[Secure-testing-commits] r8567 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Fri Apr 18 09:14:21 UTC 2008
Author: joeyh
Date: 2008-04-18 09:14:20 +0000 (Fri, 18 Apr 2008)
New Revision: 8567
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-04-18 06:46:47 UTC (rev 8566)
+++ data/CVE/list 2008-04-18 09:14:20 UTC (rev 8567)
@@ -1,3 +1,89 @@
+CVE-2008-1876 (PHP remote file inclusion vulnerability in index.php in VisualPic ...)
+ TODO: check
+CVE-2008-1875 (SQL injection vulnerability in index.php in Terong PHP Photo Gallery ...)
+ TODO: check
+CVE-2008-1874 (SQL injection vulnerability in account/user/mail.html in Xpoze Pro ...)
+ TODO: check
+CVE-2008-1873 (Cross-site scripting (XSS) vulnerability in the private message ...)
+ TODO: check
+CVE-2008-1872 (SQL injection vulnerability in home.news.php in Comdev News Publisher ...)
+ TODO: check
+CVE-2008-1871 (SQL injection vulnerability in links.php in Scriptsagent.com Links ...)
+ TODO: check
+CVE-2008-1870 (SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and ...)
+ TODO: check
+CVE-2008-1869 (SQL injection vulnerability in Site Sift Listings allows remote ...)
+ TODO: check
+CVE-2008-1868 (admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does ...)
+ TODO: check
+CVE-2008-1867 (SQL injection vulnerability in Blog Pixel Motion (aka Blog ...)
+ TODO: check
+CVE-2008-1866 (admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) ...)
+ TODO: check
+CVE-2008-1865 (Stack-based buffer overflow in the msx_readnode function in libmosix.c ...)
+ TODO: check
+CVE-2008-1864 (SQL injection vulnerability in project.php in Prozilla Freelancers ...)
+ TODO: check
+CVE-2008-1863 (SQL injection vulnerability in view_reviews.php in Prozilla Cheat ...)
+ TODO: check
+CVE-2008-1862 (ExBB Italia 0.22 and earlier only checks GET requests that use the ...)
+ TODO: check
+CVE-2008-1861 (Directory traversal vulnerability in modules/threadstop/threadstop.php ...)
+ TODO: check
+CVE-2008-1860 (Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and ...)
+ TODO: check
+CVE-2008-1859 (SQL injection vulnerability in events.php in iScripts SocialWare ...)
+ TODO: check
+CVE-2008-1858 (SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 ...)
+ TODO: check
+CVE-2008-1857 (Multiple directory traversal vulnerabilities in viewsource.php in Make ...)
+ TODO: check
+CVE-2008-1856 (plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not ...)
+ TODO: check
+CVE-2008-1855 (FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 ...)
+ TODO: check
+CVE-2008-1854 (Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in ...)
+ TODO: check
+CVE-2008-1853 (The ovtopmd service in HP OpenView Network Node Manager (OV NNM) 7.51, ...)
+ TODO: check
+CVE-2008-1852 (ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, ...)
+ TODO: check
+CVE-2008-1851 (ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, ...)
+ TODO: check
+CVE-2008-1850 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
+ TODO: check
+CVE-2008-1849 (Directory traversal vulnerability in index.php in the joomlaXplorer ...)
+ TODO: check
+CVE-2008-1848 (Cross-site scripting (XSS) vulnerability in the joomlaXplorer ...)
+ TODO: check
+CVE-2008-1847 (SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook ...)
+ TODO: check
+CVE-2008-1846 (The default configuration of SAP NetWeaver before 7.0 SP15 does not ...)
+ TODO: check
+CVE-2008-1845 (The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not ...)
+ TODO: check
+CVE-2008-1844 (SQL injection vulnerability in cat.php in W2B phpHotResources allows ...)
+ TODO: check
+CVE-2008-1843 (SQL injection vulnerability in browse.php in W2B DatingClub (aka ...)
+ TODO: check
+CVE-2008-1842 (Integer signedness error in ovspmd.exe in HP OpenView Network Node ...)
+ TODO: check
+CVE-2008-1841 (SQL injection vulnerability in the session handling functionality in ...)
+ TODO: check
+CVE-2008-1840 (SQL injection vulnerability in upload.php in Coppermine Photo Gallery ...)
+ TODO: check
+CVE-2008-1839 (Multgiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-1838 (SQL injection vulnerability in BosClassifieds Classified Ads System ...)
+ TODO: check
+CVE-2008-1836 (The rfc2231 function in message.c in libclamav in ClamAV before 0.93 ...)
+ TODO: check
+CVE-2008-1834 (swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict ...)
+ TODO: check
+CVE-2008-1833 (Heap-based buffer overflow in libclamav in ClamAV 0.92.1 allows remote ...)
+ TODO: check
+CVE-2007-6713 (Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown ...)
+ TODO: check
CVE-2007-6714 [dbmail auth bypass]
- dbmail 2.2.9
CVE-2008-1878 [nsf buffer overflow in xine]
@@ -99,8 +185,8 @@
TODO: check
CVE-2008-1787 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
TODO: check
-CVE-2008-1786
- RESERVED
+CVE-2008-1786 (Unspecified vulnerability in the DSM gui_cm_ctrls ActiveX control ...)
+ TODO: check
CVE-2008-1785 (delete.php in Prozilla Top 100 1.2 allows remote authenticated users ...)
TODO: check
CVE-2008-1784 (Prozilla Topsites 1.0 allows remote attackers to perform ...)
@@ -109,11 +195,11 @@
TODO: check
CVE-2008-1782 (phpdemo/viewsource.php in Advanced Software Engineering ChartDirector ...)
TODO: check
-CVE-2008-1837 [clamav 0.93 rar issue]
+CVE-2008-1837 (libclamunrar in ClamAV before 0.93 allows remote attackers to cause a ...)
- clamav <not-affected> (Debian doesn't include libunrar since it's non-free)
-CVE-2008-1835 [clamav 0.93 rar issue]
+CVE-2008-1835 (ClamAV before 0.93 allows remote attackers to bypass the scanning ...)
- clamav <not-affected> (Debian doesn't include libunrar since it's non-free)
-CVE-2008-1832 [secilia insecure tmp file usage]
+CVE-2008-1832 (lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite ...)
- cecilia <unfixed> (low; bug #476321)
[etch] - cecilica <no-dsa> (Minor issue)
CVE-2008-1781
@@ -136,8 +222,7 @@
NOT-FOR-US: Dragoon
CVE-2008-1772 (iScripts SocialWare stores passwords in cleartext in a database, which ...)
NOT-FOR-US: iScripts SocialWare
-CVE-2008-1771 [integer overflow in mt-daapd]
- RESERVED
+CVE-2008-1771 (Integer overflow in the ws_getpostvars function in Firefly Media ...)
- mt-daapd 0.9~r1696-1.3 (medium; bug #476241)
CVE-2008-1770
RESERVED
@@ -304,18 +389,19 @@
RESERVED
CVE-2008-1694 [emacs insecure temp file in vcdiff]
RESERVED
- - emacs21 <unfixed> (low; bug #476612)
- [etch] - emacs21 <no-dsa> (Minor issue)
- - emacs22 <unfixed> (low; bug #476611)
- - xemacs21 <unfixed> (low; bug #476613)
- [etch] - xemacs21 <no-dsa> (Minor issue)
+ - emacs21 <unfixed> (low; bug #476612)
+ [etch] - emacs21 <no-dsa> (Minor issue)
+ - emacs22 <unfixed> (low; bug #476611)
+ - xemacs21 <unfixed> (low; bug #476613)
+ [etch] - xemacs21 <no-dsa> (Minor issue)
CVE-2008-1693 [xpdf lack of typechecking for embedded fonts]
RESERVED
- - xpdf 3.02
- - poppler <unfixed>
- TODO: File bug for poppler
- TODO: kpdf/kdegraphics from Etch are not affected, sid needs to be checked
- TODO: check pdftex
+ {DSA-1548-1}
+ - xpdf 3.02
+ - poppler <unfixed>
+ TODO: File bug for poppler
+ TODO: kpdf/kdegraphics from Etch are not affected, sid needs to be checked
+ TODO: check pdftex
CVE-2008-1692 (Eterm 0.9.4 opens an xterm on :0 if -display is not specified and the ...)
- eterm 0.9.4.0debian1-2.1 (bug #473127)
CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and ...)
@@ -481,6 +567,7 @@
CVE-2008-1615
RESERVED
CVE-2008-1614 (suPHP before 0.6.3 allows local users to gain privileges via (1) a ...)
+ {DSA-1550-1}
- suphp <unfixed> (low; bug #475431)
CVE-2008-1613
RESERVED
@@ -644,7 +731,7 @@
- joomla <itp> (bug #326398)
CVE-2008-1532 (Perlbal before 1.70, when buffered upload is enabled, allows remote ...)
- perlbal <itp> (bug #456534)
-CVE-2008-1531 (lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote ...)
+CVE-2008-1531 (The connection_state_machine function (connections.c) in lighttpd ...)
{DSA-1540-1}
- lighttpd 1.4.19-2 (low; bug #475438)
CVE-2005-4874 (The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE ...)
@@ -984,8 +1071,7 @@
RESERVED
CVE-2008-1388
RESERVED
-CVE-2008-1387 [clamav 0.93 unarj issue]
- RESERVED
+CVE-2008-1387 (ClamAV before 0.93 allows remote attackers to cause a denial of ...)
- clamav 0.92.1~dfsg2-1
[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2008-1386
@@ -1002,8 +1088,8 @@
- libpng <unfixed> (low)
CVE-2008-1381
RESERVED
-CVE-2008-1380
- RESERVED
+CVE-2008-1380 (The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird ...)
+ TODO: check
CVE-2008-1379
RESERVED
CVE-2008-1378
@@ -1529,8 +1615,8 @@
NOT-FOR-US: Cisco IPM
CVE-2008-1156 (Unspecified vulnerability in the Multicast Virtual Private Network ...)
NOT-FOR-US: Cisco IOS
-CVE-2008-1155
- RESERVED
+CVE-2008-1155 (Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before ...)
+ TODO: check
CVE-2008-1154 (The Disaster Recovery Framework (DRF) master server in Cisco Unified ...)
NOT-FOR-US: Cisco IOS
CVE-2008-1153 (Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the ...)
@@ -1698,6 +1784,7 @@
CVE-2008-1101 (Buffer overflow in kvdocve.dll in the KeyView document viewing engine ...)
NOT-FOR-US: KeyView
CVE-2008-1100 (Buffer overflow in the cli_scanpe function in libclamav ...)
+ {DSA-1549-1}
- clamav 0.92.1~dfsg2-1
CVE-2008-1099 (_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not ...)
{DSA-1514-1}
@@ -1869,12 +1956,12 @@
RESERVED
CVE-2008-1027
RESERVED
-CVE-2008-1026
- RESERVED
-CVE-2008-1025
- RESERVED
-CVE-2008-1024
- RESERVED
+CVE-2008-1026 (Integer overflow in the PCRE regular expression compiler ...)
+ TODO: check
+CVE-2008-1025 (Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in ...)
+ TODO: check
+CVE-2008-1024 (Apple Safari before 3.1.1, when running on Windows XP or Vista, allows ...)
+ TODO: check
CVE-2008-1023 (Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime ...)
NOT-FOR-US: Apple QuickTime
CVE-2008-1022 (Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows ...)
@@ -2145,10 +2232,10 @@
NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0894 (Apple Safari might allow remote attackers to obtain potentially ...)
NOT-FOR-US: Apple Safari
-CVE-2008-0893
- RESERVED
-CVE-2008-0892
- RESERVED
+CVE-2008-0893 (Red Hat Administration Server, as used by Red Hat Directory Server 8.0 ...)
+ TODO: check
+CVE-2008-0892 (The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat ...)
+ TODO: check
CVE-2008-0891
RESERVED
CVE-2008-0890 (Red Hat Directory Server 7.1 before SP4 uses insecure permissions for ...)
@@ -3465,9 +3552,9 @@
RESERVED
CVE-2008-0321
RESERVED
-CVE-2008-0320 [oo.o ole buffer overflow]
- RESERVED
- - openoffice.org 2.4.0~ooh680m5-1
+CVE-2008-0320 (Heap-based buffer overflow in OpenOffice.org before 2.4 allows remote ...)
+ {DSA-1547-1}
+ - openoffice.org 2.4.0~ooh680m5-1
CVE-2008-0319
RESERVED
CVE-2008-0318 (Integer overflow in the cli_scanpe function in libclamav in ClamAV ...)
@@ -3479,8 +3566,8 @@
RESERVED
CVE-2008-0315
RESERVED
-CVE-2008-0314 [clamav spin overflow]
- RESERVED
+CVE-2008-0314 (Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 ...)
+ {DSA-1549-1}
- clamav <unfixed>
CVE-2008-0313 (The ActiveDataInfo.LaunchProcess method in the ...)
NOT-FOR-US: Symantec Norton products
@@ -4104,8 +4191,8 @@
NOT-FOR-US: Orb Networks Orb and Winamp Remote BETA
CVE-2008-0069 (Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows ...)
NOT-FOR-US: XnView
-CVE-2008-0068
- RESERVED
+CVE-2008-0068 (Directory traversal vulnerability in OpenView5.exe in HP OpenView ...)
+ TODO: check
CVE-2008-0067
RESERVED
CVE-2008-0066 (Multiple buffer overflows in htmsr.dll in the HTML speed reader in ...)
@@ -6494,8 +6581,8 @@
- xorg-server 2:1.4.1~git20080105-2
CVE-2007-5759
REJECTED
-CVE-2007-5758
- RESERVED
+CVE-2007-5758 (Stack-based buffer overflow in db2dasrrm in the DB2 Administration ...)
+ TODO: check
CVE-2007-5757 (Untrusted search path vulnerability in db2pd in IBM DB2 Universal ...)
NOT-FOR-US: IBM DB2
CVE-2007-5756 (Multiple array index errors in the bpf_filter_init function in NPF.SYS ...)
@@ -6514,15 +6601,15 @@
RESERVED
CVE-2007-5748
RESERVED
-CVE-2007-5747 [oo.o quattro pro issue]
- RESERVED
- - openoffice.org 2.4.0~ooh680m5-1
-CVE-2007-5746 [oo.o emf buffer overflow]
- RESERVED
- - openoffice.org 2.4.0~ooh680m5-1
-CVE-2007-5745 [oo.o quattro pro issue]
- RESERVED
- - openoffice.org 2.4.0~ooh680m5-1
+CVE-2007-5747 (Integer underflow in OpenOffice.org before 2.4 allows remote attackers ...)
+ {DSA-1547-1}
+ - openoffice.org 2.4.0~ooh680m5-1
+CVE-2007-5746 (Heap-based buffer overflow in OpenOffice.org before 2.4 allows remote ...)
+ {DSA-1547-1}
+ - openoffice.org 2.4.0~ooh680m5-1
+CVE-2007-5745 (Heap-based buffer overflow in OpenOffice.org before 2.4 allows remote ...)
+ {DSA-1547-1}
+ - openoffice.org 2.4.0~ooh680m5-1
CVE-2007-5744
RESERVED
CVE-2007-5743
@@ -7031,8 +7118,8 @@
NOT-FOR-US: Adobe Reader
CVE-2007-5665 (STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management ...)
NOT-FOR-US: Novell ZENworks Endpoint Security Management
-CVE-2007-5664
- RESERVED
+CVE-2007-5664 (db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal ...)
+ TODO: check
CVE-2007-5663 (Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to ...)
NOT-FOR-US: Adobe Reader
CVE-2007-5662
@@ -8320,7 +8407,8 @@
NOT-FOR-US: Solaris
CVE-2007-5318 (Unspecified vulnerability in preview.php in TYPOlight webCMS 2.4.6 ...)
NOT-FOR-US: Typolight webCMS
-CVE-2007-5317 (Cross-site scripting (XSS) vulnerability in photos.cfm in Directory ...)
+CVE-2007-5317
+ REJECTED
NOT-FOR-US: Directory Image Gallery
CVE-2007-5316 (SQL injection vulnerability in browsecats.php in Softbiz Jobs and ...)
NOT-FOR-US: Softbiz Jobs
@@ -11427,6 +11515,7 @@
- libvorbis 1.2.0.dfsg-1
NOTE: svn revisionsions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4065 (lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 ...)
+ {DSA-1471-1}
- libvorbis 1.2.0.dfsg-1 (unimportant)
NOTE: Just an infinite loop in an enduser multimedia libarary, not treated as a vulnerability
NOTE: svn revisionions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
@@ -11469,7 +11558,7 @@
{DTSA-58-1}
- phpsysinfo 2.5.1-6.1 (unimportant; bug #435935)
- phpgroupware 0.9.16.012-1 (low; bug #435936)
- [etch] - phpgrouwware <not-affected> (Affected code is not used in phpgroupware)
+ [etch] - phpgrouwware <not-affected> (Affected code is not used in phpgroupware)
- egroupware-phpsysinfo 1.2.107-2.dfsg-1.1 (low; bug #435937)
NOTE: phpsysinfo alone doesn't maintain any data, which makes this an issue
CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for (1) ...)
More information about the Secure-testing-commits
mailing list