[Secure-testing-commits] r6199 - data/CVE

stef-guest Tue, 31 Jul 2007 12:50:37 -0700

Author: stef-guest
Date: 2007-07-31 19:50:33 +0000 (Tue, 31 Jul 2007)
New Revision: 6199


Modified:
   data/CVE/list
Log:
CVEified: drupal
bugnum
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-07-31 19:33:49 UTC (rev 6198)
+++ data/CVE/list       2007-07-31 19:50:33 UTC (rev 6199)
@@ -83,7 +83,7 @@
 CVE-2007-4075 (Cross-site scripting (XSS) vulnerability in index.asp in 
Alisveris ...)
        NOT-FOR-US: Alisveris Sitesi Scripti
 CVE-2007-4074 (The default configuration of Centre for Speech Technology 
Research ...)
-       - festival <unfixed> (bug filed; low)
+       - festival <unfixed> (bug #435445; low)
 CVE-2007-4073 (Webbler CMS before 3.1.6 does not properly restrict use of 
&quot;mail a ...)
        TODO: check
 CVE-2007-4072 (Webbler CMS before 3.1.6 provides the full installation path 
within ...)
@@ -103,9 +103,12 @@
 CVE-2007-4065
        RESERVED
 CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 
5.x ...)
-       TODO: check
+       - drupal 4.7.7-1 (low)
+       - drupal5 5.2-1 (low)
+       NOTE: DRUPAL-SA-2007-018
 CVE-2007-4063 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
Drupal ...)
-       TODO: check
+       - drupal5 5.2-1 (low)
+       NOTE: DRUPAL-SA-2007-017
 CVE-2007-4062 (The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in 
Nessus ...)
        TODO: check
 CVE-2007-4061 (Directory traversal vulnerability in a certain ActiveX control 
in ...)
@@ -172,13 +175,6 @@
        TODO: check
 CVE-2007-4030
        RESERVED
-CVE-2007-XXXX [Drupal CSRF]
-       - drupal5 5.2-1 (low)
-       NOTE: DRUPAL-SA-2007-017
-CVE-2007-XXXX [Drupal multiple XSS]
-       - drupal 4.7.7-1 (low)
-       - drupal5 5.2-1 (low)
-       NOTE: DRUPAL-SA-2007-018
 CVE-2007-4029 (libvorbis 1.1.2, and possibly other versions before 1.2.0, 
allows ...)
        TODO: check
 CVE-2007-4028 (Absolute path traversal vulnerability in index.php in Webspell 
4.01.02 ...)
@@ -217,9 +213,9 @@
 CVE-2007-4013 (Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka 
...)
        TODO: check
 CVE-2007-4012 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 
...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2007-4011 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 
...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2007-4010 (The win32std extension in PHP 5.2.3 does not follow safe_mode 
and ...)
        TODO: check
 CVE-2007-4009 (PHP remote file inclusion vulnerability in ...)
@@ -321,11 +317,11 @@
 CVE-2007-3961 (Off-by-one error in the fsp_readdir_r function in fsplib.c in 
fsplib ...)
        TODO: check
 CVE-2007-3960 (Multiple unspecified vulnerabilities in IBM WebSphere 
Application ...)
-       TODO: check
+       NOT-FOR-US: IBM WebSphere
 CVE-2007-3959 (The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably 
earlier ...)
        TODO: check
 CVE-2007-3958 (Microsoft Windows Explorer (explorer.exe) allows user-assisted 
remote ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2007-3957 (Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote 
...)
        TODO: check
 CVE-2007-3956 (TeamSpeak WebServer 2.0 for Windows does not validate parameter 
value ...)
@@ -333,13 +329,13 @@
 CVE-2007-3955 (Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX 
control in ...)
        TODO: check
 CVE-2007-3954 (Argument injection vulnerability in Microsoft Internet 
Explorer, when ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2007-3953 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: Norman Antivirus
 CVE-2007-3952 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: Norman Antivirus
 CVE-2007-3951 (Multiple buffer overflows in Norman Antivirus 5.90 allow remote 
...)
-       TODO: check
+       NOT-FOR-US: Norman Antivirus
 CVE-2007-3950 (lighttpd 1.4.15, when run on 32 bit platforms, allows remote 
attackers ...)
        TODO: check
 CVE-2007-3949 (mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) 
characters ...)
@@ -381,7 +377,7 @@
 CVE-2007-3931 (The wrap_setuid_third_party_application function in the 
installation ...)
        TODO: check
 CVE-2007-3930 (Interpretation conflict between Microsoft Internet Explorer and 
...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2007-3929 (Use-after-free vulnerability in the BitTorrent support in Opera 
before ...)
        TODO: check
 CVE-2007-3928 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted 
remote ...)
@@ -393,7 +389,7 @@
 CVE-2007-3925 (Multiple buffer overflows in the IMAP service (imapd32.exe) in 
...)
        TODO: check
 CVE-2007-3924 (Argument injection vulnerability in Microsoft Internet 
Explorer, when ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2007-3923 (The Common Internet File System (CIFS) optimization in Cisco 
Wide Area ...)
        TODO: check
 CVE-2007-3922 (Unspecified vulnerability in the Java Runtime Environment (JRE) 
Applet ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r6199 - data/CVE

Reply via email to