[Secure-testing-commits] r8792 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Tue May 13 09:14:17 UTC 2008
Author: joeyh
Date: 2008-05-13 09:14:15 +0000 (Tue, 13 May 2008)
New Revision: 8792
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-05-12 21:52:44 UTC (rev 8791)
+++ data/CVE/list 2008-05-13 09:14:15 UTC (rev 8792)
@@ -1,8 +1,104 @@
-CVE-2008-2142 [emacs code execution in fast-lock-mode]
+CVE-2008-2162 (Cross-site scripting (XSS) vulnerability in SonicWall Email Security ...)
+ TODO: check
+CVE-2008-2161 (Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly ...)
+ TODO: check
+CVE-2008-2160 (Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image ...)
+ TODO: check
+CVE-2008-2159 (Microsoft Internet Explorer 7 can save encrypted pages in the cache ...)
+ TODO: check
+CVE-2008-2158
+ RESERVED
+CVE-2008-2157
+ RESERVED
+CVE-2008-2156
+ RESERVED
+CVE-2008-2155
+ RESERVED
+CVE-2008-2154
+ RESERVED
+CVE-2008-2153
+ RESERVED
+CVE-2008-2152
+ RESERVED
+CVE-2008-2151
+ RESERVED
+CVE-2008-2150
+ RESERVED
+CVE-2008-2149 (Stack-based buffer overflow in the searchwn function in Wordnet 2.0, ...)
+ TODO: check
+CVE-2008-2148 (The utimensat system call in Linux kernel 2.6.22 and other versions ...)
+ TODO: check
+CVE-2008-2145 (Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier ...)
+ TODO: check
+CVE-2008-2144 (Multiple unspecified vulnerabilities in Solaris print service for Sun ...)
+ TODO: check
+CVE-2008-2143 (Unspecified versions of Microsoft Outlook Web Access (OWA) use the ...)
+ TODO: check
+CVE-2008-2141
+ RESERVED
+CVE-2008-2140 (Cross-site request forgery (CSRF) vulnerability in the rootpw plugin ...)
+ TODO: check
+CVE-2008-2139 (The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not ...)
+ TODO: check
+CVE-2008-2138 (Oracle Application Server (OracleAS) Portal 10g allows remote ...)
+ TODO: check
+CVE-2008-2137
+ RESERVED
+CVE-2008-2136
+ RESERVED
+CVE-2008-2135 (Multiple SQL injection vulnerabilities in VisualShapers ezContents ...)
+ TODO: check
+CVE-2008-2134 (The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to ...)
+ TODO: check
+CVE-2008-2133 (Cross-site scripting (XSS) vulnerability in the Journal module in ...)
+ TODO: check
+CVE-2008-2132 (SQL injection vulnerability in step1.asp in Systementor PostcardMentor ...)
+ TODO: check
+CVE-2008-2131 (Cross-site scripting (XSS) vulnerability in mvnForum 1.1 GA allows ...)
+ TODO: check
+CVE-2008-2130 (SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows ...)
+ TODO: check
+CVE-2008-2129 (SQL injection vulnerability in index.php in Galleristic 1.0, when ...)
+ TODO: check
+CVE-2008-2128 (PHP remote file inclusion vulnerability in templates/header.php in CMS ...)
+ TODO: check
+CVE-2008-2127 (Cross-site scripting (XSS) vulnerability in search.php in CMS Faethon ...)
+ TODO: check
+CVE-2008-2126 (Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 ...)
+ TODO: check
+CVE-2008-2125 (SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and ...)
+ TODO: check
+CVE-2008-2124 (SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS ...)
+ TODO: check
+CVE-2008-2123 (Cross-site scripting (XSS) vulnerability in WGate in SAP Internet ...)
+ TODO: check
+CVE-2008-2122 (IBM Rational Build Forge 7.0.2 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2008-2121 (The TCP implementation in Sun Solaris 8, 9, and 10 allows remote ...)
+ TODO: check
+CVE-2008-2120 (Unspecified vulnerability in Sun Java System Application Server 7 ...)
+ TODO: check
+CVE-2008-2119
+ RESERVED
+CVE-2008-2118 (SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows ...)
+ TODO: check
+CVE-2008-2117 (Cross-site scripting (XSS) vulnerability in pages/news.page.inc in ...)
+ TODO: check
+CVE-2008-2116 (Multiple directory traversal vulnerabilities in editor.php in ...)
+ TODO: check
+CVE-2008-2115 (Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ...)
+ TODO: check
+CVE-2008-2114 (SQL injection vulnerability in emall/search.php in Pre Shopping Mall ...)
+ TODO: check
+CVE-2008-2113 (SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 ...)
+ TODO: check
+CVE-2003-1558 (Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to ...)
+ TODO: check
+CVE-2008-2142 (Emacs 21 and XEmacs automatically load and execute .flc (fast lock) ...)
- emacs22 <unfixed> (low; bug #480885)
- xemacs21 <unfixed> (low; bug #480886)
- emacs21 <unfixed> (low; bug #480877)
-CVE-2008-2147 [vlc privilege escalation]
+CVE-2008-2147 (Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 ...)
- vlc <unfixed> (low; bug #480724)
NOTE: https://trac.videolan.org/vlc/ticket/1578
NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181
@@ -29,7 +125,7 @@
NOTE: closely related to CVE-2008-2108
CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated ...)
NOT-FOR-US: Call of Duty
-CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, and later versions before 3.0, allows ...)
+CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.3, and 3.1.x before ...)
- bugzilla 3.0.4-1
[etch] - bugzilla <not-affected> (vulnerable code introduced in 2.23.4)
CVE-2008-2104 (The WebService in Bugzilla before 3.1.3 allows remote authenticated ...)
@@ -96,10 +192,10 @@
NOT-FOR-US: vlbook
CVE-2008-2072 (Cross-site scripting (XSS) vulnerability in index.php in Virtual ...)
NOT-FOR-US: vlbook
-CVE-2008-2071
- RESERVED
-CVE-2008-2070
- RESERVED
+CVE-2008-2071 (Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM ...)
+ TODO: check
+CVE-2008-2070 (The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 ...)
+ TODO: check
CVE-2008-2069 (Buffer overflow in Novell GroupWise 7 allows remote attackers to cause ...)
NOT-FOR-US: Novell GroupWise
CVE-2008-2068 (Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows ...)
@@ -150,8 +246,7 @@
NOT-FOR-US: netOffice Dwins
CVE-2008-2043 (Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, ...)
NOT-FOR-US: cPanel
-CVE-2008-2085 [stack-based buffer overflow in get_remote_ip_media and get_remote_ipv6_media function]
- RESERVED
+CVE-2008-2085 (Multiple stack-based buffer overflows in the (1) get_remote_ip_media ...)
- sip-tester 2.0.1-1.2 (low; bug #479039)
CVE-2008-2051 (The escapeshellcmd API function in PHP before 5.2.6 has unknown impact ...)
{DSA-1572-1}
@@ -236,8 +331,8 @@
RESERVED
CVE-2008-2005 (The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before ...)
NOT-FOR-US: SuiteLink
-CVE-2008-2004
- RESERVED
+CVE-2008-2004 (The drive_init function in QEMU 0.9.1 determines the format of a raw ...)
+ TODO: check
CVE-2008-2003 (BadBlue 2.72 Personal Edition stores multiple programs in the web ...)
NOT-FOR-US: BadBlue
CVE-2008-2002 (Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola ...)
@@ -333,7 +428,7 @@
NOT-FOR-US: Tr Script News
CVE-2008-1957 (SQL injection vulnerability in news.php in Tr Script News 2.1 allows ...)
NOT-FOR-US: Tr Script News
-CVE-2008-2146 [privilege escalation in wordpress]
+CVE-2008-2146 (wp-includes/vars.php in Wordpress before 2.2.3 does not properly ...)
{DSA-1564-1}
- wordpress 2.2.3-1
NOTE: http://trac.wordpress.org/ticket/4748
@@ -473,7 +568,7 @@
NOT-FOR-US: Carbon Communities
CVE-2008-1899
RESERVED
-CVE-2008-1898 (WkImgSrv.dll 7.03.0616 in Microsoft Works 7 allows remote attackers to ...)
+CVE-2008-1898 (A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed ...)
NOT-FOR-US: Microsoft Works
CVE-2008-1897 (The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, ...)
{DSA-1563-1}
@@ -511,8 +606,8 @@
CVE-2008-1881 (Stack-based buffer overflow in the ParseSSA function ...)
{DTSA-125-1}
- vlc 0.8.6.e-2.1 (medium; bug #477805)
-CVE-2008-1880
- RESERVED
+CVE-2008-1880 (The default configuration of Firebird before 2.0.3.12981.0-r6 on ...)
+ TODO: check
CVE-2008-1879
RESERVED
CVE-2007-6715 (Mozilla Firefox allows remote attackers to cause a denial of service ...)
@@ -672,16 +767,13 @@
RESERVED
CVE-2008-1804
RESERVED
-CVE-2008-1803 [rdesktop signedness error in xrealloc]
- RESERVED
+CVE-2008-1803 (Integer signedness error in the xrealloc function (rdesktop.c) in ...)
{DSA-1573-1}
- rdesktop 1.5.0-4+cvs20071006 (bug #480135)
-CVE-2008-1802 [rdesktop heap overflow via RDP redirect request]
- RESERVED
+CVE-2008-1802 (Buffer overflow in the process_redirect_pdu (rdp.c) function in ...)
{DSA-1573-1}
- rdesktop 1.5.0-4+cvs20071006 (bug #480134)
-CVE-2008-1801 [rdesktop heap overflow]
- RESERVED
+CVE-2008-1801 (Integer underflow in the iso_recv_msg function (iso.c) in rdesktop ...)
{DSA-1573-1}
- rdesktop 1.5.0-4+cvs20071006 (bug #480133)
CVE-2008-1800 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
@@ -935,7 +1027,7 @@
NOTE: see GfxFont.cc GfxFont::readEmbFontFile, line 362 checks if the font file is
NOTE: a stream or not. Anyone knows a fixed version?
- texlive-base <not-affected> (Vulnerable code not present)
-CVE-2008-1692 (Eterm 0.9.4 opens an xterm on :0 if -display is not specified and the ...)
+CVE-2008-1692 (Eterm 0.9.4 opens a terminal window on :0 if -display is not specified ...)
- eterm 0.9.4.0debian1-2.1 (unimportant; bug #473127)
CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and ...)
NOT-FOR-US: SLMail Pro
@@ -975,8 +1067,8 @@
- python2.5 2.5.2-3
CVE-2008-1678
RESERVED
-CVE-2008-1677
- RESERVED
+CVE-2008-1677 (Buffer overflow in the regular expression handler in Red Hat Directory ...)
+ TODO: check
CVE-2008-1676
RESERVED
CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux ...)
@@ -996,6 +1088,7 @@
- kdelibs <not-affected> (Vulnerable code introduce in kde 4.0)
- kde4libs 4:4.0.72-1 (bug #478283)
CVE-2008-1669 (Linux kernel before 2.6.25.2 does not apply a certain protection ...)
+ {DSA-1575-1}
- linux-2.6 2.6.25-2 (low)
NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9
CVE-2008-1668
@@ -1982,31 +2075,31 @@
- xulrunner 1.8.1.13-1
- iceape 1.1.9-1
CVE-2008-1237 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
- {DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
+ {DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
- iceweasel 2.0.0.13-1
- xulrunner 1.8.1.13-1
- iceape 1.1.9-1
- icedove 2.0.0.14-1
CVE-2008-1236 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
- {DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
+ {DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
- iceweasel 2.0.0.13-1
- xulrunner 1.8.1.13-1
- iceape 1.1.9-1
- icedove 2.0.0.14-1
CVE-2008-1235 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, ...)
- {DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
+ {DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
- iceweasel 2.0.0.13-1
- xulrunner 1.8.1.13-1
- iceape 1.1.9-1
- icedove 2.0.0.14-1
CVE-2008-1234 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
- {DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
+ {DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
- iceweasel 2.0.0.13-1
- xulrunner 1.8.1.13-1
- iceape 1.1.9-1
- icedove 2.0.0.14-1
CVE-2008-1233 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, ...)
- {DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
+ {DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
- iceweasel 2.0.0.13-1
- xulrunner 1.8.1.13-1
- iceape 1.1.9-1
@@ -2467,7 +2560,7 @@
CVE-2008-1111 (mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts ...)
{DSA-1513-1}
- lighttpd 1.4.18-4 (low; bug #469307)
-CVE-2008-1142 (rxvt 2.6.4 opens an xterm on :0 if the DISPLAY environment variable is ...)
+CVE-2008-1142 (rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment ...)
- rxvt 1:2.6.4-13 (unimportant; bug #469296)
CVE-2008-1055 (Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 ...)
NOT-FOR-US: SurgeMail
@@ -3449,7 +3542,7 @@
CVE-2008-0600 (The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 ...)
{DSA-1494-1 DTSA-113-1}
- linux-2.6 2.6.24-4 (high)
-CVE-2008-0599 (cgi_main.c in PHP before 5.2.6 does not properly calculate the length ...)
+CVE-2008-0599 (The init_request_info function in sapi/cgi/cgi_main.c in PHP before ...)
- php5 5.2.6-1
[etch] - php5 <not-affected> (Vulnerable code not yet present)
[etch] - php4 <not-affected> (Vulnerable code not yet present)
@@ -27298,8 +27391,8 @@
RESERVED
CVE-2006-4728
RESERVED
-CVE-2006-4727
- RESERVED
+CVE-2006-4727 (Cross-site scripting (XSS) vulnerability in emfadmin/statusView.do in ...)
+ TODO: check
CVE-2006-4726 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 ...)
NOT-FOR-US: Adobe
CVE-2006-4725 (Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security ...)
@@ -49324,7 +49417,8 @@
NOT-FOR-US: no_package
CVE-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view ...)
NOT-FOR-US: no_package
-CVE-2004-1886 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...)
+CVE-2004-1886
+ REJECTED
NOT-FOR-US: no_package
CVE-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...)
NOT-FOR-US: no_package
@@ -49400,7 +49494,7 @@
NOT-FOR-US: no_package
CVE-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 ...)
NOT-FOR-US: no_package
-CVE-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...)
+CVE-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...)
NOT-FOR-US: no_package
CVE-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass authentication ...)
NOT-FOR-US: no_package
More information about the Secure-testing-commits
mailing list