[Secure-testing-commits] r8732 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Thu May 8 09:14:18 UTC 2008
Author: joeyh
Date: 2008-05-08 09:14:17 +0000 (Thu, 08 May 2008)
New Revision: 8732
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-05-08 09:12:09 UTC (rev 8731)
+++ data/CVE/list 2008-05-08 09:14:17 UTC (rev 8732)
@@ -1,3 +1,140 @@
+CVE-2008-6339
+ REJECTED
+ TODO: check
+CVE-2008-2112 (Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and ...)
+ TODO: check
+CVE-2008-2111 (The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and ...)
+ TODO: check
+CVE-2008-2110 (Unrestricted file upload vulnerability in qtofm.php in QTOFileManager ...)
+ TODO: check
+CVE-2008-2109 (field.c in the libid3tag 0.15.0b library allows context-dependent ...)
+ TODO: check
+CVE-2008-2108 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...)
+ TODO: check
+CVE-2008-2107 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...)
+ TODO: check
+CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated ...)
+ TODO: check
+CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, and later versions before 3.0, allows ...)
+ TODO: check
+CVE-2008-2104 (The WebService in Bugzilla before 3.1.3 allows remote authenticated ...)
+ TODO: check
+CVE-2008-2103 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later ...)
+ TODO: check
+CVE-2008-2102
+ RESERVED
+CVE-2008-2101
+ RESERVED
+CVE-2008-2100
+ RESERVED
+CVE-2008-2099
+ RESERVED
+CVE-2008-2098
+ RESERVED
+CVE-2008-2097
+ RESERVED
+CVE-2008-2096 (SQL injection vulnerability in BackLinkSpider allows remote attackers ...)
+ TODO: check
+CVE-2008-2095 (SQL injection vulnerability in index.php in the FlippingBook ...)
+ TODO: check
+CVE-2008-2094 (SQL injection vulnerability in article.php in the Article module for ...)
+ TODO: check
+CVE-2008-2093 (SQL injection vulnerability in the Profiler (com_comprofiler) ...)
+ TODO: check
+CVE-2008-2092 (Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause ...)
+ TODO: check
+CVE-2008-2091 (Directory traversal vulnerability in ipn.php in KubeLabs Kubelance ...)
+ TODO: check
+CVE-2008-2090 (Unspecified vulnerability in the SCTP protocol implementation in Sun ...)
+ TODO: check
+CVE-2008-2089 (Unspecified vulnerability in the SCTP protocol implementation in Sun ...)
+ TODO: check
+CVE-2008-2088 (SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 ...)
+ TODO: check
+CVE-2008-2087 (SQL injection vulnerability in search_result.php in Softbiz Web Host ...)
+ TODO: check
+CVE-2008-2086
+ RESERVED
+CVE-2008-2084 (SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 ...)
+ TODO: check
+CVE-2008-2083 (SQL injection vulnerability in directory.php in Prozilla Hosting ...)
+ TODO: check
+CVE-2008-2082 (Cross-site scripting (XSS) vulnerability in index.php in Siteman ...)
+ TODO: check
+CVE-2008-2081 (Directory traversal vulnerability in index.php in Siteman 2.0.x2 ...)
+ TODO: check
+CVE-2008-2080 (Stack-based buffer overflow in the Read32s_64 function in ...)
+ TODO: check
+CVE-2008-2079 (MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, ...)
+ TODO: check
+CVE-2008-2078 (Robocode before 1.6.0 allows user-assisted remote attackers to "access ...)
+ TODO: check
+CVE-2008-2077 (Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown ...)
+ TODO: check
+CVE-2008-2076 (Directory traversal vulnerability in admin.php in ActualScripts ...)
+ TODO: check
+CVE-2008-2075 (Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 ...)
+ TODO: check
+CVE-2008-2074 (Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin ...)
+ TODO: check
+CVE-2008-2073 (Directory traversal vulnerability in include/global.inc.php in Virtual ...)
+ TODO: check
+CVE-2008-2072 (Cross-site scripting (XSS) vulnerability in index.php in Virtual ...)
+ TODO: check
+CVE-2008-2071
+ RESERVED
+CVE-2008-2070
+ RESERVED
+CVE-2008-2069 (Buffer overflow in Novell GroupWise 7 allows remote attackers to cause ...)
+ TODO: check
+CVE-2008-2068 (Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows ...)
+ TODO: check
+CVE-2008-2067 (SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows ...)
+ TODO: check
+CVE-2008-2066 (Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB ...)
+ TODO: check
+CVE-2008-2065 (SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site ...)
+ TODO: check
+CVE-2008-2064 (Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have ...)
+ TODO: check
+CVE-2008-2063 (SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows ...)
+ TODO: check
+CVE-2008-2062
+ RESERVED
+CVE-2008-2061
+ RESERVED
+CVE-2008-2060
+ RESERVED
+CVE-2008-2059
+ RESERVED
+CVE-2008-2058
+ RESERVED
+CVE-2008-2057
+ RESERVED
+CVE-2008-2056
+ RESERVED
+CVE-2008-2055
+ RESERVED
+CVE-2008-2054
+ RESERVED
+CVE-2008-2053
+ RESERVED
+CVE-2008-2052 (Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 ...)
+ TODO: check
+CVE-2008-2049 (The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows ...)
+ TODO: check
+CVE-2008-2048 (Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in ...)
+ TODO: check
+CVE-2008-2047 (Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow ...)
+ TODO: check
+CVE-2008-2046 (Cross-site scripting (XSS) vulnerability in index.php in Softpedia ...)
+ TODO: check
+CVE-2008-2045 (Absolute path traversal vulnerability in SugarCRM Sugar Community ...)
+ TODO: check
+CVE-2008-2044 (includes/library.php in netOffice Dwins 1.3 p2 compares the ...)
+ TODO: check
+CVE-2008-2043 (Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, ...)
+ TODO: check
CVE-2008-XXXX [php suboptimal seeding]
- php5 <unfixed> (low)
- php4 <unfixed> (low)
@@ -4,17 +141,18 @@
NOTE: http://www.sektioneins.de/advisories/SE-2008-02.txt
NOTE: I don't believe we need to address this, likely no-dsa, but needs further checking
CVE-2008-2085 [stack-based buffer overflow in get_remote_ip_media and get_remote_ipv6_media function]
+ RESERVED
- sip-tester 2.0.1-1.2 (medium; bug #479039)
-CVE-2008-2051 [incomplete multibyte chars inside escapeshellcmd]
+CVE-2008-2051 (The escapeshellcmd API function in PHP before 5.2.6 has unknown impact ...)
- php5 5.2.6-1
NOTE: http://www.php.net/ChangeLog-5.php
NOTE: http://www.sektioneins.de/advisories/SE-2008-03.txt
-CVE-2008-2050 [possible stack buffer overflow in the FastCGI SAPI]
+CVE-2008-2050 (Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP ...)
- php5 5.2.6-1
NOTE: php4 not affected, the vulnerable code isn't present
NOTE: http://www.php.net/ChangeLog-5.php
-CVE-2008-2042
- RESERVED
+CVE-2008-2042 (The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly ...)
+ TODO: check
CVE-2008-2039
RESERVED
CVE-2008-2038 (Multiple SQL injection vulnerabilities in admin/adminindex.php in ...)
@@ -27,7 +165,8 @@
NOT-FOR-US: Bluemoon
CVE-2008-2034 (SQL injection vulnerability in wp-download_monitor/download.php in the ...)
NOT-FOR-US: wordpress Download Monitor 2.0.6 plugin
-CVE-2008-2033 (Multiple unspecified vulnerabilities in ZoneMinder before 1.23.3 allow ...)
+CVE-2008-2033
+ REJECTED
- zoneminder 1.23.3-1 (medium; bug #479034)
NOTE: dup of CVE-2008-1381
CVE-2008-2032 (The FTP service in Acritum Femitter Server 1.03 allows remote ...)
@@ -85,8 +224,8 @@
RESERVED
CVE-2008-2006
RESERVED
-CVE-2008-2005
- RESERVED
+CVE-2008-2005 (The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before ...)
+ TODO: check
CVE-2008-2004
RESERVED
CVE-2008-2003 (BadBlue 2.72 Personal Edition stores multiple programs in the web ...)
@@ -796,7 +935,7 @@
NOTE: This is more a generic bug and not a security issue: the random output would
NOTE: need to match the name of an existing macro
CVE-2008-1686 (Array index vulnerability in Speex 1.1.12 and earlier, as used in ...)
- {DTSA-127-1 DTSA-128-1}
+ {DTSA-127-1 DTSA-128-1 DTSA-129-1}
- speex 1.2~beta2-1 (medium)
- libfishsound 0.7.0-2.2 (medium; bug #475152)
- xine-lib 1.1.12-1 (medium)
@@ -823,8 +962,8 @@
RESERVED
CVE-2008-1676
RESERVED
-CVE-2008-1675
- RESERVED
+CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux ...)
+ TODO: check
CVE-2008-1674
RESERVED
CVE-2008-1673
@@ -837,8 +976,8 @@
CVE-2008-1670 (Heap-based buffer overflow in the progressive PNG Image loader ...)
- kdelibs <not-affected> (Vulnerable code introduce in kde 4.0)
- kde4libs 4:4.0.72-1 (bug #478283)
-CVE-2008-1669
- RESERVED
+CVE-2008-1669 (Linux kernel before 2.6.25.2 does not apply a certain protection ...)
+ TODO: check
CVE-2008-1668
RESERVED
CVE-2008-1667
@@ -857,8 +996,8 @@
RESERVED
CVE-2008-1660
RESERVED
-CVE-2008-1659
- RESERVED
+CVE-2008-1659 (Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 ...)
+ TODO: check
CVE-2008-1658 (Format string vulnerability in the grant helper ...)
- policykit 0.8-1 (medium; bug #476615; bug #476616)
CVE-2008-1657 (OpenSSH before 4.9 allows remote authenticated users to bypass the ...)
@@ -950,8 +1089,8 @@
NOT-FOR-US: WorkSite Web
CVE-2008-1616
RESERVED
-CVE-2008-1615
- RESERVED
+CVE-2008-1615 (Linux kernel 2.6.18, and possibly other versions, when running on ...)
+ TODO: check
CVE-2008-1614 (suPHP before 0.6.3 allows local users to gain privileges via (1) a ...)
{DSA-1550-1 DTSA-124-1}
- suphp <unfixed> (low; bug #475431)
@@ -1480,8 +1619,7 @@
- libpng 1.2.26-1 (low; bug #476669)
NOTE: 1.2.26-1 contains a patch to fix that
[etch] - libpng <no-dsa> (Minor issue, rare function)
-CVE-2008-1381 [arbitrary command execution via unescaped shell meta characters]
- RESERVED
+CVE-2008-1381 (ZoneMinder before 1.23.3 allows remote authenticated users, and ...)
- zoneminder 1.23.3-1 (medium; bug #479034)
NOTE: http://www.awe.com/mark/blog/200804272230.html
CVE-2008-1380 (The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird ...)
@@ -1498,8 +1636,7 @@
RESERVED
CVE-2008-1376
RESERVED
-CVE-2008-1375
- RESERVED
+CVE-2008-1375 (Race condition in the directory notification subsystem (dnotify) in ...)
{DSA-1565-1}
- linux-2.6 <unfixed>
CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux ...)
@@ -1696,9 +1833,9 @@
- axyl 2.2.0 (low; bug #471227)
[sarge] - axyl <not-affected> (Vulnerable code not present)
[etch] - axyl <not-affected> (Vulnerable code not present)
-CVE-2008-1294 [setrlimit(RLIMIT_CPUINFO) with zero value doesn't inherit properly across children]
- RESERVED
+CVE-2008-1294 (Linux kernel 2.6.17, and other versions before 2.6.22, does not check ...)
{DSA-1565-1}
+ TODO: check
CVE-2008-1318 (Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows ...)
- mediawiki 1:1.11.2-1
[etch] - mediawiki <not-affected> (Versions prior to 1.11 do not include callback feature)
@@ -2106,7 +2243,7 @@
[sarge] - dovecot <not-affected> (Vulnerable code not present)
NOTE: exploitable through code introduced in 1.0.11
NOTE: http://www.dovecot.org/list/dovecot-news/2008-March/000064.html
-CVE-2008-1293 (ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 pass the -ac ...)
+CVE-2008-1293 (ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac ...)
{DSA-1561-1 DTSA-118-1}
- ldm 2:0.1~bzr20080308-1 (bug #469462)
- ltsp 5.0.40~bzr20071229-1
@@ -3281,8 +3418,7 @@
CVE-2008-0600 (The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 ...)
{DSA-1494-1 DTSA-113-1}
- linux-2.6 2.6.24-4 (high)
-CVE-2008-0599 [unknown PHP issue]
- RESERVED
+CVE-2008-0599 (cgi_main.c in PHP before 5.2.6 does not properly calculate the length ...)
- php5 5.2.6-1
NOTE: http://www.php.net/releases/5_2_6.php
TODO: get details, check php4 affectedness
@@ -5510,8 +5646,8 @@
NOTE: maybe this should be unimportant as applications using net-dns should handle this croak
CVE-2007-6340 (Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream ...)
NOT-FOR-US: Geert Moernaut LSrunasE and Supercrypt
-CVE-2007-6339
- RESERVED
+CVE-2007-6339 (The Akamai Download Manager (aka DLM or dlmanager) ActiveX control ...)
+ TODO: check
CVE-2007-6338 (SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill ...)
NOT-FOR-US: Trivantis CourseMill Enterprise Learning Management System
CVE-2007-6337 (Unspecified vulnerability in the bzip2 decompression algorithm in ...)
@@ -5634,8 +5770,8 @@
- libxml 1.8.17-14.1 (medium)
CVE-2007-6283 (Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key ...)
- bind9 <not-affected> (On Debian this file is rw for user bind and just readable for group bind)
-CVE-2007-6282
- RESERVED
+CVE-2007-6282 (The IPsec implementation in Linux kernel before 2.6.25 allows remote ...)
+ TODO: check
CVE-2007-6281 (Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in ...)
NOT-FOR-US: St. Bernard Open File Manager
CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before ...)
@@ -8236,8 +8372,8 @@
NOTE: kernel-sec is already tracking this
CVE-2007-5499
REJECTED
-CVE-2007-5498
- RESERVED
+CVE-2007-5498 (The Xen hypervisor block backend driver for Linux kernel 2.6.18, when ...)
+ TODO: check
CVE-2007-5497 (Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 ...)
{DSA-1422-1 DTSA-95-1}
- e2fsprogs 1.40.3-1 (bug #454760)
@@ -9713,7 +9849,7 @@
NOT-FOR-US: CA ARCserve Backup
CVE-2007-5002
RESERVED
-CVE-2007-5001 [kernel panic related to asynchronous io]
+CVE-2007-5001 (Linux kernel before 2.4.21 allows local users to cause a denial of ...)
- linux-2.6 <not-affected> (RedHat/RHEL3 specific patch only)
CVE-2007-5000 (Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in ...)
[sarge] - apache2 <no-dsa> (minor issue)
@@ -18328,7 +18464,7 @@
NOT-FOR-US: JobSitePro
CVE-2007-1427 (Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a ...)
NOT-FOR-US: AssetMan
-CVE-2007-1426 (AstroCam before 2.6.6 allows remote attackers to cause a denial of ...)
+CVE-2007-1426 (The web interface in AstroCam 2.0.0 through 2.6.5 allows remote ...)
NOT-FOR-US: AstroCam
CVE-2007-1425 (SQL injection vulnerability in index.php in Triexa SonicMailer Pro ...)
NOT-FOR-US: SonicMailer Pro
@@ -46837,7 +46973,7 @@
NOT-FOR-US: Microsoft
CVE-2002-1875 (Entercept Agent 2.5 agent for Windows, released before May 21, 2002, ...)
NOT-FOR-US: Entercept Agent
-CVE-2002-1874 (astrocam.cgi in AstroCam 1.7.1 through 2.1.2 allows remote attackers ...)
+CVE-2002-1874 (astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers ...)
NOT-FOR-US: Astrocam
CVE-2002-1873 (Microsoft Exchange 2000, when used with Microsoft Remote Procedure ...)
NOT-FOR-US: Microsoft
More information about the Secure-testing-commits
mailing list