERVED CVE-2007-0215 RESERVED CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0213 RESERVED CVE-2007-0212 RESERVED CVE-2007-0211 (The hardware detection functionality in the Windows Shell in Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0210 (The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0209 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0208 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0207 RESERVED CVE-2007-0206 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) @@ -2360,7 +2362,8 @@ CVE-2007-0087 (** DISPUTED ** ...) NOT-FOR-US: Microsoft IIS CVE-2007-0086 (** DISPUTED ** ...) - TODO: check + - apache <unfixed> (unimportant) + - apache2 <unfixed> (unimportant) CVE-2007-0085 (Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics ...) NOT-FOR-US: OpenBSD VGA wscons driver CVE-2007-0084 (** DISPUTED ** ...) @@ -2609,9 +2612,9 @@ CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...) NOT-FOR-US: Microsoft Excel CVE-2007-0026 (The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML) implementation ...) NOT-FOR-US: Microsoft IE CVE-2007-0023 (The CFUserNotificationSendRequest function in ...) @@ -3572,7 +3575,7 @@ CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the Dialog Wrapper ...) NOT-FOR-US: ICONICS CVE-2006-6487 (Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook ...) - TODO: check + NOT-FOR-US: DT Guestbook CVE-2006-6486 (SQL injection vulnerability in EasyPage allows remote attackers to ...) NOT-FOR-US: EasyPage CVE-2006-6485 (Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 ...) @@ -5145,7 +5148,7 @@ CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does not ...) - linux-2.6 2.6.18.dfsg.1-10 CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly ...) - TODO: check + - linux-2.6 <unfixed> CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux ...) - linux-2.6 <unfixed> CVE-2006-5752 @@ -6224,7 +6227,7 @@ CVE-2006-5271 RESERVED CVE-2006-5270 (Integer overflow in the Microsoft Malware Protection Engine ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-5269 RESERVED CVE-2006-5268 @@ -7462,7 +7465,7 @@ CVE-2006-4698 RESERVED CVE-2006-4697 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2006-4695 @@ -10385,7 +10388,7 @@ CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, ...) NOT-FOR-US: Microsoft CVE-2006-3448 (Buffer overflow in the Step-by-Step Interactive Training in Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-3447 RESERVED CVE-2006-3446 @@ -15505,7 +15508,7 @@ CVE-2006-1312 RESERVED CVE-2006-1311 (The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-1310 RESERVED CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...)