Author: enerv-guest
Date: 2007-01-23 21:46:15 +0100 (Tue, 23 Jan 2007)
New Revision: 5334
Modified:
data/CVE/list
Log:
some NFUs fixed.
fixed wzdftpd and gxine issues.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-23 20:14:08 UTC (rev 5333)
+++ data/CVE/list 2007-01-23 20:46:15 UTC (rev 5334)
@@ -1,75 +1,75 @@
CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote
attackers ...)
- TODO: check
+ NOT-FOR-US: T-Com Speedport
CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1
through 2.1 ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0433 (Unspecified vulnerability in BEA AquaLogic Enterprise Security
2.0 ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0432 (BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly
reject ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0431 (AVM Fritz!Box 7050, and possibly other product models, allows
remote ...)
- TODO: check
+ NOT-FOR-US AVM
CVE-2007-0430 (The shared_region_map_file_np function in Apple Mac OS X 10.4.8
and ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS
CVE-2007-0429 (DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as
distributed ...)
- TODO: check
+ NOT-FOR-US: DivX Web Player
CVE-2007-0428 (Unspecified vulnerability in the chtbl_lookup function in
hash.c for ...)
- TODO: check
+ - wzdftpd 0.8.1-1 (medium)
CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop
4.03.0002 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0426 (BEA WebLogic Portal 9.2, when running in a WebLogic Server
clustered ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0425 (Unspecified vulnerability in BEA WebLogic Platform and Server
8.1 ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0424 (Unspecified vulnerability in the BEA WebLogic Server proxy
plug-in for ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0423 (BEA WebLogic Portal 9.2 does not properly handle when an
administrator ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0422 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on
Solaris 9, ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0421 (BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0
SP7 ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0420 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0419 (The BEA WebLogic Server proxy plug-in before June 2006 for the
Apache ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0418 (BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5,
9.0, and ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0417 (BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5,
9.0, and ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0416 (The WSEE runtime (WS-Security runtime) in BEA WebLogic Server
9.0 and ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0415 (BEA WebLogic Server 8.1 through 8.1 SP5 does not properly
enforce ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0414 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6,
8.1 ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 improperly cleartext
data in a ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0412 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7,
and 8.1 ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0411 (BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2
Gold, when ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0410 (Unspecified vulnerability in the thread management in BEA
WebLogic 7.0 ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0409 (BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0
initial ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0408 (BEA Weblogic Server 8.1 through 8.1 SP4 does not properly
validate ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm
in Plain ...)
- TODO: check
+ NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0406 (Multiple buffer overflows in the (1) main function in (a)
client.c, ...)
- TODO: check
+ - gxine 0.5.8-2 (medium; bug #405876)
CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django
0.95 ...)
TODO: check
CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument
strings ...)
TODO: check
CVE-2007-0403 (SQL injection vulnerability in admin/memberlist.php in Easebay
...)
- TODO: check
+ NOT-FOR-US: Easebay Resources
CVE-2007-0402 (Cross-site scripting (XSS) vulnerability in
admin/edit_member.php in ...)
- TODO: check
+ NOT-FOR-US: Easebay Resources
CVE-2007-0401 (SQL injection vulnerability in admin/memberlist.php in Easebay
...)
- TODO: check
+ NOT-FOR-US: Easebay Resources
CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in
admin/memberlist.php in ...)
- TODO: check
+ NOT-FOR-US: Easebay Resources
CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in
index.php in ...)
TODO: check
CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in MisterSP
...)
@@ -83,9 +83,9 @@
CVE-2006-6948 (MyODBC Japanese conversion edition 3.51.06, 2.50.29, and
2.50.25 ...)
TODO: check
CVE-2006-6947 (The FTP server in the NEC MultiWriter 1700C allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2006-6946 (The web server in the NEC MultiWriter 1700C allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2007-XXXX [wordpress unregister_globals workaround from 2.0.7]
- wordpress 2.0.7 (bug #407116; unimportant)
NOTE: Non-issue, hash issue fixed since months in Sarge and Etch,
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
