[Secure-testing-commits] r8995 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Fri Jun 6 09:14:12 UTC 2008
Author: joeyh
Date: 2008-06-06 09:14:10 +0000 (Fri, 06 Jun 2008)
New Revision: 8995
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-06-06 04:51:56 UTC (rev 8994)
+++ data/CVE/list 2008-06-06 09:14:10 UTC (rev 8995)
@@ -1,3 +1,89 @@
+CVE-2008-2559 (Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows ...)
+ TODO: check
+CVE-2008-2558 (CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute ...)
+ TODO: check
+CVE-2008-2557 (Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1 and ...)
+ TODO: check
+CVE-2008-2556 (SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and ...)
+ TODO: check
+CVE-2008-2555 (SQL injection vulnerability in index.php in EasyWay CMS allows remote ...)
+ TODO: check
+CVE-2008-2554 (Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote ...)
+ TODO: check
+CVE-2008-2553 (Cross-site scripting (XSS) vulnerability in Slashdot Like Automated ...)
+ TODO: check
+CVE-2008-2552 (Unspecified vulnerability in the Service Tag Registry on Sun Solaris ...)
+ TODO: check
+CVE-2008-2551 (The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 ...)
+ TODO: check
+CVE-2008-2550 (Unspecified vulnerability in the Web Services Security component in ...)
+ TODO: check
+CVE-2008-2549 (Adobe Acrobat Reader 8.1.2 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2008-2548 (Stack-based buffer overflow in the JPEG thumbprint component in the ...)
+ TODO: check
+CVE-2008-2547 (Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and ...)
+ TODO: check
+CVE-2008-2546
+ RESERVED
+CVE-2008-2545
+ RESERVED
+CVE-2008-2544
+ RESERVED
+CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and ...)
+ TODO: check
+CVE-2008-2542 (Stack-based buffer overflow in the getline function in Ppm/ppm.C in ...)
+ TODO: check
+CVE-2008-2541 (Multiple stack-based buffer overflows in the HTTP Gateway Service ...)
+ TODO: check
+CVE-2008-2540 (Apple Safari does not prompt the user before downloading an object ...)
+ TODO: check
+CVE-2008-2539 (The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 ...)
+ TODO: check
+CVE-2008-2538 (Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and ...)
+ TODO: check
+CVE-2008-2537 (SQL injection vulnerability in cat.php in HispaH Model Search allows ...)
+ TODO: check
+CVE-2008-2536 (SQL injection vulnerability in out.php in YABSoft Advanced Image ...)
+ TODO: check
+CVE-2008-2535 (Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 ...)
+ TODO: check
+CVE-2008-2534 (Directory traversal vulnerability in admin/admin_frame.php in Phoenix ...)
+ TODO: check
+CVE-2008-2533 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View ...)
+ TODO: check
+CVE-2008-2532 (SQL injection vulnerability in forum/topic_detail.php in AJ Square ...)
+ TODO: check
+CVE-2008-2531 (Cross-site scripting (XSS) vulnerability in the search script in Build ...)
+ TODO: check
+CVE-2008-2530 (Multiple SQL injection vulnerabilities in Concepts & Solutions ...)
+ TODO: check
+CVE-2008-2529 (SQL injection vulnerability in read.php in Advanced Links Management ...)
+ TODO: check
+CVE-2008-2528 (Unspecified vulnerability in Citrix Access Gateway Standard Edition ...)
+ TODO: check
+CVE-2008-2527 (Cross-site scripting (XSS) vulnerability in view.php in ActualScripts ...)
+ TODO: check
+CVE-2008-2526 (Cross-site scripting (XSS) vulnerability in the WT Gallery (aka ...)
+ TODO: check
+CVE-2008-2525 (Cross-site scripting (XSS) vulnerability in the Event Database (aka ...)
+ TODO: check
+CVE-2008-2524 (BlogPHP 2.0 allows remote attackers to bypass authentication, and post ...)
+ TODO: check
+CVE-2008-2523 (SQL injection vulnerability in the Autopatcher server plugin in RakNet ...)
+ TODO: check
+CVE-2008-2522 (SQL injection vulnerability in members.php in Battle.net Clan Script ...)
+ TODO: check
+CVE-2008-2521 (SQL injection vulnerability in members.php in YABSoft Mega File ...)
+ TODO: check
+CVE-2008-2520 (Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when ...)
+ TODO: check
+CVE-2008-2519 (Directory traversal vulnerability in Core FTP client 2.1 Build 1565 ...)
+ TODO: check
+CVE-2008-2518 (Cross-site scripting (XSS) vulnerability in the advanced search ...)
+ TODO: check
+CVE-2008-2517 (The sarab.sh script in SaraB before 0.2.4 places the dar program's ...)
+ TODO: check
CVE-2008-2515 (Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 ...)
NOT-FOR-US: IBM AIX
CVE-2008-2514 (Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local ...)
@@ -210,23 +296,17 @@
NOT-FOR-US: Cerulean Studios Trillian
CVE-2008-2407 (Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian ...)
NOT-FOR-US: Cerulean Studios Trillian
-CVE-2008-2406
- RESERVED
+CVE-2008-2406 (The administration application server in Sun Java Active Server Pages ...)
NOT-FOR-US: Sun Java System Active Server Pages
-CVE-2008-2405
- RESERVED
+CVE-2008-2405 (Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote ...)
NOT-FOR-US: Sun Java System Active Server Pages
-CVE-2008-2404
- RESERVED
+CVE-2008-2404 (Stack-based buffer overflow in the request handling implementation in ...)
NOT-FOR-US: Sun Java System Active Server Pages
-CVE-2008-2403
- RESERVED
+CVE-2008-2403 (Multiple directory traversal vulnerabilities in unspecified ASP ...)
NOT-FOR-US: Sun Java System Active Server Pages
-CVE-2008-2402
- RESERVED
+CVE-2008-2402 (The Admin Server in Sun Java Active Server Pages (ASP) Server before ...)
NOT-FOR-US: Sun Java System Active Server Pages
-CVE-2008-2401
- RESERVED
+CVE-2008-2401 (The Admin Server in Sun Java Active Server Pages (ASP) Server before ...)
NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2400 (Unspecified vulnerability in stunnel before 4.23, when running as a ...)
- stunnel4 <not-affected> (Windows specific issue)
@@ -237,7 +317,7 @@
NOTE: CVE id requested by Red Hat
CVE-2008-XXXX [resizing the monitor with xrandr can crash xscreensaver]
- xscreensaver <unfixed> (unimportant; bug #482385)
-CVE-2008-2516 [authentication bypass in libpam-pgsql]
+CVE-2008-2516 (pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not ...)
- pam-pgsql 0.6.3-2 (medium; bug #481970)
[etch] - pam-pgsql <not-affected> (Vulnerable code not present)
NOTE: pam_pgsql is not configured as "sufficient" in Debian default configuration
@@ -585,8 +665,7 @@
RESERVED
CVE-2008-2232
RESERVED
-CVE-2008-2231 [SQL injection vulnerability]
- RESERVED
+CVE-2008-2231 (SQL injection vulnerability in Slashdot Like Automated Storytelling ...)
- slash <unfixed> (medium; bug #484499)
CVE-2008-2230 [reportbug and reportbug-ng includes os.curdir in path]
RESERVED
@@ -731,7 +810,7 @@
NOT-FOR-US: IBM Lotus Quickr
CVE-2008-2276 (Cross-site request forgery (CSRF) vulnerability in Mantis 1.1.1 allows ...)
- mantis 1.0.8-4.1 (bug #481504)
-CVE-2008-2266 (uulib/uunconc.c in UUDeview 0.5.20 allows local users to overwrite ...)
+CVE-2008-2266 (uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and ...)
- uudeview 0.5.20-3.1 (low; bug #480972)
- libconvert-uulib-perl <not-affected> (Code patched by libconver-uulib upstream to use mkstemp)
NOTE: See CVE-2004-2265, where the problem occured as well
@@ -826,8 +905,7 @@
NOT-FOR-US: Sun Solaris
CVE-2008-2120 (Unspecified vulnerability in Sun Java System Application Server 7 ...)
NOT-FOR-US: Sun Java System Application Server
-CVE-2008-2119
- RESERVED
+CVE-2008-2119 (Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business ...)
- asterisk <not-affected> (Vulnerable code not present in 1.4.x)
NOTE: http://downloads.digium.com/pub/security/AST-2008-008.html
CVE-2008-2118 (SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows ...)
@@ -890,14 +968,14 @@
RESERVED
CVE-2008-2101
RESERVED
-CVE-2008-2100
- RESERVED
+CVE-2008-2100 (Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on ...)
+ TODO: check
CVE-2008-2099 (Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 ...)
- vmware-package <not-affected> (Windows issue according to CVE)
CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System (HGFS) ...)
- vmware-package <unfixed> (bug #484491)
-CVE-2008-2097
- RESERVED
+CVE-2008-2097 (The openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows ...)
+ TODO: check
CVE-2008-2096 (SQL injection vulnerability in BackLinkSpider allows remote attackers ...)
NOT-FOR-US: BackLinkSpider
CVE-2008-2095 (SQL injection vulnerability in index.php in the FlippingBook ...)
@@ -971,16 +1049,16 @@
RESERVED
CVE-2008-2060
RESERVED
-CVE-2008-2059
- RESERVED
-CVE-2008-2058
- RESERVED
-CVE-2008-2057
- RESERVED
-CVE-2008-2056
- RESERVED
-CVE-2008-2055
- RESERVED
+CVE-2008-2059 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...)
+ TODO: check
+CVE-2008-2058 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...)
+ TODO: check
+CVE-2008-2057 (The Instant Messenger (IM) inspection engine in Cisco Adaptive ...)
+ TODO: check
+CVE-2008-2056 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...)
+ TODO: check
+CVE-2008-2055 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...)
+ TODO: check
CVE-2008-2054 (Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 ...)
NOT-FOR-US: Cisco CiscoWorks Common Services
CVE-2008-2053 (Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) ...)
@@ -1082,7 +1160,8 @@
TODO: check vulnerability of debian packages and value of upstream patch
CVE-2008-2008 (Buffer overflow in the Display Names message feature in Cerulean ...)
NOT-FOR-US: Cerulean Studios Trillian Basic
-CVE-2008-2007 (Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and ...)
+CVE-2008-2007
+ REJECTED
NOT-FOR-US: Apple iCal
CVE-2008-2006 (Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and ...)
NOT-FOR-US: Apple iCal
@@ -1228,8 +1307,7 @@
{DSA-1581-1}
- gnutls13 2.0.4-4 (medium)
- gnutls26 2.2.5-1 (medium)
-CVE-2008-1947 [Cross-site scripting (XSS) vulnerability via the name parameter]
- RESERVED
+CVE-2008-1947 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 ...)
- tomcat5.5 <unfixed> (low; bug #484643)
TODO: Check whether tomcat5 in etch is affected
CVE-2008-1946
@@ -1623,8 +1701,8 @@
NOT-FOR-US: iScripts SocialWare
CVE-2008-1771 (Integer overflow in the ws_getpostvars function in Firefly Media ...)
- mt-daapd 0.9~r1696-1.3 (medium; bug #476241)
-CVE-2008-1770
- RESERVED
+CVE-2008-1770 (Unspecified vulnerability in Akamai Download Manager ActiveX control ...)
+ TODO: check
CVE-2008-1769 (VLC before 0.8.6f allow remote attackers to cause a denial of service ...)
{DTSA-125-1}
- vlc 0.8.6.e-2.1 (low; bug #478140)
@@ -1892,8 +1970,8 @@
RESERVED
CVE-2008-1662
RESERVED
-CVE-2008-1661
- RESERVED
+CVE-2008-1661 (Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks ...)
+ TODO: check
CVE-2008-1660 (Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and ...)
NOT-FOR-US: HP-UX
CVE-2008-1659 (Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 ...)
@@ -2221,8 +2299,8 @@
RESERVED
CVE-2008-1519
RESERVED
-CVE-2008-1518
- RESERVED
+CVE-2008-1518 (Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and ...)
+ TODO: check
CVE-2008-1517
RESERVED
CVE-2008-1516
@@ -3221,13 +3299,11 @@
- xine-lib 1.1.10-1
[etch] - xine-lib <not-affected> (Not affected per assessment of maintainer)
[sarge] - xine-lib <not-affected> (Not affected per assessment of maintainer)
-CVE-2008-1109 [Buffer overflow due to boundary error]
- RESERVED
+CVE-2008-1109 (Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted ...)
- evolution <unfixed> (low; bug #484639)
NOTE: Requires that the user accepts the iCalendar request and replies
NOTE: to it from the "Calendars" window.
-CVE-2008-1108 [Buffer overflow due to boundary error]
- RESERVED
+CVE-2008-1108 (Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is ...)
- evolution <unfixed> (low; bug #484639)
NOTE: Requires that the ITip Formatter plugin is disabled, which is enabled by default.
CVE-2008-1107
@@ -3401,8 +3477,8 @@
NOT-FOR-US: Packeteer PacketShaper
CVE-2008-1036 (International Components for Unicode (ICU) in Apple Mac OS X before ...)
NOT-FOR-US: Apple Mac OS
-CVE-2008-1035
- RESERVED
+CVE-2008-1035 (Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows ...)
+ TODO: check
CVE-2008-1034 (Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows ...)
NOT-FOR-US: Apple Mac OS
CVE-2008-1033 (The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug ...)
@@ -3543,8 +3619,8 @@
RESERVED
CVE-2008-0968
RESERVED
-CVE-2008-0967
- RESERVED
+CVE-2008-0967 (Untrusted search path vulnerability in vmware-authd in VMware ...)
+ TODO: check
CVE-2008-0966
RESERVED
CVE-2008-0965
@@ -3571,10 +3647,10 @@
NOT-FOR-US: CTSUEng.ocx
CVE-2008-0954
RESERVED
-CVE-2008-0953
- RESERVED
-CVE-2008-0952
- RESERVED
+CVE-2008-0953 (Unspecified vulnerability in a certain ActiveX control in ...)
+ TODO: check
+CVE-2008-0952 (Unspecified vulnerability in a certain ActiveX control in ...)
+ TODO: check
CVE-2008-0951 (Microsoft Windows Vista does not properly enforce the ...)
NOT-FOR-US: Windows Vista
CVE-2008-0950
@@ -5401,8 +5477,7 @@
[etch] - boost <no-dsa> (Minor issue)
CVE-2008-0170
RESERVED
-CVE-2008-0169 [privilege escalation in ikiwiki]
- RESERVED
+CVE-2008-0169 (Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 ...)
- ikiwiki 2.48 (medium; bug #483770)
[etch] - ikiwiki <not-affected> (Vulnerable code introduced in 1.34)
CVE-2008-0168
@@ -8598,8 +8673,8 @@
NOT-FOR-US: ifnet WebIf
CVE-2007-5672
RESERVED
-CVE-2007-5671
- RESERVED
+CVE-2007-5671 (HGFS.sys in the VMware Tools package in VMware Workstation 5.x before ...)
+ TODO: check
CVE-2007-5670
REJECTED
CVE-2007-5669
@@ -8856,20 +8931,20 @@
NOT-FOR-US: IBM Director
CVE-2007-5611
RESERVED
-CVE-2007-5610
- RESERVED
+CVE-2007-5610 (Unspecified vulnerability in a certain ActiveX control in ...)
+ TODO: check
CVE-2007-5609
RESERVED
-CVE-2007-5608
- RESERVED
-CVE-2007-5607
- RESERVED
-CVE-2007-5606
- RESERVED
-CVE-2007-5605
- RESERVED
-CVE-2007-5604
- RESERVED
+CVE-2007-5608 (Unspecified vulnerability in a certain ActiveX control in ...)
+ TODO: check
+CVE-2007-5607 (Unspecified vulnerability in a certain ActiveX control in ...)
+ TODO: check
+CVE-2007-5606 (Unspecified vulnerability in a certain ActiveX control in ...)
+ TODO: check
+CVE-2007-5605 (Unspecified vulnerability in a certain ActiveX control in ...)
+ TODO: check
+CVE-2007-5604 (Unspecified vulnerability in a certain ActiveX control in ...)
+ TODO: check
CVE-2007-5603 (Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender ...)
NOT-FOR-US: SonicWall SSL-VPN NetExtender
CVE-2007-5602 (Multiple stack-based buffer overflows in SwiftView Viewer before ...)
More information about the Secure-testing-commits
mailing list