[Secure-testing-commits] r9256 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Tue Jul 8 09:14:09 UTC 2008
Author: joeyh
Date: 2008-07-08 09:14:08 +0000 (Tue, 08 Jul 2008)
New Revision: 9256
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-07-08 09:10:20 UTC (rev 9255)
+++ data/CVE/list 2008-07-08 09:14:08 UTC (rev 9256)
@@ -1,8 +1,440 @@
-CVE-2008-2950 [poppler unitinialized pointer leading to code execution]
+CVE-2008-3068 (Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, ...)
+ TODO: check
+CVE-2008-3067 (sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when ...)
+ TODO: check
+CVE-2008-3066
+ RESERVED
+CVE-2008-3065
+ RESERVED
+CVE-2008-3064
+ RESERVED
+CVE-2008-3063
+ RESERVED
+CVE-2008-3062
+ RESERVED
+CVE-2008-3061
+ RESERVED
+CVE-2008-3060
+ RESERVED
+CVE-2008-3059
+ RESERVED
+CVE-2008-3058
+ RESERVED
+CVE-2008-3057
+ RESERVED
+CVE-2008-3056 (SQL injection vulnerability in the Codeon Petition (cd_petition) ...)
+ TODO: check
+CVE-2008-3055 (SQL injection vulnerability in the Support view (ext_tbl) extension ...)
+ TODO: check
+CVE-2008-3054 (SQL injection vulnerability in the Branchenbuch (aka Yellow Pages ...)
+ TODO: check
+CVE-2008-3053 (SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension ...)
+ TODO: check
+CVE-2008-3052 (Unspecified vulnerability in the SQL Frontend (mh_omsqlio) extension ...)
+ TODO: check
+CVE-2008-3051 (SQL injection vulnerability in the Pinboard extension 0.0.6 and ...)
+ TODO: check
+CVE-2008-3050 (Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) ...)
+ TODO: check
+CVE-2008-3049 (The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for ...)
+ TODO: check
+CVE-2008-3048 (Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) ...)
+ TODO: check
+CVE-2008-3047 (Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) ...)
+ TODO: check
+CVE-2008-3046 (Incomplete blacklist vulnerability in the Packman (kb_packman) ...)
+ TODO: check
+CVE-2008-3045 (Unspecified vulnerability in the Industry Database (aka ...)
+ TODO: check
+CVE-2008-3044 (SQL injection vulnerability in the News Calendar (newscalendar) ...)
+ TODO: check
+CVE-2008-3043 (Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) ...)
+ TODO: check
+CVE-2008-3042 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...)
+ TODO: check
+CVE-2008-3041 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...)
+ TODO: check
+CVE-2008-3040 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...)
+ TODO: check
+CVE-2008-3039 (SQL injection vulnerability in the DAM Frontend (dam_frontend) ...)
+ TODO: check
+CVE-2008-3038 (SQL injection vulnerability in the Address Directory (sp_directory) ...)
+ TODO: check
+CVE-2008-3037 (Cross-site scripting (XSS) vulnerability in the Address Directory ...)
+ TODO: check
+CVE-2008-3036 (Directory traversal vulnerability in index.php in CMS little 0.0.1 ...)
+ TODO: check
+CVE-2008-3035 (SQL injection vulnerability in newThread.php in XchangeBoard 1.70 ...)
+ TODO: check
+CVE-2008-3034 (Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow ...)
+ TODO: check
+CVE-2008-3033 (RSS-aggregator 1.0 does not require administrative authentication for ...)
+ TODO: check
+CVE-2008-3032 (Cross-site scripting (XSS) vulnerability in the phpMyAdmin ...)
+ TODO: check
+CVE-2008-3031 (Directory traversal vulnerability in index.php in Simple PHP Agenda ...)
+ TODO: check
+CVE-2008-3030 (SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows ...)
+ TODO: check
+CVE-2008-3029 (Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum ...)
+ TODO: check
+CVE-2008-3028 (Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card ...)
+ TODO: check
+CVE-2008-3027 (SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 ...)
+ TODO: check
+CVE-2008-3026 (SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet ...)
+ TODO: check
+CVE-2008-3025 (SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows ...)
+ TODO: check
+CVE-2008-3024 (Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) ...)
+ TODO: check
+CVE-2008-3023 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and ...)
+ TODO: check
+CVE-2008-3022 (Multiple PHP remote file inclusion vulnerabilities in ...)
+ TODO: check
+CVE-2008-3021
+ RESERVED
+CVE-2008-3020
+ RESERVED
+CVE-2008-3019
+ RESERVED
+CVE-2008-3018
+ RESERVED
+CVE-2008-3017
+ RESERVED
+CVE-2008-3016
+ RESERVED
+CVE-2008-3015
+ RESERVED
+CVE-2008-3014
+ RESERVED
+CVE-2008-3013
+ RESERVED
+CVE-2008-3012
+ RESERVED
+CVE-2008-3011
+ RESERVED
+CVE-2008-3010
+ RESERVED
+CVE-2008-3009
+ RESERVED
+CVE-2008-3008
+ RESERVED
+CVE-2008-3007
+ RESERVED
+CVE-2008-3006
+ RESERVED
+CVE-2008-3005
+ RESERVED
+CVE-2008-3004
+ RESERVED
+CVE-2008-3003
+ RESERVED
+CVE-2008-3002
+ RESERVED
+CVE-2008-3001 (The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote ...)
+ TODO: check
+CVE-2008-3000 (The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access ...)
+ TODO: check
+CVE-2008-2999 (Multiple SQL injection vulnerabilities in the Aggregation module 5.x ...)
+ TODO: check
+CVE-2008-2998 (Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation ...)
+ TODO: check
+CVE-2008-2997 (Cross-site scripting (XSS) vulnerability in index.php in Gravity Board ...)
+ TODO: check
+CVE-2008-2996 (Multiple SQL injection vulnerabilities in index.php in Gravity Board X ...)
+ TODO: check
+CVE-2008-2995 (Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow ...)
+ TODO: check
+CVE-2008-2994 (Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData ...)
+ TODO: check
+CVE-2008-2993 (Multiple directory traversal vulnerabilities in index.php in FOG Forum ...)
+ TODO: check
+CVE-2008-2992
+ RESERVED
+CVE-2008-2991
+ RESERVED
+CVE-2008-2990 (PHP remote file inclusion vulnerability in facileforms.frame.php in ...)
+ TODO: check
+CVE-2008-2989 (SQL injection vulnerability in index.php in HoMaP-CMS 0.1 allows ...)
+ TODO: check
+CVE-2008-2988 (Unrestricted file upload vulnerability in admin/upload.php in Benja ...)
+ TODO: check
+CVE-2008-2987 (Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 ...)
+ TODO: check
+CVE-2008-2986 (Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 ...)
+ TODO: check
+CVE-2008-2985 (Directory traversal vulnerability in load_language.php in CMReams CMS ...)
+ TODO: check
+CVE-2008-2984 (Cross-site scripting (XSS) vulnerability in backend/umleitung.php in ...)
+ TODO: check
+CVE-2008-2983 (SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows ...)
+ TODO: check
+CVE-2008-2982 (Multiple directory traversal vulnerabilities in HomePH Design 2.10 ...)
+ TODO: check
+CVE-2008-2981 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-2980 (Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design ...)
+ TODO: check
+CVE-2008-2979 (Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php ...)
+ TODO: check
+CVE-2008-2978 (Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, ...)
+ TODO: check
+CVE-2008-2977 (Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 ...)
+ TODO: check
+CVE-2008-2976 (Multiple directory traversal vulnerabilities in TinX/cms 1.1, when ...)
+ TODO: check
+CVE-2008-2975 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2008-2974 (Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, ...)
+ TODO: check
+CVE-2008-2973 (Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in ...)
+ TODO: check
+CVE-2008-2972 (SQL injection vulnerability in index.php in KbLance allows remote ...)
+ TODO: check
+CVE-2008-2971 (SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows ...)
+ TODO: check
+CVE-2008-2970 (Multiple session fixation vulnerabilities in Academic Web Tools (AWT ...)
+ TODO: check
+CVE-2008-2969 (Directory traversal vulnerability in download.php in Academic Web ...)
+ TODO: check
+CVE-2008-2968 (SQL injection vulnerability in rating.php in Academic Web Tools (AWT ...)
+ TODO: check
+CVE-2008-2967 (Multiple cross-site scripting (XSS) vulnerabilities in Academic Web ...)
+ TODO: check
+CVE-2008-2966 (Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 ...)
+ TODO: check
+CVE-2008-2965 (Cross-site scripting (XSS) vulnerability in viewforum.php in ...)
+ TODO: check
+CVE-2008-2964 (SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows ...)
+ TODO: check
+CVE-2008-2963 (Multiple SQL injection vulnerabilities in MyBlog allow remote ...)
+ TODO: check
+CVE-2008-2962 (Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow ...)
+ TODO: check
+CVE-2008-2961 (Multiple directory traversal vulnerabilities in view/index.php in CMS ...)
+ TODO: check
+CVE-2008-2959 (Buffer overflow in a certain ActiveX control (vb6skit.dll) in ...)
+ TODO: check
+CVE-2008-2951
+ RESERVED
+CVE-2008-2949 (Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 ...)
+ TODO: check
+CVE-2008-2948 (Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 ...)
+ TODO: check
+CVE-2008-2947 (Cross-domain vulnerability in Microsoft Internet Explorer 6 allows ...)
+ TODO: check
+CVE-2008-2946 (The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice ...)
+ TODO: check
+CVE-2008-2945 (Sun Java System Access Manager 6.3 through 7.1 and Sun Java System ...)
+ TODO: check
+CVE-2008-2944 (Double free vulnerability in the utrace support in the Linux kernel, ...)
+ TODO: check
+CVE-2008-2943 (Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 ...)
+ TODO: check
+CVE-2008-2941
+ RESERVED
+CVE-2008-2940
+ RESERVED
+CVE-2008-2939
+ RESERVED
+CVE-2008-2938
+ RESERVED
+CVE-2008-2937
+ RESERVED
+CVE-2008-2936
+ RESERVED
+CVE-2008-2935
+ RESERVED
+CVE-2008-2934
+ RESERVED
+CVE-2008-2933
+ RESERVED
+CVE-2008-2932
+ RESERVED
+CVE-2008-2931
+ RESERVED
+CVE-2008-2930
+ RESERVED
+CVE-2008-2929
+ RESERVED
+CVE-2008-2928
+ RESERVED
+CVE-2008-2926
+ RESERVED
+CVE-2008-2925 (SQL injection vulnerability in Webmatic before 2.8 allows remote ...)
+ TODO: check
+CVE-2008-2924 (Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows ...)
+ TODO: check
+CVE-2008-2923 (Cross-site scripting (XSS) vulnerability in read/search/results in ...)
+ TODO: check
+CVE-2008-2922 (Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier ...)
+ TODO: check
+CVE-2008-2921 (SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and ...)
+ TODO: check
+CVE-2008-2920 (admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and ...)
+ TODO: check
+CVE-2008-2919 (SQL injection vulnerability in listing.php in Gryphon gllcTS2 4.2.4 ...)
+ TODO: check
+CVE-2008-2918 (SQL injection vulnerability in details.php in Application Dynamics ...)
+ TODO: check
+CVE-2008-2917 (SQL injection vulnerability in productsofcat.asp in E-SMART CART ...)
+ TODO: check
+CVE-2008-2916 (Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and ...)
+ TODO: check
+CVE-2008-2915 (Multiple SQL injection vulnerabilities in jobseekers/JobSearch.php ...)
+ TODO: check
+CVE-2008-2914 (SQL injection vulnerability in jobseekers/JobSearch3.php (aka the ...)
+ TODO: check
+CVE-2008-2913 (Directory traversal vulnerability in func.php in Devalcms 1.4a, when ...)
+ TODO: check
+CVE-2008-2912 (Multiple PHP remote file inclusion vulnerabilities in Contenido CMS ...)
+ TODO: check
+CVE-2008-2911 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2008-2910 (Buffer overflow in the DXTTextOutEffect ActiveX control (aka the ...)
+ TODO: check
+CVE-2008-2909 (SQL injection vulnerability in results.php in Clever Copy 3.0 allows ...)
+ TODO: check
+CVE-2008-2908 (Multiple stack-based buffer overflows in a certain ActiveX control in ...)
+ TODO: check
+CVE-2008-2907 (SQL injection vulnerability in admin/index.php in WebChamado 1.1, when ...)
+ TODO: check
+CVE-2008-2906 (SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 ...)
+ TODO: check
+CVE-2008-2905 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-2904 (SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows ...)
+ TODO: check
+CVE-2008-2903 (SQL injection vulnerability in news.php in Advanced Webhost Billing ...)
+ TODO: check
+CVE-2008-2902 (SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 ...)
+ TODO: check
+CVE-2008-2901 (Multiple SQL injection vulnerabilities in Haudenschilt Family ...)
+ TODO: check
+CVE-2008-2900 (SQL injection vulnerability in item.php in PHPAuction 3.2 allows ...)
+ TODO: check
+CVE-2008-2899 (Unspecified vulnerability in includes/classes/page.php in j00lean-CMS ...)
+ TODO: check
+CVE-2008-2898 (Directory traversal vulnerability in includes/header.php in ...)
+ TODO: check
+CVE-2008-2897 (SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta ...)
+ TODO: check
+CVE-2008-2896 (Directory traversal vulnerability in index.php in FireAnt 1.3 allows ...)
+ TODO: check
+CVE-2008-2895 (Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 ...)
+ TODO: check
+CVE-2008-2894 (Directory traversal vulnerability in the FTP client in NCH Software ...)
+ TODO: check
+CVE-2008-2893 (SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ ...)
+ TODO: check
+CVE-2008-2892 (SQL injection vulnerability in the EXP Shop (com_expshop) component ...)
+ TODO: check
+CVE-2008-2891 (SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows ...)
+ TODO: check
+CVE-2008-2890 (Multiple SQL injection vulnerabilities in Online Fantasy Football ...)
+ TODO: check
+CVE-2008-2889 (Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP ...)
+ TODO: check
+CVE-2008-2888 (Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, ...)
+ TODO: check
+CVE-2008-2887 (Directory traversal vulnerability in index.php in chaozz at work ...)
+ TODO: check
+CVE-2008-2886 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-2885 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-2884 (PHP remote file inclusion vulnerability in display.php in ...)
+ TODO: check
+CVE-2008-2883 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-2882 (upgrade.asp in sHibby sHop 2.2 and earlier does not require ...)
+ TODO: check
+CVE-2008-2881 (Relative Real Estate Systems 3.0 and earlier stores passwords in ...)
+ TODO: check
+CVE-2008-2880 (Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and ...)
+ TODO: check
+CVE-2008-2879 (Benja CMS 0.1 does not require authentication for access to admin/, ...)
+ TODO: check
+CVE-2008-2878 (Open redirect vulnerability in rss_getfile.php in Academic Web Tools ...)
+ TODO: check
+CVE-2008-2877 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-2876 (Directory traversal vulnerability in index.php in mUnky 0.0.1 allows ...)
+ TODO: check
+CVE-2008-2875 (SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 ...)
+ TODO: check
+CVE-2008-2874 (SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics ...)
+ TODO: check
+CVE-2008-2873 (sHibby sHop 2.2 and earlier stores sensitive information under the web ...)
+ TODO: check
+CVE-2008-2872 (SQL injection vulnerability in default.asp in sHibby sHop 2.2 and ...)
+ TODO: check
+CVE-2008-2871 (Multiple cross-site scripting (XSS) vulnerabilities in template2.php ...)
+ TODO: check
+CVE-2008-2870 (Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow ...)
+ TODO: check
+CVE-2008-2869 (SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows ...)
+ TODO: check
+CVE-2008-2868 (SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and ...)
+ TODO: check
+CVE-2008-2867 (SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 ...)
+ TODO: check
+CVE-2008-2866 (SQL injection vulnerability in csc_article_details.php in Caupo.net ...)
+ TODO: check
+CVE-2008-2865 (SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site ...)
+ TODO: check
+CVE-2008-2864 (eLineStudio Site Composer (ESC) 2.6 and earlier allows remote ...)
+ TODO: check
+CVE-2008-2863 (Multiple absolute path traversal vulnerabilities in eLineStudio Site ...)
+ TODO: check
+CVE-2008-2862 (Multiple SQL injection vulnerabilities in eLineStudio Site Composer ...)
+ TODO: check
+CVE-2008-2861 (Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio ...)
+ TODO: check
+CVE-2008-2860 (SQL injection vulnerability in category.php in AJSquare AJ Auction Pro ...)
+ TODO: check
+CVE-2008-2859 (Unspecified vulnerability in the IMAP service in NetWin SurgeMail ...)
+ TODO: check
+CVE-2008-2858 (SQL injection vulnerability in index.php in WebChamado 1.1 allows ...)
+ TODO: check
+CVE-2008-2857 (AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in ...)
+ TODO: check
+CVE-2008-2856 (SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows ...)
+ TODO: check
+CVE-2008-2855 (Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 ...)
+ TODO: check
+CVE-2008-2854 (Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 ...)
+ TODO: check
+CVE-2008-2853 (SQL injection vulnerability in index.php in Easy Webstore 1.2 allows ...)
+ TODO: check
+CVE-2008-2852 (Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when ...)
+ TODO: check
+CVE-2008-2851 (Multiple buffer overflows in OFF System before 0.19.14 allow remote ...)
+ TODO: check
+CVE-2008-2850 (SQL injection vulnerability in the TrailScout module 5.x before ...)
+ TODO: check
+CVE-2008-2849 (Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x ...)
+ TODO: check
+CVE-2008-2848 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
+ TODO: check
+CVE-2008-2847 (SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 ...)
+ TODO: check
+CVE-2008-2846 (SQL injection vulnerability in index.php in BoatScripts Classifieds ...)
+ TODO: check
+CVE-2008-2845 (SQL injection vulnerability in index.php in MyBizz-Classifieds allows ...)
+ TODO: check
+CVE-2008-2844 (SQL injection vulnerability in index.php in Carscripts Classifieds ...)
+ TODO: check
+CVE-2008-2843 (Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and ...)
+ TODO: check
+CVE-2008-2842 (Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in ...)
+ TODO: check
+CVE-2008-2950 (The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and ...)
{DTSA-146-1}
- poppler <unfixed> (medium; bug #489756)
- xpdf <not-affected> (Page.cc is not allocating the widget and therefore not vulnerable in the destructor, attrs initialized)
-CVE-2008-2927 [integer overflow in MSN protocol handler involing SLP messages]
+CVE-2008-2927 (Multiple integer overflows in the msn_slplink_process_msg functions in ...)
- pidgin 2.4.3-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=453764
CVE-2008-XXXX [wireshark has several potential DoS vulnerabilities]
@@ -13,25 +445,25 @@
- dnsmasq 2.26-1 (medium)
NOTE: CVE id requested by Ubuntu
NOTE: http://freshmeat.net/projects/dnsmasq/?branch_id=1991&release_id=217681
-CVE-2008-2952 [remote DoS in openldap]
+CVE-2008-2952 (liblber/io.c in OpenLDAP 2.3.41, 2.3.42, and possibly other versions ...)
- openldap2.3 <unfixed> (medium; bug #488710)
-CVE-2008-2955 [denial of service via crafted long file name]
+CVE-2008-2955 (Pidgin 2.4.1 allows remote attackers to cause a denial of service ...)
- pidgin <unfixed> (bug #488632)
-CVE-2008-2956 [denial of service via malformed XML documents]
+CVE-2008-2956 (Memory leak in Pidgin 2.0.0, and possibly other versions, allows ...)
- pidgin <unfixed> (low; bug #488632)
NOTE: jabber servers should not forward malformed XML
-CVE-2008-2957 [arabitrary file download trigger in piding via UDP pakcet]
+CVE-2008-2957 (The UPnP functionality in Pidgin 2.0.0, and possibly other versions, ...)
- pidgin <unfixed> (low; bug #488632)
NOTE: probably only a bandwidth issue
-CVE-2008-2942 [missing input validation]
+CVE-2008-2942 (Directory traversal vulnerability in patch.py in Mercurial 1.0.1 ...)
- mercurial 1.0.1-2 (low; bug #488628)
[etch] - mercurial <not-affected> (Vulnerable functionality not present)
-CVE-2008-2953 [remote DoS via partial file list requests]
+CVE-2008-2953 (Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a ...)
- linuxdcpp 1.0.1-2 (low; bug #488630)
[etch] - linuxdcpp <no-dsa> (Minor issue)
-CVE-2008-2954 [remote DoS via empty private message]
+CVE-2008-2954 (client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows ...)
- linuxdcpp 1.0.1-2 (low; bug #488630)
-CVE-2008-2958 [possible symlink attack in checkinstall]
+CVE-2008-2958 (Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows ...)
- checkinstall 1.6.1-7 (low; bug #488140)
CVE-2008-XXXX [werkzeug hashes its secret instead of using hmac]
- python-werkzeug 0.3.1-1 (unknown)
@@ -68,8 +500,7 @@
- php5 5.2.6-2 (low)
NOTE: the fix sent to t-s and unstable does not seem possible in etch due to
NOTE: missing api features from the version of libc-client in etch.
-CVE-2008-2826 [sctp overflow]
- RESERVED
+CVE-2008-2826 (Integer overflow in the sctp_getsockopt_local_addrs_old function in ...)
- linux-2.6 <unfixed>
- linux-2.6.24 <unfixed>
NOTE: 735ce972fbc8a65fb17788debd7bbe7b4383cc62
@@ -101,34 +532,34 @@
NOT-FOR-US: WallCity-Server
CVE-2008-2812
RESERVED
-CVE-2008-2811
- RESERVED
-CVE-2008-2810
- RESERVED
+CVE-2008-2811 (The block reflow implementation in Mozilla Firefox before 2.0.0.15, ...)
+ TODO: check
+CVE-2008-2810 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...)
+ TODO: check
CVE-2008-2809
RESERVED
-CVE-2008-2808
- RESERVED
-CVE-2008-2807
- RESERVED
-CVE-2008-2806
- RESERVED
-CVE-2008-2805
- RESERVED
+CVE-2008-2808 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...)
+ TODO: check
+CVE-2008-2807 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...)
+ TODO: check
+CVE-2008-2806 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS ...)
+ TODO: check
+CVE-2008-2805 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow ...)
+ TODO: check
CVE-2008-2804
RESERVED
-CVE-2008-2803
- RESERVED
-CVE-2008-2802
- RESERVED
-CVE-2008-2801
- RESERVED
-CVE-2008-2800
- RESERVED
-CVE-2008-2799
- RESERVED
-CVE-2008-2798
- RESERVED
+CVE-2008-2803 (The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox ...)
+ TODO: check
+CVE-2008-2802 (Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and ...)
+ TODO: check
+CVE-2008-2801 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...)
+ TODO: check
+CVE-2008-2800 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow ...)
+ TODO: check
+CVE-2008-2799 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
+ TODO: check
+CVE-2008-2798 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
+ TODO: check
CVE-2008-2797 (Cross-site scripting (XSS) vulnerability in MainLayout.do in ...)
NOT-FOR-US: ManageEngine OpUtils
CVE-2008-2796 (SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote ...)
@@ -151,7 +582,7 @@
NOT-FOR-US: OpenDocMan
CVE-2008-2787 (Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan ...)
NOT-FOR-US: OpenDocMan
-CVE-2008-2960 [phpMyAdmin PMASA-2008-4 XSS]
+CVE-2008-2960 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, ...)
- phpmyadmin 4:2.11.7~rc2-1 (unimportant)
NOTE: We haven't supported installations with register_globals enabled since a long time
CVE-2008-2827 (The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly ...)
@@ -280,10 +711,9 @@
RESERVED
CVE-2008-2731
RESERVED
-CVE-2008-2730
- RESERVED
-CVE-2008-2729 [overflow]
- RESERVED
+CVE-2008-2730 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...)
+ TODO: check
+CVE-2008-2729 (arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some ...)
- linux-2.6 2.6.19-1
[etch] - linux-2.6 <unfixed>
[etch] - linux-2.6.24 <not-affected> (Fixed before initial release, upstream in 2.6.19)
@@ -371,7 +801,7 @@
CVE-2008-2713 (libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to ...)
{DTSA-138-1}
- clamav 0.93.1.dfsg-1 (low)
-CVE-2008-2711 (fetchmail 6.3.8 and earlier, when running in -v -v mode, allows remote ...)
+CVE-2008-2711 (fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, ...)
- fetchmail 6.3.9~rc2-1 (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2008/06/13/1
NOTE: -vv is only used for debugging purposes so this does not
@@ -484,8 +914,8 @@
NOT-FOR-US: com_biblestudy component for Joomla!
CVE-2008-2642 (SQL injection vulnerability in login.php in OtomiGenX 2.2 allows ...)
NOT-FOR-US: OtomiGenX
-CVE-2008-2641
- RESERVED
+CVE-2008-2641 (Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and ...)
+ TODO: check
CVE-2008-2640 (Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 ...)
NOT-FOR-US: Adobe Flex
CVE-2008-2639 (Stack-based buffer overflow in the ODBC server service in Citect ...)
@@ -648,8 +1078,7 @@
NOT-FOR-US: 427BB
CVE-2008-2654 (Off-by-one error in the read_client function in webhttpd.c in Motion ...)
- motion 3.2.9-3 (low; bug #484572)
-CVE-2008-2667 [sql injection vulnerability in courier-authlib]
- RESERVED
+CVE-2008-2667 (SQL injection vulnerability in courier-authlib in SUSE openSUSE 10.3 ...)
- courier-authlib 0.60.1-2.1 (bug #485424)
CVE-2008-XXXX [missing sanity checks allow DoS via mis-formated timestamp]
- evolution 2.22.2-1.1 (low; bug #484639)
@@ -845,10 +1274,10 @@
RESERVED
CVE-2008-2464
RESERVED
-CVE-2008-2463
- RESERVED
-CVE-2008-2462
- RESERVED
+CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx, ...)
+ TODO: check
+CVE-2008-2462 (Cross-site scripting (XSS) vulnerability in the viewfile documentation ...)
+ TODO: check
CVE-2008-2461 (SQL injection vulnerability in index.php in Netious CMS 0.4 allows ...)
NOT-FOR-US: Netious
CVE-2008-2460 (SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows ...)
@@ -911,8 +1340,7 @@
RESERVED
CVE-2008-2431
RESERVED
-CVE-2008-2430 [vlc heap overflow in wav decoding]
- RESERVED
+CVE-2008-2430 (Integer overflow in the Open function in modules/demux/wav.c in VLC ...)
- vlc 0.8.6.h-1 (medium; bug #489004)
CVE-2008-2429
RESERVED
@@ -1040,21 +1468,18 @@
CVE-2008-2375
RESERVED
- vsftpd <not-affected> (debian versions all include the fix)
-CVE-2008-2374 [SDP payload processing vulnerability]
- RESERVED
+CVE-2008-2374 (src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before ...)
- bluez-libs <unfixed> (low)
- bluez-utils <unfixed> (low)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
CVE-2008-2373
RESERVED
-CVE-2008-2372 [vm resource starvation local DoS]
- RESERVED
+CVE-2008-2372 (The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users ...)
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (Introduced between 2.6.23 and 2.6.24)
- linux-2.6.24 <unfixed>
NOTE: 89f5b7da2a6bad2e84670422ab8192382a5aeb9f
-CVE-2008-2371 [heap-based overflow in PCRE compiler for patterns with options and multiple branches]
- RESERVED
+CVE-2008-2371 (Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible ...)
{DSA-1602-1 DTSA-145-1}
- pcre3 <unfixed> (medium; bug #488919)
CVE-2008-2370
@@ -1067,8 +1492,7 @@
RESERVED
CVE-2008-2366 (Untrusted search path vulnerability in a certain Red Hat build script ...)
- openoffice.org <not-affected> (RedHat-specific packaging flaw)
-CVE-2008-2365 [local ptrace crash]
- RESERVED
+CVE-2008-2365 (Race condition in the ptrace and utrace support in the Linux kernel ...)
- linux-2.6 <not-affected>
[etch] - linux-2.6 <not-affected> (fixed before 2.6.18)
[etch] - linux-2.6.24 <not-affected>
@@ -1092,7 +1516,7 @@
- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2359 (The default configuration of consolehelper in system-config-network ...)
NOT-FOR-US: system-config-network Fedora
-CVE-2008-2358 (The Datagram Congestion Control Protocol (DCCP) subsystem in the Linux ...)
+CVE-2008-2358 (Integer overflow in the dccp_feat_change function in net/dccp/feat.c ...)
{DSA-1592-1}
- linux-2.6 2.6.20-1
NOTE: DCCP feature sanitising was introduced in 2.6.20
@@ -1184,21 +1608,21 @@
RESERVED
CVE-2008-2315
RESERVED
-CVE-2008-2314
- RESERVED
-CVE-2008-2313
- RESERVED
+CVE-2008-2314 (Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is ...)
+ TODO: check
+CVE-2008-2313 (Apple Mac OS X before 10.5 uses weak permissions for the User Template ...)
+ TODO: check
CVE-2008-2312
RESERVED
-CVE-2008-2311
- RESERVED
-CVE-2008-2310
- RESERVED
-CVE-2008-2309
- RESERVED
-CVE-2008-2308
- RESERVED
-CVE-2008-2307 (Unspecified vulnerability in WebKit in Apple Safari before 3.1.2 on ...)
+CVE-2008-2311 (Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is ...)
+ TODO: check
+CVE-2008-2310 (Format string vulnerability in c++filt in Apple Mac OS X 10.5 before ...)
+ TODO: check
+CVE-2008-2309 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X ...)
+ TODO: check
+CVE-2008-2308 (Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 ...)
+ TODO: check
+CVE-2008-2307 (Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as ...)
NOT-FOR-US: Windows issue
CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret the ...)
NOT-FOR-US: Windows issue
@@ -1743,10 +2167,10 @@
- phpgedview 4.1.e+4.1.5-1
CVE-2008-2063 (SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows ...)
NOT-FOR-US: Joovili
-CVE-2008-2062
- RESERVED
-CVE-2008-2061
- RESERVED
+CVE-2008-2062 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...)
+ TODO: check
+CVE-2008-2061 (The Computer Telephony Integration (CTI) Manager service in Cisco ...)
+ TODO: check
CVE-2008-2060 (Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) ...)
NOT-FOR-US: Cisco
CVE-2008-2059 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...)
@@ -1994,8 +2418,8 @@
- xen-3 3.2.1-2 (medium; bug #487095)
- xen-unstable <not-affected> (Vulnerable code not present, introduced in changeset 17630)
TODO: check that next upload includes changes until changeset 17643 or higher
-CVE-2008-1951
- RESERVED
+CVE-2008-1951 (Untrusted search path vulnerability in a certain Red Hat build script ...)
+ TODO: check
CVE-2008-1950 (Integer signedness error in the _gnutls_ciphertext2compressed function ...)
{DSA-1581-1}
- gnutls13 2.0.4-4 (low)
@@ -2643,8 +3067,8 @@
NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=44975
CVE-2008-1677 (Buffer overflow in the regular expression handler in Red Hat Directory ...)
NOT-FOR-US: Red Hat Directory Server
-CVE-2008-1676
- RESERVED
+CVE-2008-1676 (Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate ...)
+ TODO: check
CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux ...)
- linux-2.6 2.6.25-2 (low)
[etch] - linux-2.6 <not-affected> (Tehuti driver not in 2.6.18)
@@ -2693,7 +3117,7 @@
NOT-FOR-US: HP LDAP-UX
CVE-2008-1658 (Format string vulnerability in the grant helper ...)
- policykit 0.8-1 (medium; bug #476615; bug #476616)
-CVE-2008-1657 (OpenSSH 4.4 and other versions before 4.9 allows remote authenticated ...)
+CVE-2008-1657 (OpenSSH 4.4 up to versions before 4.9 allows remote authenticated ...)
- openssh 1:4.7p1-8 (low; bug #475156)
[etch] - openssh <not-affected> (Vulnerable functionality was introduced in 4.4)
CVE-2008-1656 (Adobe ColdFusion 8 and 8.0.1 does not properly implement the public ...)
@@ -5166,8 +5590,8 @@
- php5 5.2.6-1
[etch] - php5 <not-affected> (Vulnerable code not yet present)
[etch] - php4 <not-affected> (Vulnerable code not yet present)
-CVE-2008-0598
- RESERVED
+CVE-2008-0598 (Unspecified vulnerability in the 32-bit and 64-bit emulation in the ...)
+ TODO: check
CVE-2008-0597 (Use-after-free vulnerability in CUPS before 1.1.22, and possibly other ...)
- cups 1.2
- cupsys 1.2
@@ -7849,7 +8273,7 @@
NOT-FOR-US: VU Case Manager
CVE-2007-6167 (Untrusted search path vulnerability in yast2-core in SUSE Linux might ...)
NOT-FOR-US: Yast2
-CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime before 7.3.1 allows ...)
+CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used ...)
NOT-FOR-US: Apple QuickTime
CVE-2007-6165 (Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote ...)
NOT-FOR-US: Apple Mac OS X
@@ -22268,7 +22692,7 @@
- linux-2.6 2.6.12-1
CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows ...)
- linux-2.6 2.6.18.dfsg.1-11
-CVE-2007-0771 (Unspecified vulnerability in the utrace support for Linux kernel ...)
+CVE-2007-0771 (The utrace support in Linux kernel 2.6.18, and other versions, allows ...)
- linux-2.6 <not-affected> (RHEL-specific backport, only present in -mm tree)
CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted ...)
{DSA-1260}
@@ -27902,10 +28326,10 @@
RESERVED
CVE-2006-5267
RESERVED
-CVE-2006-5266
- RESERVED
-CVE-2006-5265
- RESERVED
+CVE-2006-5266 (Multiple buffer overflows in Microsoft Dynamics GP (formerly Great ...)
+ TODO: check
+CVE-2006-5265 (Unspecified vulnerability in Microsoft Dynamics GP (formerly Great ...)
+ TODO: check
CVE-2006-5264 (Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper ...)
NOT-FOR-US: MysqlDumper
CVE-2006-5263 (Directory traversal vulnerability in templates/header.php3 in ...)
@@ -44532,7 +44956,7 @@
- mediawiki 1.4.11-1 (bug #332408; unknown)
CVE-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki ...)
- mediawiki 1.4.9
-CVE-2005-3164 (Hitachi Cosminexus Application Server does not properly handle when a ...)
+CVE-2005-3164 (The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 ...)
NOT-FOR-US: Hitachi Cosminexus Application Server
CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...)
- polipo 0.9.9-1 (bug #332411; low)
More information about the Secure-testing-commits
mailing list