[Secure-testing-commits] r10790 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Tue Dec 23 21:14:11 UTC 2008
Author: joeyh
Date: 2008-12-23 21:14:10 +0000 (Tue, 23 Dec 2008)
New Revision: 10790
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-12-23 20:18:43 UTC (rev 10789)
+++ data/CVE/list 2008-12-23 21:14:10 UTC (rev 10790)
@@ -1,3 +1,55 @@
+CVE-2008-5704 (src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might ...)
+ TODO: check
+CVE-2008-5703 (gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to ...)
+ TODO: check
+CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in ...)
+ TODO: check
+CVE-2008-5701 (Array index error in arch/mips/kernel/scall64-o32.S in the Linux ...)
+ TODO: check
+CVE-2008-5700 (libata in the Linux kernel before 2.6.27.9 does not set minimum ...)
+ TODO: check
+CVE-2008-5699 (The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris ...)
+ TODO: check
+CVE-2008-5698 (HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 ...)
+ TODO: check
+CVE-2008-5697 (The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 ...)
+ TODO: check
+CVE-2008-5696 (Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is ...)
+ TODO: check
+CVE-2008-5695 (wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 ...)
+ TODO: check
+CVE-2008-5694 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-5693 (Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other ...)
+ TODO: check
+CVE-2008-5692 (Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other ...)
+ TODO: check
+CVE-2008-5691 (Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX ...)
+ TODO: check
+CVE-2008-5690 (The Kerberos credential renewal feature in Solaris 8, 9, and 10, and ...)
+ TODO: check
+CVE-2008-5689 (tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 ...)
+ TODO: check
+CVE-2008-5688 (MediaWiki 1.8.1 through 1.13.3, when the wgShowExceptionDetails ...)
+ TODO: check
+CVE-2008-5687 (MediaWiki 1.11 through 1.13.3 does not properly protect against the ...)
+ TODO: check
+CVE-2008-5686 (IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its ...)
+ TODO: check
+CVE-2008-5685 (Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun ...)
+ TODO: check
+CVE-2008-5684 (Unspecified vulnerability in the X Inter Client Exchange library (aka ...)
+ TODO: check
+CVE-2008-5683 (Unspecified vulnerability in Opera before 9.63 allows remote attackers ...)
+ TODO: check
+CVE-2008-5682 (Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows ...)
+ TODO: check
+CVE-2008-5681 (Opera before 9.63 does not block unspecified "scripted URLs" during ...)
+ TODO: check
+CVE-2008-5680 (Multiple buffer overflows in Opera before 9.63 might allow (1) remote ...)
+ TODO: check
+CVE-2008-5679 (The HTML parsing engine in Opera before 9.63 allows remote attackers ...)
+ TODO: check
CVE-2008-5678 (Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote ...)
NOT-FOR-US: OLIB7 WebView
CVE-2008-5677 (Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and ...)
@@ -1001,16 +1053,13 @@
RESERVED
CVE-2008-5253
RESERVED
-CVE-2008-5252 [CSRF vulnerability affecting the Special:Import feature]
- RESERVED
+CVE-2008-5252 (Cross-site request forgery (CSRF) vulnerability in the Special:Import ...)
- mediawiki 1:1.13.3-1 (bug #508870)
CVE-2008-5251
RESERVED
-CVE-2008-5250 [local script injection vulnerabilities on MediaWiki installations with uploads enabled]
- RESERVED
+CVE-2008-5250 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, ...)
- mediawiki 1:1.13.3-1 (bug #508869)
-CVE-2008-5249 [XSS vulnerability affecting all MediaWiki installations between 1.13.0 and 1.13.2]
- RESERVED
+CVE-2008-5249 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through ...)
- mediawiki <not-affected> (vulnerable code was introduced in 1.13.0)
TODO: [experimental] - mediawiki 1:1.13.3-1 (bug #508868)
CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the Real ...)
@@ -1046,7 +1095,6 @@
CVE-2008-5245 (xine-lib before 1.1.15 performs V4L video frame preallocation before ...)
- xine-lib 1.1.14-3 (low)
CVE-2008-5244 (Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact ...)
- {DTSA-181-1}
- xine-lib 1.1.14-3
- faad2 2.6.1-1
- mplayer 1.0~rc2-20 (bug #407010)
@@ -1168,11 +1216,11 @@
- wireshark 1.0.5-1 (low; bug #506741)
CVE-2008-5394 (/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other ...)
- shadow 1:4.1.1-6 (bug #505271)
-CVE-2008-5706 [possibility of attack with the help of symlinks]
+CVE-2008-5706 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger ...)
- verlihub <unfixed> (low; bug #506530)
TODO: further investigation on this package is needed
NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats
-CVE-2008-5705 [verlihub remote command execution]
+CVE-2008-5705 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger ...)
- verlihub <unfixed> (low; bug #506530)
TODO: further investigation on this package is needed
NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats
@@ -1426,8 +1474,8 @@
NOT-FOR-US: PHPKB
CVE-2008-5087 (SQL injection vulnerability in TYPO3 Another Backend Login ...)
NOT-FOR-US: wrg_anotherbelogin extension for typo3
-CVE-2008-5086
- RESERVED
+CVE-2008-5086 (Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a ...)
+ TODO: check
CVE-2008-5085
RESERVED
CVE-2008-5084
@@ -1447,8 +1495,8 @@
- linux-2.6 2.6.26-12
- linux-2.6.24 <removed>
NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2
-CVE-2008-5078
- RESERVED
+CVE-2008-5078 (Multiple buffer overflows in the (1) recognize_eps_file function ...)
+ TODO: check
CVE-2008-5077
RESERVED
CVE-2008-5075 (Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka ...)
@@ -2499,6 +2547,7 @@
CVE-2008-4611 (SQL injection vulnerability in index.php in PHP Arsivimiz Php ...)
NOT-FOR-US: PHP Arsivimiz Php Ziyaretci Defteri
CVE-2008-4610 (MPlayer allows remote attackers to cause a denial of service ...)
+ {DTSA-181-1}
- mplayer 1.0~rc2-20 (low; bug #407010)
NOTE: only the aac issue affected mplayer because it built against a copy of faad
NOTE: the ogm issue is a problem in ffmpeg
@@ -3343,7 +3392,7 @@
RESERVED
CVE-2008-4256 (The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual ...)
NOT-FOR-US: Microsoft Visual Basic
-CVE-2008-4255 (The Windows Common ActiveX control (mscomct2.ocx) in Microsoft Visual ...)
+CVE-2008-4255 (Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX ...)
NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4254 (Multiple integer overflows in the Hierarchical FlexGrid ActiveX ...)
NOT-FOR-US: Microsoft Visual Basic
@@ -3654,8 +3703,7 @@
RESERVED
CVE-2008-4123
RESERVED
-CVE-2008-4122
- RESERVED
+CVE-2008-4122 (Joomla! 1.5.8 does not set the secure flag for the session cookie in ...)
NOT-FOR-US: Joomla
CVE-2008-4121 (Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce ...)
NOT-FOR-US: cpCommerce
@@ -5365,7 +5413,7 @@
NOT-FOR-US: Microsoft Excel
CVE-2008-3476 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle ...)
NOT-FOR-US: Microsoft
-CVE-2008-3475 (Microsoft Internet Explorer 6 does not properly handle errors ...)
+CVE-2008-3475 (Microsoft Internet Explorer 6 does not properly handle errors related ...)
NOT-FOR-US: Microsoft
CVE-2008-3474 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...)
NOT-FOR-US: Microsoft
@@ -7894,8 +7942,7 @@
CVE-2008-2381 [gforge sql injection in GroupJoinRequest.class.php]
RESERVED
- gforge 4.7~rc2-7
-CVE-2008-2380 [SQL injection vulnerability with PGSQL]
- RESERVED
+CVE-2008-2380 (SQL injection vulnerability in authpgsqllib.c in Courier-Authlib ...)
{DSA-1688-1 DTSA-180-1}
- courier-authlib 0.61.0-1+lenny1
CVE-2008-2379 (Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 ...)
@@ -11000,8 +11047,7 @@
- graphicsmagick 1.1.11-3.2 (medium; bug #414370)
CVE-2008-1095 (Unspecified vulnerability in the Internet Protocol (IP) implementation ...)
NOT-FOR-US: Sun Solaris
-CVE-2008-1094
- RESERVED
+CVE-2008-1094 (SQL injection vulnerability in index.cgi in the Account View page in ...)
NOT-FOR-US: Barracuda Spam Firewall
CVE-2008-1093 (Acresso InstallShield Update Agent does not properly verify the ...)
NOT-FOR-US: FLEXnet Connect
@@ -11275,8 +11321,7 @@
NOT-FOR-US: Double-Take
CVE-2008-0972
RESERVED
-CVE-2008-0971
- RESERVED
+CVE-2008-0971 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in ...)
NOT-FOR-US: Barracuda Networks products
CVE-2008-0970
RESERVED
@@ -65033,7 +65078,7 @@
CVE-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow ...)
{DSA-590-1}
- gnats 4.0-6.1
-CVE-2004-0622 (Mac OS X 10.3.4 does not properly clear memory for user login, ...)
+CVE-2004-0622 (Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does ...)
NOT-FOR-US: MacOS
CVE-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain ...)
NOT-FOR-US: Newsletter ZWS
More information about the Secure-testing-commits
mailing list