[Secure-testing-commits] r9046 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Thu Jun 12 09:14:19 UTC 2008
Author: joeyh
Date: 2008-06-12 09:14:16 +0000 (Thu, 12 Jun 2008)
New Revision: 9046
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-06-11 22:17:13 UTC (rev 9045)
+++ data/CVE/list 2008-06-12 09:14:16 UTC (rev 9046)
@@ -1,6 +1,254 @@
+CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 ...)
+ TODO: check
+CVE-2008-2684 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black ...)
+ TODO: check
+CVE-2008-2683 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black ...)
+ TODO: check
+CVE-2008-2682 (_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote ...)
+ TODO: check
+CVE-2008-2681 (Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2008-2680 (Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp ...)
+ TODO: check
+CVE-2008-2679 (SQL injection vulnerability in the KeyWordsList function in ...)
+ TODO: check
+CVE-2008-2678 (Multiple SQL injection vulnerabilities in Telephone Directory 2008, ...)
+ TODO: check
+CVE-2008-2677 (Cross-site scripting (XSS) vulnerability in edit1.php in Telephone ...)
+ TODO: check
+CVE-2008-2676 (SQL injection vulnerability in the iJoomla News Portal ...)
+ TODO: check
+CVE-2008-2675 (Cross-site scripting (XSS) vulnerability in index.php in PHP Image ...)
+ TODO: check
+CVE-2008-2674 (Unspecified vulnerability in the Interstage Management Console, as ...)
+ TODO: check
+CVE-2008-2673 (SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, ...)
+ TODO: check
+CVE-2008-2672 (Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and ...)
+ TODO: check
+CVE-2008-2671 (SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows ...)
+ TODO: check
+CVE-2008-2670 (Multiple SQL injection vulnerabilities in index.php in Insanely Simple ...)
+ TODO: check
+CVE-2008-2669 (Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote ...)
+ TODO: check
+CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 ...)
+ TODO: check
+CVE-2008-2666
+ RESERVED
+CVE-2008-2665
+ RESERVED
+CVE-2008-2664
+ RESERVED
+CVE-2008-2663
+ RESERVED
+CVE-2008-2662
+ RESERVED
+CVE-2008-2661
+ RESERVED
+CVE-2008-2660
+ RESERVED
+CVE-2008-2659
+ RESERVED
+CVE-2008-2658
+ RESERVED
+CVE-2008-2657
+ RESERVED
+CVE-2008-2656
+ RESERVED
+CVE-2008-2655
+ RESERVED
+CVE-2008-2653
+ RESERVED
+CVE-2008-2652 (Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b ...)
+ TODO: check
+CVE-2008-2651 (SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB ...)
+ TODO: check
+CVE-2008-2650 (Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, ...)
+ TODO: check
+CVE-2008-2649 (Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 ...)
+ TODO: check
+CVE-2008-2648 (Unrestricted file upload vulnerability in upload/uploader.html in ...)
+ TODO: check
+CVE-2008-2647 (SQL injection vulnerability in admin/journal_change_mask.inc.php in ...)
+ TODO: check
+CVE-2008-2646 (Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 ...)
+ TODO: check
+CVE-2008-2645 (Multiple PHP remote file inclusion vulnerabilities in Brim (formerly ...)
+ TODO: check
+CVE-2008-2644 (Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and ...)
+ TODO: check
+CVE-2008-2643 (SQL injection vulnerability in the Bible Study (com_biblestudy) ...)
+ TODO: check
+CVE-2008-2642 (SQL injection vulnerability in login.php in OtomiGenX 2.2 allows ...)
+ TODO: check
+CVE-2008-2641
+ RESERVED
+CVE-2008-2640
+ RESERVED
+CVE-2008-2639
+ RESERVED
+CVE-2008-2638 (Static code injection vulnerability in guestbook.php in 1Book 1.0.1 ...)
+ TODO: check
+CVE-2008-2637 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...)
+ TODO: check
+CVE-2008-2636 (The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 ...)
+ TODO: check
+CVE-2008-2635 (Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow ...)
+ TODO: check
+CVE-2008-2634 (SQL injection vulnerability in index.asp in I-Pos Internet Pay Online ...)
+ TODO: check
+CVE-2008-2633 (Multiple SQL injection vulnerabilities in the EXP JoomRadio ...)
+ TODO: check
+CVE-2008-2632 (SQL injection vulnerability in the acctexp (com_acctexp) component ...)
+ TODO: check
+CVE-2008-2631 (The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows ...)
+ TODO: check
+CVE-2008-2630 (SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 ...)
+ TODO: check
+CVE-2008-2629 (SQL injection vulnerability in the LifeType (formerly pLog) module for ...)
+ TODO: check
+CVE-2008-2628 (SQL injection vulnerability in the eQuotes (com_equotes) component ...)
+ TODO: check
+CVE-2008-2627 (SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 ...)
+ TODO: check
+CVE-2008-2626 (SQL injection vulnerability in comment.asp in Battle Blog 1.25 and ...)
+ TODO: check
+CVE-2008-2625
+ RESERVED
+CVE-2008-2624
+ RESERVED
+CVE-2008-2623
+ RESERVED
+CVE-2008-2622
+ RESERVED
+CVE-2008-2621
+ RESERVED
+CVE-2008-2620
+ RESERVED
+CVE-2008-2619
+ RESERVED
+CVE-2008-2618
+ RESERVED
+CVE-2008-2617
+ RESERVED
+CVE-2008-2616
+ RESERVED
+CVE-2008-2615
+ RESERVED
+CVE-2008-2614
+ RESERVED
+CVE-2008-2613
+ RESERVED
+CVE-2008-2612
+ RESERVED
+CVE-2008-2611
+ RESERVED
+CVE-2008-2610
+ RESERVED
+CVE-2008-2609
+ RESERVED
+CVE-2008-2608
+ RESERVED
+CVE-2008-2607
+ RESERVED
+CVE-2008-2606
+ RESERVED
+CVE-2008-2605
+ RESERVED
+CVE-2008-2604
+ RESERVED
+CVE-2008-2603
+ RESERVED
+CVE-2008-2602
+ RESERVED
+CVE-2008-2601
+ RESERVED
+CVE-2008-2600
+ RESERVED
+CVE-2008-2599
+ RESERVED
+CVE-2008-2598
+ RESERVED
+CVE-2008-2597
+ RESERVED
+CVE-2008-2596
+ RESERVED
+CVE-2008-2595
+ RESERVED
+CVE-2008-2594
+ RESERVED
+CVE-2008-2593
+ RESERVED
+CVE-2008-2592
+ RESERVED
+CVE-2008-2591
+ RESERVED
+CVE-2008-2590
+ RESERVED
+CVE-2008-2589
+ RESERVED
+CVE-2008-2588
+ RESERVED
+CVE-2008-2587
+ RESERVED
+CVE-2008-2586
+ RESERVED
+CVE-2008-2585
+ RESERVED
+CVE-2008-2584
+ RESERVED
+CVE-2008-2583
+ RESERVED
+CVE-2008-2582
+ RESERVED
+CVE-2008-2581
+ RESERVED
+CVE-2008-2580
+ RESERVED
+CVE-2008-2579
+ RESERVED
+CVE-2008-2578
+ RESERVED
+CVE-2008-2577
+ RESERVED
+CVE-2008-2576
+ RESERVED
+CVE-2008-2574 (Unrestricted file upload vulnerability in admin/Editor/imgupload.php ...)
+ TODO: check
+CVE-2008-2573 (Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote ...)
+ TODO: check
+CVE-2008-2572 (SQL injection vulnerability in php/leer_comentarios.php in FlashBlog ...)
+ TODO: check
+CVE-2008-2571 (Cross-site request forgery (CSRF) vulnerability in LimeSurvey ...)
+ TODO: check
+CVE-2008-2570 (Multiple unspecified vulnerabilities in LimeSurvey (formerly ...)
+ TODO: check
+CVE-2008-2569 (SQL injection vulnerability in the EasyBook (com_easybook) component ...)
+ TODO: check
+CVE-2008-2568 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...)
+ TODO: check
+CVE-2008-2567 (Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 ...)
+ TODO: check
+CVE-2008-2566 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Address ...)
+ TODO: check
+CVE-2008-2565 (Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and ...)
+ TODO: check
+CVE-2008-2564 (SQL injection vulnerability in the JotLoader (com_jotloader) component ...)
+ TODO: check
+CVE-2008-2563 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
+ TODO: check
+CVE-2008-2562 (SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and ...)
+ TODO: check
+CVE-2008-2561 (Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 ...)
+ TODO: check
+CVE-2008-2560 (SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows ...)
+ TODO: check
CVE-2008-2654 [off-by-one in webhttpd.c]
+ RESERVED
- motion 3.2.9-3 (low; bug #484572)
CVE-2008-2667 [sql injection vulnerability in courier-authlib]
+ RESERVED
- courier-authlib 0.60.1-2.1 (bug #485424)
CVE-2008-XXXX [missing sanity checks allow DoS via mis-formated timestamp]
- evolution 2.22.2-1.1 (low; bug #484639)
@@ -33,9 +281,9 @@
CVE-2008-2547 (Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and ...)
NOT-FOR-US: Microsoft Windows Installer
CVE-2008-2546
- RESERVED
-CVE-2008-2545
- RESERVED
+ REJECTED
+CVE-2008-2545 (Skype 3.6.0.248, and other versions before 3.8.0.139, uses a ...)
+ TODO: check
CVE-2008-2544
RESERVED
CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and ...)
@@ -322,7 +570,7 @@
- stunnel4 <not-affected> (Windows specific issue)
CVE-2008-2399 (Directory traversal vulnerability in the FireFTP add-on before ...)
NOT-FOR-US: FireFTP
-CVE-2008-2575 [command execution flaw via malicious file names]
+CVE-2008-2575 (cbrPager before 0.9.17 allows user-assisted remote attackers to ...)
- cbrpager 0.9.17-1 (low; bug #482853)
[etch] - cbrpager <no-dsa> (Minor issue)
CVE-2008-XXXX [resizing the monitor with xrandr can crash xscreensaver]
@@ -356,10 +604,10 @@
NOT-FOR-US: SubSonic
CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ...)
NOT-FOR-US: HP Software Update
-CVE-2008-2389
- RESERVED
-CVE-2008-2388
- RESERVED
+CVE-2008-2389 (opensuse-updater in openSUSE 10.2 allows local users to access ...)
+ TODO: check
+CVE-2008-2388 (Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have ...)
+ TODO: check
CVE-2008-2387
RESERVED
CVE-2008-2386
@@ -416,18 +664,21 @@
NOTE: see http://svn.gnome.org/viewvc/pan2/trunk/pan/data/parts.cc?view=log&pathrev=286
CVE-2008-2362 [RENDER Extension memory corruption]
RESERVED
+ {DSA-1595-1}
- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2361 [RENDER Extension crash]
RESERVED
+ {DSA-1595-1}
- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2360 [RENDER Extension heap buffer overflow]
RESERVED
+ {DSA-1595-1}
- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2359 (The default configuration of consolehelper in system-config-network ...)
NOT-FOR-US: system-config-network Fedora
-CVE-2008-2358
- RESERVED
+CVE-2008-2358 (The Datagram Congestion Control Protocol (DCCP) subsystem in the Linux ...)
{DSA-1592-1}
+ TODO: check
CVE-2008-2357 (Stack-based buffer overflow in the split_redraw function in split.c in ...)
{DSA-1587-1}
- mtr 0.73-1
@@ -683,8 +934,7 @@
- slash <unfixed> (medium; bug #484499)
NOTE: See CVE-2008-2553
NOTE: maintainer wants to remove package from unstable and move to experimental
-CVE-2008-2230 [reportbug and reportbug-ng includes os.curdir in path]
- RESERVED
+CVE-2008-2230 (Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and ...)
- reportbug 3.41 (low; bug #484311)
- reportbug-ng 0.2008.03.28 (low; bug #484474)
[etch] - reportbug <no-dsa> (Unlikely attack scenario)
@@ -854,8 +1104,7 @@
RESERVED
CVE-2008-2153
RESERVED
-CVE-2008-2152
- RESERVED
+CVE-2008-2152 (Integer overflow in the rtl_allocateMemory function in ...)
- openoffice.org <not-affected> (openoffice in Debian does not use the custom allocations but g/malloc)
NOTE: see ooo-build/distro-configs/CommonLinux.conf.in, openoffice builds on Debian using
NOTE: --with-alloc=system which causes the build scripts to use the system allocators instead of the
@@ -996,7 +1245,7 @@
- vmware-package <not-affected> (Windows issue according to CVE)
CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System (HGFS) ...)
- vmware-package <unfixed> (bug #484491)
-CVE-2008-2097 (The openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows ...)
+CVE-2008-2097 (Buffer overflow in the openwsman management service in VMware ESXi 3.5 ...)
NOT-FOR-US: Vmware ESX/i
CVE-2008-2096 (SQL injection vulnerability in BackLinkSpider allows remote attackers ...)
NOT-FOR-US: BackLinkSpider
@@ -1647,8 +1896,8 @@
CVE-2008-1806 [heap overflow in PFB font parsing routine]
RESERVED
- freetype <unfixed> (medium; bug #485841)
-CVE-2008-1805
- RESERVED
+CVE-2008-1805 (Incomplete blacklist vulnerability in Skype 3.6.0.248, and other ...)
+ TODO: check
CVE-2008-1804 (preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not ...)
- snort <unfixed> (low; bug #483160)
[etch] - snort <not-affected> (Only 2.6 and 2.8 are affected)
@@ -1730,7 +1979,7 @@
NOT-FOR-US: iScripts SocialWare
CVE-2008-1771 (Integer overflow in the ws_getpostvars function in Firefly Media ...)
- mt-daapd 0.9~r1696-1.3 (medium; bug #476241)
-CVE-2008-1770 (Unspecified vulnerability in Akamai Download Manager ActiveX control ...)
+CVE-2008-1770 (CRLF injection vulnerability in Akamai Download Manager ActiveX ...)
NOT-FOR-US: Akamai Download Manager
CVE-2008-1769 (VLC before 0.8.6f allow remote attackers to cause a denial of service ...)
{DTSA-125-1}
@@ -1969,9 +2218,9 @@
NOTE: the cve id description states that 2.6.25 is fixed, this is wrong, it's fixed in 2.6.25.1
CVE-2008-1674
RESERVED
-CVE-2008-1673
- RESERVED
+CVE-2008-1673 (The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 ...)
{DSA-1592-1}
+ TODO: check
CVE-2008-1672 (OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of ...)
{DTSA-136-1}
- openssl 0.9.8g-10.1 (bug #483379)
@@ -2008,7 +2257,7 @@
NOT-FOR-US: HP LDAP-UX
CVE-2008-1658 (Format string vulnerability in the grant helper ...)
- policykit 0.8-1 (medium; bug #476615; bug #476616)
-CVE-2008-1657 (OpenSSH before 4.9 allows remote authenticated users to bypass the ...)
+CVE-2008-1657 (OpenSSH 4.4 and other versions before 4.9 allows remote authenticated ...)
- openssh 1:4.7p1-8 (low; bug #475156)
[etch] - openssh <not-affected> (Vulnerable functionality was introduced in 4.4)
CVE-2008-1656 (Adobe ColdFusion 8 and 8.0.1 does not properly implement the public ...)
@@ -2163,16 +2412,16 @@
RESERVED
CVE-2008-1586
RESERVED
-CVE-2008-1585
- RESERVED
-CVE-2008-1584
- RESERVED
-CVE-2008-1583
- RESERVED
-CVE-2008-1582
- RESERVED
-CVE-2008-1581
- RESERVED
+CVE-2008-1585 (Apple QuickTime before 7.5 allows remote attackers to execute ...)
+ TODO: check
+CVE-2008-1584 (Stack-based buffer overflow in Apple QuickTime before 7.5 allows ...)
+ TODO: check
+CVE-2008-1583 (Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote ...)
+ TODO: check
+CVE-2008-1582 (Unspecified vulnerability in Apple QuickTime before 7.5 allows remote ...)
+ TODO: check
+CVE-2008-1581 (Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows ...)
+ TODO: check
CVE-2008-1580 (CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically ...)
NOT-FOR-US: CFNetwork Safari Apple Mac OS
CVE-2008-1579 (Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote ...)
@@ -2469,12 +2718,12 @@
RESERVED
CVE-2008-1454
RESERVED
-CVE-2008-1453
- RESERVED
+CVE-2008-1453 (The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista ...)
+ TODO: check
CVE-2008-1452
RESERVED
-CVE-2008-1451
- RESERVED
+CVE-2008-1451 (The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 ...)
+ TODO: check
CVE-2008-1450
RESERVED
CVE-2008-1449
@@ -2485,18 +2734,18 @@
RESERVED
CVE-2008-1446
RESERVED
-CVE-2008-1445
- RESERVED
-CVE-2008-1444
- RESERVED
+CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP Professional ...)
+ TODO: check
+CVE-2008-1444 (Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on ...)
+ TODO: check
CVE-2008-1443
RESERVED
-CVE-2008-1442
- RESERVED
-CVE-2008-1441
- RESERVED
-CVE-2008-1440
- RESERVED
+CVE-2008-1442 (Heap-based buffer overflow in the substringData method in Microsoft ...)
+ TODO: check
+CVE-2008-1441 (Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold ...)
+ TODO: check
+CVE-2008-1440 (Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does ...)
+ TODO: check
CVE-2008-1439
RESERVED
CVE-2008-1438 (Unspecified vulnerability in Microsoft Malware Protection Engine ...)
@@ -2649,11 +2898,13 @@
- xulrunner 1.8.1.14-1
CVE-2008-1379 [MIT-SHM arbitrary memory read]
RESERVED
+ {DSA-1595-1}
- xorg-server 2:1.4.1~git20080517-2
CVE-2008-1378
RESERVED
CVE-2008-1377 [RECORD and Security extensions memory corruption]
RESERVED
+ {DSA-1595-1}
- xorg-server 2:1.4.1~git20080517-2
CVE-2008-1376
RESERVED
@@ -3340,8 +3591,8 @@
NOTE: Requires that the ITip Formatter plugin is disabled, which is enabled by default.
CVE-2008-1107
RESERVED
-CVE-2008-1106
- RESERVED
+CVE-2008-1106 (The management interface in Akamai Client (formerly Red Swoosh) 3322 ...)
+ TODO: check
CVE-2008-1105 (Heap-based buffer overflow in the receive_smb_raw function in ...)
{DSA-1590-1}
- samba 1:3.0.30-1 (medium; bug #483410)
@@ -3665,16 +3916,16 @@
NOT-FOR-US: EMC DiskXtender
CVE-2008-0961 (EMV DiskXtender 6.20.060 has a hard-coded login and password, which ...)
NOT-FOR-US: EMC DiskXtender
-CVE-2008-0960
- RESERVED
+CVE-2008-0960 (SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x ...)
+ TODO: check
CVE-2008-0959 (Multiple stack-based buffer overflows in the Online Media Technologies ...)
NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2
CVE-2008-0958 (Multiple stack-based buffer overflows in the Online Media Technologies ...)
NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2
CVE-2008-0957 (Multiple stack-based buffer overflows in the PhotoStockPlus Uploader ...)
NOT-FOR-US: PhotoStockPlus Uploader Tool ActiveX control
-CVE-2008-0956
- RESERVED
+CVE-2008-0956 (Multiple stack-based buffer overflows in the BackWeb Lite Install ...)
+ TODO: check
CVE-2008-0955 (Stack-based buffer overflow in the Creative Software AutoUpdate Engine ...)
NOT-FOR-US: CTSUEng.ocx
CVE-2008-0954
@@ -4588,11 +4839,11 @@
NOT-FOR-US: phpIP Management
CVE-2008-0537 (Unspecified vulnerability in the Supervisor Engine 32 (Sup32), ...)
NOT-FOR-US: Cisco
-CVE-2008-0536 (Unspecified vulnerability in the SSH server in Cisco Service Control ...)
+CVE-2008-0536 (Unspecified vulnerability in the SSH server in (1) Cisco Service ...)
NOT-FOR-US: Cisco
-CVE-2008-0535 (Unspecified vulnerability in the SSH server in Cisco Service Control ...)
+CVE-2008-0535 (Unspecified vulnerability in the SSH server in (1) Cisco Service ...)
NOT-FOR-US: Cisco
-CVE-2008-0534 (The SSH server in Cisco Service Control Engine (SCE) before 3.1.6 ...)
+CVE-2008-0534 (The SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, ...)
NOT-FOR-US: Cisco
CVE-2008-0533 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Cisco ACS
@@ -6603,8 +6854,8 @@
RESERVED
CVE-2008-0012
RESERVED
-CVE-2008-0011
- RESERVED
+CVE-2008-0011 (Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 ...)
+ TODO: check
CVE-2007-6387 (Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ...)
NOT-FOR-US: Vantage Linguistics AnswerWorks ActiveX
CVE-2007-6386 (Stack-based buffer overflow in PccScan.dll before build 1451 in Trend ...)
@@ -21765,7 +22016,7 @@
NOT-FOR-US: Cadre PHP Framework
CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier ...)
NOT-FOR-US: ExoPHPDesk
-CVE-2007-0675 (** DISPUTED ** ...)
+CVE-2007-0675 (A certain ActiveX control in sapi.dll (aka the Speech API) in Speech ...)
NOT-FOR-US: Windows Vista
CVE-2007-0674 (Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and ...)
NOT-FOR-US: Windows Mobile
@@ -37343,7 +37594,7 @@
- bugzilla 2.20.1-1 (bug #354457; high)
[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
-CVE-2006-0914 (Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 do not properly handle ...)
+CVE-2006-0914 (Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly ...)
- bugzilla 2.20.1-1 (bug #354457; high)
[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
More information about the Secure-testing-commits
mailing list