[Secure-testing-commits] r10571 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Mon Dec 1 21:14:14 UTC 2008
Author: joeyh
Date: 2008-12-01 21:14:13 +0000 (Mon, 01 Dec 2008)
New Revision: 10571
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-12-01 21:00:29 UTC (rev 10570)
+++ data/CVE/list 2008-12-01 21:14:13 UTC (rev 10571)
@@ -1,4 +1,71 @@
+CVE-2008-5284 (The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other ...)
+ TODO: check
+CVE-2008-5283 (Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote ...)
+ TODO: check
+CVE-2008-5282 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 ...)
+ TODO: check
+CVE-2008-5281 (Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows ...)
+ TODO: check
+CVE-2008-5280 (The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM) Server ...)
+ TODO: check
+CVE-2008-5279 (The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging ...)
+ TODO: check
+CVE-2008-5277
+ RESERVED
+CVE-2008-5275 (Multiple directory traversal vulnerabilities in the (a) "Unzip ...)
+ TODO: check
+CVE-2008-5274 (Todd Woolums ASP News Management 2.2 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2008-5273 (SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News ...)
+ TODO: check
+CVE-2008-5272 (Multiple directory traversal vulnerabilities in Fred Stuurman ...)
+ TODO: check
+CVE-2008-5271 (Cross-site scripting (XSS) vulnerability in index.php in Fred Stuurman ...)
+ TODO: check
+CVE-2008-5270 (SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 ...)
+ TODO: check
+CVE-2008-5269 (SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows ...)
+ TODO: check
+CVE-2008-5268 (SQL injection vulnerability in content/forums/reply.asp in ASPPortal ...)
+ TODO: check
+CVE-2008-5267 (SQL injection vulnerability in answer.php in Experts 1.0.0, when ...)
+ TODO: check
+CVE-2008-5266 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2008-5265 (Directory traversal vulnerability in index.php in TNT Forum 0.9.4, ...)
+ TODO: check
+CVE-2008-5264 (Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado ...)
+ TODO: check
+CVE-2008-5263
+ RESERVED
+CVE-2008-5262
+ RESERVED
+CVE-2008-5261
+ RESERVED
+CVE-2008-5260
+ RESERVED
+CVE-2008-5259
+ RESERVED
+CVE-2008-5258
+ RESERVED
+CVE-2008-5257 (webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for ...)
+ TODO: check
+CVE-2008-5255
+ RESERVED
+CVE-2008-5254
+ RESERVED
+CVE-2008-5253
+ RESERVED
+CVE-2008-5252
+ RESERVED
+CVE-2008-5251
+ RESERVED
+CVE-2008-5250
+ RESERVED
+CVE-2008-5249
+ RESERVED
CVE-2008-5276 [vlc real demuxer heap overflow]
+ RESERVED
- vlc <not-affected> (vulnerable code not present)
NOTE: affected versions are >= 0.9.x (experimental)
CVE-2008-XXXX [multiple vulnerabilities in phpcas]
@@ -10,7 +77,7 @@
TODO: write proper advisory and request CVE id
CVE-2008-XXXX [php5: inifile handler for the dba functions can be used to truncate a file]
- php5 (low; bug #507101)
-CVE-2008-5278 [Cross-site scripting (XSS) vulnerability in the RSS Feed Generator]
+CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link function in ...)
- wordpress 2.5.1-11 (low; bug #507193)
CVE-2008-5286 [cups: integer overflow due to incomplete fix for CVE-2008-1722]
- cups <unfixed> (bug #507183; medium)
@@ -206,8 +273,8 @@
NOT-FOR-US: The Rat CMS
CVE-2008-5163 (Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 ...)
NOT-FOR-US: The Rat CMS
-CVE-2008-5162
- RESERVED
+CVE-2008-5162 (The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does ...)
+ TODO: check
CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...)
- openssh <unfixed> (low; bug #506115)
[etch] - openssh <no-dsa> (minor issue)
@@ -1022,7 +1089,7 @@
CVE-2008-XXXX [dia: Python scripts load modules from current directory]
- dia 0.96.1-7.1 (low; bug #504251)
[etch] - dia <no-dsa> (Minor issue, only vulnerable when called from certain dir)
-CVE-2008-5256 [virtualbox-ose: insecure temp file usage]
+CVE-2008-5256 (The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek ...)
- virtualbox-ose 1.6.6-dfsg-3 (low; bug #504149)
CVE-2008-4801 (Heap-based buffer overflow in the Data Protection for SQL CAD service ...)
NOT-FOR-US: SQL CAD service
@@ -1402,8 +1469,8 @@
NOT-FOR-US: Symantec VxFS
CVE-2008-4637 (Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 ...)
NOT-FOR-US: cpCommerce
-CVE-2008-4636
- RESERVED
+CVE-2008-4636 (yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux ...)
+ TODO: check
CVE-2008-4635 (Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 ...)
NOT-FOR-US: XOOPS module
CVE-2008-4634 (Cross-site scripting (XSS) vulnerability in Movable Type 4 through ...)
@@ -2171,14 +2238,14 @@
RESERVED
CVE-2008-4316
RESERVED
-CVE-2008-4315
- RESERVED
+CVE-2008-4315 (tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux ...)
+ TODO: check
CVE-2008-4314 [samba memory leak]
RESERVED
- samba 2:3.2.5-1
[etch] - samba <not-affected> (Vulnerable code not present)
-CVE-2008-4313
- RESERVED
+CVE-2008-4313 (A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 ...)
+ TODO: check
CVE-2008-4312
RESERVED
CVE-2008-4311
@@ -2192,7 +2259,7 @@
RESERVED
CVE-2008-4307
RESERVED
-CVE-2008-4306 (Unspecified vulnerability in enscript before 1.6.4 in Ubuntu Linux ...)
+CVE-2008-4306 (Unspecified vulnerability in enscript before 1.6.4 has unknown impact ...)
{DSA-1670-1}
- enscript 1.6.4-13 (bug #506261)
CVE-2008-4305
@@ -6842,8 +6909,7 @@
RESERVED
CVE-2008-2379
RESERVED
-CVE-2008-2378 [insecure system call in hf]
- RESERVED
+CVE-2008-2378 (Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 ...)
{DSA-1668-1}
- hf 0.8-8.1 (medium; bug #504182)
CVE-2008-2377 (Use after free vulnerability in the ...)
@@ -8682,9 +8748,9 @@
RESERVED
CVE-2008-1586 (ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod ...)
NOT-FOR-US: Apple
-CVE-2008-1585 (Apple QuickTime before 7.5 allows remote attackers to execute ...)
+CVE-2008-1585 (Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler ...)
NOT-FOR-US: Apple QuickTime
-CVE-2008-1584 (Stack-based buffer overflow in Apple QuickTime before 7.5 allows ...)
+CVE-2008-1584 (Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 ...)
NOT-FOR-US: Apple QuickTime
CVE-2008-1583 (Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote ...)
NOT-FOR-US: Apple QuickTime
@@ -12153,7 +12219,7 @@
NOT-FOR-US: Pragma TelnetServer
CVE-2008-0152 (SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier ...)
NOT-FOR-US: SeattleLab SLNet RF Telnet Server
-CVE-2008-0151 (Foxit WAC Server 2.1.0.910 and earlier allows remote attackers to ...)
+CVE-2008-0151 (Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote ...)
NOT-FOR-US: Foxit WAC Server
CVE-2008-0150 (Unspecified vulnerability in the LDAP authentication feature in Aruba ...)
NOT-FOR-US: Aruba Mobility Controller
More information about the Secure-testing-commits
mailing list