[Secure-testing-commits] r10416 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Tue Nov 18 21:14:21 UTC 2008
Author: joeyh
Date: 2008-11-18 21:14:20 +0000 (Tue, 18 Nov 2008)
New Revision: 10416
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-18 18:41:13 UTC (rev 10415)
+++ data/CVE/list 2008-11-18 21:14:20 UTC (rev 10416)
@@ -1,4 +1,72 @@
-CVE-2008-5110 [syslog-ng not properly chrooting]
+CVE-2008-5132 (SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT ...)
+ TODO: check
+CVE-2008-5131 (Multiple SQL injection vulnerabilities in Develop It Easy News And ...)
+ TODO: check
+CVE-2008-5130 (Ocean12 Calendar Manager Gold 2.04 stores sensitive information under ...)
+ TODO: check
+CVE-2008-5129 (Ocean12 Poll Manager Pro 1.00 stores sensitive information under the ...)
+ TODO: check
+CVE-2008-5128 (Ocean12 Membership Manager Pro stores sensitive information under the ...)
+ TODO: check
+CVE-2008-5127 (Ocean12 Contact Manager Pro 1.02 stores sensitive information under ...)
+ TODO: check
+CVE-2008-5126 (Cross-site scripting (XSS) vulnerability in search.php in BoutikOne ...)
+ TODO: check
+CVE-2008-5125 (admin.php in CCleague Pro 1.2 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-5124 (JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to ...)
+ TODO: check
+CVE-2008-5123 (SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows ...)
+ TODO: check
+CVE-2008-5122 (SQL injection vulnerability in ContentRatingGraph.aspx in Ektron ...)
+ TODO: check
+CVE-2008-5121 (dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 ...)
+ TODO: check
+CVE-2008-5120 (Stack-based buffer overflow in the Process Software MultiNet finger ...)
+ TODO: check
+CVE-2008-5119 (Cross-site scripting (XSS) vulnerability in search.php in ...)
+ TODO: check
+CVE-2008-5118 (Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 ...)
+ TODO: check
+CVE-2008-5117 (Open redirect vulnerability in Sun Java System Identity Manager 6.0 ...)
+ TODO: check
+CVE-2008-5116 (Unspecified vulnerability in Sun Java System Identity Manager 6.0 ...)
+ TODO: check
+CVE-2008-5115 (Cross-site request forgery (CSRF) vulnerability in Sun Java System ...)
+ TODO: check
+CVE-2008-5114 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
+ TODO: check
+CVE-2008-5113 (WordPress 2.6.3 relies on the REQUEST superglobal array in certain ...)
+ TODO: check
+CVE-2008-5112 (The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and ...)
+ TODO: check
+CVE-2008-5111 (Unspecified vulnerability in the socket function in Sun Solaris 10 and ...)
+ TODO: check
+CVE-2008-5109
+ RESERVED
+CVE-2008-5108 (Unspecified vulnerability in Adobe AIR 1.1 and earlier allows ...)
+ TODO: check
+CVE-2008-5107 (The installation process for Citrix Presentation Server 4.5 and ...)
+ TODO: check
+CVE-2008-5106 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote ...)
+ TODO: check
+CVE-2008-5105 (KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a ...)
+ TODO: check
+CVE-2008-5104 (Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual ...)
+ TODO: check
+CVE-2008-5103 (The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in ...)
+ TODO: check
+CVE-2008-5102 (PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other ...)
+ TODO: check
+CVE-2008-5101 (Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows ...)
+ TODO: check
+CVE-2008-5100 (The strong name (SN) implementation in Microsoft .NET Framework ...)
+ TODO: check
+CVE-2008-5099 (Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through ...)
+ TODO: check
+CVE-2008-5098 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging ...)
+ TODO: check
+CVE-2008-5110 (syslog-ng does not call chdir when it calls chroot, which might allow ...)
- syslog-ng <unfixed> (unimportant; bug #505791)
NOTE: no security flaw by itself, still it should be fixed
CVE-2008-XXXX [dovecot directory traversal]
@@ -186,8 +254,7 @@
NOT-FOR-US: IBM Lotus Quickr
CVE-2008-5009 (Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, ...)
NOT-FOR-US: Sun Solstice X.25
-CVE-2008-5025 [kernel: one more hfsplus issue]
- RESERVED
+CVE-2008-5025 (Stack-based buffer overflow in the hfs_cat_find_brec function in ...)
- linux-2.6 2.6.26-11
- linux-2.6.24 <unfixed>
CVE-2008-5029 (The __scm_destroy function in net/core/scm.c in the Linux kernel ...)
@@ -512,8 +579,8 @@
RESERVED
CVE-2008-4833
RESERVED
-CVE-2008-4832
- RESERVED
+CVE-2008-4832 (rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows ...)
+ TODO: check
CVE-2008-4831 (Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ...)
NOT-FOR-US: Adobe ColdFusion
CVE-2008-4830
@@ -528,8 +595,8 @@
RESERVED
CVE-2008-4825
RESERVED
-CVE-2008-4824
- RESERVED
+CVE-2008-4824 (Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before ...)
+ TODO: check
CVE-2008-4823 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player ...)
TODO: check
CVE-2008-4822 (Adobe Flash Player 9.0.124.0 and earlier does not properly interpret ...)
@@ -1448,8 +1515,8 @@
RESERVED
CVE-2008-4416
RESERVED
-CVE-2008-4415
- RESERVED
+CVE-2008-4415 (Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 ...)
+ TODO: check
CVE-2008-4414 (Unspecified vulnerability in the AdvFS showfile command in HP Tru64 ...)
NOT-FOR-US: HP Tru64 UNIX
CVE-2008-4413 (Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 ...)
@@ -1939,8 +2006,8 @@
RESERVED
CVE-2008-4217
RESERVED
-CVE-2008-4216
- RESERVED
+CVE-2008-4216 (The plug-in interface in WebKit in Apple Safari before 3.2 does not ...)
+ TODO: check
CVE-2008-4215 (Weblog in Mac OS X Server 10.4.11 does not properly check an error ...)
NOT-FOR-US: Weblog Mac OS X
CVE-2008-4214 (Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and ...)
@@ -3491,8 +3558,8 @@
NOT-FOR-US: MacOS-only problem
CVE-2008-3645 (Heap-based buffer overflow in the local IPC component in the ...)
NOT-FOR-US: Mac OS
-CVE-2008-3644
- RESERVED
+CVE-2008-3644 (Apple Safari before 3.2 does not properly prevent caching of form data ...)
+ TODO: check
CVE-2008-3643 (Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows ...)
NOT-FOR-US: Mac OS
CVE-2008-3642 (Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows ...)
@@ -3540,8 +3607,8 @@
NOT-FOR-US: Apple QuickTime
CVE-2008-3624 (Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows ...)
NOT-FOR-US: Apple QuickTime
-CVE-2008-3623
- RESERVED
+CVE-2008-3623 (Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 ...)
+ TODO: check
CVE-2008-3622 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...)
NOT-FOR-US: Mac OS X
CVE-2008-3621 (VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 ...)
@@ -3770,7 +3837,7 @@
{DSA-1655-1 DSA-1653-1}
- linux-2.6 2.6.26-7
- linux-2.6.24 <unfixed>
-CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 in Fedora 9 allows local ...)
+CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux ...)
NOT-FOR-US: rc.sysinit on Fedora
CVE-2008-3523
RESERVED
@@ -12732,12 +12799,12 @@
- icedove 2.0.0.17-1
CVE-2008-0015
RESERVED
-CVE-2008-0014
- RESERVED
-CVE-2008-0013
- RESERVED
-CVE-2008-0012
- RESERVED
+CVE-2008-0014 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
+ TODO: check
+CVE-2008-0013 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
+ TODO: check
+CVE-2008-0012 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
+ TODO: check
CVE-2008-0011 (Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 ...)
NOT-FOR-US: Microsoft DirectX
CVE-2007-6387 (Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ...)
@@ -29449,12 +29516,12 @@
NOT-FOR-US: Openforum
CVE-2007-0075 (AspBB stores sensitive information under the web root with ...)
NOT-FOR-US: AspBB
-CVE-2007-0074
- RESERVED
-CVE-2007-0073
- RESERVED
-CVE-2007-0072
- RESERVED
+CVE-2007-0074 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
+ TODO: check
+CVE-2007-0073 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
+ TODO: check
+CVE-2007-0072 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
+ TODO: check
CVE-2007-0071 (Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and ...)
- flashplugin-nonfree 1:1.4
NOTE: Fix came from Adobe via new Adobe Flash Player, debian package didn't change
@@ -33327,10 +33394,10 @@
NOT-FOR-US: McAfee
CVE-2006-5270 (Integer overflow in the Microsoft Malware Protection Engine ...)
NOT-FOR-US: Microsoft
-CVE-2006-5269
- RESERVED
-CVE-2006-5268
- RESERVED
+CVE-2006-5269 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
+ TODO: check
+CVE-2006-5268 (Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 ...)
+ TODO: check
CVE-2006-5267
RESERVED
CVE-2006-5266 (Multiple buffer overflows in Microsoft Dynamics GP (formerly Great ...)
More information about the Secure-testing-commits
mailing list