[Secure-testing-commits] r9560 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Aug 13 09:14:11 UTC 2008
Author: joeyh
Date: 2008-08-13 09:14:09 +0000 (Wed, 13 Aug 2008)
New Revision: 9560
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-08-13 09:11:32 UTC (rev 9559)
+++ data/CVE/list 2008-08-13 09:14:09 UTC (rev 9560)
@@ -1,3 +1,359 @@
+CVE-2008-3665
+ RESERVED
+CVE-2008-3664
+ RESERVED
+CVE-2008-3663
+ RESERVED
+CVE-2008-3662
+ RESERVED
+CVE-2008-3661
+ RESERVED
+CVE-2008-3660
+ RESERVED
+CVE-2008-3659
+ RESERVED
+CVE-2008-3658
+ RESERVED
+CVE-2008-3657 (The dl module in Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, ...)
+ TODO: check
+CVE-2008-3656 (Algorithmic complexity vulnerability in ...)
+ TODO: check
+CVE-2008-3655 (Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through ...)
+ TODO: check
+CVE-2008-3654 (Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows ...)
+ TODO: check
+CVE-2008-3653 (Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before ...)
+ TODO: check
+CVE-2008-3652 (src/racoon/handler.c in racoon in ipsec-tools does not remove an ...)
+ TODO: check
+CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools ...)
+ TODO: check
+CVE-2008-3650 (Multiple unspecified vulnerabilities in Horde Groupware Webmail before ...)
+ TODO: check
+CVE-2008-3649 (SQL injection vulnerability in categorydetail.php in Article Friendly ...)
+ TODO: check
+CVE-2008-3648 (nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote ...)
+ TODO: check
+CVE-2008-3647
+ RESERVED
+CVE-2008-3646
+ RESERVED
+CVE-2008-3645
+ RESERVED
+CVE-2008-3644
+ RESERVED
+CVE-2008-3643
+ RESERVED
+CVE-2008-3642
+ RESERVED
+CVE-2008-3641
+ RESERVED
+CVE-2008-3640
+ RESERVED
+CVE-2008-3639
+ RESERVED
+CVE-2008-3638
+ RESERVED
+CVE-2008-3637
+ RESERVED
+CVE-2008-3636
+ RESERVED
+CVE-2008-3635
+ RESERVED
+CVE-2008-3634
+ RESERVED
+CVE-2008-3633
+ RESERVED
+CVE-2008-3632
+ RESERVED
+CVE-2008-3631
+ RESERVED
+CVE-2008-3630
+ RESERVED
+CVE-2008-3629
+ RESERVED
+CVE-2008-3628
+ RESERVED
+CVE-2008-3627
+ RESERVED
+CVE-2008-3626
+ RESERVED
+CVE-2008-3625
+ RESERVED
+CVE-2008-3624
+ RESERVED
+CVE-2008-3623
+ RESERVED
+CVE-2008-3622
+ RESERVED
+CVE-2008-3621
+ RESERVED
+CVE-2008-3620
+ RESERVED
+CVE-2008-3619
+ RESERVED
+CVE-2008-3618
+ RESERVED
+CVE-2008-3617
+ RESERVED
+CVE-2008-3616
+ RESERVED
+CVE-2008-3615
+ RESERVED
+CVE-2008-3614
+ RESERVED
+CVE-2008-3613
+ RESERVED
+CVE-2008-3612
+ RESERVED
+CVE-2008-3611
+ RESERVED
+CVE-2008-3610
+ RESERVED
+CVE-2008-3609
+ RESERVED
+CVE-2008-3608
+ RESERVED
+CVE-2008-3607 (The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows ...)
+ TODO: check
+CVE-2008-3606 (Heap-based buffer overflow in the IMAP service in Qbik WinGate ...)
+ TODO: check
+CVE-2008-3605 (Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, ...)
+ TODO: check
+CVE-2008-3604 (SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows ...)
+ TODO: check
+CVE-2008-3603 (SQL injection vulnerability in index.php in Vacation Rental Script 3.0 ...)
+ TODO: check
+CVE-2008-3602 (admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) ...)
+ TODO: check
+CVE-2008-3601 (SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 ...)
+ TODO: check
+CVE-2008-3600 (Directory traversal vulnerability in contrib/phpBB2/modules.php in ...)
+ TODO: check
+CVE-2008-3599 (SQL injection vulnerability in image.php in OpenImpro 1.1 allows ...)
+ TODO: check
+CVE-2008-3598 (Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote ...)
+ TODO: check
+CVE-2008-3597 (Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2008-3596 (Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 ...)
+ TODO: check
+CVE-2008-3595 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-3594 (SQL injection vulnerability in viewdetails.php in MagicScripts E-Store ...)
+ TODO: check
+CVE-2008-3593 (Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows ...)
+ TODO: check
+CVE-2008-3592 (Unrestricted file upload vulnerability in the File Manager in the ...)
+ TODO: check
+CVE-2008-3591 (SQL injection vulnerability in lib/class.admin.php in Twentyone ...)
+ TODO: check
+CVE-2008-3590 (Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. ...)
+ TODO: check
+CVE-2008-3589 (Directory traversal vulnerability in download.php in moziloCMS 1.10.1, ...)
+ TODO: check
+CVE-2008-3588 (Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote ...)
+ TODO: check
+CVE-2008-3587 (Cross-site scripting (XSS) vulnerability in result.php in Chris ...)
+ TODO: check
+CVE-2008-3586 (SQL injection vulnerability in the EZ Store (com_ezstore) component ...)
+ TODO: check
+CVE-2008-3585 (Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP ...)
+ TODO: check
+CVE-2008-3584
+ RESERVED
+CVE-2008-3583 (Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote ...)
+ TODO: check
+CVE-2008-3582 (SQL injection vulnerability in login.php in Keld PHP-MySQL News Script ...)
+ TODO: check
+CVE-2008-3581 (Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links ...)
+ TODO: check
+CVE-2008-3580 (Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote ...)
+ TODO: check
+CVE-2008-3579 (Calacode @Mail 5.41 on Linux does not require administrative ...)
+ TODO: check
+CVE-2008-3578 (HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2008-3577 (Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows ...)
+ TODO: check
+CVE-2008-3576 (Buffer overflow in the TruncateString function in src/gfx.cpp in ...)
+ TODO: check
+CVE-2008-3575 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, ...)
+ TODO: check
+CVE-2008-3573 (The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) ...)
+ TODO: check
+CVE-2008-3572 (Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 ...)
+ TODO: check
+CVE-2008-3571 (The Xerox Phaser 8400 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2008-3570 (PHP remote file inclusion vulnerability in index.php in Africa Be Gone ...)
+ TODO: check
+CVE-2008-3569 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, ...)
+ TODO: check
+CVE-2008-3568 (Absolute path traversal vulnerability in ...)
+ TODO: check
+CVE-2008-3567 (Unspecified vulnerability in the NowPlaying functionality in NullSoft ...)
+ TODO: check
+CVE-2008-3566 (Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 ...)
+ TODO: check
+CVE-2008-3565 (Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room ...)
+ TODO: check
+CVE-2008-3564 (Multiple directory traversal vulnerabilities in index.php in Dayfox ...)
+ TODO: check
+CVE-2008-3563 (Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier ...)
+ TODO: check
+CVE-2008-3562 (Directory traversal vulnerability in index.php in the Contact module ...)
+ TODO: check
+CVE-2008-3561 (SQL injection vulnerability in s03.php in Powergap Shopsystem, when ...)
+ TODO: check
+CVE-2008-3560 (Cross-site scripting (XSS) vulnerability in kshop_search.php in the ...)
+ TODO: check
+CVE-2008-3559 (Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice ...)
+ TODO: check
+CVE-2008-3558 (Stack-based buffer overflow in the WebexUCFObject ActiveX control in ...)
+ TODO: check
+CVE-2008-3557 (Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-3556 (Multiple SQL injection vulnerabilities in index.php in Battle.net Clan ...)
+ TODO: check
+CVE-2008-3555 (Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 ...)
+ TODO: check
+CVE-2008-3554 (SQL injection vulnerability in index.php in Discuz! 6.0.1 allows ...)
+ TODO: check
+CVE-2008-3553 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition ...)
+ TODO: check
+CVE-2008-3552 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition ...)
+ TODO: check
+CVE-2008-3551 (Multiple unspecified vulnerabilities in Sun Java Platform Micro ...)
+ TODO: check
+CVE-2008-3550 (The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote ...)
+ TODO: check
+CVE-2008-3549 (Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in ...)
+ TODO: check
+CVE-2008-3548 (Unspecified vulnerability in the Sun Netra T5220 Server with firmware ...)
+ TODO: check
+CVE-2008-3545
+ RESERVED
+CVE-2008-3544
+ RESERVED
+CVE-2008-3543
+ RESERVED
+CVE-2008-3542
+ RESERVED
+CVE-2008-3541
+ RESERVED
+CVE-2008-3540
+ RESERVED
+CVE-2008-3539
+ RESERVED
+CVE-2008-3538
+ RESERVED
+CVE-2008-3537
+ RESERVED
+CVE-2008-3536
+ RESERVED
+CVE-2008-3535 (Off-by-one error in the iov_iter_advance function in mm/filemap.c in ...)
+ TODO: check
+CVE-2008-3534 (The shmem_delete_inode function in mm/shmem.c in the tmpfs ...)
+ TODO: check
+CVE-2008-3533
+ RESERVED
+CVE-2008-3531
+ RESERVED
+CVE-2008-3530
+ RESERVED
+CVE-2008-3529
+ RESERVED
+CVE-2008-3528
+ RESERVED
+CVE-2008-3527
+ RESERVED
+CVE-2008-3526
+ RESERVED
+CVE-2008-3525
+ RESERVED
+CVE-2008-3524
+ RESERVED
+CVE-2008-3523
+ RESERVED
+CVE-2008-3522
+ RESERVED
+CVE-2008-3521
+ RESERVED
+CVE-2008-3520
+ RESERVED
+CVE-2008-3519
+ RESERVED
+CVE-2008-3518
+ RESERVED
+CVE-2008-3517
+ RESERVED
+CVE-2008-3516 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...)
+ TODO: check
+CVE-2008-3515 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...)
+ TODO: check
+CVE-2008-3514 (Unspecified vulnerability in VMware VirtualCenter 2.5 before Update 2 ...)
+ TODO: check
+CVE-2008-3513 (SQL injection vulnerability in the Book Catalog module 1.0 for ...)
+ TODO: check
+CVE-2008-3512 (SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke ...)
+ TODO: check
+CVE-2008-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image ...)
+ TODO: check
+CVE-2008-3510 (Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty ...)
+ TODO: check
+CVE-2008-3509 (LoveCMS 1.6.2 does not require administrative authentication for (1) ...)
+ TODO: check
+CVE-2008-3508 (LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote ...)
+ TODO: check
+CVE-2008-3507 (SQL injection vulnerability in index.php in LiteNews 0.1 (aka 01), and ...)
+ TODO: check
+CVE-2008-3506 (SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows ...)
+ TODO: check
+CVE-2008-3505 (Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and ...)
+ TODO: check
+CVE-2008-3504 (Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 ...)
+ TODO: check
+CVE-2008-3503 (RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict ...)
+ TODO: check
+CVE-2008-3502 (Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through ...)
+ TODO: check
+CVE-2008-3501 (Cross-site scripting (XSS) vulnerability in the WebAccess simple ...)
+ TODO: check
+CVE-2008-3500 (Cross-site scripting (XSS) vulnerability in the Suggested Terms module ...)
+ TODO: check
+CVE-2008-3499 (Unspecified vulnerability in "a page in the workarea folder" in Ektron ...)
+ TODO: check
+CVE-2008-3498 (SQL injection vulnerability in the nBill (com_netinvoice) component ...)
+ TODO: check
+CVE-2008-3497 (SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows ...)
+ TODO: check
+CVE-2008-3496 (Buffer overflow in format descriptor parsing in the uvc_parse_format ...)
+ TODO: check
+CVE-2008-3495 (SQL injection vulnerability in kategori.asp in Pcshey Portal allows ...)
+ TODO: check
+CVE-2008-3494 (8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-3493 (vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC ...)
+ TODO: check
+CVE-2008-3492 (America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier ...)
+ TODO: check
+CVE-2008-3491 (SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and ...)
+ TODO: check
+CVE-2008-3490 (SQL injection vulnerability in members/mail.php in E-topbiz Online ...)
+ TODO: check
+CVE-2008-3489 (SQL injection vulnerability in checkCookie function in ...)
+ TODO: check
+CVE-2008-3488 (Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) ...)
+ TODO: check
+CVE-2008-3487 (SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced ...)
+ TODO: check
+CVE-2008-3486 (Directory traversal vulnerability in the user_get_profile function in ...)
+ TODO: check
+CVE-2008-3485 (Untrusted search path vulnerability in Citrix MetaFrame Presentation ...)
+ TODO: check
CVE-2008-XXXX [several ruby issues]
- ruby1.8 <unfixed> (bug #494401)
- ruby1.9 <unfixed> (bug #494402)
@@ -3,10 +359,10 @@
NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
NOTE: CVE ids requested
-CVE-2008-3532 [pidgin does not verify SSL certificate]
+CVE-2008-3532 (The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL ...)
- pidgin <unfixed> (bug #492434)
- gaim 1:2.0.0+fake.1
NOTE: gaim is now a transitional package depending on pidgin with its own source package
NOTE: http://developer.pidgin.im/ticket/6500
-CVE-2008-3546 [git-core git-grep stack based buffer overflow]
+CVE-2008-3546 (Stack-based buffer overflow in the (1) diff_addremove and (2) ...)
{DTSA-153-1}
- git-core 1:1.5.6.3-1.1 (medium; bug #494097)
@@ -59,8 +415,8 @@
RESERVED
CVE-2008-3461
RESERVED
-CVE-2008-3460
- RESERVED
+CVE-2008-3460 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...)
+ TODO: check
CVE-2008-3459 (Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when ...)
- openvpn <unfixed> (low; bug #493488)
NOTE: pull/push needs to be allowed, successful authentication, compromised or malicious server
@@ -149,6 +505,7 @@
[etch] - phpmyadmin <no-dsa> (Minor issue)
NOTE: exploitation circumstances are rare or require other vulnerabilities to be present already. may fix combined with another issue but doesn't warrant DSA on its own
CVE-2008-3547 [openttd remote buffer overflow]
+ RESERVED
- openttd 0.6.2-1 (medium; bug #493714)
CVE-2008-3421 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
NOT-FOR-US: Blackboard Academic Suite
@@ -325,8 +682,7 @@
- httrack 3.42.3-1 (low)
CVE-2008-3338
RESERVED
-CVE-2008-3337 [PowerDNS dropped malformed queries instead of rejecting them]
- RESERVED
+CVE-2008-3337 (PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, ...)
{DSA-1628-1}
- pdns 2.9.21.1-1 (low)
CVE-2008-3336 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB before ...)
@@ -448,14 +804,14 @@
RESERVED
CVE-2008-3276
RESERVED
-CVE-2008-3275
- RESERVED
+CVE-2008-3275 (The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in ...)
+ TODO: check
CVE-2008-3274
RESERVED
-CVE-2008-3273
- RESERVED
-CVE-2008-3272
- RESERVED
+CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP) before ...)
+ TODO: check
+CVE-2008-3272 (The snd_seq_oss_synth_make_info function in ...)
+ TODO: check
CVE-2008-3271
RESERVED
CVE-2008-3270
@@ -681,8 +1037,8 @@
RESERVED
CVE-2008-3175 (Integer underflow in rxRPC.dll in the LGServer service in the ...)
NOT-FOR-US: CA ARCserve Backup
-CVE-2008-3174
- RESERVED
+CVE-2008-3174 (Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based ...)
+ TODO: check
CVE-2008-3173 (Microsoft Internet Explorer allows web sites to set cookies for ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3172 (Opera allows web sites to set cookies for country-specific top-level ...)
@@ -1045,14 +1401,14 @@
NOT-FOR-US: FreeStyle Wiki
CVE-2008-3022 (Multiple PHP remote file inclusion vulnerabilities in ...)
NOT-FOR-US: PHPortal
-CVE-2008-3021
- RESERVED
-CVE-2008-3020
- RESERVED
-CVE-2008-3019
- RESERVED
-CVE-2008-3018
- RESERVED
+CVE-2008-3021 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...)
+ TODO: check
+CVE-2008-3020 (Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works ...)
+ TODO: check
+CVE-2008-3019 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...)
+ TODO: check
+CVE-2008-3018 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...)
+ TODO: check
CVE-2008-3017
RESERVED
CVE-2008-3016
@@ -1075,14 +1431,14 @@
RESERVED
CVE-2008-3007
RESERVED
-CVE-2008-3006
- RESERVED
-CVE-2008-3005
- RESERVED
-CVE-2008-3004
- RESERVED
-CVE-2008-3003
- RESERVED
+CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 ...)
+ TODO: check
+CVE-2008-3005 (Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 ...)
+ TODO: check
+CVE-2008-3004 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; ...)
+ TODO: check
+CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1, does not properly delete the ...)
+ TODO: check
CVE-2008-3002
RESERVED
CVE-2008-3001 (The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote ...)
@@ -1190,13 +1546,12 @@
RESERVED
CVE-2008-2940
RESERVED
-CVE-2008-2939 [apache mod_proxy_ftp XSS]
- RESERVED
+CVE-2008-2939 (Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the ...)
- apache2 2.2.9-7 (low)
[etch] - apache2 <no-dsa> (minor issue)
- apache <not-affected> (vulnerable code not present)
-CVE-2008-2938
- RESERVED
+CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 6.0.0 through ...)
+ TODO: check
CVE-2008-2937
RESERVED
CVE-2008-2936
@@ -1221,8 +1576,8 @@
RESERVED
CVE-2008-2928
RESERVED
-CVE-2008-2926
- RESERVED
+CVE-2008-2926 (The kmxfw.sys driver in CA Host-Based Intrusion Prevention System ...)
+ TODO: check
CVE-2008-2925 (SQL injection vulnerability in Webmatic before 2.8 allows remote ...)
NOT-FOR-US: Webmatic
CVE-2008-2924 (Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows ...)
@@ -2051,7 +2406,7 @@
NOT-FOR-US: Oracle database
CVE-2008-2593 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
NOT-FOR-US: Oracle database
-CVE-2008-2592 (Unspecified vulnerability ...)
+CVE-2008-2592 (Unspecified vulnerability in the Advanced Replication component in ...)
NOT-FOR-US: Oracle database
CVE-2008-2591 (Unspecified vulnerability in the Oracle Database Vault component in ...)
NOT-FOR-US: Oracle database
@@ -2498,8 +2853,7 @@
RESERVED
CVE-2008-2378
RESERVED
-CVE-2008-2377 [GNUTLS-SA-2008-2]
- RESERVED
+CVE-2008-2377 (Use after free vulnerability in the ...)
- gnutls26 2.4.1-1 (medium)
CVE-2008-2376 (Integer overflow in the rb_ary_fill function in array.c in Ruby before ...)
{DSA-1618-1 DSA-1612-1}
@@ -2759,18 +3113,18 @@
RESERVED
CVE-2008-2260
RESERVED
-CVE-2008-2259
- RESERVED
-CVE-2008-2258
- RESERVED
-CVE-2008-2257
- RESERVED
-CVE-2008-2256
- RESERVED
-CVE-2008-2255
- RESERVED
-CVE-2008-2254
- RESERVED
+CVE-2008-2259 (Microsoft Internet Explorer 6 and 7 does not perform proper "argument ...)
+ TODO: check
+CVE-2008-2258 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...)
+ TODO: check
+CVE-2008-2257 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...)
+ TODO: check
+CVE-2008-2256 (Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle ...)
+ TODO: check
+CVE-2008-2255 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...)
+ TODO: check
+CVE-2008-2254 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...)
+ TODO: check
CVE-2008-2253
RESERVED
CVE-2008-2252
@@ -2785,10 +3139,10 @@
NOT-FOR-US: Exchange Server
CVE-2008-2247 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
NOT-FOR-US: Exchange Server
-CVE-2008-2246
- RESERVED
-CVE-2008-2245
- RESERVED
+CVE-2008-2246 (Microsoft Windows Vista through SP1 and Server 2008 do not properly ...)
+ TODO: check
+CVE-2008-2245 (Heap-based buffer overflow in Microsoft Windows Image Color Management ...)
+ TODO: check
CVE-2008-2244 (Microsoft Office Word 2002 SP3 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Office Word
CVE-2008-2243
@@ -3486,8 +3840,8 @@
- tomcat5 <removed>
CVE-2008-1946 (The default configuration of su in /etc/pam.d/su in GNU coreutils ...)
- coreutils 5.93-1
-CVE-2008-1945
- RESERVED
+CVE-2008-1945 (QEMU 0.9.0 does not properly handle changes to removable media, which ...)
+ TODO: check
CVE-2008-1944 (Buffer overflow in the backend framebuffer of XenSource Xen ...)
- xen-3 3.2.1-2 (medium; bug #487095)
- xen-unstable 3.3-unstable+hg17602-1 (medium; bug #487097)
@@ -4152,8 +4506,8 @@
NOT-FOR-US: HP Oracle for OpenView
CVE-2008-1665 (Multiple unspecified vulnerabilities in HP Select Identity (HPSI) ...)
NOT-FOR-US: HP Select Identity
-CVE-2008-1664
- RESERVED
+CVE-2008-1664 (Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 ...)
+ TODO: check
CVE-2008-1663 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
NOT-FOR-US: HP System Management Homepage
CVE-2008-1662 (Unspecified vulnerability in the HP System Administration Manager ...)
@@ -4625,12 +4979,12 @@
NOT-FOR-US: com_alberghi component for Mambo and Joomla!
CVE-2008-1458 (Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 ...)
NOT-FOR-US: CS-Cart
-CVE-2008-1457
- RESERVED
-CVE-2008-1456
- RESERVED
-CVE-2008-1455
- RESERVED
+CVE-2008-1457 (The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...)
+ TODO: check
+CVE-2008-1456 (Array index vulnerability in the Event System in Microsoft Windows ...)
+ TODO: check
+CVE-2008-1455 (A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, ...)
+ TODO: check
CVE-2008-1454 (Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server ...)
NOT-FOR-US: Windows issue
CVE-2008-1453 (The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista ...)
@@ -4643,8 +4997,8 @@
RESERVED
CVE-2008-1449
RESERVED
-CVE-2008-1448
- RESERVED
+CVE-2008-1448 (The MHTML protocol handler in a component of Microsoft Outlook Express ...)
+ TODO: check
CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ...)
{DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
- bind9 1:9.5.0.dfsg-5 (high)
@@ -5850,10 +6204,10 @@
NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-0966
RESERVED
-CVE-2008-0965
- RESERVED
-CVE-2008-0964
- RESERVED
+CVE-2008-0965 (Unspecified vulnerability in snoop on Sun Solaris 8 through 10 and ...)
+ TODO: check
+CVE-2008-0964 (Unspecified vulnerability in snoop on Sun Solaris 8 through 10 and ...)
+ TODO: check
CVE-2008-0963 (Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 ...)
NOT-FOR-US: EMC DiskXtender
CVE-2008-0962 (Stack-based buffer overflow in the File System Manager for EMC ...)
@@ -7863,10 +8217,10 @@
- glibc 2.2-1
NOTE: The fix for the BIND-based resolver in GNU libc was made in 2000.
NOTE: libbind9 is distinct code, not related to the old libbind.
-CVE-2008-0121
- RESERVED
-CVE-2008-0120
- RESERVED
+CVE-2008-0121 (A "memory calculation error" in Microsoft PowerPoint Viewer 2003 ...)
+ TODO: check
+CVE-2008-0120 (A "memory allocation error" in Microsoft PowerPoint Viewer 2003 allows ...)
+ TODO: check
CVE-2008-0119 (Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP ...)
NOT-FOR-US: Microsoft Publisher
CVE-2008-0118 (Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 ...)
@@ -7961,8 +8315,8 @@
NOT-FOR-US: Windows
CVE-2008-0083 (The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) ...)
NOT-FOR-US: Microsoft Windows
-CVE-2008-0082
- RESERVED
+CVE-2008-0082 (An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 ...)
+ TODO: check
CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 ...)
NOT-FOR-US: Microsoft
CVE-2008-0080 (Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft ...)
@@ -25547,7 +25901,7 @@
NOT-FOR-US: Windows
CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation before ...)
- vmware-package 0.16
-CVE-2007-0062 (Integer overflow in the DHCP server in EMC VMware Workstation before ...)
+CVE-2007-0062 (Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before ...)
- vmware-package 0.16
CVE-2007-0061 (The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and ...)
- vmware-package 0.16
More information about the Secure-testing-commits
mailing list