[Secure-testing-commits] r8382 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Fri Mar 21 13:21:58 UTC 2008
Author: nion
Date: 2008-03-21 13:21:57 +0000 (Fri, 21 Mar 2008)
New Revision: 8382
Modified:
data/CVE/list
Log:
NFUs
anyone knows more for wordpress (CVE-2008-1304)?
CVE-2008-0888 fixed in unzip 5.52-11
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-03-21 09:14:12 UTC (rev 8381)
+++ data/CVE/list 2008-03-21 13:21:57 UTC (rev 8382)
@@ -185,24 +185,25 @@
NOT-FOR-US: Filebase mod for phpBb
CVE-2008-1304 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 ...)
TODO: check
+ NOTE: grepping the source for invite does not return any results, anyone knows more?
CVE-2008-1303 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ...)
- TODO: check
+ NOT-FOR-US: Perforce Server
CVE-2008-1302 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ...)
- TODO: check
+ NOT-FOR-US: Perforce Server
CVE-2008-1301 (Absolute path traversal vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Alkacon OpenCms
CVE-2008-1300 (Cross-site scripting (XSS) vulnerability in the Logfile Viewer ...)
- TODO: check
+ NOT-FOR-US: Alkacon OpenCms
CVE-2008-1299 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ...)
- TODO: check
+ NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2008-1298 (SQL injection vulnerability in Hadith module for PHP-Nuke allows ...)
- TODO: check
+ NOT-FOR-US: Hadith module for PHP-Nuke
CVE-2008-1297 (SQL injection vulnerability in index.php in the eWriting ...)
- TODO: check
+ NOT-FOR-US: com_ewriting module for Mambo and Joomla!
CVE-2008-1296 (Multiple cross-site scripting (XSS) vulnerabilities in EncapsGallery ...)
- TODO: check
+ NOT-FOR-US: EncapsGallery
CVE-2008-1295 (SQL injection vulnerability in archives.php in Gregory Kokanosky (aka ...)
- TODO: check
+ NOT-FOR-US: phpMyNewsletter
CVE-2008-1292
RESERVED
CVE-2008-1291
@@ -217,11 +218,11 @@
CVE-2007-6710
RESERVED
CVE-2007-6709 (The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and ...)
- TODO: check
+ NOT-FOR-US: Cisco Linksys
CVE-2007-6708 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
- TODO: check
+ NOT-FOR-US: Cisco Linksys
CVE-2007-6707 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco Linksys
CVE-2008-1360 (Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows ...)
- nagios2 2.11-1 (low)
CVE-2008-1417 [tmp race in axyl leading to symlink attack]
@@ -521,7 +522,7 @@
CVE-2008-1158
RESERVED
CVE-2008-1157 (Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a ...)
- TODO: check
+ NOT-FOR-US: Cisco IPM
CVE-2008-1156
RESERVED
CVE-2008-1155
@@ -657,9 +658,9 @@
CVE-2008-1119 (Directory traversal vulnerability in include/doc/get_image.php in ...)
NOT-FOR-US: Centreon
CVE-2008-1118 (Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does ...)
- TODO: check
+ NOT-FOR-US: Timbuktu Pro
CVE-2008-1117 (Directory traversal vulnerability in the Notes (aka Flash Notes or ...)
- TODO: check
+ NOT-FOR-US: Timbuktu Pro
CVE-2008-1116 (Insecure method vulnerability in the Web Scan Object ActiveX control ...)
NOT-FOR-US: Rising Antivirus
CVE-2008-1115 (Unspecified vulnerability in Sun Solaris 8 directory functions allows ...)
@@ -896,55 +897,55 @@
CVE-2008-1012
RESERVED
CVE-2008-1011 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
- TODO: check
+ NOT-FOR-US: Safari (Mac OS X)
CVE-2008-1010 (Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows ...)
- TODO: check
+ NOT-FOR-US: Safari (Mac OS X)
CVE-2008-1009 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...)
- TODO: check
+ NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1008 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...)
- TODO: check
+ NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1007 (WebCore, as used in Apple Safari before 3.1, does not enforce the ...)
- TODO: check
+ NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1006 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...)
- TODO: check
+ NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1005 (WebCore, as used in Apple Safari before 3.1, does not properly mask ...)
- TODO: check
+ NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1004 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...)
- TODO: check
+ NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1003 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...)
- TODO: check
+ NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1002 (Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2008-1001 (Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2008-1000 (Directory traversal vulnerability in ContentServer.py in the Wiki ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0999 (Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0998 (Unspecified vulnerability in NetCfgTool in the System Configuration ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0997 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0996 (The Printing component in Apple Mac OS X 10.5.2 might save ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0995 (The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0994 (Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0993 (Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0992 (Array index error in pax in Apple Mac OS X 10.5.2 allows ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0991
RESERVED
CVE-2008-0990 (notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0989 (Format string vulnerability in mDNSResponderHelper in Apple Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0988 (Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0987 (Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0986 (Integer overflow in the BMP::readFromStream method in the libsgl.so ...)
NOT-FOR-US: Google Android
CVE-2008-0985 (Heap-based buffer overflow in the GIF library in the WebKit framework ...)
@@ -1024,7 +1025,7 @@
CVE-2008-0950
RESERVED
CVE-2008-0949 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x ...)
- TODO: check
+ NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0948 (Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by ...)
- krb5 1.3-1 (unimportant)
NOTE: glibc properly defines FD_SETSIZE
@@ -1153,7 +1154,7 @@
RESERVED
CVE-2008-0888 (The NEEDBITS macro in the inflate_dynamic function in inflate.c for ...)
{DSA-1522-1}
- TODO: check
+ - unzip 5.52-11
CVE-2008-0887
RESERVED
CVE-2008-0886
@@ -1506,7 +1507,7 @@
CVE-2008-0728 (The unmew11 function in libclamav/mew.c in libclamav in ClamAV before ...)
- clamav 0.92.1~dfsg-1
CVE-2008-0727 (Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server ...)
- TODO: check
+ NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows ...)
NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-0725 (Multiple heap-based buffer overflows in the (1) FTP service and (2) ...)
@@ -1915,9 +1916,9 @@
CVE-2008-0534
RESERVED
CVE-2008-0533 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Cisco ACS
CVE-2008-0532 (Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in ...)
- TODO: check
+ NOT-FOR-US: Cisco ACS
CVE-2008-0531 (Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, ...)
NOT-FOR-US: Cisco
CVE-2008-0530 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...)
@@ -3104,39 +3105,39 @@
{DSA-1524-1}
- krb5 1.6.dfsg.3~beta1-4 (high)
CVE-2008-0060 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0059 (Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0058 (Race condition in the NSURLConnection cache management functionality ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0057 (Multiple integer overflows in a "legacy serialization format" parser ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0056 (Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0055 (Foundation in Apple Mac OS X 10.4.11 creates world-writable ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0054 (Foundation in Apple Mac OS X 10.4.11 might allow context-dependent ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0053 (Unspecified vulnerability in CUPS before 1.3.6 in Apple Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0052 (CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0051 (Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0050 (CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0049 (AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0048 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0047 (Heap-based buffer overflow in CUPS in Apple Mac OS X 10.5.2, when ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0046 (The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0045 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0044 (Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-0043 (Format string vulnerability in Apple iPhoto before 7.1.2 allows remote ...)
NOT-FOR-US: Apple iPhoto
CVE-2008-0042 (Argument injection vulnerability in Terminal.app in Terminal in Apple ...)
More information about the Secure-testing-commits
mailing list