[Secure-testing-commits] r8491 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Wed Apr 9 09:14:18 UTC 2008


Author: joeyh
Date: 2008-04-09 09:14:17 +0000 (Wed, 09 Apr 2008)
New Revision: 8491

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-04-08 22:38:50 UTC (rev 8490)
+++ data/CVE/list	2008-04-09 09:14:17 UTC (rev 8491)
@@ -1,3 +1,27 @@
+CVE-2008-1704
+	RESERVED
+CVE-2008-1703
+	RESERVED
+CVE-2008-1702 (Absolute path traversal vulnerability in dload.php in the my_gallery ...)
+	TODO: check
+CVE-2008-1701 (Novell NetWare 6.5 allows attackers to cause a denial of service ...)
+	TODO: check
+CVE-2008-1700 (The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite ...)
+	TODO: check
+CVE-2008-1699 (SQL injection vulnerability in permalink.php in Desi Quintans Writer's ...)
+	TODO: check
+CVE-2008-1698 (Cross-site scripting (XSS) vulnerability in gallery.php in Simple ...)
+	TODO: check
+CVE-2008-1697 (Stack-based buffer overflow in ovwparser.dll in HP OpenView Network ...)
+	TODO: check
+CVE-2008-1696 (Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, ...)
+	TODO: check
+CVE-2008-1695
+	RESERVED
+CVE-2008-1694
+	RESERVED
+CVE-2008-1693
+	RESERVED
 CVE-2008-1692 (Eterm 0.9.4 opens an xterm on :0 if -display is not specified and the ...)
 	TODO: check
 CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and ...)
@@ -10,8 +34,8 @@
 	RESERVED
 CVE-2008-1687
 	RESERVED
-CVE-2008-1686
-	RESERVED
+CVE-2008-1686 (Uncontrolled array index in Speex 1.1.12 and earlier, as used in ...)
+	TODO: check
 CVE-2008-1685 (gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not ...)
 	TODO: check
 CVE-2008-1684 (inetd on Sun Solaris 10, when debug logging is enabled, allows local ...)
@@ -148,8 +172,8 @@
 	TODO: check
 CVE-2008-1618 (The PPTP VPN service in Watchguard Firebox before 10, when performing ...)
 	TODO: check
-CVE-2008-1617
-	RESERVED
+CVE-2008-1617 (Double free vulnerability in Web TransferCtrl Class 8,2,1,4 ...)
+	TODO: check
 CVE-2008-1616
 	RESERVED
 CVE-2008-1615
@@ -335,7 +359,7 @@
 	- policyd-weight 0.1.14.17-1 (low)
 CVE-2008-1568 (comix 3.6.4 allows attackers to execute arbitrary commands via a ...)
 	- comix 3.6.4-1.1 (low; bug #462840)
-        [etch] - comix <no-dsa> (Minor issue)
+	[etch] - comix <no-dsa> (Minor issue)
 	NOTE: comix can't be used in a non-interactive setup thus the impact level
 CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) ...)
 	- phpmyadmin 2.11.5.1 (unimportant)
@@ -734,6 +758,7 @@
 CVE-2008-1352 (Directory traversal vulnerability in search.php in EdiorCMS (ecms) 3.0 ...)
 	NOT-FOR-US: EdiorCMS
 CVE-2008-1351 (SQL injection vulnerability in the Tutorials 2.1b module for XOOPS ...)
+	{DSA-1540-1}
 	NOT-FOR-US: Tutorials module for XOOPS
 CVE-2008-1350 (SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) ...)
 	NOT-FOR-US: Fully Modded phpBB
@@ -1386,22 +1411,22 @@
 	NOT-FOR-US: Microsoft Jet Database Engine
 CVE-2008-1091
 	RESERVED
-CVE-2008-1090
-	RESERVED
-CVE-2008-1089
-	RESERVED
-CVE-2008-1088
-	RESERVED
-CVE-2008-1087
-	RESERVED
-CVE-2008-1086
-	RESERVED
-CVE-2008-1085
-	RESERVED
-CVE-2008-1084
-	RESERVED
-CVE-2008-1083
-	RESERVED
+CVE-2008-1090 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and ...)
+	TODO: check
+CVE-2008-1089 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and ...)
+	TODO: check
+CVE-2008-1088 (Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 ...)
+	TODO: check
+CVE-2008-1087 (Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP ...)
+	TODO: check
+CVE-2008-1086 (The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft ...)
+	TODO: check
+CVE-2008-1085 (Use after free vulnerability in Microsoft Internet Explorer 5.01 SP4, ...)
+	TODO: check
+CVE-2008-1084 (Unspecified vulnerability in the kernel in Microsoft Windows 200 SP4, ...)
+	TODO: check
+CVE-2008-1083 (Heap-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP ...)
+	TODO: check
 CVE-2008-1082 (Opera before 9.26 allows remote attackers to &quot;bypass sanitization ...)
 	NOT-FOR-US: Opera
 CVE-2008-1081 (Opera before 9.26 allows user-assisted remote attackers to execute ...)
@@ -2209,8 +2234,8 @@
 	RESERVED
 CVE-2008-0712
 	RESERVED
-CVE-2008-0711
-	RESERVED
+CVE-2008-0711 (Unspecified vulnerability in the embedded management console in HP ...)
+	TODO: check
 CVE-2008-0710
 	RESERVED
 CVE-2008-0709 (Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, ...)
@@ -2314,6 +2339,7 @@
 CVE-2008-0659 (Stack-based buffer overflow in Aurigma Image Uploader ActiveX control ...)
 	NOT-FOR-US: Aurigma Image Uploader
 CVE-2008-0658 (slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP ...)
+	{DSA-1541-1}
 	- openldap2.3 2.4.7-6.1 (low; bug #465875)
 	- openldap2.2 <removed>
 	- openldap2 <not-affected> (slapd not built from this version)
@@ -2655,6 +2681,7 @@
 CVE-2007-6699 (Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control ...)
 	NOT-FOR-US: AIM PicEditor
 CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote ...)
+	{DSA-1541-1}
 	- openldap2.3 2.3.38-1
 	- openldap2.2 <removed>
 	- openldap2 <not-affected> (slapd not built)
@@ -3141,10 +3168,10 @@
 	RESERVED
 CVE-2008-0314
 	RESERVED
-CVE-2008-0313
-	RESERVED
-CVE-2008-0312
-	RESERVED
+CVE-2008-0313 (The ActiveDataInfo.LaunchProcess method in the ...)
+	TODO: check
+CVE-2008-0312 (Stack-based buffer overflow in the AutoFix Support Tool ActiveX ...)
+	TODO: check
 CVE-2008-0311 (Stack-based buffer overflow in the PGMWebHandler::parse_request ...)
 	TODO: check
 CVE-2008-0310 (Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 ...)
@@ -3393,7 +3420,7 @@
 	NOT-FOR-US: HP Select Identity
 CVE-2008-0213 (Unspecified vulnerability in a certain ActiveX control for HP Virtual ...)
 	NOT-FOR-US: HP Virtual Rooms
-CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) ...)
+CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and ...)
 	NOT-FOR-US: HP OpenView Network Node Manager
 CVE-2008-0211 (Unspecified vulnerability in the BIOS F.04 through F.11 for the HP ...)
 	TODO: check
@@ -3719,16 +3746,16 @@
 	NOT-FOR-US: ClipShare
 CVE-2008-0088 (Unspecified vulnerability in Active Directory on Microsoft Windows ...)
 	NOT-FOR-US: Windows
-CVE-2008-0087
-	RESERVED
+CVE-2008-0087 (The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 ...)
+	TODO: check
 CVE-2008-0086
 	RESERVED
 CVE-2008-0085
 	RESERVED
 CVE-2008-0084 (Unspecified vulnerability in the TCP/IP support in Microsoft Windows ...)
 	NOT-FOR-US: Windows
-CVE-2008-0083
-	RESERVED
+CVE-2008-0083 (The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) ...)
+	TODO: check
 CVE-2008-0082
 	RESERVED
 CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 ...)
@@ -6580,11 +6607,12 @@
 CVE-2002-2307 (The default configuration of BenHur Firewall release 3 update 066 fix ...)
 	NOT-FOR-US: not processed, predates tracker
 CVE-2007-5707 (OpenLDAP before 2.3.39 allows remote attackers to cause a denial of ...)
+	{DSA-1541-1}
 	- openldap2.3 2.3.38-1 (medium; bug #440632)
 	- openldap2.2 <removed>
 	- openldap2 <not-affected> (slapd not built)
 CVE-2007-5708 (slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, ...)
-	{DTSA-87-1}
+	{DSA-1541-1 DTSA-87-1}
 	- openldap2.3 2.3.39-1 (medium; bug #448644)
 CVE-2007-2983 (Multiple buffer overflows in the British Telecommunications Consumer ...)
 	NOT-FOR-US: British Telecommunications Consumer webhelper
@@ -40658,7 +40686,7 @@
 	NOT-FOR-US: HP Advanced Server
 CVE-2002-2137 (GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and ...)
 	NOT-FOR-US: GlobalSunTech Wireless Access Points
-CVE-2002-2136 (The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) ...)
+CVE-2002-2136
 	REJECTED
 	NOT-FOR-US: SUNW*
 CVE-2002-2135




More information about the Secure-testing-commits mailing list