[Secure-testing-commits] r9576 - data/CVE
thomasbl-guest at alioth.debian.org
thomasbl-guest at alioth.debian.org
Thu Aug 14 18:36:55 UTC 2008
Author: thomasbl-guest
Date: 2008-08-14 18:36:54 +0000 (Thu, 14 Aug 2008)
New Revision: 9576
Modified:
data/CVE/list
Log:
finished all "NOT-FOR-US"-tagging from the new "TODO: check"-tags
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-08-14 17:16:34 UTC (rev 9575)
+++ data/CVE/list 2008-08-14 18:36:54 UTC (rev 9576)
@@ -236,19 +236,19 @@
CVE-2008-3555 (Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 ...)
TODO: check
CVE-2008-3554 (SQL injection vulnerability in index.php in Discuz! 6.0.1 allows ...)
- TODO: check
+ NOT-FOR-US: Discuz!
CVE-2008-3553 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition ...)
- TODO: check
+ NOT-FOR-US: Nokia Series 40 3rd edition devices
CVE-2008-3552 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition ...)
- TODO: check
+ NOT-FOR-US: Nokia Series 40 3rd edition devices
CVE-2008-3551 (Multiple unspecified vulnerabilities in Sun Java Platform Micro ...)
TODO: check
CVE-2008-3550 (The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-3549 (Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris 10 and OpenSolaris
CVE-2008-3548 (Unspecified vulnerability in the Sun Netra T5220 Server with firmware ...)
- TODO: check
+ NOT-FOR-US: Sun Netra T5220 Server
CVE-2008-3545
RESERVED
CVE-2008-3544
@@ -308,41 +308,41 @@
CVE-2008-3517
RESERVED
CVE-2008-3516 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...)
- TODO: check
+ NOT-FOR-US: Adobe Presenter
CVE-2008-3515 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...)
- TODO: check
+ NOT-FOR-US: Adobe Presenter
CVE-2008-3514 (Unspecified vulnerability in VMware VirtualCenter 2.5 before Update 2 ...)
- TODO: check
+ NOT-FOR-US: VMware VirtualCenter
CVE-2008-3513 (SQL injection vulnerability in the Book Catalog module 1.0 for ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2008-3512 (SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2008-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image ...)
- TODO: check
+ NOT-FOR-US: Softbiz Image Gallery
CVE-2008-3510 (Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty ...)
- TODO: check
+ NOT-FOR-US: Crafty Syntax Live Help (CSLH)
CVE-2008-3509 (LoveCMS 1.6.2 does not require administrative authentication for (1) ...)
- TODO: check
+ NOT-FOR-US: LoveCMS
CVE-2008-3508 (LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote ...)
- TODO: check
+ NOT-FOR-US: LiteNews
CVE-2008-3507 (SQL injection vulnerability in index.php in LiteNews 0.1 (aka 01), and ...)
- TODO: check
+ NOT-FOR-US: LiteNews
CVE-2008-3506 (SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: PolyPager
CVE-2008-3505 (Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and ...)
- TODO: check
+ NOT-FOR-US: PolyPager
CVE-2008-3504 (Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 ...)
- TODO: check
+ NOT-FOR-US: mask PHP File Manager (mPFM)
CVE-2008-3503 (RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict ...)
- TODO: check
+ NOT-FOR-US: Plain Black WebGUI
CVE-2008-3502 (Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through ...)
- TODO: check
+ NOT-FOR-US: Best Practical Solutions RT
CVE-2008-3501 (Cross-site scripting (XSS) vulnerability in the WebAccess simple ...)
- TODO: check
+ NOT-FOR-US: Novell Groupwise
CVE-2008-3500 (Cross-site scripting (XSS) vulnerability in the Suggested Terms module ...)
TODO: check
CVE-2008-3499 (Unspecified vulnerability in "a page in the workarea folder" in Ektron ...)
- TODO: check
+ NOT-FOR-US: Ektron CMS400.NET
CVE-2008-3498 (SQL injection vulnerability in the nBill (com_netinvoice) component ...)
TODO: check
CVE-2008-3497 (SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows ...)
@@ -350,27 +350,27 @@
CVE-2008-3496 (Buffer overflow in format descriptor parsing in the uvc_parse_format ...)
TODO: check
CVE-2008-3495 (SQL injection vulnerability in kategori.asp in Pcshey Portal allows ...)
- TODO: check
+ NOT-FOR-US: Pcshey Portal
CVE-2008-3494 (8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2008-3493 (vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC ...)
- TODO: check
+ NOT-FOR-US: RealVNC Windows Client
CVE-2008-3492 (America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier ...)
- TODO: check
+ NOT-FOR-US: America's Army (aka AA or Army Game Project)
CVE-2008-3491 (SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and ...)
- TODO: check
+ NOT-FOR-US: Scripts24 iPost
CVE-2008-3490 (SQL injection vulnerability in members/mail.php in E-topbiz Online ...)
- TODO: check
+ NOT-FOR-US: E-topbiz Online Dating 3
CVE-2008-3489 (SQL injection vulnerability in checkCookie function in ...)
- TODO: check
+ NOT-FOR-US: PHPX
CVE-2008-3488 (Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) ...)
- TODO: check
+ NOT-FOR-US: Novell iManager
CVE-2008-3487 (SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced ...)
TODO: check
CVE-2008-3486 (Directory traversal vulnerability in the user_get_profile function in ...)
- TODO: check
+ NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-3485 (Untrusted search path vulnerability in Citrix MetaFrame Presentation ...)
- TODO: check
+ NOT-FOR-US: Citrix MetaFrame Presentation Server
CVE-2008-3532 (The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL ...)
- pidgin <unfixed> (bug #492434)
- gaim 1:2.0.0+fake.1
@@ -428,7 +428,7 @@
CVE-2008-3461
RESERVED
CVE-2008-3460 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office 2000
CVE-2008-3459 (Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when ...)
- openvpn 2.1~rc9-1 (low; bug #493488)
NOTE: pull/push needs to be allowed, successful authentication, compromised or malicious server
@@ -1054,7 +1054,7 @@
CVE-2008-3175 (Integer underflow in rxRPC.dll in the LGServer service in the ...)
NOT-FOR-US: CA ARCserve Backup
CVE-2008-3174 (Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based ...)
- TODO: check
+ NOT-FOR-US: r8 (Host-Based Intrusion Prevention System (HIPS))
CVE-2008-3173 (Microsoft Internet Explorer allows web sites to set cookies for ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3172 (Opera allows web sites to set cookies for country-specific top-level ...)
@@ -1418,13 +1418,13 @@
CVE-2008-3022 (Multiple PHP remote file inclusion vulnerabilities in ...)
NOT-FOR-US: PHPortal
CVE-2008-3021 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office 2000
CVE-2008-3020 (Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office 2000
CVE-2008-3019 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office 2000
CVE-2008-3018 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office 2000
CVE-2008-3017
RESERVED
CVE-2008-3016
@@ -1448,13 +1448,13 @@
CVE-2008-3007
RESERVED
CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office Excel
CVE-2008-3005 (Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office Excel
CVE-2008-3004 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office Excel
CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1, does not properly delete the ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office Excel
CVE-2008-3002
RESERVED
CVE-2008-3001 (The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote ...)
@@ -1593,7 +1593,7 @@
CVE-2008-2928
RESERVED
CVE-2008-2926 (The kmxfw.sys driver in CA Host-Based Intrusion Prevention System ...)
- TODO: check
+ NOT-FOR-US: r8 (Host-Based Intrusion Prevention System)
CVE-2008-2925 (SQL injection vulnerability in Webmatic before 2.8 allows remote ...)
NOT-FOR-US: Webmatic
CVE-2008-2924 (Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows ...)
@@ -3131,17 +3131,17 @@
CVE-2008-2260
RESERVED
CVE-2008-2259 (Microsoft Internet Explorer 6 and 7 does not perform proper "argument ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2258 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2257 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2256 (Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2255 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2254 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2253
RESERVED
CVE-2008-2252
@@ -3157,9 +3157,9 @@
CVE-2008-2247 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
NOT-FOR-US: Exchange Server
CVE-2008-2246 (Microsoft Windows Vista through SP1 and Server 2008 do not properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Vista
CVE-2008-2245 (Heap-based buffer overflow in Microsoft Windows Image Color Management ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Image Color Management System (MSCMS)
CVE-2008-2244 (Microsoft Office Word 2002 SP3 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Office Word
CVE-2008-2243
@@ -4997,11 +4997,11 @@
CVE-2008-1458 (Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 ...)
NOT-FOR-US: CS-Cart
CVE-2008-1457 (The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows 2000
CVE-2008-1456 (Array index vulnerability in the Event System in Microsoft Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows 2000
CVE-2008-1455 (A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office PowerPoint
CVE-2008-1454 (Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server ...)
NOT-FOR-US: Windows issue
CVE-2008-1453 (The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista ...)
@@ -5015,7 +5015,7 @@
CVE-2008-1449
RESERVED
CVE-2008-1448 (The MHTML protocol handler in a component of Microsoft Outlook Express ...)
- TODO: check
+ NOT-FOR-US: Microsoft Outlook Express
CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ...)
{DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
- bind9 1:9.5.0.dfsg-5 (high)
@@ -6223,9 +6223,9 @@
CVE-2008-0966
RESERVED
CVE-2008-0965 (Unspecified vulnerability in snoop on Sun Solaris 8 through 10 and ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris and OpenSolaris
CVE-2008-0964 (Unspecified vulnerability in snoop on Sun Solaris 8 through 10 and ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris and OpenSolaris
CVE-2008-0963 (Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 ...)
NOT-FOR-US: EMC DiskXtender
CVE-2008-0962 (Stack-based buffer overflow in the File System Manager for EMC ...)
@@ -8236,9 +8236,9 @@
NOTE: The fix for the BIND-based resolver in GNU libc was made in 2000.
NOTE: libbind9 is distinct code, not related to the old libbind.
CVE-2008-0121 (A "memory calculation error" in Microsoft PowerPoint Viewer 2003 ...)
- TODO: check
+ NOT-FOR-US: Microsoft PowerPoint Viewer
CVE-2008-0120 (A "memory allocation error" in Microsoft PowerPoint Viewer 2003 allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft PowerPoint Viewer
CVE-2008-0119 (Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP ...)
NOT-FOR-US: Microsoft Publisher
CVE-2008-0118 (Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 ...)
@@ -8334,7 +8334,7 @@
CVE-2008-0083 (The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) ...)
NOT-FOR-US: Microsoft Windows
CVE-2008-0082 (An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 ...)
- TODO: check
+ NOT-FOR-US: Windows Messenger
CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 ...)
NOT-FOR-US: Microsoft
CVE-2008-0080 (Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft ...)
More information about the Secure-testing-commits
mailing list