[Secure-testing-commits] r9113 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Fri Jun 20 09:14:12 UTC 2008
Author: joeyh
Date: 2008-06-20 09:14:10 +0000 (Fri, 20 Jun 2008)
New Revision: 9113
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-06-19 21:14:11 UTC (rev 9112)
+++ data/CVE/list 2008-06-20 09:14:10 UTC (rev 9113)
@@ -1,42 +1,222 @@
+CVE-2008-2786 (Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack ...)
+ TODO: check
+CVE-2008-2785 (Unspecified vulnerability in Firefox 3.0 and 2.0.x has unknown impact ...)
+ TODO: check
+CVE-2008-2784 (The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT ...)
+ TODO: check
+CVE-2008-2783 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
+ TODO: check
+CVE-2008-2782 (Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow ...)
+ TODO: check
+CVE-2008-2781 (SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 ...)
+ TODO: check
+CVE-2008-2780 (The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores ...)
+ TODO: check
+CVE-2008-2779 (Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 ...)
+ TODO: check
+CVE-2008-2778 (SQL injection vulnerability in inc/class_search.php in the Search ...)
+ TODO: check
+CVE-2008-2777 (Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows ...)
+ TODO: check
+CVE-2008-2776 (Cross-site scripting (XSS) vulnerability in search.asp in DT ...)
+ TODO: check
+CVE-2008-2775 (SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows ...)
+ TODO: check
+CVE-2008-2774 (SQL injection vulnerability in item.php in CartKeeper CKGold Shopping ...)
+ TODO: check
+CVE-2008-2773 (Cross-site scripting (XSS) vulnerability in the Taxonomy Image module ...)
+ TODO: check
+CVE-2008-2772 (The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote ...)
+ TODO: check
+CVE-2008-2771 (The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 ...)
+ TODO: check
+CVE-2008-2770 (SQL injection vulnerability in index.php in MycroCMS 0.5, when ...)
+ TODO: check
+CVE-2008-2769 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-2768 (Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla ...)
+ TODO: check
+CVE-2008-2767 (SQL injection vulnerability in search.asp in Xigla Poll Manager XE ...)
+ TODO: check
+CVE-2008-2766 (Cross-site scripting (XSS) vulnerability in Xigla Absolute Image ...)
+ TODO: check
+CVE-2008-2765 (SQL injection vulnerability in gallery.asp in Xigla Absolute Image ...)
+ TODO: check
+CVE-2008-2764 (Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla ...)
+ TODO: check
+CVE-2008-2763 (SQL injection vulnerability in search.asp in Xigla Absolute Live ...)
+ TODO: check
+CVE-2008-2762 (SQL injection vulnerability in search.asp in Xigla Absolute Form ...)
+ TODO: check
+CVE-2008-2761 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute ...)
+ TODO: check
+CVE-2008-2760 (SQL injection vulnerability in searchbanners.asp in Xigla Absolute ...)
+ TODO: check
+CVE-2008-2759 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute ...)
+ TODO: check
+CVE-2008-2758 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute ...)
+ TODO: check
+CVE-2008-2757 (SQL injection vulnerability in search.asp in Xigla Absolute News ...)
+ TODO: check
+CVE-2008-2756 (Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla ...)
+ TODO: check
+CVE-2008-2755 (SQL injection vulnerability in index.php in JAMM CMS allows remote ...)
+ TODO: check
+CVE-2008-2754 (SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, ...)
+ TODO: check
+CVE-2008-2753 (Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 ...)
+ TODO: check
+CVE-2008-2752 (Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly ...)
+ TODO: check
+CVE-2008-2751 (Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish ...)
+ TODO: check
+CVE-2008-2750 (The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux ...)
+ TODO: check
+CVE-2008-2749 (Unspecified vulnerability in cshttpd in Sun Java System Calendar ...)
+ TODO: check
+CVE-2008-2748 (Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a ...)
+ TODO: check
+CVE-2008-2747 (No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak ...)
+ TODO: check
+CVE-2008-2746 (SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 ...)
+ TODO: check
+CVE-2008-2745 (Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in ...)
+ TODO: check
+CVE-2008-2744 (Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 ...)
+ TODO: check
+CVE-2008-2743 (Cross-site scripting (XSS) vulnerability in the embedded web server in ...)
+ TODO: check
+CVE-2008-2742 (Unrestricted file upload in the mcpuk file editor ...)
+ TODO: check
+CVE-2008-2741
+ RESERVED
+CVE-2008-2740
+ RESERVED
+CVE-2008-2739
+ RESERVED
+CVE-2008-2738
+ RESERVED
+CVE-2008-2737
+ RESERVED
+CVE-2008-2736
+ RESERVED
+CVE-2008-2735
+ RESERVED
+CVE-2008-2734
+ RESERVED
+CVE-2008-2733
+ RESERVED
+CVE-2008-2732
+ RESERVED
+CVE-2008-2731
+ RESERVED
+CVE-2008-2730
+ RESERVED
+CVE-2008-2729
+ RESERVED
+CVE-2008-2728
+ RESERVED
+CVE-2008-2727
+ RESERVED
+CVE-2008-2726
+ RESERVED
+CVE-2008-2725
+ RESERVED
+CVE-2008-2718 (Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 ...)
+ TODO: check
+CVE-2008-2716 (Unspecified vulnerability in Opera before 9.5 allows remote attackers ...)
+ TODO: check
+CVE-2008-2715 (Unspecified vulnerability in Opera before 9.5 allows remote attackers ...)
+ TODO: check
+CVE-2008-2714 (Opera before 9.26 allows remote attackers to misrepresent web page ...)
+ TODO: check
+CVE-2008-2710 (Integer signedness error in the ip_set_srcfilter function in the IP ...)
+ TODO: check
+CVE-2008-2709 (Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module ...)
+ TODO: check
+CVE-2008-2708 (Unspecified vulnerability in the Sun (1) UltraSPARC T2 and (2) ...)
+ TODO: check
+CVE-2008-2707 (Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and ...)
+ TODO: check
+CVE-2008-2706 (Unspecified vulnerability in the event port implementation in Sun ...)
+ TODO: check
+CVE-2008-2705 (Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, ...)
+ TODO: check
+CVE-2008-2704 (Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows ...)
+ TODO: check
+CVE-2008-2703 (Multiple stack-based buffer overflows in Novell GroupWise Messenger ...)
+ TODO: check
+CVE-2008-2702 (Directory traversal vulnerability in the FTP client in ALTools ESTsoft ...)
+ TODO: check
+CVE-2008-2701 (SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and ...)
+ TODO: check
+CVE-2008-2700 (SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and ...)
+ TODO: check
+CVE-2008-2699 (Multiple directory traversal vulnerabilities in Galatolo WebManager ...)
+ TODO: check
+CVE-2008-2698 (Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php ...)
+ TODO: check
+CVE-2008-2697 (SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) ...)
+ TODO: check
+CVE-2008-2695 (Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows ...)
+ TODO: check
+CVE-2008-2694 (Cross-site scripting (XSS) vulnerability in search.php in phpInv 0.8.0 ...)
+ TODO: check
+CVE-2008-2693 (Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control ...)
+ TODO: check
+CVE-2008-2692 (SQL injection vulnerability in the yvComment (com_yvcomment) component ...)
+ TODO: check
+CVE-2008-2691 (SQL injection vulnerability in read.asp in JiRo's FAQ Manager ...)
+ TODO: check
+CVE-2008-2690 (Multiple PHP remote file inclusion vulnerabilities in BrowserCRM ...)
+ TODO: check
+CVE-2008-2689 (PHP remote file inclusion vulnerability in pub/clients.php in ...)
+ TODO: check
+CVE-2008-2688 (SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 ...)
+ TODO: check
+CVE-2008-2687 (Directory traversal vulnerability in inc/config.php in ProManager 0.73 ...)
+ TODO: check
+CVE-2008-2686 (webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows ...)
+ TODO: check
CVE-2008-XXXX [insecure tempfile in wdiff]
- wdiff 0.5-18 (low; bug #425254)
-CVE-2008-2719 [nasm off-by-one in ppscan function]
+CVE-2008-2719 (Off-by-one error in the ppscan function (preproc.c) in Netwide ...)
- nasm 2.03.01-1 (low; bug #486715)
[etch] - nasm <not-affected> (vulnerable code not present)
NOTE: http://www.openwall.com/lists/oss-security/2008/06/11/4
-CVE-2008-2712 [multiple vulnerabilities in several vimscripts]
+CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote ...)
- vim 1:7.1.314-3 (medium; bug #486502)
NOTE: a bunch of these are probably low but because of the filetype.vim issue
NOTE: I set this to medium
NOTE: http://www.rdancer.org/vulnerablevim.html
-CVE-2008-2696 [exiv2 DoS via certain metadata in images]
+CVE-2008-2696 (Exiv2 0.16 allows user-assisted remote attackers to cause a denial of ...)
- exiv2 0.17-1 (low; bug #486328)
NOTE: http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
-CVE-2008-2713 [ClamaV DoS]
+CVE-2008-2713 (libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to ...)
{DTSA-138-1}
- clamav 0.93.1.dfsg-1 (low)
-CVE-2008-2711 [fetchmail DoS in -vv mode]
+CVE-2008-2711 (fetchmail 6.3.8 and earlier, when running in -v -v mode, allows remote ...)
- fetchmail <unfixed> (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2008/06/13/1
NOTE: -vv is only used for debugging purposes so this does not
NOTE: prevent a victim from getting mails. -vv is not used in non-interactive
NOTE: use.
-CVE-2008-2720 [gallery2 XSS via host and path attributes]
+CVE-2008-2720 (Cross-site scripting (XSS) vulnerability in Menalto Gallery before ...)
- gallery2 2.2.5-1 (low; bug #485947)
- gallery <not-affected> (Vulnerable code not present, different codebase)
-CVE-2008-2721 [gallery2 attackers can optain hidden albums]
+CVE-2008-2721 (Unspecified vulnerability in the album-select module in Menalto ...)
- gallery2 2.2.5-1 (low; bug #485947)
- gallery <not-affected> (Vulnerable code not present, different codebase)
-CVE-2008-2722 [gallery2 permission bypass for sub-albums]
+CVE-2008-2722 (Menalto Gallery before 2.2.5 allows remote attackers to bypass ...)
- gallery2 2.2.5-1 (low; bug #485947)
- gallery <not-affected> (Vulnerable code not present, different codebase)
-CVE-2008-2723 [gallery2 path disclosure]
+CVE-2008-2723 (embed.php in Menalto Gallery before 2.2.5 allows remote attackers to ...)
- gallery2 2.2.5-1 (low; bug #485947)
- gallery <not-affected> (Vulnerable code not present, different codebase)
-CVE-2008-2724 [gallery2 access restriction bypass]
+CVE-2008-2724 (Menalto Gallery before 2.2.5 does not enforce permissions for ...)
- gallery2 2.2.5-1 (low; bug #485947)
- gallery <not-affected> (Vulnerable code not present, different codebase)
-CVE-2008-2717 [typo3 code execution & xss]
+CVE-2008-2717 (TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, ...)
{DSA-1596-1}
- typo3-src 4.1.7-1 (bug #485814)
CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 ...)
@@ -129,10 +309,10 @@
NOT-FOR-US: OtomiGenX
CVE-2008-2641
RESERVED
-CVE-2008-2640
- RESERVED
-CVE-2008-2639
- RESERVED
+CVE-2008-2640 (Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 ...)
+ TODO: check
+CVE-2008-2639 (Stack-based buffer overflow in the ODBC server service in Citect ...)
+ TODO: check
CVE-2008-2638 (Static code injection vulnerability in guestbook.php in 1Book 1.0.1 ...)
NOT-FOR-US: 1Book
CVE-2008-2637 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...)
@@ -289,8 +469,7 @@
NOT-FOR-US: 427BB
CVE-2008-2560 (SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows ...)
NOT-FOR-US: 427BB
-CVE-2008-2654 [off-by-one in webhttpd.c]
- RESERVED
+CVE-2008-2654 (Off-by-one error in the read_client function in webhttpd.c in Motion ...)
- motion 3.2.9-3 (low; bug #484572)
CVE-2008-2667 [sql injection vulnerability in courier-authlib]
RESERVED
@@ -559,8 +738,8 @@
RESERVED
CVE-2008-2429
RESERVED
-CVE-2008-2428
- RESERVED
+CVE-2008-2428 (Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic ...)
+ TODO: check
CVE-2008-2427
RESERVED
CVE-2008-2426 (Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 ...)
@@ -694,28 +873,24 @@
RESERVED
CVE-2008-2367
RESERVED
-CVE-2008-2366
- RESERVED
+CVE-2008-2366 (Untrusted search path vulnerability in a certain Red Hat build script ...)
+ TODO: check
CVE-2008-2365
RESERVED
-CVE-2008-2364 [apache2 mod_proxy_http DoS]
- RESERVED
+CVE-2008-2364 (The ap_proxy_http_process_response function in mod_proxy_http.c in the ...)
- apache2 2.2.9-1 (low)
TODO: check apache 1.3
CVE-2008-2363 (The PartsBatch class in Pan 0.132 and earlier does not properly manage ...)
- pan 0.132-3.1 (bug #483562)
[etch] - pan <not-affected> (Vulnerable code not added until 0.130)
NOTE: see http://svn.gnome.org/viewvc/pan2/trunk/pan/data/parts.cc?view=log&pathrev=286
-CVE-2008-2362 [RENDER Extension memory corruption]
- RESERVED
+CVE-2008-2362 (Multiple integer overflows in the Render extension in the X server 1.4 ...)
{DSA-1595-1}
- xorg-server 2:1.4.1~git20080517-2
-CVE-2008-2361 [RENDER Extension crash]
- RESERVED
+CVE-2008-2361 (Integer overflow in the ProcRenderCreateCursor function in the Render ...)
{DSA-1595-1}
- xorg-server 2:1.4.1~git20080517-2
-CVE-2008-2360 [RENDER Extension heap buffer overflow]
- RESERVED
+CVE-2008-2360 (Integer overflow in the AllocateGlyph function in the Render extension ...)
{DSA-1595-1}
- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2359 (The default configuration of consolehelper in system-config-network ...)
@@ -1372,8 +1547,8 @@
RESERVED
CVE-2008-2061
RESERVED
-CVE-2008-2060
- RESERVED
+CVE-2008-2060 (Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) ...)
+ TODO: check
CVE-2008-2059 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...)
NOT-FOR-US: Cisco
CVE-2008-2058 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...)
@@ -1942,14 +2117,11 @@
RESERVED
CVE-2008-1809
RESERVED
-CVE-2008-1808 [two heap overflows in PFB and TTF font parsing routine]
- RESERVED
+CVE-2008-1808 (Multiple off-by-one errors in FreeType2 before 2.3.6 allow ...)
- freetype 2.3.6-1 (low; bug #485841)
-CVE-2008-1807 [heap overflow in PFB font parsing routine]
- RESERVED
+CVE-2008-1807 (FreeType2 before 2.3.6 allow context-dependent attackers to execute ...)
- freetype 2.3.6-1 (medium; bug #485841)
-CVE-2008-1806 [heap overflow in PFB font parsing routine]
- RESERVED
+CVE-2008-1806 (Integer overflow in FreeType2 before 2.3.6 allows context-dependent ...)
- freetype 2.3.6-1 (medium; bug #485841)
CVE-2008-1805 (Incomplete blacklist vulnerability in Skype 3.6.0.248, and other ...)
NOT-FOR-US: Skype
@@ -2958,14 +3130,12 @@
- icedove <unfixed>
- iceape 1.1.9-2
- xulrunner 1.8.1.14-1
-CVE-2008-1379 [MIT-SHM arbitrary memory read]
- RESERVED
+CVE-2008-1379 (Integer overflow in the fbShmPutImage function in the MIT-SHM ...)
{DSA-1595-1}
- xorg-server 2:1.4.1~git20080517-2
CVE-2008-1378
RESERVED
-CVE-2008-1377 [RECORD and Security extensions memory corruption]
- RESERVED
+CVE-2008-1377 (The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients ...)
{DSA-1595-1}
- xorg-server 2:1.4.1~git20080517-2
CVE-2008-1376
@@ -4067,8 +4237,8 @@
NOT-FOR-US: Novell eDirectory
CVE-2008-0926 (The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 ...)
NOT-FOR-US: Novell eDirectory
-CVE-2008-0925
- RESERVED
+CVE-2008-0925 (Cross-site scripting (XSS) vulnerability in the iMonitor interface in ...)
+ TODO: check
CVE-2008-0924 (Stack-based buffer overflow in the DoLBURPRequest function in libnldap ...)
NOT-FOR-US: Novell eDirectory
CVE-2008-0923 (Directory traversal vulnerability in the Shared Folders feature for ...)
@@ -6108,8 +6278,8 @@
{DSA-1512-1}
- evolution 2.12.3-1.1
NOTE: SA29057
-CVE-2008-0071
- RESERVED
+CVE-2008-0071 (The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) ...)
+ TODO: check
CVE-2008-0070 (Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA ...)
NOT-FOR-US: Orb Networks Orb and Winamp Remote BETA
CVE-2008-0069 (Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows ...)
More information about the Secure-testing-commits
mailing list