[Secure-testing-commits] r8543 - data/CVE
keescook-guest at alioth.debian.org
keescook-guest at alioth.debian.org
Wed Apr 16 21:02:36 UTC 2008
Author: keescook-guest
Date: 2008-04-16 21:02:35 +0000 (Wed, 16 Apr 2008)
New Revision: 8543
Modified:
data/CVE/list
Log:
NFUs: 48
unfixed: libpng linux-2.6 m4 phpbb2 policykit
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-04-16 20:23:08 UTC (rev 8542)
+++ data/CVE/list 2008-04-16 21:02:35 UTC (rev 8543)
@@ -37,39 +37,39 @@
CVE-2008-1767
RESERVED
CVE-2008-1766 (Multiple unspecified vulnerabilities in phpBB before 3.0.1 have ...)
- TODO: check
+ - phpbb2 <unfixed> (low)
CVE-2008-1765
RESERVED
CVE-2008-1764 (Unspecified vulnerability in Opera for Windows before 9.27 has unknown ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2008-1763 (SQL injection vulnerability in _blogadata/include/sond_result.php in ...)
- TODO: check
+ NOT-FOR-US: Blogator-script
CVE-2008-1762 (Opera before 9.27 allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2008-1761 (Opera before 9.27 allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2008-1760 (Multiple PHP remote file inclusion vulnerabilities in Blogator-script ...)
- TODO: check
+ NOT-FOR-US: Blogator-script
CVE-2008-1759 (SQL injection vulnerability in the jeuxflash module for KwsPHP allows ...)
- TODO: check
+ NOT-FOR-US: KwsPHP
CVE-2008-1758 (SQL injection vulnerability in the ConcoursPhoto module for KwsPHP ...)
- TODO: check
+ NOT-FOR-US: KwsPHP
CVE-2008-1757 (Cross-site scripting (XSS) vulnerability in index.php in the ...)
- TODO: check
+ NOT-FOR-US: KwsPHP
CVE-2008-1756 (Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine ...)
- TODO: check
+ NOT-FOR-US: Sun
CVE-2008-1755 (Directory traversal vulnerability in the showSource function in ...)
- TODO: check
+ NOT-FOR-US: World of Phaos
CVE-2008-1754 (Symantec Altiris Deployment Solution before 6.9.164 stores the ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2008-1753 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Alkacon OpenCMS
CVE-2008-1752 (ezRADIUS 0.1 stores sensitive information under the web root with ...)
- TODO: check
+ NOT-FOR-US: ezRADIUS
CVE-2008-1751 (Multiple directory traversal vulnerabilities in index.php in Ksemail ...)
- TODO: check
+ NOT-FOR-US: Ksemail
CVE-2008-1750 (SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and ...)
- TODO: check
+ NOT-FOR-US: LiveCart
CVE-2008-1749
RESERVED
CVE-2008-1748
@@ -103,25 +103,25 @@
CVE-2008-1734
RESERVED
CVE-2008-1733 (SQL injection vulnerability in puarcade.class.php 2.2 and earlier in ...)
- TODO: check
+ NOT-FOR-US: Joomla component Pragmatic Utopia PU Arcade
CVE-2008-1732 (SQL injection vulnerability in showpredictionsformatch.php in ...)
- TODO: check
+ NOT-FOR-US: Prediction Football
CVE-2008-1731 (The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not ...)
- TODO: check
+ NOT-FOR-US: Drupal module Simple Access
CVE-2008-1730 (Directory traversal vulnerability in download.html in ARWScripts ...)
- TODO: check
+ NOT-FOR-US: ARWScripts Gallery Script Lite
CVE-2008-1729 (The menu system in Drupal 6 before 6.2 has incorrect menu settings, ...)
- TODO: check
+ NOT-FOR-US: Drupal 6 (not packaged yet)
CVE-2008-1728 (ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows ...)
- TODO: check
+ NOT-FOR-US: Ignite Realtime Openfire
CVE-2008-1727 (KnowledgeQuest 2.5 and 2.6 does not require authentication for access ...)
- TODO: check
+ NOT-FOR-US: KnowledgeQuest
CVE-2008-1726 (Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when ...)
- TODO: check
+ NOT-FOR-US: KnowledgeQuest
CVE-2008-1725 (The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz ...)
- TODO: check
+ NOT-FOR-US: ActiveX
CVE-2008-1724 (Stack-based buffer overflow in the IActiveXTransfer.FileTransfer ...)
- TODO: check
+ NOT-FOR-US: ActiveX
CVE-2008-1723
RESERVED
CVE-2008-1722 (Multiple integer overflows in (1) filter/image-png.c and (2) ...)
@@ -130,37 +130,37 @@
- python2.4 <unfixed>
- python2.5 <unfixed>
CVE-2008-1719 (Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET ...)
- TODO: check
+ NOT-FOR-US: Nuke ET
CVE-2008-1718 (Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, ...)
- TODO: check
+ NOT-FOR-US: IBM Lotus Notes
CVE-2008-1717 (WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 ...)
- TODO: check
+ NOT-FOR-US: WoltLab Community Framework
CVE-2008-1716 (Cross-site scripting (XSS) vulnerability in WoltLab Community ...)
- TODO: check
+ NOT-FOR-US: WoltLab Community Framework
CVE-2008-1715 (SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and ...)
- TODO: check
+ NOT-FOR-US: AuraCMS
CVE-2008-1714 (SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when ...)
- TODO: check
+ NOT-FOR-US: FaScript FaPhoto
CVE-2008-1713 (MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: NoticeWare Email Server
CVE-2008-1712 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: mx_blogs
CVE-2008-1711 (Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores ...)
- TODO: check
+ NOT-FOR-US: Terong PHP Photo Gallery
CVE-2008-1710 (Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2008-1709 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Visual InterDev
CVE-2008-1708 (IBM solidDB 06.00.1018 and earlier does not validate a certain field ...)
- TODO: check
+ NOT-FOR-US: IBM solidDB
CVE-2008-1707 (IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: IBM solidDB
CVE-2008-1706 (Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: IBM solidDB
CVE-2008-1705 (Format string vulnerability in the logging function in IBM solidDB ...)
- TODO: check
+ NOT-FOR-US: IBM solidDB
CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux ...)
- TODO: check
+ - linux-2.6 <unfixed> (medium)
CVE-2008-XXXX [Incorrect input validation in PyString_FromStringAndSize()]
- python2.5 <unfixed>
TODO: python2.4 needs to be checked
@@ -173,9 +173,9 @@
NOTE: Etch is affected (it enables the acl upstream patch)
NOTE: http://samba.anu.edu.au/rsync/security.html#s3_0_2
CVE-2008-1704 (Multiple buffer overflows in TIBCO Software Enterprise Message Service ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2008-1703 (Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2008-1702 (Absolute path traversal vulnerability in dload.php in the my_gallery ...)
NOT-FOR-US: my_gallery plugin for e107
CVE-2008-1701 (Novell NetWare 6.5 allows attackers to cause a denial of service ...)
@@ -205,9 +205,9 @@
CVE-2008-1689 (Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and ...)
NOT-FOR-US: SLMail Pro
CVE-2008-1688 (Unspecified vulnerability in GNU m4 before 1.4.11 might allow ...)
- TODO: check
+ - m4 <unfixed> (low)
CVE-2008-1687 (The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before ...)
- TODO: check
+ - m4 <unfixed> (low)
CVE-2008-1686 (Uncontrolled array index in Speex 1.1.12 and earlier, as used in ...)
- speex 1.2~beta2-1 (medium)
- libfishsound 0.7.0-2.2 (medium; bug #475152)
@@ -271,11 +271,11 @@
CVE-2008-1659
RESERVED
CVE-2008-1658 (Format string vulnerability in the grant helper ...)
- TODO: check
+ - policykit <unfixed> (medium)
CVE-2008-1657 (OpenSSH before 4.9 allows remote authenticated users to bypass the ...)
- openssh 1:4.7p1-8 (low; bug #475156)
CVE-2008-1656 (Adobe ColdFusion 8 and 8.0.1 does not properly implement the public ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2008-1655 (Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, ...)
TODO: check
CVE-2008-1654 (Interaction error between Adobe Flash and multiple Universal Plug and ...)
@@ -879,7 +879,7 @@
CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile or ...)
NOT-FOR-US: Gentoo Linux Ebuilds
CVE-2008-1382 (libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 ...)
- TODO: check
+ - libpng <unfixed> (low)
CVE-2008-1381
RESERVED
CVE-2008-1380
@@ -1576,7 +1576,7 @@
CVE-2008-1102
RESERVED
CVE-2008-1101 (Buffer overflow in kvdocve.dll in the KeyView document viewing engine ...)
- TODO: check
+ NOT-FOR-US: KeyView
CVE-2008-1100 (Buffer overflow in the cli_scanpe function in libclamav ...)
- clamav <unfixed>
CVE-2008-1099 (_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not ...)
@@ -1881,11 +1881,11 @@
CVE-2008-0964
RESERVED
CVE-2008-0963 (Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 ...)
- TODO: check
+ NOT-FOR-US: EMC DiskXtender
CVE-2008-0962 (Stack-based buffer overflow in the File System Manager for EMC ...)
- TODO: check
+ NOT-FOR-US: EMC DiskXtender
CVE-2008-0961 (EMV DiskXtender 6.20.060 has a hard-coded login and password, which ...)
- TODO: check
+ NOT-FOR-US: EMC DiskXtender
CVE-2008-0960
RESERVED
CVE-2008-0959
@@ -1959,7 +1959,7 @@
- xen-3.0 <removed>
- kvm 63+dfsg-1 (bug #469666)
CVE-2008-0927 (dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows ...)
- TODO: check
+ NOT-FOR-US: Novell eDirectory
CVE-2008-0926 (Unspecified vulnerability in the eMBox utility in Novell eDirectory ...)
NOT-FOR-US: Novell eDirectory
CVE-2008-0925
More information about the Secure-testing-commits
mailing list