[Secure-testing-commits] r9686 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Aug 27 21:14:15 UTC 2008
Author: joeyh
Date: 2008-08-27 21:14:12 +0000 (Wed, 27 Aug 2008)
New Revision: 9686
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-08-27 20:50:14 UTC (rev 9685)
+++ data/CVE/list 2008-08-27 21:14:12 UTC (rev 9686)
@@ -1,3 +1,191 @@
+CVE-2008-3844 (Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, ...)
+ TODO: check
+CVE-2008-3843 (Request Validation (aka the ValidateRequest filters) in ASP.NET in ...)
+ TODO: check
+CVE-2008-3842 (Request Validation (aka the ValidateRequest filters) in ASP.NET in ...)
+ TODO: check
+CVE-2008-3841 (Cross-site scripting (XSS) vulnerability in admin/search_links.php in ...)
+ TODO: check
+CVE-2008-3840 (Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in ...)
+ TODO: check
+CVE-2008-3839 (Unspecified vulnerability in the NFS module in the kernel in Sun ...)
+ TODO: check
+CVE-2008-3838 (Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) ...)
+ TODO: check
+CVE-2008-3837
+ RESERVED
+CVE-2008-3836
+ RESERVED
+CVE-2008-3835
+ RESERVED
+CVE-2008-3834
+ RESERVED
+CVE-2008-3833
+ RESERVED
+CVE-2008-3832
+ RESERVED
+CVE-2008-3831
+ RESERVED
+CVE-2008-3830
+ RESERVED
+CVE-2008-3829
+ RESERVED
+CVE-2008-3828
+ RESERVED
+CVE-2008-3827
+ RESERVED
+CVE-2008-3826
+ RESERVED
+CVE-2008-3825
+ RESERVED
+CVE-2008-3824
+ RESERVED
+CVE-2008-3823
+ RESERVED
+CVE-2008-3822
+ RESERVED
+CVE-2008-3821
+ RESERVED
+CVE-2008-3820
+ RESERVED
+CVE-2008-3819
+ RESERVED
+CVE-2008-3818
+ RESERVED
+CVE-2008-3817
+ RESERVED
+CVE-2008-3816
+ RESERVED
+CVE-2008-3815
+ RESERVED
+CVE-2008-3814
+ RESERVED
+CVE-2008-3813
+ RESERVED
+CVE-2008-3812
+ RESERVED
+CVE-2008-3811
+ RESERVED
+CVE-2008-3810
+ RESERVED
+CVE-2008-3809
+ RESERVED
+CVE-2008-3808
+ RESERVED
+CVE-2008-3807
+ RESERVED
+CVE-2008-3806
+ RESERVED
+CVE-2008-3805
+ RESERVED
+CVE-2008-3804
+ RESERVED
+CVE-2008-3803
+ RESERVED
+CVE-2008-3802
+ RESERVED
+CVE-2008-3801
+ RESERVED
+CVE-2008-3800
+ RESERVED
+CVE-2008-3799
+ RESERVED
+CVE-2008-3798
+ RESERVED
+CVE-2008-3797
+ RESERVED
+CVE-2008-3796 (Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2008-3795 (Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP ...)
+ TODO: check
+CVE-2008-3793
+ RESERVED
+CVE-2008-3792
+ RESERVED
+CVE-2008-3791
+ RESERVED
+CVE-2008-3788 (Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, ...)
+ TODO: check
+CVE-2008-3787 (SQL injection vulnerability in listing_view.php in Web Directory ...)
+ TODO: check
+CVE-2008-3786 (Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO ...)
+ TODO: check
+CVE-2008-3785 (Multiple SQL injection vulnerabilities in the com_content component in ...)
+ TODO: check
+CVE-2008-3784 (SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and ...)
+ TODO: check
+CVE-2008-3783 (Multiple SQL injection vulnerabilities in index.php in Matterdaddy ...)
+ TODO: check
+CVE-2008-3782 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
+ TODO: check
+CVE-2008-3781 (Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 ...)
+ TODO: check
+CVE-2008-3780 (SQL injection vulnerability in recommend.php in Five Star Review ...)
+ TODO: check
+CVE-2008-3779 (Cross-site scripting (XSS) vulnerability in search/index.php in Five ...)
+ TODO: check
+CVE-2008-3778 (The remote management interface in SIP Enablement Services (SES) ...)
+ TODO: check
+CVE-2008-3777 (The SIP Enablement Services (SES) Server in Avaya SIP Enablement ...)
+ TODO: check
+CVE-2008-3776 (Directory traversal vulnerability in Fujitsu Web-Based Admin View ...)
+ TODO: check
+CVE-2008-3775 (Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the ...)
+ TODO: check
+CVE-2008-3774 (SQL injection vulnerability in index.php in Simasy CMS allows remote ...)
+ TODO: check
+CVE-2008-3773 (Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and ...)
+ TODO: check
+CVE-2008-3772 (SQL injection vulnerability in categories_portal.php in Pars4u ...)
+ TODO: check
+CVE-2008-3771 (Cross-site scripting (XSS) vulnerability in members.php in Pars4u ...)
+ TODO: check
+CVE-2008-3770 (Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, ...)
+ TODO: check
+CVE-2008-3769 (PHP remote file inclusion vulnerability in admin/create_order_new.php ...)
+ TODO: check
+CVE-2008-3768 (Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey ...)
+ TODO: check
+CVE-2008-3767 (SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows ...)
+ TODO: check
+CVE-2008-3766 (Realtime Internet Band Rehearsal Low-Latency (Internet) Connection ...)
+ TODO: check
+CVE-2008-3765 (SQL injection vulnerability in code.php in Quick Poll Script allows ...)
+ TODO: check
+CVE-2008-3764 (Eval injection vulnerability in chat.php in Turnkey PHP Live Helper ...)
+ TODO: check
+CVE-2008-3763 (Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live ...)
+ TODO: check
+CVE-2008-3762 (SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP ...)
+ TODO: check
+CVE-2008-3761 (hcmon.sys in VMware Workstation 6.0.0.45731 uses the METHOD_NEITHER ...)
+ TODO: check
+CVE-2008-3760 (Cross-site request forgery (CSRF) vulnerability in the sign-out page ...)
+ TODO: check
+CVE-2008-3759 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2008-3758 (Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla ...)
+ TODO: check
+CVE-2008-3757 (SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix ...)
+ TODO: check
+CVE-2008-3756 (SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing ...)
+ TODO: check
+CVE-2008-3755 (SQL injection vulnerability in view.php in YourFreeWorld Classifieds ...)
+ TODO: check
+CVE-2008-3754 (SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text ...)
+ TODO: check
+CVE-2008-3753 (SQL injection vulnerability in details.php in YourFreeWorld Programs ...)
+ TODO: check
+CVE-2008-3752 (SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange ...)
+ TODO: check
+CVE-2008-3751 (SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url ...)
+ TODO: check
+CVE-2008-3750 (SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator ...)
+ TODO: check
+CVE-2008-3749 (SQL injection vulnerability in tr.php in Banner Management Script ...)
+ TODO: check
+CVE-2008-3748 (SQL injection vulnerability in view_group.php in Active PHP Bookmarks ...)
+ TODO: check
CVE-2008-XXXX [emacs-jabber: insecure temp files]
- emacs-jabber 0.7.91-2 (low; bug #496428)
CVE-2008-XXXX [xastir: insecure temp files]
@@ -4,7 +192,7 @@
- xastir 1.9.2-1.1 (low; bug #496383)
CVE-2008-XXXX [mon: insecure temp files]
- mon <unfixed> (medium; bug #496398)
-CVE-2008-3790 [ruby rexml DoS]
+CVE-2008-3790 (The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through ...)
- ruby1.8 <unfixed> (bug #496808)
- ruby1.9 <unfixed>
CVE-2008-XXXX [apertium: insecure temp files]
@@ -30,7 +218,7 @@
CVE-2008-XXXX [insecure temp file in ogle]
- ogle <unfixed> (unimportant; bug #496420; bug #496425)
NOTE: This only affects debugging scripts not present in standard path
-CVE-2008-3789 [samba group_mapping.ldb created world writeable]
+CVE-2008-3789 (Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb ...)
- samba <unfixed> (bug #496073; medium)
[etch] - samba <not-affected> (Only affects Samba 3.2.x)
CVE-2008-XXXX [insecure temp file in nvi]
@@ -117,20 +305,20 @@
- lazarus 0.9.24-0-11 (low)
CVE-2008-XXXX [crossfire-maps: insecure temp file]
- crossfire-maps 1.11.0-2 (low)
-CVE-2008-3794 [vlc mms handling buffer overflow]
+CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in ...)
- vlc 0.8.6.h-4 (medium; bug #496265)
-CVE-2008-3747
- RESERVED
-CVE-2008-3746
- RESERVED
-CVE-2008-3739
- RESERVED
-CVE-2008-3738
- RESERVED
-CVE-2008-3737
- RESERVED
-CVE-2008-3736
- RESERVED
+CVE-2008-3747 (The (1) get_edit_post_link and (2) get_edit_comment_link functions in ...)
+ TODO: check
+CVE-2008-3746 (neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of ...)
+ TODO: check
+CVE-2008-3739 (Cross-site scripting (XSS) vulnerability in (1) System Consultants ...)
+ TODO: check
+CVE-2008-3738 (Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier ...)
+ TODO: check
+CVE-2008-3737 (Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 ...)
+ TODO: check
+CVE-2008-3736 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...)
+ TODO: check
CVE-2008-3735 (Cross-site scripting (XSS) vulnerability in index.php in PHPizabi ...)
NOT-FOR-US: PHPizabi
CVE-2008-3734 (Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and ...)
@@ -228,7 +416,7 @@
- havp 20070509-1.1 (bug #496034)
CVE-2008-3687 (Heap-based buffer overflow in the flask_security_label function in Xen ...)
- xen-3 <not-affected> (Not compiled with XSM:FLASK)
-CVE-2008-3686 (The rt6_fill_node function in Linux kernel 2.6.26-rc4, 2.6.26.2, and ...)
+CVE-2008-3686 (The rt6_fill_node function in net/ipv6/route.c in Linux kernel ...)
- linux-2.6.24 <not-affected> (Vulnerable code was introduced in 2.6.26)
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.26)
@@ -283,33 +471,27 @@
NOTE: The code in question doesn't dereference the symlink, tested with Etch
NOTE: and Lenny. Given that it only takes a minute to test this, it's surprising
NOTE: that at least one vendor issued an advisory and upstream pushed a new release...
-CVE-2008-3740 [drupal XSS]
- RESERVED
+CVE-2008-3740 (Cross-site scripting (XSS) vulnerability in the output filter in ...)
{DTSA-156-1}
- drupal5 5.10-1 (low; bug #495122)
- drupal-4.7 <removed>
-CVE-2008-3741 [drupal XSS]
- RESERVED
+CVE-2008-3741 (The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 ...)
{DTSA-156-1}
- drupal5 5.10-1 (low; bug #495122)
- drupal-4.7 <removed>
-CVE-2008-3742 [drupal file uploads via blogApi]
- RESERVED
+CVE-2008-3742 (Unrestricted file upload vulnerability in the BlogAPI module in Drupal ...)
{DTSA-156-1}
- drupal5 5.10-1 (medium; bug #495122)
- drupal-4.7 <removed>
-CVE-2008-3743 [drupal CSRF]
- RESERVED
+CVE-2008-3743 (Multiple cross-site request forgery (CSRF) vulnerabilities in forms in ...)
{DTSA-156-1}
- drupal5 <not-affected> (Vulnerable code not present)
- drupal-4.7 <removed>
-CVE-2008-3744 [drupal CSRF]
- RESERVED
+CVE-2008-3744 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal ...)
{DTSA-156-1}
- drupal5 5.10-1 (low; bug #495122)
- drupal-4.7 <removed>
-CVE-2008-3745 [drupal upload module privilege escalation]
- RESERVED
+CVE-2008-3745 (The Upload module in Drupal 6.x before 6.4 allows remote authenticated ...)
{DTSA-156-1}
- drupal5 <not-affected> (Vulnerable code only present in 6.x)
- drupal-4.7 <removed>
@@ -611,8 +793,8 @@
RESERVED
CVE-2008-3527
RESERVED
-CVE-2008-3526
- RESERVED
+CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in ...)
+ TODO: check
CVE-2008-3525
RESERVED
CVE-2008-3524
@@ -1132,8 +1314,7 @@
RESERVED
CVE-2008-3282
RESERVED
-CVE-2008-3281
- RESERVED
+CVE-2008-3281 (libxml2 2.6.32 and earlier does not properly detect recursion during ...)
{DSA-1631-1 DTSA-158-1}
- libxml2 2.6.32.dfsg-3 (medium)
CVE-2008-3280
@@ -1247,7 +1428,7 @@
- wordpress <not-affected> (Code was only present in svn versions)
CVE-2008-3232 (Unspecified vulnerability in dotclear before 1.2.8 has unknown impact ...)
NOT-FOR-US: dotclear
-CVE-2008-3231 (xine allows user-assisted attackers to cause a denial of service ...)
+CVE-2008-3231 (xine before 1.1.5 allows user-assisted attackers to cause a denial of ...)
- xine-lib 1.1.14-2 (bug #492870; low)
CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a ...)
- ffmpeg-debian <unfixed>
@@ -3084,8 +3265,8 @@
RESERVED
CVE-2008-2434
RESERVED
-CVE-2008-2433
- RESERVED
+CVE-2008-2433 (The web management console in Trend Micro OfficeScan 7.0 through 8.0, ...)
+ TODO: check
CVE-2008-2432
RESERVED
CVE-2008-2431
@@ -3331,8 +3512,7 @@
RESERVED
CVE-2008-2328
RESERVED
-CVE-2008-2327 [libtiff buffer undeflow]
- RESERVED
+CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode and (2) ...)
{DSA-1632-1 DTSA-160-1}
- tiff <unfixed> (medium)
NOTE: maintainer informed
@@ -4859,7 +5039,7 @@
- linux-2.6 2.6.25-2 (low)
- linux-2.6.24 2.6.24-6~etchnhalf.2
NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9, fixed in 2.6.24.7 and 2.6.25.2
-CVE-2008-1668 (Unspecified vulnerability in ftpd (aka wu-ftpd 2.4.x) in HP-UX B.11.11 ...)
+CVE-2008-1668 (ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns ...)
TODO: check
CVE-2008-1667 (The Probe Builder Service (aka PBOVISServer.exe) in European ...)
NOT-FOR-US: Probe Builder 2.2
@@ -21824,8 +22004,8 @@
NOT-FOR-US: sldimdownload ActiveX control
CVE-2007-1683 (Stack-based buffer overflow in the DoWebMenuAction function in the ...)
NOT-FOR-US: IncrediMail
-CVE-2007-1682
- RESERVED
+CVE-2007-1682 (Multiple stack-based buffer overflows in the FileManager ActiveX ...)
+ TODO: check
CVE-2007-1681 (Format string vulnerability in libwebconsole_services.so in Sun Java ...)
NOT-FOR-US: Sun Solaris
CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference function in ...)
More information about the Secure-testing-commits
mailing list