stef-guest at alioth.debian.org
2007-Jul-31 19:50 UTC
[Secure-testing-commits] r6199 - data/CVE
Author: stef-guest Date: 2007-07-31 19:50:33 +0000 (Tue, 31 Jul 2007) New Revision: 6199 Modified: data/CVE/list Log: CVEified: drupal bugnum NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-07-31 19:33:49 UTC (rev 6198) +++ data/CVE/list 2007-07-31 19:50:33 UTC (rev 6199) @@ -83,7 +83,7 @@ CVE-2007-4075 (Cross-site scripting (XSS) vulnerability in index.asp in Alisveris ...) NOT-FOR-US: Alisveris Sitesi Scripti CVE-2007-4074 (The default configuration of Centre for Speech Technology Research ...) - - festival <unfixed> (bug filed; low) + - festival <unfixed> (bug #435445; low) CVE-2007-4073 (Webbler CMS before 3.1.6 does not properly restrict use of "mail a ...) TODO: check CVE-2007-4072 (Webbler CMS before 3.1.6 provides the full installation path within ...) @@ -103,9 +103,12 @@ CVE-2007-4065 RESERVED CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x ...) - TODO: check + - drupal 4.7.7-1 (low) + - drupal5 5.2-1 (low) + NOTE: DRUPAL-SA-2007-018 CVE-2007-4063 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal ...) - TODO: check + - drupal5 5.2-1 (low) + NOTE: DRUPAL-SA-2007-017 CVE-2007-4062 (The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus ...) TODO: check CVE-2007-4061 (Directory traversal vulnerability in a certain ActiveX control in ...) @@ -172,13 +175,6 @@ TODO: check CVE-2007-4030 RESERVED -CVE-2007-XXXX [Drupal CSRF] - - drupal5 5.2-1 (low) - NOTE: DRUPAL-SA-2007-017 -CVE-2007-XXXX [Drupal multiple XSS] - - drupal 4.7.7-1 (low) - - drupal5 5.2-1 (low) - NOTE: DRUPAL-SA-2007-018 CVE-2007-4029 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...) TODO: check CVE-2007-4028 (Absolute path traversal vulnerability in index.php in Webspell 4.01.02 ...) @@ -217,9 +213,9 @@ CVE-2007-4013 (Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka ...) TODO: check CVE-2007-4012 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-4011 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-4010 (The win32std extension in PHP 5.2.3 does not follow safe_mode and ...) TODO: check CVE-2007-4009 (PHP remote file inclusion vulnerability in ...) @@ -321,11 +317,11 @@ CVE-2007-3961 (Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib ...) TODO: check CVE-2007-3960 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2007-3959 (The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier ...) TODO: check CVE-2007-3958 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-3957 (Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote ...) TODO: check CVE-2007-3956 (TeamSpeak WebServer 2.0 for Windows does not validate parameter value ...) @@ -333,13 +329,13 @@ CVE-2007-3955 (Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in ...) TODO: check CVE-2007-3954 (Argument injection vulnerability in Microsoft Internet Explorer, when ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-3953 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote ...) - TODO: check + NOT-FOR-US: Norman Antivirus CVE-2007-3952 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote ...) - TODO: check + NOT-FOR-US: Norman Antivirus CVE-2007-3951 (Multiple buffer overflows in Norman Antivirus 5.90 allow remote ...) - TODO: check + NOT-FOR-US: Norman Antivirus CVE-2007-3950 (lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers ...) TODO: check CVE-2007-3949 (mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters ...) @@ -381,7 +377,7 @@ CVE-2007-3931 (The wrap_setuid_third_party_application function in the installation ...) TODO: check CVE-2007-3930 (Interpretation conflict between Microsoft Internet Explorer and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-3929 (Use-after-free vulnerability in the BitTorrent support in Opera before ...) TODO: check CVE-2007-3928 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...) @@ -393,7 +389,7 @@ CVE-2007-3925 (Multiple buffer overflows in the IMAP service (imapd32.exe) in ...) TODO: check CVE-2007-3924 (Argument injection vulnerability in Microsoft Internet Explorer, when ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-3923 (The Common Internet File System (CIFS) optimization in Cisco Wide Area ...) TODO: check CVE-2007-3922 (Unspecified vulnerability in the Java Runtime Environment (JRE) Applet ...)