[Secure-testing-commits] r8259 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Tue Mar 4 21:14:12 UTC 2008


Author: joeyh
Date: 2008-03-04 21:14:10 +0000 (Tue, 04 Mar 2008)
New Revision: 8259

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-03-04 16:18:05 UTC (rev 8258)
+++ data/CVE/list	2008-03-04 21:14:10 UTC (rev 8259)
@@ -1,4 +1,160 @@
+CVE-2008-1132 (Untrusted search path vulnerability in src/mainwindow.c in Net ...)
+	TODO: check
+CVE-2008-1131 (Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote ...)
+	TODO: check
+CVE-2008-1130 (Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and ...)
+	TODO: check
+CVE-2008-1129 (Cross-site scripting (XSS) vulnerability in admin/users/self.php in ...)
+	TODO: check
+CVE-2008-1128 (PHP remote file inclusion vulnerability in tourney/index.php in ...)
+	TODO: check
+CVE-2008-1127 (Format string vulnerability in the cryactio function in Crysis ...)
+	TODO: check
+CVE-2008-1126 (PHP remote file inclusion vulnerability in main.php in Barryvan Compo ...)
+	TODO: check
+CVE-2008-1125 (Multiple directory traversal vulnerabilities in Podcast Generator 1.0 ...)
+	TODO: check
+CVE-2008-1124 (Multiple PHP remote file inclusion vulnerabilities in Podcast ...)
+	TODO: check
+CVE-2008-1123 (Multiple PHP remote file inclusion vulnerabilities in SiteBuilder ...)
+	TODO: check
+CVE-2008-1122 (SQL injection vulnerability in index.php in Koobi Pro 5.7 allows ...)
+	TODO: check
+CVE-2008-1121 (SQL injection vulnerability in index.php in eazyPortal 1.0 and earlier ...)
+	TODO: check
+CVE-2008-1120 (Format string vulnerability in the embedded Internet Explorer ...)
+	TODO: check
+CVE-2008-1119 (Directory traversal vulnerability in include/doc/get_image.php in ...)
+	TODO: check
+CVE-2008-1118
+	RESERVED
+CVE-2008-1117
+	RESERVED
+CVE-2008-1116 (Insecure method vulnerability in the Web Scan Object ActiveX control ...)
+	TODO: check
+CVE-2008-1115 (Unspecified vulnerability in Sun Solaris 8 directory functions allows ...)
+	TODO: check
+CVE-2008-1114 (Vocera Communications wireless handsets, when using Protected ...)
+	TODO: check
+CVE-2008-1113 (Cisco Unified Wireless IP Phone 7921, when using Protected Extensible ...)
+	TODO: check
+CVE-2008-1112
+	REJECTED
+	TODO: check
+CVE-2008-1110 (Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the ...)
+	TODO: check
+CVE-2008-1109
+	RESERVED
+CVE-2008-1108
+	RESERVED
+CVE-2008-1107
+	RESERVED
+CVE-2008-1106
+	RESERVED
+CVE-2008-1105
+	RESERVED
+CVE-2008-1104
+	RESERVED
+CVE-2008-1103
+	RESERVED
+CVE-2008-1102
+	RESERVED
+CVE-2008-1101
+	RESERVED
+CVE-2008-1100
+	RESERVED
+CVE-2008-1099
+	RESERVED
+CVE-2008-1098
+	RESERVED
+CVE-2008-1097
+	RESERVED
+CVE-2008-1096
+	RESERVED
+CVE-2008-1095 (Unspecified vulnerability in the Internet Protocol (IP) implementation ...)
+	TODO: check
+CVE-2008-1094
+	RESERVED
+CVE-2008-1093
+	RESERVED
+CVE-2008-1092
+	RESERVED
+CVE-2008-1091
+	RESERVED
+CVE-2008-1090
+	RESERVED
+CVE-2008-1089
+	RESERVED
+CVE-2008-1088
+	RESERVED
+CVE-2008-1087
+	RESERVED
+CVE-2008-1086
+	RESERVED
+CVE-2008-1085
+	RESERVED
+CVE-2008-1084
+	RESERVED
+CVE-2008-1083
+	RESERVED
+CVE-2008-1082 (Opera before 9.26 allows remote attackers to "bypass sanitization ...)
+	TODO: check
+CVE-2008-1081 (Opera before 9.26 allows user-assisted remote attackers to execute ...)
+	TODO: check
+CVE-2008-1080 (Opera before 9.26 allows user-assisted remote attackers to read ...)
+	TODO: check
+CVE-2008-1079
+	RESERVED
+CVE-2008-1078 (expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and ...)
+	TODO: check
+CVE-2008-1077 (SQL injection vulnerability in index.php in the Simpleboard ...)
+	TODO: check
+CVE-2008-1076 (Cross-site scripting (XSS) vulnerability in search.php in Interspire ...)
+	TODO: check
+CVE-2008-1075 (Cross-site scripting (XSS) vulnerability in index.php in Maian Cart ...)
+	TODO: check
+CVE-2008-1074 (PHP remote file inclusion vulnerability in lib/head_auth.php in ...)
+	TODO: check
+CVE-2008-1073 (Cross-site scripting (XSS) vulnerability in the report interface in ...)
+	TODO: check
+CVE-2008-1072 (The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through ...)
+	TODO: check
+CVE-2008-1071 (The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through ...)
+	TODO: check
+CVE-2008-1070 (The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through ...)
+	TODO: check
+CVE-2008-1069 (Multiple PHP remote file inclusion vulnerabilities in Quantum Game ...)
+	TODO: check
+CVE-2008-1068 (Multiple PHP remote file inclusion vulnerabilities in Portail Web Php ...)
+	TODO: check
+CVE-2008-1067 (Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 ...)
+	TODO: check
+CVE-2008-1066 (The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used ...)
+	TODO: check
+CVE-2008-1065 (Multiple SQL injection vulnerabilities in index.php in the ...)
+	TODO: check
+CVE-2008-1064 (Cross-site scripting (XSS) vulnerability in images.php in the Red ...)
+	TODO: check
+CVE-2008-1063 (Cross-site scripting (XSS) vulnerability index.php in the ...)
+	TODO: check
+CVE-2008-1062 (InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater ...)
+	TODO: check
+CVE-2008-1061 (Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets ...)
+	TODO: check
+CVE-2008-1060 (Eval injection vulnerability in modules/execute.php in the Sniplets ...)
+	TODO: check
+CVE-2008-1059 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-1058 (The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 ...)
+	TODO: check
+CVE-2008-1057 (The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 ...)
+	TODO: check
+CVE-2008-1056 (Multiple stack-based buffer overflows in Symark PowerBroker 2.8 ...)
+	TODO: check
+CVE-2003-1545 (Absolute path traversal vulnerability in nukestyles.com viewpage.php ...)
+	TODO: check
 CVE-2008-1111 [lighttpd sends cgi source if it fails to fork the cgi handler]
+	RESERVED
 	- lighttpd <unfixed> (low; bug #469307)
 CVE-2008-XXXX [insecure default behaviour in rxvt for handling DISPLAY variable]
 	- rxvt <unfixed> (bug #469296)
@@ -154,7 +310,7 @@
 CVE-2006-7232 (sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 ...)
 	- mysql-dfsg-4.1 <removed>
 	- mysql-dfsg-5.0 5.0.32-1
-CVE-2008-0984 (The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier allows ...)
+CVE-2008-0984 (The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as ...)
 	{DTSA-116-1}
 	- vlc 0.8.6.c-6 (medium; bug #467652)
 CVE-2008-6426
@@ -259,18 +415,16 @@
 	NOT-FOR-US: NukeC phpnuke module
 CVE-2008-0933 (Multiple race conditions in the CPU Performance Counters (cpc) ...)
 	NOT-FOR-US: Sun Solaris
-CVE-2008-0931 [broken permissions in xwine configuration]
-	RESERVED
+CVE-2008-0931 (w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure ...)
 	- xwine <unfixed> (low; bug #468050)
 	NOTE: will be removed soon
-CVE-2008-0930 [insecure use of temporary files in xwine]
-	RESERVED
+CVE-2008-0930 (w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to ...)
 	- xwine <unfixed> (low; bug #468050)
 	NOTE: will be removed soon
 CVE-2008-0929
 	REJECTED
-CVE-2008-0928
-	RESERVED
+CVE-2008-0928 (Qemu 0.9.1 and earlier does not perform range checks for block device ...)
+	TODO: check
 CVE-2008-0927
 	RESERVED
 CVE-2008-0926
@@ -354,7 +508,7 @@
 CVE-2008-0887
 	RESERVED
 CVE-2008-0886
-	RESERVED
+	REJECTED
 CVE-2008-0885
 	RESERVED
 CVE-2008-0884
@@ -977,8 +1131,7 @@
 	- cupsys <not-affected> (mimeDeleteType included since 1.2.x)
 CVE-2008-0596 (Memory leak in CUPS before 1.1.22, and possibly other versions, allows ...)
 	- cupsys <not-affected> (version in unstable has better array handling and is not vulnerable, exact version unknown)
-CVE-2008-0595
-	RESERVED
+CVE-2008-0595 (dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes ...)
 	- dbus 1.1.20-1
 CVE-2008-0594 (Mozilla Firefox before 2.0.0.12 does not always display a web forgery ...)
 	{DSA-1506-1 DSA-1489-1 DSA-1485-1 DSA-1484-1}
@@ -1439,8 +1592,7 @@
 	- xulrunner 1.8.1.12-1
 	- iceape 1.1.8-1
 	- icedove <unfixed>
-CVE-2008-0411 [ghostscript buffer overflow]
-	RESERVED
+CVE-2008-0411 (Stack-based buffer overflow in the zseticcspace function in zicc.c in ...)
 	{DSA-1510-1}
 	- ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190)
 CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 ...)
@@ -1511,8 +1663,8 @@
 CVE-2008-0386 (Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to ...)
 	- xdg-utils <not-affected> (Ships a patch that modifies the vulnerable code and uses sed secure)
 	NOTE: xdg-open-generic replaces the vulnerable code and runs view-mailcap or sensible-browser
-CVE-2008-0385
-	RESERVED
+CVE-2008-0385 (SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 ...)
+	TODO: check
 CVE-2008-0384 (OpenBSD 4.2 allows local users to cause a denial of service (kernel ...)
 	NOT-FOR-US: OpenBSD
 CVE-2008-0383 (Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier ...)
@@ -1669,20 +1821,20 @@
 	RESERVED
 CVE-2008-0310
 	RESERVED
-CVE-2008-0309
-	RESERVED
-CVE-2008-0308
-	RESERVED
+CVE-2008-0309 (Stack-based buffer overflow in Symantec Decomposer, as used in certain ...)
+	TODO: check
+CVE-2008-0308 (Symantec Decomposer, as used in certain Symantec antivirus products ...)
+	TODO: check
 CVE-2008-0307
 	RESERVED
 CVE-2008-0306
 	RESERVED
 CVE-2008-0305
 	RESERVED
-CVE-2008-0304
-	RESERVED
-CVE-2008-0303
-	RESERVED
+CVE-2008-0304 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and ...)
+	TODO: check
+CVE-2008-0303 (The FTP print feature in multiple Canon printers, including ...)
+	TODO: check
 CVE-2008-0301
 	RESERVED
 CVE-2008-0300
@@ -2131,8 +2283,8 @@
 	RESERVED
 CVE-2008-0125
 	RESERVED
-CVE-2008-0124
-	RESERVED
+CVE-2008-0124 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before ...)
+	TODO: check
 CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for Moodle ...)
 	- moodle <unfixed> (unimportant)
 	NOTE: the issue itself has a quite small attack vector
@@ -2788,7 +2940,7 @@
 	NOT-FOR-US: Oracle database component in Sun Management Center
 CVE-2007-6479 (Unrestricted file upload vulnerability in the &quot;My productions&quot; ...)
 	NOT-FOR-US: Dokeos
-CVE-2007-6478 (Stack-based buffer overflow in Rosoft Media Player 4.1.7 allows remote ...)
+CVE-2007-6478 (Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and ...)
 	NOT-FOR-US: Rosoft Media Player
 CVE-2007-6477 (Cross-site scripting (XSS) vulnerability in the on-line help feature ...)
 	NOT-FOR-US: Citrix Web Interface and NFuse
@@ -3368,8 +3520,8 @@
 	RESERVED
 CVE-2007-6253
 	RESERVED
-CVE-2007-6252
-	RESERVED
+CVE-2007-6252 (Multiple stack-based buffer overflows in the Learn2 Corporation ...)
+	TODO: check
 CVE-2007-6251
 	RESERVED
 CVE-2007-6250 (Stack-based buffer overflow in AOL AOLMediaPlaybackControl ...)
@@ -3960,10 +4112,10 @@
 	{DSA-1470-1}
 	- horde3 3.1.6-1 (bug #461131; low)
 	- imp4 <not-affected> (xss.php is only present in horde3 package)
-CVE-2007-6017
-	RESERVED
-CVE-2007-6016
-	RESERVED
+CVE-2007-6017 (A Symantec ActiveX control related to the scheduler component in the ...)
+	TODO: check
+CVE-2007-6016 (Multiple stack-based buffer overflows in a Symantec ActiveX control ...)
+	TODO: check
 CVE-2007-6015 (Stack-based buffer overflow in the send_mailslot function in nmbd in ...)
 	{DSA-1427-1 DTSA-100-1}
 	- samba 3.0.28-1 (high)
@@ -6130,8 +6282,8 @@
 CVE-2007-5398 (Stack-based buffer overflow in the reply_netbios_packet function in ...)
 	{DSA-1409-3 DSA-1409-2 DSA-1409-1}
 	- samba 3.0.27-1 (high)
-CVE-2007-5397
-	RESERVED
+CVE-2007-5397 (Heap-based buffer overflow in the activePDF Server service (aka ...)
+	TODO: check
 CVE-2007-5396 (Format string vulnerability in the ext_yahoo_contact_added function in ...)
 	NOT-FOR-US: Miranda
 CVE-2007-5395 (Stack-based buffer overflow in the separate_word function in ...)




More information about the Secure-testing-commits mailing list