[Secure-testing-commits] r9523 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Aug 6 21:14:18 UTC 2008
Author: joeyh
Date: 2008-08-06 21:14:17 +0000 (Wed, 06 Aug 2008)
New Revision: 9523
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-08-06 19:37:44 UTC (rev 9522)
+++ data/CVE/list 2008-08-06 21:14:17 UTC (rev 9523)
@@ -1,7 +1,131 @@
-CVE-2008-3431 [virtualbox local privilege escalation]
+CVE-2008-3484 (SQL injection vulnerability in eStoreAff 0.1 allows remote attackers ...)
+ TODO: check
+CVE-2008-3483 (Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and ...)
+ TODO: check
+CVE-2008-3482 (Cross-site scripting (XSS) vulnerability in the error page feature in ...)
+ TODO: check
+CVE-2008-3481 (themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and ...)
+ TODO: check
+CVE-2008-3480
+ RESERVED
+CVE-2008-3479
+ RESERVED
+CVE-2008-3478
+ RESERVED
+CVE-2008-3477
+ RESERVED
+CVE-2008-3476
+ RESERVED
+CVE-2008-3475
+ RESERVED
+CVE-2008-3474
+ RESERVED
+CVE-2008-3473
+ RESERVED
+CVE-2008-3472
+ RESERVED
+CVE-2008-3471
+ RESERVED
+CVE-2008-3470
+ RESERVED
+CVE-2008-3469
+ RESERVED
+CVE-2008-3468
+ RESERVED
+CVE-2008-3467
+ RESERVED
+CVE-2008-3466
+ RESERVED
+CVE-2008-3465
+ RESERVED
+CVE-2008-3464
+ RESERVED
+CVE-2008-3463
+ RESERVED
+CVE-2008-3462
+ RESERVED
+CVE-2008-3461
+ RESERVED
+CVE-2008-3460
+ RESERVED
+CVE-2008-3459 (Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when ...)
+ TODO: check
+CVE-2008-3458 (Vtiger CRM before 5.0.4 stores sensitive information under the web ...)
+ TODO: check
+CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin ...)
+ TODO: check
+CVE-2008-3455 (PHP remote file inclusion vulnerability in include/admin.php in ...)
+ TODO: check
+CVE-2008-3454 (JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-3453 (Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown ...)
+ TODO: check
+CVE-2008-3452 (SQL injection vulnerability in the Calendar module in eNdonesia 8.4 ...)
+ TODO: check
+CVE-2008-3451 (PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with ...)
+ TODO: check
+CVE-2008-3450 (Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 ...)
+ TODO: check
+CVE-2008-3449 (MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote ...)
+ TODO: check
+CVE-2008-3448 (Cross-site scripting (XSS) vulnerability in index.php in common ...)
+ TODO: check
+CVE-2008-3447 (The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote ...)
+ TODO: check
+CVE-2008-3446 (Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 ...)
+ TODO: check
+CVE-2008-3445 (SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 ...)
+ TODO: check
+CVE-2008-3444 (The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows ...)
+ TODO: check
+CVE-2008-3443
+ RESERVED
+CVE-2008-3442 (WinZip before 11.0 does not properly verify the authenticity of ...)
+ TODO: check
+CVE-2008-3441 (Nullsoft Winamp before 5.24 does not properly verify the authenticity ...)
+ TODO: check
+CVE-2008-3440 (Sun Java before 1.6.0_03 does not properly verify the authenticity of ...)
+ TODO: check
+CVE-2008-3439 (SpeedBit Video Acceleration before 2.2.1.8 does not properly verify ...)
+ TODO: check
+CVE-2008-3438 (Apple Mac OS X does not properly verify the authenticity of updates, ...)
+ TODO: check
+CVE-2008-3437 (OpenOffice.org (OOo) before 2.1.0 does not properly verify the ...)
+ TODO: check
+CVE-2008-3436 (The GUP generic update process in Notepad++ before 4.8.1 does not ...)
+ TODO: check
+CVE-2008-3435 (LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly ...)
+ TODO: check
+CVE-2008-3434 (Apple iTunes before 6.0.5.20 does not properly verify the authenticity ...)
+ TODO: check
+CVE-2008-3433 (SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not ...)
+ TODO: check
+CVE-2008-3432
+ RESERVED
+CVE-2008-3430 (Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in ...)
+ TODO: check
+CVE-2008-3428 (Session fixation vulnerability in phpFreeChat 1.1 allows remote ...)
+ TODO: check
+CVE-2008-3427 (Multiple SQL injection vulnerabilities in Möbius for Mimsy XG 1.4.4.1 ...)
+ TODO: check
+CVE-2008-3426 (Unspecified vulnerability in the Solaris Platform Information and ...)
+ TODO: check
+CVE-2008-3425 (Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin ...)
+ TODO: check
+CVE-2008-3424 (Condor before 7.0.4 does not properly handle wildcards in the ...)
+ TODO: check
+CVE-2008-3423 (IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to ...)
+ TODO: check
+CVE-2008-3422 (Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net ...)
+ TODO: check
+CVE-2004-2760 (sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately ...)
+ TODO: check
+CVE-2003-1562 (sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled ...)
+ TODO: check
+CVE-2008-3431 (The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM ...)
- virtualbox-ose <not-affected> (affects only windows host systems)
NOTE: CORE-2008-0716
-CVE-2008-3456 [phpmyadmin 'cross site framing' & xss in setup]
+CVE-2008-3456 (phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from ...)
- phpmyadmin 4:2.11.8~rc1-1 (low)
[etch] - phpmyadmin <no-dsa> (Minor issue)
NOTE: exploitation circumstances are rare or require other vulnerabilities to be present already. may fix combined with another issue but doesn't warrant DSA on its own
@@ -72,8 +196,8 @@
NOT-FOR-US: Web Wiz Forum
CVE-2008-3390 (Directory traversal vulnerability in libraries/general.init.php in ...)
NOT-FOR-US: Minishowcase Image Gallery
-CVE-2008-3389
- RESERVED
+CVE-2008-3389 (Stack-based buffer overflow in the libbecompat library in Ingres 2.6, ...)
+ TODO: check
CVE-2008-3388 (Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote ...)
NOT-FOR-US: Def-Blog
CVE-2008-3387 (SQL injection vulnerability in show.php in PHPFootball 1.6 allows ...)
@@ -139,10 +263,10 @@
TODO: we should remove this from Lenny w/o maintainer reaction
CVE-2008-3358
RESERVED
-CVE-2008-3357
- RESERVED
-CVE-2008-3356
- RESERVED
+CVE-2008-3357 (Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, ...)
+ TODO: check
+CVE-2008-3356 (verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres ...)
+ TODO: check
CVE-2008-3355 (SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 ...)
NOT-FOR-US: Camera Life
CVE-2008-3354 (Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus ...)
@@ -178,7 +302,7 @@
NOT-FOR-US: Jobbex JobSite
CVE-2008-3339 (search_result.cfm in Jobbex JobSite allows remote attackers to obtain ...)
NOT-FOR-US: Jobbex JobSite
-CVE-2008-3429 [httrack buffer overflow]
+CVE-2008-3429 (Buffer overflow in URI processing in HTTrack and WinHTTrack before ...)
{DSA-1626-1}
- httrack 3.42.3-1 (low)
CVE-2008-3338
@@ -452,6 +576,7 @@
CVE-2008-3199 (Multiple unspecified vulnerabilities in ReSIProcate before 1.3.4 allow ...)
NOT-FOR-US: ReSIProcate
CVE-2008-3198 (Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject ...)
+ {DSA-1614-1}
- iceweasel 3.0.1-1 (low)
NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
CVE-2008-3195
@@ -534,8 +659,8 @@
NOT-FOR-US: Sophos virus detection engine
CVE-2008-3176
RESERVED
-CVE-2008-3175
- RESERVED
+CVE-2008-3175 (Integer underflow in rxRPC.dll in the LGServer service in the ...)
+ TODO: check
CVE-2008-3174
RESERVED
CVE-2008-3173 (Microsoft Internet Explorer allows web sites to set cookies for ...)
@@ -596,12 +721,12 @@
NOT-FOR-US: WeFi
CVE-2008-3146
RESERVED
-CVE-2008-3144
- RESERVED
-CVE-2008-3143
- RESERVED
-CVE-2008-3142
- RESERVED
+CVE-2008-3144 (Multiple integer overflows in the PyOS_vsnprintf function in ...)
+ TODO: check
+CVE-2008-3143 (Multiple integer overflows in Python before 2.5.2 might allow ...)
+ TODO: check
+CVE-2008-3142 (Multiple buffer overflows in Python 2.5.2 and earlier on 32bit ...)
+ TODO: check
CVE-2008-3136 (SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x ...)
NOT-FOR-US: AShop Delux
CVE-2008-3135 (Soldner Secret Wars 33724 and earlier allows remote attackers to cause ...)
@@ -1055,8 +1180,7 @@
RESERVED
CVE-2008-2936
RESERVED
-CVE-2008-2935 [libxslt heap overflow]
- RESERVED
+CVE-2008-2935 (Multiple heap-based buffer overflows in the rc4 (1) encryption (aka ...)
{DSA-1624-1 DTSA-152-1}
- libxslt 1.1.24-2 (bug #493162)
NOTE: http://www.ocert.org/advisories/ocert-2008-009.html
@@ -1330,7 +1454,7 @@
NOT-FOR-US: aspWebCalendar 2008
CVE-2008-2831
RESERVED
-CVE-2008-2830 (ARDAgent in Apple Mac OS X 10.4 and 10.5 allows local users to gain ...)
+CVE-2008-2830 (Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and ...)
NOT-FOR-US: Apple Mac OS
CVE-2008-2829 (php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete ...)
{DTSA-144-1}
@@ -2378,8 +2502,8 @@
CVE-2008-2371 (Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible ...)
{DSA-1602-1 DTSA-145-1}
- pcre3 7.6-2.1 (medium; bug #488919)
-CVE-2008-2370
- RESERVED
+CVE-2008-2370 (Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 ...)
+ TODO: check
CVE-2008-2369
RESERVED
CVE-2008-2368
@@ -2480,30 +2604,28 @@
RESERVED
CVE-2008-2326
RESERVED
-CVE-2008-2325
- RESERVED
-CVE-2008-2324
- RESERVED
-CVE-2008-2323
- RESERVED
-CVE-2008-2322
- RESERVED
-CVE-2008-2321
- RESERVED
-CVE-2008-2320
- RESERVED
+CVE-2008-2325 (QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers ...)
+ TODO: check
+CVE-2008-2324 (The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 ...)
+ TODO: check
+CVE-2008-2323 (Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X ...)
+ TODO: check
+CVE-2008-2322 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, ...)
+ TODO: check
+CVE-2008-2321 (Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 ...)
+ TODO: check
+CVE-2008-2320 (Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 ...)
+ TODO: check
CVE-2008-2319
RESERVED
CVE-2008-2318 (The WOHyperlink implementation in WebObjects in Apple Xcode tools ...)
NOT-FOR-US: Apple Xcode
CVE-2008-2317 (WebCore in Apple Safari does not properly perform garbage collection ...)
NOT-FOR-US: Safari
-CVE-2008-2316
- RESERVED
+CVE-2008-2316 (Integer overflow in _hashopenssl.c in the hashlib module in Python ...)
- python2.5 <unfixed> (bug #493797)
TODO: report python2.4 bug
-CVE-2008-2315
- RESERVED
+CVE-2008-2315 (Multiple integer overflows in Python 2.5.2 and earlier allow ...)
- python2.5 2.5.2-10
- python2.4 2.4.5-5
CVE-2008-2314 (Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is ...)
@@ -2664,8 +2786,7 @@
RESERVED
CVE-2008-2236
RESERVED
-CVE-2008-2235 [opensc initializes CardOS cards with improper access rights]
- RESERVED
+CVE-2008-2235 (OpenSC before 0.11.5 uses weak permissions (ADMIN file control ...)
{DSA-1627-1}
- opensc 0.11.4-4
NOTE: http://www.opensc-project.org/security.html
@@ -3642,8 +3763,8 @@
NOT-FOR-US: Oracle
CVE-2008-1811 (Unspecified vulnerability in Oracle Application Express 3.0.1 has ...)
NOT-FOR-US: Oracle
-CVE-2008-1810
- RESERVED
+CVE-2008-1810 (Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 ...)
+ TODO: check
CVE-2008-1809 (Heap-based buffer overflow in Novell eDirectory 8.7.3 before ...)
NOT-FOR-US: Novell eDirectory
CVE-2008-1808 (Multiple off-by-one errors in FreeType2 before 2.3.6 allow ...)
@@ -4014,8 +4135,8 @@
RESERVED
CVE-2008-1663 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
NOT-FOR-US: HP System Management Homepage
-CVE-2008-1662
- RESERVED
+CVE-2008-1662 (Unspecified vulnerability in the HP System Administration Manager ...)
+ TODO: check
CVE-2008-1661 (Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks ...)
NOT-FOR-US: HP StorageWorks
CVE-2008-1660 (Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and ...)
@@ -4694,8 +4815,8 @@
CVE-2008-1377 (The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients ...)
{DSA-1595-1 DTSA-141-1}
- xorg-server 2:1.4.1~git20080517-2
-CVE-2008-1376
- RESERVED
+CVE-2008-1376 (A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on ...)
+ TODO: check
CVE-2008-1375 (Race condition in the directory notification subsystem (dnotify) in ...)
{DSA-1565-1}
- linux-2.6 2.6.25-2 (low)
@@ -4703,7 +4824,7 @@
CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux ...)
- cupsys <not-affected> (Redhat-specific incomplete patch, upstream patch is complete)
- cups <not-affected> (Redhat-specific incomplete patch, upstream patch is complete)
-CVE-2008-1373 (Buffer overflow in the gif_read_lzw in CUPS 1.3.6 allows remote ...)
+CVE-2008-1373 (Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows ...)
{DSA-1625-1 DTSA-122-1}
- cupsys 1.3.7-1 (medium)
- cups 1.3.7-1 (medium)
@@ -5055,8 +5176,8 @@
- xulrunner 1.8.1.13-1
- iceape 1.1.9-1
- icedove 2.0.0.14-1
-CVE-2008-1232
- RESERVED
+CVE-2008-1232 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 ...)
+ TODO: check
CVE-2008-1231 (Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and ...)
- jspwiki <unfixed> (bug #470477)
CVE-2008-1230 (Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 ...)
@@ -17958,8 +18079,8 @@
CVE-2007-2953 (Format string vulnerability in the helptags_one function in ...)
{DSA-1364-2 DSA-1364-1}
- vim 1:7.1-056+1 (low)
-CVE-2007-2952
- RESERVED
+CVE-2007-2952 (Multiple stack-based buffer overflows in the filter service (aka ...)
+ TODO: check
CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc ...)
- kvirc 2:3.2.4-5 (bug #434419; medium)
CVE-2007-2950 (Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara ...)
More information about the Secure-testing-commits
mailing list