[Secure-testing-commits] r8319 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Mar 12 09:14:11 UTC 2008
Author: joeyh
Date: 2008-03-12 09:14:10 +0000 (Wed, 12 Mar 2008)
New Revision: 8319
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-03-11 23:23:45 UTC (rev 8318)
+++ data/CVE/list 2008-03-12 09:14:10 UTC (rev 8319)
@@ -1,4 +1,43 @@
-CVE-2008-1270 [configuration error in lighttpd possibly leading to file disclosure]
+CVE-2008-1288 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or ...)
+ TODO: check
+CVE-2008-1287 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 ggenerates different error ...)
+ TODO: check
+CVE-2008-1286 (Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and ...)
+ TODO: check
+CVE-2008-1285 (Cross-site scripting (XSS) vulnerability in Sun Java Server Faces ...)
+ TODO: check
+CVE-2008-1284 (Directory traversal vulnerability in Horde 3.1.6, Groupware before ...)
+ TODO: check
+CVE-2008-1283 (Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 ...)
+ TODO: check
+CVE-2008-1282 (Buffer overflow in the BFup ActiveX control (BFup.dll) in B21Soft BFup ...)
+ TODO: check
+CVE-2008-1281 (Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, ...)
+ TODO: check
+CVE-2008-1280 (Acronis True Image Windows Agent 1.0.0.54 and earlier, included in ...)
+ TODO: check
+CVE-2008-1279 (Acronis True Image Group Server 1.5.19.191 and earlier, included in ...)
+ TODO: check
+CVE-2008-1278 (The RemotelyAnywhere.exe service in the Remotely Anywhere Server and ...)
+ TODO: check
+CVE-2008-1277 (The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and ...)
+ TODO: check
+CVE-2008-1276 (Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in ...)
+ TODO: check
+CVE-2008-1275 (Multiple unspecified vulnerabilities in the SMTP service in MailEnable ...)
+ TODO: check
+CVE-2008-1274 (Untrusted search path vulnerability in man in IBM AIX 6.1.0 invokes ...)
+ TODO: check
+CVE-2008-1273 (Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 ...)
+ TODO: check
+CVE-2008-1272 (Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and ...)
+ TODO: check
+CVE-2008-1271
+ REJECTED
+ TODO: check
+CVE-2004-2759 (Shared Sun StorEdge QFS and SAM-QFS file systems, as used in ...)
+ TODO: check
+CVE-2008-1270 (mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not ...)
- lighttpd <unfixed> (unimportant)
NOTE: user configuration error, default documented in moduserdir documentation
CVE-2008-1269 (cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus ...)
@@ -131,10 +170,10 @@
NOT-FOR-US: Sun Solaris
CVE-2008-1204 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: Sun Java System
-CVE-2008-1203
- RESERVED
-CVE-2008-1202
- RESERVED
+CVE-2008-1203 (The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 ...)
+ TODO: check
+CVE-2008-1202 (Cross-site scripting (XSS) vulnerability in the web management ...)
+ TODO: check
CVE-2008-1201
RESERVED
CVE-2008-1200 (Unspecified vulnerability in Microsoft Access allows remote ...)
@@ -213,8 +252,8 @@
TODO: check
CVE-2008-1162 (SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic ...)
TODO: check
-CVE-2008-1161
- RESERVED
+CVE-2008-1161 (Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in ...)
+ TODO: check
CVE-2008-1160
RESERVED
CVE-2008-1159
@@ -291,8 +330,7 @@
TODO: check
CVE-2003-1546 (Cross-site scripting (XSS) vulnerability in gbook.php in Filebased ...)
TODO: check
-CVE-2008-1218 [dovecot authentication bypass]
- RESERVED
+CVE-2008-1218 (Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and ...)
- dovecot 1:1.0.13-1
[etch] - dovecot <not-affected> (Vulnerable code not present)
[sarge] - dovecot <not-affected> (Vulnerable code not present)
@@ -821,8 +859,8 @@
RESERVED
CVE-2008-0891
RESERVED
-CVE-2008-0890
- RESERVED
+CVE-2008-0890 (Red Hat Directory Server 7.1 before SP4 uses insecure permissions for ...)
+ TODO: check
CVE-2008-0889
RESERVED
CVE-2008-0888
@@ -1348,10 +1386,10 @@
- deluge-torrent 0.5.8.3-1 (unknown; bug #463357)
CVE-2008-0645 (Multiple PHP remote file inclusion vulnerabilities in Portail Web Php ...)
NOT-FOR-US: Portail Web Php
-CVE-2008-0644
- RESERVED
-CVE-2008-0643
- RESERVED
+CVE-2008-0644 (Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to ...)
+ TODO: check
+CVE-2008-0643 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ...)
+ TODO: check
CVE-2008-0642 (Cross-site scripting (XSS) vulnerability in files created by Adobe ...)
NOT-FOR-US: Adobe
CVE-2008-0808 (Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki ...)
@@ -2149,10 +2187,10 @@
NOT-FOR-US: Symantec Decomposer
CVE-2008-0308 (Symantec Decomposer, as used in certain Symantec antivirus products ...)
NOT-FOR-US: Symantec Decomposer
-CVE-2008-0307
- RESERVED
-CVE-2008-0306
- RESERVED
+CVE-2008-0307 (Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and ...)
+ TODO: check
+CVE-2008-0306 (sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows ...)
+ TODO: check
CVE-2008-0305
RESERVED
CVE-2008-0304 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and ...)
@@ -2160,10 +2198,10 @@
- iceape 1.1.8-1 (medium)
CVE-2008-0303 (The FTP print feature in multiple Canon printers, including ...)
NOT-FOR-US: Canon printer firmware
-CVE-2008-0301
- RESERVED
-CVE-2008-0300
- RESERVED
+CVE-2008-0301 (Multiple SQL injection vulnerabilities in Mapbender 2.4 through 2.4.4 ...)
+ TODO: check
+CVE-2008-0300 (mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to ...)
+ TODO: check
CVE-2008-0298 (KHTML WebKit as used in Apple Safari 2.x allows remote attackers to ...)
- webkit <unfixed> (unimportant)
NOTE: khtml originates from konqueror. browser crashes are considered unimportant
@@ -2630,24 +2668,24 @@
RESERVED
CVE-2008-0119
RESERVED
-CVE-2008-0118
- RESERVED
-CVE-2008-0117
- RESERVED
-CVE-2008-0116
- RESERVED
-CVE-2008-0115
- RESERVED
-CVE-2008-0114
- RESERVED
-CVE-2008-0113
- RESERVED
-CVE-2008-0112
- RESERVED
-CVE-2008-0111
- RESERVED
-CVE-2008-0110
- RESERVED
+CVE-2008-0118 (Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 ...)
+ TODO: check
+CVE-2008-0117 (Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, ...)
+ TODO: check
+CVE-2008-0116 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 ...)
+ TODO: check
+CVE-2008-0115 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, ...)
+ TODO: check
+CVE-2008-0114 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 ...)
+ TODO: check
+CVE-2008-0113 (Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to ...)
+ TODO: check
+CVE-2008-0112 (Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for ...)
+ TODO: check
+CVE-2008-0111 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, ...)
+ TODO: check
+CVE-2008-0110 (Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP ...)
+ TODO: check
CVE-2008-0109 (Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office ...)
NOT-FOR-US: Microsoft Office
CVE-2008-0108 (Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File ...)
@@ -2724,7 +2762,7 @@
RESERVED
CVE-2008-0082
RESERVED
-CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2004 and earlier, and ...)
+CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 ...)
NOT-FOR-US: Microsoft
CVE-2008-0080 (Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft ...)
NOT-FOR-US: Windows
@@ -3638,6 +3676,7 @@
CVE-2007-6342 (SQL injection vulnerability in the David Castro AuthCAS module ...)
NOT-FOR-US: Apache AuthCAS module
CVE-2007-6341 (Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such ...)
+ {DSA-1515-1}
- libnet-dns-perl 0.63-1 (low; bug #457445)
NOTE: maybe this should be unimportant as applications using net-dns should handle this croak
CVE-2007-6340 (Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream ...)
@@ -3846,8 +3885,8 @@
RESERVED
CVE-2007-6254
RESERVED
-CVE-2007-6253
- RESERVED
+CVE-2007-6253 (Multiple unspecified vulnerabilities in Adobe Form Designer 5.0 and ...)
+ TODO: check
CVE-2007-6252 (Multiple stack-based buffer overflows in the Learn2 Corporation ...)
NOT-FOR-US: Street Technologies
CVE-2007-6251
@@ -11645,6 +11684,7 @@
CVE-2007-3410 (Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue ...)
- helix-player <not-affected> (Debian versions of Helix player not affected according to maintainer)
CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to cause ...)
+ {DSA-1515-1}
- libnet-dns-perl 0.60-1 (low)
CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have ...)
- dia <not-affected> (Windows packaging with bundled FreeType libs)
@@ -11729,6 +11769,7 @@
- php4 <unfixed> (unimportant)
- php5 5.2.4-1 (unimportant)
CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates ...)
+ {DSA-1515-1}
- libnet-dns-perl 0.60-1 (low)
CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows ...)
NOT-FOR-US: Apple Safari
@@ -17076,8 +17117,8 @@
NOT-FOR-US: Microsoft Excel
CVE-2007-1202 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, ...)
NOT-FOR-US: Microsoft Word
-CVE-2007-1201
- RESERVED
+CVE-2007-1201 (Unspecified vulnerability in certain COM objects in Microsoft Office ...)
+ TODO: check
CVE-2007-1200
RESERVED
CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read ...)
@@ -25276,8 +25317,8 @@
NOT-FOR-US: Microsoft
CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft Windows ...)
NOT-FOR-US: Microsoft
-CVE-2006-4695
- RESERVED
+CVE-2006-4695 (Unspecified vulnerability in certain COM objects in Microsoft Office ...)
+ TODO: check
CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...)
NOT-FOR-US: Microsoft
CVE-2006-4693 (Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for ...)
More information about the Secure-testing-commits
mailing list