[Secure-testing-commits] r7964 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Fri Jan 18 21:14:10 UTC 2008
Author: joeyh
Date: 2008-01-18 21:14:10 +0000 (Fri, 18 Jan 2008)
New Revision: 7964
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-01-18 19:38:39 UTC (rev 7963)
+++ data/CVE/list 2008-01-18 21:14:10 UTC (rev 7964)
@@ -1,3 +1,141 @@
+CVE-2008-0352 (The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to ...)
+ TODO: check
+CVE-2008-0351 (admin/config.php in Evilsentinel 1.0.9 and earlier allows remote ...)
+ TODO: check
+CVE-2008-0350 (admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to ...)
+ TODO: check
+CVE-2008-0349 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
+ TODO: check
+CVE-2008-0348 (Multiple unspecified vulnerabilities in the PeopleTools component in ...)
+ TODO: check
+CVE-2008-0347 (Unspecified vulnerability in the Oracle Ultra Search component in ...)
+ TODO: check
+CVE-2008-0346 (Unspecified vulnerability in the Oracle Jinitiator component in Oracle ...)
+ TODO: check
+CVE-2008-0345 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
+ TODO: check
+CVE-2008-0344 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
+ TODO: check
+CVE-2008-0343 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
+ TODO: check
+CVE-2008-0342 (Unspecified vulnerability in the Upgrade/Downgrade component in Oracle ...)
+ TODO: check
+CVE-2008-0341 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...)
+ TODO: check
+CVE-2008-0340 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...)
+ TODO: check
+CVE-2008-0339 (Unspecified vulnerability in the XML DB component in Oracle Database ...)
+ TODO: check
+CVE-2008-0338 (Directory traversal vulnerability in the mwGetLocalFileName function ...)
+ TODO: check
+CVE-2008-0337 (Heap-based buffer overflow in the _mwProcessReadSocket function in ...)
+ TODO: check
+CVE-2008-0336 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2008-0335 (Cross-site scripting (XSS) vulnerability in BugTracker.NET before ...)
+ TODO: check
+CVE-2008-0334 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2008-0333 (Directory traversal vulnerability in download_view_attachment.aspx in ...)
+ TODO: check
+CVE-2008-0332 (Directory traversal vulnerability in arias/help/effect.php in aria ...)
+ TODO: check
+CVE-2008-0331 (Unspecified vulnerability in Funkwerk System Software before 7.4.1 ...)
+ TODO: check
+CVE-2008-0330 (Radiator before 4.0 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2008-0329 (LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) ...)
+ TODO: check
+CVE-2008-0328 (SQL injection vulnerability in page.php in FaScript FaName 1.0 allows ...)
+ TODO: check
+CVE-2008-0327 (SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows ...)
+ TODO: check
+CVE-2008-0326 (SQL injection vulnerability in class/show.php in FaScript ...)
+ TODO: check
+CVE-2008-0325 (SQL injection vulnerability in show.php in FaScript FaPersian Petition ...)
+ TODO: check
+CVE-2008-0324 (Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 ...)
+ TODO: check
+CVE-2008-0323
+ RESERVED
+CVE-2008-0322
+ RESERVED
+CVE-2008-0321
+ RESERVED
+CVE-2008-0320
+ RESERVED
+CVE-2008-0319
+ RESERVED
+CVE-2008-0318
+ RESERVED
+CVE-2008-0317
+ RESERVED
+CVE-2008-0316
+ RESERVED
+CVE-2008-0315
+ RESERVED
+CVE-2008-0314
+ RESERVED
+CVE-2008-0313
+ RESERVED
+CVE-2008-0312
+ RESERVED
+CVE-2008-0311
+ RESERVED
+CVE-2008-0310
+ RESERVED
+CVE-2008-0309
+ RESERVED
+CVE-2008-0308
+ RESERVED
+CVE-2008-0307
+ RESERVED
+CVE-2008-0306
+ RESERVED
+CVE-2008-0305
+ RESERVED
+CVE-2008-0304
+ RESERVED
+CVE-2008-0303
+ RESERVED
+CVE-2008-0301
+ RESERVED
+CVE-2008-0300
+ RESERVED
+CVE-2008-0298 (KHTML WebKit as used in Apple Safari 2.x allows remote attackers to ...)
+ TODO: check
+CVE-2008-0297 (PhotoKorn allows remote attackers to obtain database credentials via a ...)
+ TODO: check
+CVE-2008-0296 (Heap-based buffer overflow in the libaccess_realrtsp plugin in ...)
+ TODO: check
+CVE-2008-0295 (Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in ...)
+ TODO: check
+CVE-2008-0294 (Unspecified vulnerability in the seat-locking implementation in ...)
+ TODO: check
+CVE-2008-0293 (Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when ...)
+ TODO: check
+CVE-2008-0292 (Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie ...)
+ TODO: check
+CVE-2008-0291 (SQL injection vulnerability in showproduct.asp in RichStrong CMS ...)
+ TODO: check
+CVE-2007-6693 (Unspecified vulnerability in the WebCam module in Menalto Gallery ...)
+ TODO: check
+CVE-2007-6692 (Open redirect vulnerability in Menalto Gallery before 2.2.4 allows ...)
+ TODO: check
+CVE-2007-6691 (Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 ...)
+ TODO: check
+CVE-2007-6690 (The Gallery Remote module in Menalto Gallery before 2.2.4 does not ...)
+ TODO: check
+CVE-2007-6689 (Menalto Gallery before 2.2.4 does not properly check for malicious ...)
+ TODO: check
+CVE-2007-6688 (Unspecified vulnerability in the Installation application in Menalto ...)
+ TODO: check
+CVE-2007-6687 (Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery ...)
+ TODO: check
+CVE-2007-6686 (The URL rewrite module in Menalto Gallery before 2.2.4 allows ...)
+ TODO: check
+CVE-2007-6685 (Unspecified vulnerability in the Publish XP module Menalto Gallery ...)
+ TODO: check
CVE-2008-0161
RESERVED
CVE-2008-0290 (Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and ...)
@@ -6,7 +144,7 @@
NOT-FOR-US: Member Area System
CVE-2008-0288 (Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow ...)
NOT-FOR-US: ImageAlbum
-CVE-2008-0287 (PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 and ...)
+CVE-2008-0287 (PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 ...)
NOT-FOR-US: VisionBurst vcart
CVE-2008-0286 (SQL injection vulnerability in admin/login.php in Article Dashboard ...)
NOT-FOR-US: Article Dashboard
@@ -109,7 +247,7 @@
CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in ...)
{DTSA-109-1}
- xine-lib <unfixed> (medium; bug #460551)
-CVE-2008-0299 [insecure use of RandomPool]
+CVE-2008-0299 (common.py in Paramiko 1.7.1 and earlier, when using threads or forked ...)
- python-paramiko <unfixed> (medium; bug #460706)
NOTE: http://www.lag.net/pipermail/paramiko/2008-January/000599.html
CVE-2008-0237 (The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 ...)
@@ -227,9 +365,9 @@
CVE-2008-0190 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: AwesomeTemplateEngine
CVE-2008-0189
- RESERVED
+ REJECTED
CVE-2008-0188
- RESERVED
+ REJECTED
CVE-2008-0187 (SQL injection vulnerability in songinfo.php in SAM Broadcaster ...)
NOT-FOR-US: SAM Broadcaster samPHPweb
CVE-2008-0186 (Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 ...)
@@ -258,11 +396,9 @@
RESERVED
CVE-2008-0174
RESERVED
-CVE-2008-0172 [improper input validation in boost]
- RESERVED
+CVE-2008-0172 (The get_repeat_type function in basic_regex_creator.hpp in the Boost ...)
- boost 1.34.1-4 (low; bug #461236)
-CVE-2008-0171 [improper input validation in boost]
- RESERVED
+CVE-2008-0171 (regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library ...)
- boost 1.34.1-4 (low; bug #461236)
CVE-2008-0170
RESERVED
@@ -282,7 +418,7 @@
RESERVED
CVE-2008-0162
RESERVED
-CVE-2008-0302 [insecure file handling in apt-listchanges]
+CVE-2008-0302 (Untrusted search path vulnerability in apt-listchanges.py in ...)
{DSA-1465-2}
- apt-listchanges 2.82 (medium)
[sarge] - apt-listchanges <not-affected> (Vulnerable code not present)
@@ -293,7 +429,8 @@
NOT-FOR-US: IBM AIX
CVE-2007-6679 (Unspecified vulnerability in the Administrative Console in IBM ...)
NOT-FOR-US: IBM WebSphere Application Server
-CVE-2007-6678 (Untrusted search path vulnerability in yast2-core in SUSE Linux might ...)
+CVE-2007-6678
+ REJECTED
NOT-FOR-US: yast2-core
CVE-2007-6677 (Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam ...)
NOT-FOR-US: Peter's Random Anti-Spam Image
@@ -458,7 +595,7 @@
NOT-FOR-US: RapidShare Database
CVE-2007-6673 (Cross-site scripting (XSS) vulnerability in Makale Scripti allows ...)
NOT-FOR-US: Makale Scripti
-CVE-2007-6672 (Directory traversal vulnerability in Mortbay Jetty 6.1.5 and 6.1.6 ...)
+CVE-2007-6672 (Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass ...)
TODO: check
NOTE: poked upstream if this does affect jetty 5 as well
CVE-2007-6671 (SQL injection vulnerability in login_form.asp in Instant Softwares ...)
@@ -493,8 +630,8 @@
RESERVED
CVE-2008-0082
RESERVED
-CVE-2008-0081
- RESERVED
+CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2004 and earlier, and ...)
+ TODO: check
CVE-2008-0080
RESERVED
CVE-2008-0079
@@ -819,19 +956,19 @@
NOT-FOR-US: Blakord Portal
CVE-2007-6611 (Cross-site scripting (XSS) vulnerability in view.php in Mantis before ...)
- mantis 1.0.8-4 (low; bug #458377)
-CVE-2007-6683 [vlc arbitrary file overwrite vulnerability via crafted m3u playlists]
+CVE-2007-6683 (The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to ...)
- vlc 0.8.6.c-4.1 (medium; bug #458318)
[lenny] - vlc 0.8.6.c-4.1~lenny1
NOTE: see https://trac.videolan.org/vlc/ticket/1371
-CVE-2007-6682 [vlc format string vulnerability in built-in web-server]
+CVE-2007-6682 (Format string vulnerability in the httpd_FileCallBack function ...)
- vlc 0.8.6.c-4.1 (medium; bug #458318)
[lenny] - vlc 0.8.6.c-4.1~lenny1
NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
-CVE-2007-6681 [vlc buffer overflow in subtitle handling]
+CVE-2007-6681 (Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN ...)
- vlc 0.8.6.c-4.1 (low; bug #458318)
[lenny] - vlc 0.8.6.c-4.1~lenny1
NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
-CVE-2007-6684 [vlc remote denial of service in rtsp module]
+CVE-2007-6684 (The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to ...)
- vlc 0.8.6.c-4.1 (unimportant; bug #458318)
[lenny] - vlc 0.8.6.c-4.1~lenny1
NOTE: That's hardly a security problem, just a bug
@@ -1140,8 +1277,8 @@
RESERVED
CVE-2008-0028
RESERVED
-CVE-2008-0027
- RESERVED
+CVE-2008-0027 (Heap-based buffer overflow in the Certificate Trust List (CTL) ...)
+ TODO: check
CVE-2008-0026
RESERVED
CVE-2007-6436 (Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, ...)
@@ -1698,9 +1835,10 @@
CVE-2008-0007
RESERVED
CVE-2008-0006
+ RESERVED
+ {DSA-1466-1}
- xorg-server 2:1.4.1~git20080105-2
- libxfont 1:1.3.1-2
- RESERVED
CVE-2008-0005 (mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before ...)
- apache2 2.2.8-1 (low)
- apache <unfixed> (low)
@@ -1712,7 +1850,7 @@
NOT-FOR-US: OpenPegasus CIM management server
CVE-2008-0002
RESERVED
-CVE-2008-0001 (VFS in the Linux kernel before 2.6.23.14 performs tests of access mode ...)
+CVE-2008-0001 (VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before ...)
- linux-2.6 <unfixed>
CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not ...)
- xen-3 3.1.2-1
@@ -1814,7 +1952,7 @@
NOT-FOR-US: GOUAE DWD Realty
CVE-2007-6168 (SQL injection vulnerability in default.asp in VU Case Manager allows ...)
NOT-FOR-US: VU Case Manager
-CVE-2007-6167 (yast2-core includes the current working directory in its search path, ...)
+CVE-2007-6167 (Untrusted search path vulnerability in yast2-core in SUSE Linux might ...)
NOT-FOR-US: Yast2
CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime before 7.3.1 allows ...)
NOT-FOR-US: Apple QuickTime
@@ -4567,7 +4705,7 @@
NOT-FOR-US: Joomla! and mambo extension
CVE-2007-5361 (The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and ...)
NOT-FOR-US: Alcatel-Lucent OmniPCX Enterprise
-CVE-2007-5360 (Buffer overflow in OpenPegasus Management server, as used in VMWare ...)
+CVE-2007-5360 (Buffer overflow in OpenPegasus Management server, when compiled to use ...)
NOT-FOR-US: OpenPegasus Management server
CVE-2007-5359
RESERVED
More information about the Secure-testing-commits
mailing list