[Secure-testing-commits] r10743 - data/CVE
white at alioth.debian.org
white at alioth.debian.org
Sat Dec 20 17:11:41 UTC 2008
Author: white
Date: 2008-12-20 17:11:40 +0000 (Sat, 20 Dec 2008)
New Revision: 10743
Modified:
data/CVE/list
Log:
Some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-12-20 15:42:40 UTC (rev 10742)
+++ data/CVE/list 2008-12-20 17:11:40 UTC (rev 10743)
@@ -1,17 +1,17 @@
CVE-2008-5678 (Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: OLIB7 WebView
CVE-2008-5677 (Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and ...)
- TODO: check
+ NOT-FOR-US: Kwalbum
CVE-2008-5676 (Multiple unspecified vulnerabilities in the ModSecurity (aka ...)
TODO: check
CVE-2008-5675 (Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Portal
CVE-2008-5674 (Multiple array index errors in the HTTP server in Darkwet Network ...)
- TODO: check
+ NOT-FOR-US: Darkwet Network webcamXP
CVE-2008-5673 (PHParanoid before 0.4 does not properly restrict access to the members ...)
- TODO: check
+ NOT-FOR-US: PHParanoid
CVE-2008-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: PHParanoid
CVE-2008-5671 (PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 ...)
NOT-FOR-US: Joomla
CVE-2008-5670 (Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password ...)
@@ -25,15 +25,15 @@
CVE-2008-5666 (WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows ...)
NOT-FOR-US: WinFTP
CVE-2008-5665 (SQL injection vulnerability in index.php in the xhresim module in ...)
- TODO: check
+ NOT-FOR-US: XOOPS
CVE-2008-5664 (Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound ...)
- TODO: check
+ NOT-FOR-US: Realtek Media Player
CVE-2008-5663 (Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and ...)
- TODO: check
+ NOT-FOR-US: Kusaba
CVE-2008-5662 (Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC ...)
TODO: check
CVE-2008-5661 (The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and ...)
TODO: check
CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows ...)
@@ -1050,7 +1050,7 @@
NOTE: memcpy fails for copying from the complete addressable address space long before any code is executed
NOTE: the malloc check for type_specific_data is missing, minor issue filed as #508065
CVE-2008-5237 (Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and ...)
- - xine-lib <unfixed> (bug #509265)
+ - xine-lib <unfixed> (bug #509265; low)
CVE-2008-5236 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other ...)
TODO: check
CVE-2008-5235 (Heap-based buffer overflow in the demux_real_send_chunk function in ...)
More information about the Secure-testing-commits
mailing list