[Secure-testing-commits] r8488 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Tue Apr 8 09:14:15 UTC 2008 

Author: joeyh
Date: 2008-04-08 09:14:14 +0000 (Tue, 08 Apr 2008)
New Revision: 8488

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-04-06 19:09:03 UTC (rev 8487)
+++ data/CVE/list	2008-04-08 09:14:14 UTC (rev 8488)
@@ -1,3 +1,189 @@
+CVE-2008-1692 (Eterm 0.9.4 opens an xterm on :0 if -display is not specified and the ...)
+	TODO: check
+CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and ...)
+	TODO: check
+CVE-2008-1690 (WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and ...)
+	TODO: check
+CVE-2008-1689 (Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and ...)
+	TODO: check
+CVE-2008-1688
+	RESERVED
+CVE-2008-1687
+	RESERVED
+CVE-2008-1686
+	RESERVED
+CVE-2008-1685 (gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not ...)
+	TODO: check
+CVE-2008-1684 (inetd on Sun Solaris 10, when debug logging is enabled, allows local ...)
+	TODO: check
+CVE-2008-1683 (xscreensaver on Fedora 8, when an NIS authentication server is ...)
+	TODO: check
+CVE-2008-1682 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-1681 (Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 ...)
+	TODO: check
+CVE-2008-1680 (PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain ...)
+	TODO: check
+CVE-2008-1679
+	RESERVED
+CVE-2008-1678
+	RESERVED
+CVE-2008-1677
+	RESERVED
+CVE-2008-1676
+	RESERVED
+CVE-2008-1675
+	RESERVED
+CVE-2008-1674
+	RESERVED
+CVE-2008-1673
+	RESERVED
+CVE-2008-1672
+	RESERVED
+CVE-2008-1671
+	RESERVED
+CVE-2008-1670
+	RESERVED
+CVE-2008-1669
+	RESERVED
+CVE-2008-1668
+	RESERVED
+CVE-2008-1667
+	RESERVED
+CVE-2008-1666
+	RESERVED
+CVE-2008-1665
+	RESERVED
+CVE-2008-1664
+	RESERVED
+CVE-2008-1663
+	RESERVED
+CVE-2008-1662
+	RESERVED
+CVE-2008-1661
+	RESERVED
+CVE-2008-1660
+	RESERVED
+CVE-2008-1659
+	RESERVED
+CVE-2008-1658
+	RESERVED
+CVE-2008-1657 (OpenSSH before 4.9 allows remote authenticated users to bypass the ...)
+	TODO: check
+CVE-2008-1656
+	RESERVED
+CVE-2008-1655
+	RESERVED
+CVE-2008-1654 (Interaction error between Adobe Flash and multiple Universal Plug and ...)
+	TODO: check
+CVE-2008-1653 (Directory traversal vulnerability in index.php in Sava's Link Manager ...)
+	TODO: check
+CVE-2008-1652 (Directory traversal vulnerability in the _serve_request_multiple ...)
+	TODO: check
+CVE-2008-1651 (Directory traversal vulnerability in admin/login.php in EasyNews 4.0 ...)
+	TODO: check
+CVE-2008-1650 (SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 ...)
+	TODO: check
+CVE-2008-1649 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2008-1648 (Sympa before 5.4 allows remote attackers to cause a denial of service ...)
+	TODO: check
+CVE-2008-1647 (The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ...)
+	TODO: check
+CVE-2008-1646 (SQL injection vulnerability in wp-download.php in the WP-Download 1.2 ...)
+	TODO: check
+CVE-2008-1645 (Directory traversal vulnerability in body.php in phpSpamManager ...)
+	TODO: check
+CVE-2008-1644 (SQL injection vulnerability in viewlinks.php in Sava's Link Manager ...)
+	TODO: check
+CVE-2008-1643 (Directory traversal vulnerability in the PXE TFTP Service ...)
+	TODO: check
+CVE-2008-1642 (Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 ...)
+	TODO: check
+CVE-2008-1641 (SQL injection vulnerability in default.asp in EfesTECH Video 5.0 ...)
+	TODO: check
+CVE-2008-1640 (SQL injection vulnerability in jgs_treffen.php in the JGS-XA ...)
+	TODO: check
+CVE-2008-1639 (SQL injection vulnerability in index.php in Neat weblog 0.2 allows ...)
+	TODO: check
+CVE-2008-1638 (Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for ...)
+	TODO: check
+CVE-2008-1637 (PowerDNS Recursor before 3.1.5 uses insufficient randomness to ...)
+	TODO: check
+CVE-2008-1636 (Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick ...)
+	TODO: check
+CVE-2008-1635 (Directory traversal vulnerability in view_private.php in Keep It ...)
+	TODO: check
+CVE-2008-1634 (Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder ...)
+	TODO: check
+CVE-2008-1633 (Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown ...)
+	TODO: check
+CVE-2008-1632 (Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote ...)
+	TODO: check
+CVE-2008-1631 (SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 ...)
+	TODO: check
+CVE-2008-1630 (Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 ...)
+	TODO: check
+CVE-2008-1629 (Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows ...)
+	TODO: check
+CVE-2008-1628 (Stack-based buffer overflow in the audit_log_user_command function in ...)
+	TODO: check
+CVE-2008-1627 (CDS Invenio 0.92.1 and earlier allows remote authenticated users to ...)
+	TODO: check
+CVE-2008-1626 (SQL injection vulnerability in eggBlog before 4.0.1 allows remote ...)
+	TODO: check
+CVE-2008-1625 (aavmker4.sys in avast! Home and Professional 4.7 for Windows does not ...)
+	TODO: check
+CVE-2008-1624 (Directory traversal vulnerability in v2demo/page.php in Jshop Server ...)
+	TODO: check
+CVE-2008-1623 (SQL injection vulnerability in admin_view_image.php in Smoothflash ...)
+	TODO: check
+CVE-2008-1622 (Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow ...)
+	TODO: check
+CVE-2008-1621 (Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow ...)
+	TODO: check
+CVE-2008-1620 (Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) ...)
+	TODO: check
+CVE-2008-1619 (The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers ...)
+	TODO: check
+CVE-2008-1618 (The PPTP VPN service in Watchguard Firebox before 10, when performing ...)
+	TODO: check
+CVE-2008-1617
+	RESERVED
+CVE-2008-1616
+	RESERVED
+CVE-2008-1615
+	RESERVED
+CVE-2008-1614 (suPHP before 0.6.3 allows local users to gain privileges via (1) a ...)
+	TODO: check
+CVE-2008-1613
+	RESERVED
+CVE-2008-1612 (The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows ...)
+	TODO: check
+CVE-2008-1611 (Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows ...)
+	TODO: check
+CVE-2008-1610 (Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 ...)
+	TODO: check
+CVE-2008-1609 (Multiple PHP remote file inclusion vulnerabilities in just another ...)
+	TODO: check
+CVE-2008-1608 (SQL injection vulnerability in postview.php in Clever Copy 3.0 allows ...)
+	TODO: check
+CVE-2008-1607 (SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba ...)
+	TODO: check
+CVE-2008-1606 (Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 ...)
+	TODO: check
+CVE-2008-1605 (The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ...)
+	TODO: check
+CVE-2008-1604 (Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 ...)
+	TODO: check
+CVE-2008-1603 (Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9 ...)
+	TODO: check
+CVE-2008-1602 (Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows ...)
+	TODO: check
+CVE-2003-1557 (Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, ...)
+	TODO: check
+CVE-2003-1556 (Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI ...)
+	TODO: check
 CVE-2008-1601 (Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and ...)
 	NOT-FOR-US: IBM AIX
 CVE-2008-1600 (The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly ...)
@@ -150,7 +336,7 @@
 CVE-2008-1568 (comix 3.6.4 allows attackers to execute arbitrary commands via a ...)
 	- comix 3.6.4-1.1 (low; bug #462840)
 	NOTE: comix can't be used in a non-interactive setup thus the impact level
-CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the (1) MySQL username, (2) ...)
+CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) ...)
 	- phpmyadmin 2.11.5.1 (unimportant)
 	NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2
 	NOTE: It is a workaround for the limited security that PHP has for
@@ -193,8 +379,8 @@
 	RESERVED
 CVE-2008-1516
 	RESERVED
-CVE-2008-1515
-	RESERVED
+CVE-2008-1515 (The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 ...)
+	TODO: check
 CVE-2008-1514 (ptrace in Linux kernel 2.6.9 on Fedora 7 and 8 allows local users to ...)
 	TODO: check
 	NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24 here
@@ -253,7 +439,7 @@
 	- php5-apc <itp> (bug #335404)
 CVE-2008-1487 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...)
 	NOT-FOR-US: LinPHA
-CVE-2008-1486 (SQL injection vulnerability in Phorum before 5.2.6 , when mysql_use_ft ...)
+CVE-2008-1486 (SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft ...)
 	NOT-FOR-US: Phorum
 CVE-2008-1485 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier ...)
 	NOT-FOR-US: PunBB
@@ -496,10 +682,10 @@
 	RESERVED
 CVE-2008-1375
 	RESERVED
-CVE-2008-1374
-	RESERVED
-CVE-2008-1373
-	RESERVED
+CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux ...)
+	TODO: check
+CVE-2008-1373 (Buffer overflow in the gif_read_lzw in CUPS 1.3.6 allows remote ...)
+	TODO: check
 CVE-2008-1372 (bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to ...)
 	- bzip2 1.0.5-0.1 (bug #471670)
 CVE-2008-1371 (Absolute path traversal vulnerability in install/index.php in Drake ...)
@@ -531,7 +717,7 @@
 	NOT-FOR-US: VMware
 CVE-2008-1359 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB ...)
 	NOT-FOR-US: Invision Power Board
-CVE-2008-1358 (Sack-based buffer overflow in the IMAP server in Alt-N Technologies ...)
+CVE-2008-1358 (Stack-based buffer overflow in the IMAP server in Alt-N Technologies ...)
 	NOT-FOR-US: MDaemon
 CVE-2008-1357 (Format string vulnerability in the logDetail function of applib.dll in ...)
 	NOT-FOR-US: McAfee Common Management Agent
@@ -590,14 +776,14 @@
 CVE-2008-1332 (Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, ...)
 	{DSA-1525-1}
 	- asterisk 1:1.4.18.1~dfsg-1 (medium)
-CVE-2008-1331
-	RESERVED
+CVE-2008-1331 (Unspecified vulnerability in OmniPCX Office with Internet Access ...)
+	TODO: check
 CVE-2008-1330 (Unspecified vulnerability in the Windows client API in Novell ...)
 	NOT-FOR-US: Novell Groupwise
-CVE-2008-1329
-	RESERVED
-CVE-2008-1328
-	RESERVED
+CVE-2008-1329 (Unspecified vulnerability in the NetBackup service in CA ARCserve ...)
+	TODO: check
+CVE-2008-1328 (Buffer overflow in the LGServer service in CA ARCserve Backup for ...)
+	TODO: check
 CVE-2008-1327 (Gallarific does not require authentication for (1) users.php and (2) ...)
 	NOT-FOR-US: Gallarific
 CVE-2008-1326 (Cross-site scripting (XSS) vulnerability in search.php in Gallarific ...)
@@ -1009,8 +1195,8 @@
 	TODO: check
 CVE-2008-1155
 	RESERVED
-CVE-2008-1154
-	RESERVED
+CVE-2008-1154 (The Disaster Recovery Framework (DRF) master server in Cisco Unified ...)
+	TODO: check
 CVE-2008-1153 (Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the ...)
 	TODO: check
 CVE-2008-1152 (The data-link switching (DLSw) component in Cisco IOS 12.0 through ...)
@@ -1287,8 +1473,7 @@
 CVE-2008-1111 (mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts ...)
 	{DSA-1513-1}
 	- lighttpd 1.4.18-4 (low; bug #469307)
-CVE-2008-1142 [insecure default behaviour in rxvt for handling DISPLAY variable]
-	RESERVED
+CVE-2008-1142 (rxvt 2.6.4 opens an xterm on :0 if the DISPLAY environment variable is ...)
 	- rxvt <unfixed> (unimportant; bug #469296)
 	- eterm <unfixed> (unimportant; bug #473127)
 	TODO: Let's make sure it gets still fixed for Lenny
@@ -1356,28 +1541,28 @@
 	RESERVED
 CVE-2008-1024
 	RESERVED
-CVE-2008-1023
-	RESERVED
-CVE-2008-1022
-	RESERVED
-CVE-2008-1021
-	RESERVED
-CVE-2008-1020
-	RESERVED
-CVE-2008-1019
-	RESERVED
-CVE-2008-1018
-	RESERVED
-CVE-2008-1017
-	RESERVED
-CVE-2008-1016
-	RESERVED
-CVE-2008-1015
-	RESERVED
-CVE-2008-1014
-	RESERVED
-CVE-2008-1013
-	RESERVED
+CVE-2008-1023 (Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime ...)
+	TODO: check
+CVE-2008-1022 (Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows ...)
+	TODO: check
+CVE-2008-1021 (Heap-based buffer overflow in Animation codec content handling in ...)
+	TODO: check
+CVE-2008-1020 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime before ...)
+	TODO: check
+CVE-2008-1019 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime before ...)
+	TODO: check
+CVE-2008-1018 (Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows ...)
+	TODO: check
+CVE-2008-1017 (Heap-based buffer overflow in clipping region (aka crgn) atom handling ...)
+	TODO: check
+CVE-2008-1016 (Apple QuickTime before 7.4.5 does not properly handle movie media ...)
+	TODO: check
+CVE-2008-1015 (Buffer overflow in the data reference atom handling in Apple QuickTime ...)
+	TODO: check
+CVE-2008-1014 (Apple QuickTime before 7.4.5 does not properly handle external URLs in ...)
+	TODO: check
+CVE-2008-1013 (Apple QuickTime before 7.4.5 enables deserialization of QTJava objects ...)
+	TODO: check
 CVE-2008-1012 (Unspecified vulnerability in Apple AirPort Extreme Base Station ...)
 	NOT-FOR-US: Apple AirPort 
 CVE-2008-1011 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
@@ -1639,14 +1824,14 @@
 CVE-2008-0888 (The NEEDBITS macro in the inflate_dynamic function in inflate.c for ...)
 	{DSA-1522-1}
 	- unzip 5.52-11
-CVE-2008-0887
-	RESERVED
+CVE-2008-0887 (gnome-screensaver before 2.22.1, when a remote authentication server ...)
+	TODO: check
 CVE-2008-0886
 	REJECTED
 CVE-2008-0885
 	RESERVED
-CVE-2008-0884
-	RESERVED
+CVE-2008-0884 (The Replace function in the capp-lspp-config script in the (1) ...)
+	TODO: check
 CVE-2008-0882 (Double free vulnerability in the process_browse_data function in CUPS ...)
 	{DSA-1530-1 DTSA-117-1}
 	- cupsys 1.3.6-1 (medium; bug #467653)
@@ -2027,10 +2212,10 @@
 	RESERVED
 CVE-2008-0710
 	RESERVED
-CVE-2008-0709
-	RESERVED
-CVE-2008-0708
-	RESERVED
+CVE-2008-0709 (Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, ...)
+	TODO: check
+CVE-2008-0708 (HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) ...)
+	TODO: check
 CVE-2008-0707 (HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX ...)
 	NOT-FOR-US: HP-UX
 CVE-2008-0706 (Unspecified vulnerability in the BIOS F.26 and earlier for the HP ...)
@@ -2362,8 +2547,8 @@
 	NOT-FOR-US: CatalogShop componenent for Mambo and Joomla!
 CVE-2008-0556 (Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, ...)
 	NOT-FOR-US: OpenCA PKI Project
-CVE-2008-0555
-	RESERVED
+CVE-2008-0555 (The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 ...)
+	TODO: check
 CVE-2008-0552 (Cross-site scripting (XSS) vulnerability in index.php in eTicket ...)
 	NOT-FOR-US: eTicket
 CVE-2008-0551 (The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll ...)
@@ -2959,10 +3144,10 @@
 	RESERVED
 CVE-2008-0312
 	RESERVED
-CVE-2008-0311
-	RESERVED
-CVE-2008-0310
-	RESERVED
+CVE-2008-0311 (Stack-based buffer overflow in the PGMWebHandler::parse_request ...)
+	TODO: check
+CVE-2008-0310 (Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 ...)
+	TODO: check
 CVE-2008-0309 (Stack-based buffer overflow in Symantec Decomposer, as used in certain ...)
 	NOT-FOR-US: Symantec Decomposer
 CVE-2008-0308 (Symantec Decomposer, as used in certain Symantec antivirus products ...)
@@ -3574,8 +3759,8 @@
 	RESERVED
 CVE-2008-0070 (Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA ...)
 	TODO: check
-CVE-2008-0069
-	RESERVED
+CVE-2008-0069 (Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows ...)
+	TODO: check
 CVE-2008-0068
 	RESERVED
 CVE-2008-0067
@@ -6502,8 +6687,8 @@
 	NOT-FOR-US: Adobe Reader
 CVE-2007-5662
 	RESERVED
-CVE-2007-5661
-	RESERVED
+CVE-2007-5661 (The Macrovision InstallShield InstallScript One-Click Install (OCI) ...)
+	TODO: check
 CVE-2007-5660 (Unspecified vulnerability in the Update Service ActiveX control in ...)
 	NOT-FOR-US:  MacroVision FLEXnet Connect and InstallShield 2008
 CVE-2007-5659 (Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and ...)
@@ -9605,8 +9790,8 @@
 	NOT-FOR-US: IBM AIX
 CVE-2007-4621 (Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain ...)
 	NOT-FOR-US: IBM AIX
-CVE-2007-4620
-	RESERVED
+CVE-2007-4620 (Multiple stack-based buffer overflows in Computer Associates (CA) ...)
+	TODO: check
 CVE-2007-4619 (Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...)
 	{DSA-1469-1}
 	- flac 1.2.1-1 (medium)
@@ -35043,7 +35228,7 @@
 	NOT-FOR-US: PHPX
 CVE-2006-0932 (Directory traversal vulnerability in zip.lib.php 0.1.1 in ...)
 	NOT-FOR-US: zip.lib.php
-CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2 allows ...)
+CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...)
 	- php5 <unfixed> (bug #368545; unimportant)
 	- php4 <unfixed> (bug #368545; unimportant)
 	NOTE: is this really a vulnerability in pear?  it seems it should be a bug

More information about the Secure-testing-commits mailing list