Author: fw
Date: 2007-06-16 14:21:13 +0000 (Sat, 16 Jun 2007)
New Revision: 6020
Modified:
data/CVE/list
Log:
CVE-2007-2650: clamav fixed
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-06-16 14:04:25 UTC (rev 6019)
+++ data/CVE/list 2007-06-16 14:21:13 UTC (rev 6020)
@@ -251,15 +251,15 @@
CVE-2007-3130 (Multiple PHP remote file inclusion vulnerabilities in the
OpenWiki ...)
NOT-FOR-US: OpenWiki
CVE-2005-4845 (The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the
1.4.2_03 and ...)
- TODO: check
+ NOT-FOR-US: Sun Java on Microsoft Windows
CVE-2005-4844 (The CLSID_ApprenticeICW control allows remote attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2005-4843 (The SmartConnect Class control allows remote attackers to cause
a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2005-4842 (The System Monitor Source Properties control allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2005-4841 (The Outlook Progress Ctl control allows remote attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-XXXX [jffnms multiple issues]
- jffnms 0.8.3dfsg.1-4
CVE-2007-3129
@@ -401,7 +401,7 @@
CVE-2007-3061 (Cactushop 6 and earlier stores sensitive information under the
web ...)
NOT-FOR-US: Cactushop
CVE-2007-3060 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
Live! 3.2.2 ...)
- TODO: check
+ NOT-FOR-US: PHP Live!
CVE-2007-3059 (SendCard 3.3.0 allows remote attackers to obtain sensitive
information ...)
NOT-FOR-US: SendCard
CVE-2007-3058 (Multiple PHP remote file inclusion vulnerabilities in Madirish
Webmail ...)
@@ -579,13 +579,13 @@
CVE-2007-2971 (SQL injection vulnerability in getnewsitem.php in gCards 1.46
and ...)
NOT-FOR-US: gCards
CVE-2007-2970 (Multiple cross-site scripting (XSS) vulnerabilities in
cgi/block.cgi ...)
- TODO: check
+ NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2007-2969 (PHP remote file inclusion vulnerability in newsletter.php in
...)
- TODO: check
+ NOT-FOR-US: WAnewsletter
CVE-2007-2968 (Cross-site scripting (XSS) vulnerability in register.php in
cpCommerce ...)
- TODO: check
+ NOT-FOR-US: cpCommerce
CVE-2005-4840 (The Outlook Express Address Book control, when using Internet
Explorer ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2000-1243 (Privacy leak in Dansie Shopping Cart 3.04, and probably earlier
...)
TODO: check
CVE-2007-XXXX [webpy HTTP response splitting vulnerability]
@@ -689,15 +689,15 @@
CVE-2007-2922
RESERVED
CVE-2007-2921 (Multiple buffer overflows in acgm.dll in the Corel / Micrografx
...)
- TODO: check
+ NOT-FOR-US: Corel
CVE-2007-2920 (Multiple stack-based buffer overflows in the Zoomify Viewer
ActiveX ...)
- TODO: check
+ NOT-FOR-US: Zoomify Viewer
CVE-2007-2919 (Multiple stack-based buffer overflows in the FViewerLoading
ActiveX ...)
- TODO: check
+ NOT-FOR-US: FViewerLoading
CVE-2007-2918 (Multiple stack-based buffer overflows in ActiveX controls (1)
VibeC in ...)
- TODO: check
+ NOT-FOR-US: Logitech
CVE-2007-2917 (Multiple buffer overflows in a certain ActiveX control in
odapi.dll in ...)
- TODO: check
+ NOT-FOR-US: Authentium
CVE-2007-2916 (Cross-site scripting (XSS) vulnerability in showown.php in GMTT
Music ...)
NOT-FOR-US: GMTT Music Distro
CVE-2007-2915 (Cross-site scripting (XSS) vulnerability in RM EasyMail Plus
allows ...)
@@ -715,7 +715,7 @@
CVE-2007-2909 (Cross-site scripting (XSS) vulnerability in calendar.php in
Jelsoft ...)
NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2908 (Cross-site scripting (XSS) vulnerability in calendar.php in
Jelsoft ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2007-2907 (Unspecified vulnerability in SSL-Explorer before 0.2.13 allows
remote ...)
NOT-FOR-US: SSL-Explorer
CVE-2007-2906 (Java Embedding Plugin 0.9.6.1 allows remote attackers to cause
a ...)
@@ -751,7 +751,7 @@
CVE-2007-2891 (Multiple PHP remote file inclusion vulnerabilities in FirmWorX
0.1.2 ...)
NOT-FOR-US: FirmWorX
CVE-2007-2890 (SQL injection vulnerability in category.php in cpCommerce 1.1.0
and ...)
- TODO: check
+ NOT-FOR-US: cpCommerce
CVE-2007-2889 (SQL injection vulnerability in tracking/courseLog.php in Dokeos
1.6.5 ...)
NOT-FOR-US: Dokeos
CVE-2007-2888 (Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier
allows ...)
@@ -840,9 +840,9 @@
CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in
phpPgAdmin ...)
- phppgadmin 4.1.2-1 (low; bug #427151)
CVE-2007-2864 (Stack-based buffer overflow in the Anti-Virus engine before
content ...)
- TODO: check
+ NOT-FOR-US: CA Anti-Virus
CVE-2007-2863 (Stack-based buffer overflow in the Anti-Virus engine before
content ...)
- TODO: check
+ NOT-FOR-US: CA Anti-Virus
CVE-2007-2862 (Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might
allow ...)
NOT-FOR-US: CubeCart
CVE-2007-2861 (Multiple PHP remote file inclusion vulnerabilities in Simple
...)
@@ -1000,7 +1000,7 @@
RESERVED
- xterm <not-affected> (Debian uses safe compile-time settings)
CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial
of ...)
- TODO: check
+ NOT-FOR-US: Arris Cadant
CVE-2007-2795
RESERVED
CVE-2007-2794
@@ -1321,7 +1321,7 @@
CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27
allow ...)
NOT-FOR-US: VooDoo cIRCle
CVE-2007-2650 (The OLE2 parser in Clam AntiVirus (ClamAV) allows remote
attackers to ...)
- TODO: check
+ - clamav 0.90.2-1
CVE-2007-2649 (Deutsche Telekom (T-com) Speedport W 700v uses JavaScript
delays for ...)
NOT-FOR-US: Speedport W 700v
CVE-2007-2648 (Stack-based buffer overflow in the Clever Database Comparer 2.2
...)
@@ -1600,11 +1600,11 @@
CVE-2007-2515
RESERVED
CVE-2007-2514 (Stack-based buffer overflow in XferWan.exe as used in multiple
...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2007-2513 (Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before
6.5 ...)
- TODO: check
+ NOT-FOR-US: Novell GroupWise
CVE-2007-2512 (Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise
7.0 and ...)
- TODO: check
+ NOT-FOR-US: Alcatel-Lucent
CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in
PHP ...)
{DTSA-39-1}
- php5 5.2.2-1 (unimportant)
@@ -1826,7 +1826,7 @@
NOTE: secure connections, possibly defeating HTTPS encryption.
NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
CVE-2007-2419 (Multiple buffer overflows in an ActiveX control (boisweb.dll)
in ...)
- TODO: check
+ NOT-FOR-US: Macrovision
CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible
Messaging ...)
NOT-FOR-US: Cerulean Trillian
CVE-2007-2417
@@ -1882,7 +1882,7 @@
CVE-2007-2392
RESERVED
CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta
3.0.1 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9
allows ...)
NOT-FOR-US: Apple
CVE-2007-2389 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not
clear ...)
@@ -1890,9 +1890,9 @@
CVE-2007-2388 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not
...)
NOT-FOR-US: Apple
CVE-2007-2387 (Apple Xserve Lights-Out Management before Firmware Update 1.0
on Intel ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2007-2386 (Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to
10.4.9 ...)
- TODO: check
+ NOT-FOR-US: Apple mDNSResponder
CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object
...)
TODO: check yui
NOTE: see
http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
@@ -2148,7 +2148,7 @@
CVE-2007-2280
RESERVED
CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage
...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2007-2278 (Multiple PHP remote file inclusion vulnerabilities in
DCP-Portal 6.1.1 ...)
NOT-FOR-US: DCP-Portal
CVE-2007-2277 (Session fixation vulnerability in Plogger allows remote
attackers to ...)
@@ -2245,7 +2245,7 @@
CVE-2007-2238
RESERVED
CVE-2007-2237 (Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll)
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-2236 (footer.php in PunBB 1.2.14 and earlier allows remote attackers
to ...)
NOT-FOR-US: PunBB
CVE-2007-2235 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB
1.2.14 ...)
@@ -2262,29 +2262,29 @@
CVE-2007-2230 (SQL injection vulnerability in CA Clever Path Portal allows
remote ...)
NOT-FOR-US: CA Clever Path
CVE-2007-2229 (Microsoft Windows Vista uses insecure default permissions for
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-2228
RESERVED
CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-2226
RESERVED
CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-2224
RESERVED
CVE-2007-2223
RESERVED
CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll)
and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in
Microsoft ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2220
RESERVED
CVE-2007-2219 (Unspecified vulnerability in the Win32 API on Microsoft Windows
2000, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-2218 (Unspecified vulnerability in the Windows Schannel Security
Package for ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-2217
RESERVED
CVE-2007-2216
@@ -3338,11 +3338,11 @@
RESERVED
CVE-2007-1752
REJECTED
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-1751 (Microsoft Internet Explorer 5.01, 6, and 7 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-1750 (Unspecified vulnerability in Microsoft Internet Explorer 6
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-1749
RESERVED
CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain
Name ...)
@@ -3495,7 +3495,7 @@
CVE-2007-1686
RESERVED
CVE-2007-1685 (Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection
3.2.36, ...)
- TODO: check
+ NOT-FOR-US: BlueCoat
CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in
...)
NOT-FOR-US: sldimdownload ActiveX control
CVE-2007-1683 (Stack-based buffer overflow in the DoWebMenuAction function in
the ...)
@@ -3692,7 +3692,7 @@
CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in
Asterisk ...)
- asterisk <unfixed> (low)
CVE-2007-1593 (The administrative service in Symantec Veritas Volume
Replicator (VVR) ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
{DSA-1286-1}
- linux-2.6 2.6.20-1 (medium)
@@ -5572,13 +5572,13 @@
CVE-2007-0937
RESERVED
CVE-2007-0936 (Multiple unspecified vulnerabilities in Microsoft Visio 2002
allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0935
RESERVED
CVE-2007-0934 (Unspecified vulnerability in Microsoft Visio 2002 allows remote
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0933 (Buffer overflow in the wireless driver 6.0.0.18 for D-Link
DWL-G650+ ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and
(2) ...)
NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0931 (Heap-based buffer overflow in the management interfaces in (1)
Aruba ...)
@@ -6173,13 +6173,13 @@
CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3
allows ...)
NOT-FOR-US: Apple QuickTime
CVE-2007-0753 (Format string vulnerability in the VPN daemon (vpnd) in Apple
Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2007-0752 (The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership
of the ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2007-0751 (A cleanup script in crontabs in Apple Mac OS X 10.3.9 and
10.4.9 might ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2007-0750 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to
10.4.9 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2007-0749 (Multiple stack-based buffer overflows in the is_command
function in ...)
NOT-FOR-US: Apple Darwin Streaming Server
CVE-2007-0748 (Heap-based buffer overflow in Apple Darwin Streaming Proxy,
when using ...)
@@ -6199,7 +6199,7 @@
CVE-2007-0741 (Buffer overflow in natd in network_cmds in Apple Mac OS X
10.3.9 ...)
NOT-FOR-US: Apple Mac OS X
CVE-2007-0740 (Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not
display ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2007-0739 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays
the ...)
NOT-FOR-US: Apple Mac OS X
CVE-2007-0738 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not
...)
@@ -6293,15 +6293,15 @@
CVE-2007-0695 (Multiple SQL injection vulnerabilities in Free LAN
In(tra|ter)net ...)
NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0694 (Cross-site scripting (XSS) vulnerability in footer.php in
DGNews 2.1 ...)
- TODO: check
+ NOT-FOR-US: DGNews
CVE-2007-0693 (SQL injection vulnerability in news.php in DGNews 2.1 allows
remote ...)
- TODO: check
+ NOT-FOR-US: DGNews
CVE-2007-0692 (DGNews 2.1 allows remote attackers to obtain sensitive
information via ...)
- TODO: check
+ NOT-FOR-US: DGNews
CVE-2007-0691
REJECTED
CVE-2007-0690 (myEvent 1.6 allows remote attackers to obtain sensitive
information ...)
- TODO: check
+ NOT-FOR-US: myEvent
CVE-2007-0689 (MyBB 1.2.4 allows remote attackers to obtain sensitive
information via ...)
NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-6968 (Cross-site scripting (XSS) vulnerability in the group
moderation ...)
@@ -7160,7 +7160,7 @@
CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows
remote ...)
NOT-FOR-US: Joonas Viljanen JV2 Folder Gallery
CVE-2007-0328 (The DWUpdateService ActiveX control in the agent (agent.exe) in
...)
- TODO: check
+ NOT-FOR-US: Macrovision
CVE-2007-0327
RESERVED
CVE-2007-0326
@@ -7420,7 +7420,7 @@
CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM
objects ...)
NOT-FOR-US: Microsoft
CVE-2007-0218 (Microsoft Internet Explorer 5.01 and 6 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer
5.01 ...)
NOT-FOR-US: Microsoft
CVE-2007-0216
@@ -7828,9 +7828,9 @@
CVE-2007-0069
RESERVED
CVE-2007-0068 (IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the
signature ...)
- TODO: check
+ NOT-FOR-US: IBM Lotus Domino
CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0,
6.5.x ...)
- TODO: check
+ NOT-FOR-US: Lotus Domino Server
CVE-2007-0066
RESERVED
CVE-2007-0065
@@ -14598,7 +14598,7 @@
CVE-2006-3975 (Unspecified vulnerability in CA eTrust Antivirus WebScan allows
remote ...)
NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3974 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin in
3Com ...)
- TODO: check
+ NOT-FOR-US: 3Com
CVE-2006-3973 (My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe
is ...)
NOT-FOR-US: My Firewall Plus
CVE-2006-3972 (Directory traversal vulnerability in ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
