diff options
author | Florian Weimer <fw@deneb.enyo.de> | 2007-05-04 18:17:26 +0000 |
---|---|---|
committer | Florian Weimer <fw@deneb.enyo.de> | 2007-05-04 18:17:26 +0000 |
commit | 53f0df94b75e1403061b2e14210f5f667cf65566 (patch) | |
tree | e27058663e689d959d01f52857c182240730ec0a | |
parent | df29dc6786121998791bccd7ef79432be1245763 (diff) |
Normalize NFUs for Cisco products
The previous attempt at separating things was rather inconsistent,
which is no surprise given Cisco's product portfolio. Some of the CVE
split decisions do not obey product boundaries, either
(e.g. CVE-2004-1775).
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5783 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/1999.list | 2 | ||||
-rw-r--r-- | data/CVE/2002.list | 6 | ||||
-rw-r--r-- | data/CVE/2003.list | 4 | ||||
-rw-r--r-- | data/CVE/2004.list | 8 | ||||
-rw-r--r-- | data/CVE/2005.list | 32 | ||||
-rw-r--r-- | data/CVE/2006.list | 38 | ||||
-rw-r--r-- | data/CVE/2007.list | 60 |
7 files changed, 75 insertions, 75 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list index a304721e70..227faa235b 100644 --- a/data/CVE/1999.list +++ b/data/CVE/1999.list @@ -18,7 +18,7 @@ CVE-1999-1584 (Unknown vulnerability in (1) loadmodule, and (2) modload if modlo CVE-1999-1583 (Buffer overflow in nslookup for AIX 4.3 allows local users to execute ...) NOT-FOR-US: AIX CVE-1999-1582 (By design, the "established" command on the Cisco PIX firewall allows ...) - NOT-FOR-US: Cisco PIX + NOT-FOR-US: Cisco CVE-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent ...) NOT-FOR-US: Windows CVE-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding ...) diff --git a/data/CVE/2002.list b/data/CVE/2002.list index f58c7da50c..bebb45a494 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -1848,7 +1848,7 @@ CVE-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, Fre CVE-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...) NOT-FOR-US: Sabre Desktop CVE-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which ...) - NOT-FOR-US: Cisco IOS + NOT-FOR-US: Cisco CVE-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Microsoft IIS CVE-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...) @@ -2563,7 +2563,7 @@ CVE-2002-1494 (Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS all CVE-2002-1493 (Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook ...) NOT-FOR-US: Lycos CVE-2002-1491 (The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most ...) - NOT-FOR-US: Cisco VPN 5000 Client for MacOS + NOT-FOR-US: Cisco CVE-2002-1490 (NetBSD 1.4 through 1.6 beta allows local users to cause a denial of ...) NOT-FOR-US: NetBSD CVE-2002-1479 (Cacti before 0.6.8 stores a MySQL username and password in plaintext ...) @@ -2591,7 +2591,7 @@ CVE-2002-1463 (Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 CVE-2002-1448 (An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya ...) NOT-FOR-US: Avaya P330, P130, and M770-ATM Cajun products CVE-2002-1447 (Buffer overflow in the vpnclient program for UNIX VPN Client before ...) - NOT-FOR-US: Cisco vpn client for UNIX + NOT-FOR-US: Cisco CVE-2002-1446 (The error checking routine used for the C_Verify call on a symmetric ...) NOT-FOR-US: nCipher PKCS#11 library CVE-2002-1443 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...) diff --git a/data/CVE/2003.list b/data/CVE/2003.list index 52c20d6e5c..6839cadb42 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -701,7 +701,7 @@ CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2) - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.24-rc1) CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...) - NOT-FOR-US: Cisco Unity on IBM servers + NOT-FOR-US: Cisco CVE-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...) NOT-FOR-US: Cisco CVE-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...) @@ -1749,7 +1749,7 @@ CVE-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass int CVE-2003-0512 (Cisco IOS 12.2 and earlier generates a "% Login invalid" message ...) NOT-FOR-US: Cisco CVE-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...) - NOT-FOR-US: Cisco Aironet AP1x00 Series Wireless devices + NOT-FOR-US: Cisco CVE-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...) NOT-FOR-US: ezbounce CVE-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...) diff --git a/data/CVE/2004.list b/data/CVE/2004.list index 860f22e67b..6e85ac0790 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -2820,7 +2820,7 @@ CVE-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow CVE-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow ...) NOT-FOR-US: Netbsd CVE-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft ...) - NOT-FOR-US: Microsoft/Cisco + NOT-FOR-US: Cisco CVE-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...) NOT-FOR-US: Asante FM2008 CVE-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...) @@ -5139,7 +5139,7 @@ CVE-2004-0393 (Format string vulnerability in the msg function for rlpr daemon . CVE-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of ...) - apache 1.3.31-2 CVE-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...) - NOT-FOR-US: Cisco Wireless LAN Solution Engine + NOT-FOR-US: Cisco CVE-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style ...) NOT-FOR-US: SCO OpenServer CVE-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...) @@ -5416,7 +5416,7 @@ CVE-2004-0246 (Multiple PHP remote file inclusion vulnerabilities in (1) ...) CVE-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of ...) NOT-FOR-US: Web Crossing CVE-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch ...) - NOT-FOR-US: Cisco Systems + NOT-FOR-US: Cisco CVE-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, ...) NOT-FOR-US: AIX CVE-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...) @@ -5763,7 +5763,7 @@ CVE-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8. - tcpdump 3.8.3-1 NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier. CVE-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for ...) - NOT-FOR-US: Cisco IOS + NOT-FOR-US: Cisco CVE-2004-0053 (Multiple content security gateway and antivirus products allow remote ...) NOT-FOR-US: Multiple security gateways MIME parsing stuff CVE-2004-0052 (Multiple content security gateway and antivirus products allow remote ...) diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 91fd357ba5..204ca12a29 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -1303,7 +1303,7 @@ CVE-2005-4260 (Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 CVE-2005-4259 (Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote ...) NOT-FOR-US: ASPBB CVE-2005-4258 (Unspecified Cisco Catalyst Switches allow remote attackers to cause a ...) - NOT-FOR-US: Cisco hardware + NOT-FOR-US: Cisco CVE-2005-4257 (Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial ...) NOT-FOR-US: Linksys hardware CVE-2005-4256 (Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM ...) @@ -2096,7 +2096,7 @@ CVE-2005-3888 (Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a CVE-2005-3887 (Gadu-Gadu 7.20 does not properly handle MS-DOS device names in ...) NOT-FOR-US: Gadu-Gadu CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and ...) - NOT-FOR-US: Cisco Security Agent + NOT-FOR-US: Cisco CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before ...) {DSA-916-1} - inkscape 0.42-1 (bug #321501; low) @@ -2258,9 +2258,9 @@ CVE-2005-3806 (The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kern CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in Linux ...) - linux-2.6 2.6.14-1 (medium) CVE-2005-3804 (Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support ...) - NOT-FOR-US: Cisco hardware + NOT-FOR-US: Cisco CVE-2005-3803 (Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ...) - NOT-FOR-US: Cisco hardware + NOT-FOR-US: Cisco CVE-2005-3802 (Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 ...) NOT-FOR-US: Belkin hardware CVE-2005-3801 (CounterPane PasswordSafe 1.x and 2.x allows local users to test ...) @@ -2292,7 +2292,7 @@ CVE-2005-3790 (Multiple cross-site scripting (XSS) vulnerabilities in ...) CVE-2005-3789 (Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow ...) NOT-FOR-US: phpwcms CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), ...) - NOT-FOR-US: Cisco appliance + NOT-FOR-US: Cisco CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) {DSA-880-1} - phpmyadmin 4:2.6.4-pl4-1 (bug #360726) @@ -2332,7 +2332,7 @@ CVE-2005-3776 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletin CVE-2005-3775 (PHP remote file inclusion vulnerability in pollvote.php in PollVote ...) NOT-FOR-US: PollVote CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Cisco hardware + NOT-FOR-US: Cisco CVE-2005-3773 (Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact ...) NOT-FOR-US: Joomla CVE-2005-3772 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow ...) @@ -2530,7 +2530,7 @@ CVE-2005-3671 (The Internet Key Exchange version 1 (IKEv1) implementation in Ope CVE-2005-3670 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...) NOT-FOR-US: HP-UX's IKE implementation CVE-2005-3669 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...) - NOT-FOR-US: Cisco's IKE implementation + NOT-FOR-US: Cisco CVE-2005-3668 (Multiple buffer overflows in multiple unspecified implementations of ...) NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected CVE-2005-3667 (Multiple unspecified vulnerabilities in multiple unspecified ...) @@ -3049,7 +3049,7 @@ CVE-2005-3501 (The cabd_find function in cabd.c of the the libmspack library (ms {DSA-887-1 DTSA-21-1} - clamav 0.87.1-1 (medium) CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in ...) - NOT-FOR-US: Cisco hardware + NOT-FOR-US: Cisco CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute ...) NOT-FOR-US: IOS CVE-2005-3480 (login.asp in Ringtail CaseBook 6.1.0 displays different error messages ...) @@ -3161,7 +3161,7 @@ CVE-2005-3428 (Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Ex CVE-2005-3427 (The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit ...) NOT-FOR-US: IPS Sensors CVE-2005-3426 (Cisco CSS 11500 Content Services Switch (CSS) with SSL termination ...) - NOT-FOR-US: Cisco hardware + NOT-FOR-US: Cisco CVE-2005-3425 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 ...) {DSA-877-1} - gnump3d 2.9.6-1 @@ -6205,13 +6205,13 @@ CVE-2005-2246 (Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum CVE-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers ...) NOT-FOR-US: BIG-IP CVE-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and ...) - NOT-FOR-US: Cisco CallManager + NOT-FOR-US: Cisco CVE-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and ...) - NOT-FOR-US: Cisco CallManager + NOT-FOR-US: Cisco CVE-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...) - NOT-FOR-US: Cisco CallManager + NOT-FOR-US: Cisco CVE-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...) - NOT-FOR-US: Cisco CallManager + NOT-FOR-US: Cisco CVE-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...) {DSA-1003-1} - xpvm 1.2.5-8 (bug #318285; medium) @@ -6932,7 +6932,7 @@ CVE-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete arbitrar CVE-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 ...) NOT-FOR-US: Loki download manager CVE-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to ...) - NOT-FOR-US: Cisco hardware issue + NOT-FOR-US: Cisco CVE-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) ...) NOT-FOR-US: SilverCity CVE-2005-1940 @@ -9209,7 +9209,7 @@ CVE-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows CVE-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) ...) NOT-FOR-US: Microsoft CVE-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and ...) - NOT-FOR-US: Cisco Hardware issue + NOT-FOR-US: Cisco CVE-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...) NOT-FOR-US: Sybase ASE CVE-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...) @@ -10918,7 +10918,7 @@ CVE-2005-0188 (Format string vulnerability in the SetBaseURL function in AtHoc . CVE-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc toolbar ...) NOT-FOR-US: AtHoc toolbar CVE-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS ...) - NOT-FOR-US: CIsco + NOT-FOR-US: Cisco CVE-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows ...) NOT-FOR-US: NodeManager Professional CVE-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin ...) diff --git a/data/CVE/2006.list b/data/CVE/2006.list index cd2a22108b..2cd50394d7 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -3574,7 +3574,7 @@ CVE-2006-5555 (PHP remote file inclusion vulnerability in constantes.inc.php in CVE-2006-5554 (Directory traversal vulnerability in index.php in Imageview 5 allows ...) NOT-FOR-US: Imageview CVE-2006-5553 (Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 ...) - NOT-FOR-US: Cisco Security Agent + NOT-FOR-US: Cisco CVE-2006-5552 (Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and ...) NOT-FOR-US: RevilloC MailServer CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow ...) @@ -7693,11 +7693,11 @@ CVE-2006-3736 (PHP remote file inclusion vulnerability in core/videodb.class.xml CVE-2006-3735 (Multiple PHP remote file inclusion vulnerabilities in Mail2Forum ...) NOT-FOR-US: Mail2Forum CVE-2006-3734 (Multiple unspecified vulnerabilities in the Command Line Interface ...) - NOT-FOR-US: CS-MARS + NOT-FOR-US: Cisco CVE-2006-3733 (jmx-console/HtmlAdaptor in the jmx-console in the JBoss web ...) - NOT-FOR-US: Cisco / JBoss + NOT-FOR-US: Cisco CVE-2006-3732 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...) - NOT-FOR-US: CS-MARS + NOT-FOR-US: Cisco CVE-2006-3731 (Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted ...) - firefox 1.5.dfsg+1.5.0.6-1 (bug #379050; low) [sarge] - mozilla-firefox <not-affected> (Unreproducible on Sarge) @@ -8794,7 +8794,7 @@ CVE-2006-3228 (Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, includ CVE-2006-3227 (Interpretation conflict between Internet Explorer and other web ...) NOT-FOR-US: Internet Explorer CVE-2006-3226 (Cisco Secure Access Control Server (ACS) 4.x for Windows uses the ...) - NOT-FOR-US: Cisco Secure Access Control Server + NOT-FOR-US: Cisco CVE-2006-3225 (Cross-site scripting (XSS) vulnerability in Sun ONE Application Server ...) NOT-FOR-US: Sun ONE Application Server CVE-2006-3224 (Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote ...) @@ -9047,7 +9047,7 @@ CVE-2006-3111 (Multiple SQL injection vulnerabilities in main.php in Chipmailer CVE-2006-3110 (Cross-site scripting (XSS) vulnerability in main.php in Chipmailer ...) NOT-FOR-US: Chipmailer CVE-2006-3109 (Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 ...) - NOT-FOR-US: Cisco CallManager + NOT-FOR-US: Cisco CVE-2006-3108 (Cross-site scripting (XSS) vulnerability in EmailArchitect Email ...) NOT-FOR-US: EmailArchitect CVE-2006-3107 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...) @@ -9063,7 +9063,7 @@ CVE-2006-3103 (Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows CVE-2006-3102 (Race condition in articles/BitArticle.php in Bitweaver 1.3, when run ...) NOT-FOR-US: Bitweaver CVE-2006-3101 (Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco ...) - NOT-FOR-US: Cisco Secure ACS + NOT-FOR-US: Cisco CVE-2006-3099 RESERVED CVE-2006-3098 @@ -9127,7 +9127,7 @@ CVE-2006-3075 (Multiple PHP remote file inclusion vulnerabilities in PictureDis CVE-2006-3074 (klif.sys in Kaspersky Anti-Virus 6.0.0.300 and earlier, Internet ...) NOT-FOR-US: Several Kaspersky products CVE-2006-3073 (Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN ...) - NOT-FOR-US: Cisco VPN products + NOT-FOR-US: Cisco CVE-2006-3072 (M4 Macro Library in Symantec Security Information Manager before ...) NOT-FOR-US: Symantec Security Information Manager CVE-2006-3071 (Cross-site scripting (XSS) vulnerability in index.php in MP3 ...) @@ -10038,7 +10038,7 @@ CVE-2006-2681 (PHP remote file inclusion vulnerability in SocketMail Lite and Pr CVE-2006-2680 (Cross-site scripting (XSS) vulnerability in index.php in AZ Photo ...) NOT-FOR-US: AZ Photo Album CVE-2006-2679 (Unspecified vulnerability in the VPN Client for Windows Graphical User ...) - NOT-FOR-US: Cisco VPN Client + NOT-FOR-US: Cisco CVE-2006-2678 (Multiple cross-site scripting (XSS) vulnerabilities in Pre News ...) NOT-FOR-US: Pre News Manager CVE-2006-2677 (SiteScape Forum 7.2 and possibly earlier stores the avf.rc ...) @@ -12392,11 +12392,11 @@ CVE-2006-1674 (Cross-site scripting (XSS) vulnerability in search.php in ...) CVE-2006-1673 (Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard ...) NOT-FOR-US: Dark_Wizard vBug Tracker CVE-2006-1672 (The installation of Cisco Transport Controller (CTC) for Cisco Optical ...) - NOT-FOR-US: Cisco Optical Networking + NOT-FOR-US: Cisco CVE-2006-1671 (Control cards for Cisco Optical Networking System (ONS) 15000 series ...) - NOT-FOR-US: Cisco Optical Networking + NOT-FOR-US: Cisco CVE-2006-1670 (Control cards for Cisco Optical Networking System (ONS) 15000 series ...) - NOT-FOR-US: Cisco Optical Networking + NOT-FOR-US: Cisco CVE-2006-1669 (SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team ...) NOT-FOR-US: PHPMyChat CVE-2006-1668 (newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka ...) @@ -15077,7 +15077,7 @@ CVE-2006-0485 (The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18) CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the FACE ...) NOT-FOR-US: FACE CONTROL product CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0 through ...) - NOT-FOR-US: Cisco VPN 3000 + NOT-FOR-US: Cisco CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...) {DSA-1017-1} - linux-2.6 2.6.15-4 @@ -15336,9 +15336,9 @@ CVE-2006-0369 (** DISPUTED ** ...) - mysql-dfsg-4.1 <unfixed> (unimportant) NOTE: This isn't a security hole, it's expected behaviour CVE-2006-0368 (Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before ...) - NOT-FOR-US: Cisco CallManager + NOT-FOR-US: Cisco CVE-2006-0367 (Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 ...) - NOT-FOR-US: Cisco CallManager + NOT-FOR-US: Cisco CVE-2006-0366 (Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) ...) NOT-FOR-US: Phpclanwebsite CVE-2006-0365 (Cross-site scripting (XSS) vulnerability in XMB (aka extreme message ...) @@ -15364,7 +15364,7 @@ CVE-2006-0356 (Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to ca CVE-2006-0355 (Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers ...) NOT-FOR-US: Helmsman Research (aka CoolUtils) HomeFtp CVE-2006-0354 (Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) ...) - NOT-FOR-US: Cisco IOS + NOT-FOR-US: Cisco CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs ...) NOT-FOR-US: Fluffington FLog CVE-2006-0351 (Unspecified "critical denial-of-service vulnerability" in MyDNS before ...) @@ -15394,7 +15394,7 @@ CVE-2006-0342 (RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 al CVE-2006-0341 (Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe ...) NOT-FOR-US: RockLiffe MailSite CVE-2006-0340 (Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) ...) - NOT-FOR-US: Cisco IOS + NOT-FOR-US: Cisco CVE-2006-0339 (Buffer overflow in BitComet Client 0.60 allows remote attackers to ...) NOT-FOR-US: BitComet CVE-2006-0338 (Multiple F-Secure Anti-Virus products and versions for Windows and ...) @@ -15790,11 +15790,11 @@ CVE-2006-0183 (Direct static code injection vulnerability in edit.php in ACal .. CVE-2006-0182 (login.php in ACal Calendar Project 2.2.5 allows remote attackers to ...) NOT-FOR-US: ACal Calendar Project CVE-2006-0181 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...) - NOT-FOR-US: Cisco CS-MARS + NOT-FOR-US: Cisco CVE-2006-0180 (Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 ...) NOT-FOR-US: CaLogic Calendars CVE-2006-0179 (The Cisco IP Phone 7940 allows remote attackers to cause a denial of ...) - NOT-FOR-US: Cisco IP Phone + NOT-FOR-US: Cisco CVE-2006-0178 (Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local ...) NOT-FOR-US: Cray UNICOS CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local ...) diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 5616bb9efc..0ff11c22e5 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -32,11 +32,11 @@ CVE-2007-2466 (Unspecified vulnerability in the LDAP Software Development Kit (S CVE-2007-2465 (Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing ...) NOT-FOR-US: Sun Solaris CVE-2007-2464 (Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 ...) - NOT-FOR-US: CIsco + NOT-FOR-US: Cisco CVE-2007-2463 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...) - NOT-FOR-US: CIsco + NOT-FOR-US: Cisco CVE-2007-2462 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...) - NOT-FOR-US: CIsco + NOT-FOR-US: Cisco CVE-2007-2461 (The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and ...) NOT-FOR-US: Cisco CVE-2007-2460 (PHP remote file inclusion vulnerability in ...) @@ -1368,9 +1368,9 @@ CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty se - php5 <unfixed> (unimportant) NOTE: open_basedir bypasses not supported CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco ...) - NOT-FOR-US: Cisco Unified Presence Server + NOT-FOR-US: Cisco CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco ...) - NOT-FOR-US: Cisco Unified CallManager + NOT-FOR-US: Cisco CVE-2007-1832 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...) NOT-FOR-US: WebAPP CVE-2007-1831 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...) @@ -1384,7 +1384,7 @@ CVE-2007-1828 (Multiple cross-site scripting (XSS) vulnerabilities in web-app.or CVE-2007-1827 (Multiple unspecified vulnerabilities in form input validation in ...) NOT-FOR-US: WebAPP CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco ...) - NOT-FOR-US: Cisco Unified CallManager + NOT-FOR-US: Cisco CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before ...) NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9 CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 ...) @@ -1437,7 +1437,7 @@ CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and ea CVE-2007-1801 (Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta ...) NOT-FOR-US: sBLOG CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco Trust ...) - NOT-FOR-US: Cisco Secure ACS + NOT-FOR-US: Cisco CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...) - ktorrent <unfixed> (medium) CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows ...) @@ -2177,7 +2177,7 @@ CVE-2007-1469 (SQL injection vulnerability in gallery.asp in Absolute Image Gall CVE-2007-1468 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2007-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) - NOT-FOR-US: Cisco Secure Access Control Server + NOT-FOR-US: Cisco CVE-2007-1466 (Integer overflow in the the WP6GeneralTextPacket::_readContents ...) - libwpd 0.8.9-1 (medium) [etch] - libwpd 0.8.7-6 @@ -2656,9 +2656,9 @@ CVE-2007-1260 (Stack-based buffer overflow in the connectHandle function in ...) CVE-2007-1259 (Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have ...) NOT-FOR-US: WebAPP CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and ...) - NOT-FOR-US: Cisco IOS + NOT-FOR-US: Cisco CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, ...) - NOT-FOR-US: Cisco Catalyst + NOT-FOR-US: Cisco CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address ...) - iceweasel <unfixed> (medium) CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in ...) @@ -3058,25 +3058,25 @@ CVE-2007-1074 (Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x CVE-2007-1073 (Static code injection vulnerability in install.php in mcRefer allows ...) NOT-FOR-US: mcRefer CVE-2007-1072 (The command line interface (CLI) in Cisco Unified IP Phone 7906G, ...) - NOT-FOR-US: Cisco Unified IP Phone + NOT-FOR-US: Cisco CVE-2007-1071 (Integer overflow in the gifGetBandProc function in ImageIO in Apple ...) NOT-FOR-US: Apple ImageIO CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows ...) TODO: check CVE-2007-1068 (The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, ...) - NOT-FOR-US: Cisco Secure Services Client + NOT-FOR-US: Cisco CVE-2007-1067 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...) - NOT-FOR-US: Cisco Secure Services Client + NOT-FOR-US: Cisco CVE-2007-1066 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...) - NOT-FOR-US: Cisco Secure Services Client + NOT-FOR-US: Cisco CVE-2007-1065 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...) - NOT-FOR-US: Cisco Secure Services Client + NOT-FOR-US: Cisco CVE-2007-1064 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...) - NOT-FOR-US: Cisco Secure Services Client + NOT-FOR-US: Cisco CVE-2007-1063 (The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, ...) - NOT-FOR-US: Cisco Unified IP Phone + NOT-FOR-US: Cisco CVE-2007-1062 (The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and ...) - NOT-FOR-US: Cisco Unified IP Conference Station + NOT-FOR-US: Cisco CVE-2007-1061 (SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke ...) NOT-FOR-US: PHP-Nuke CVE-2007-1060 (Multiple PHP remote file inclusion vulnerabilities in Interspire ...) @@ -3307,25 +3307,25 @@ CVE-2007-0970 (Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester ...) NOT-FOR-US: WebTester CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) ...) - NOT-FOR-US: Cisco FWSM + NOT-FOR-US: Cisco CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows ...) - NOT-FOR-US: Cisco FWSM + NOT-FOR-US: Cisco CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the ...) - NOT-FOR-US: Cisco FWSM + NOT-FOR-US: Cisco CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to ...) - NOT-FOR-US: Cisco FWSM + NOT-FOR-US: Cisco CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to ...) - NOT-FOR-US: Cisco FWSM + NOT-FOR-US: Cisco CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x ...) - NOT-FOR-US: Cisco FWSM + NOT-FOR-US: Cisco CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before ...) - NOT-FOR-US: Cisco PIX + NOT-FOR-US: Cisco CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before ...) - NOT-FOR-US: Cisco PIX + NOT-FOR-US: Cisco CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series ...) - NOT-FOR-US: Cisco PIX + NOT-FOR-US: Cisco CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when ...) - NOT-FOR-US: Cisco PIX + NOT-FOR-US: Cisco CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable ...) {DSA-1286-1} - linux-2.6 2.6.20-1 (unimportant) @@ -3410,9 +3410,9 @@ CVE-2007-0920 (SQL injection vulnerability in philboard_forum.asp in Philboard 1 CVE-2007-0919 (Directory traversal vulnerability in Nickolas Grigoriadis Mini Web ...) NOT-FOR-US: MiniWebsvr CVE-2007-0918 (The ATOMIC.TCP signature engine in the Intrusion Prevention System ...) - NOT-FOR-US: Cisco IOS + NOT-FOR-US: Cisco CVE-2007-0917 (The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to ...) - NOT-FOR-US: Cisco IOS + NOT-FOR-US: Cisco CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter Area ...) NOT-FOR-US: HP-UX CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers ...) |