[Secure-testing-commits] r10443 - data/CVE
atomo64-guest at alioth.debian.org
atomo64-guest at alioth.debian.org
Fri Nov 21 00:07:46 UTC 2008
Author: atomo64-guest
Date: 2008-11-21 00:07:44 +0000 (Fri, 21 Nov 2008)
New Revision: 10443
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-20 22:30:16 UTC (rev 10442)
+++ data/CVE/list 2008-11-21 00:07:44 UTC (rev 10443)
@@ -4,27 +4,27 @@
CVE-2008-XXXX [multiple insecure temp files issues in mailscanner]
- mailscanner <unfixed> (bug #506353)
CVE-2008-5175 (Directory traversal vulnerability in the FTP client in AceFTP Freeware ...)
- TODO: check
+ NOT-FOR-US: AceFTP
CVE-2008-5174 (SQL injection vulnerability in joke.php in Jokes Complete Website ...)
- TODO: check
+ NOT-FOR-US: Jokes Complete Website
CVE-2008-5173 (Unspecified vulnerability in testMaker before 3.0p16 allows remote ...)
- TODO: check
+ NOT-FOR-US: testMaker
CVE-2008-5172 (Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum ...)
- TODO: check
+ NOT-FOR-US: Yazd Forum Software
CVE-2008-5171 (Multiple directory traversal vulnerabilities in admin/minibb/index.php ...)
- TODO: check
+ NOT-FOR-US: phpBLASTER CMS
CVE-2008-5170 (SQL injection vulnerability in item.php in Cheats Complete Website ...)
- TODO: check
+ NOT-FOR-US: Cheats Complete Website
CVE-2008-5169 (SQL injection vulnerability in drinks/drink.php in Drinks Complete ...)
- TODO: check
+ NOT-FOR-US: Drinks Complete Website
CVE-2008-5168 (SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 ...)
- TODO: check
+ NOT-FOR-US: Tips Complete Website
CVE-2008-5167 (PHP remote file inclusion vulnerability in layout/default/params.php ...)
- TODO: check
+ NOT-FOR-US: Orca Interactive Forum Script
CVE-2008-5166 (SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 ...)
- TODO: check
+ NOT-FOR-US: Riddles Website
CVE-2008-5165 (Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote ...)
- TODO: check
+ NOT-FOR-US: eTicket
CVE-2008-5164 (Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS ...)
NOT-FOR-US: The Rat CMS
CVE-2008-5163 (Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 ...)
@@ -41,9 +41,9 @@
CVE-2008-5160 (Unspecified vulnerability in MyServer 0.8.11 allows remote attackers ...)
- msp-webserver <unfixed> (bug #506268)
CVE-2008-5159 (Integer overflow in the remote administration protocol processing in ...)
- TODO: check
+ NOT-FOR-US: WinCom LPD
CVE-2008-5158 (Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: WinCom LPD
CVE-2008-5157 (tau 2.16.4 allows local users to overwrite arbitrary files via a ...)
- tau <unfixed> (bug #506348)
CVE-2008-5156 (si_mkbootserver in systemimager-server 3.6.3 allows local users to ...)
@@ -92,7 +92,7 @@
- flamethrower <unfixed> (bug #506350)
CVE-2008-5140 (trend-autoupdate.new in mailscanner 4.55.10 allows local users to ...)
[etch] - mailscanner <no-dsa> (unimportant)
- - mailscanner <not-affected> (affected file no longer present)
+ - mailscanner 4.57.6-1
NOTE: script should only be used when the private Trend Micro antivirus is installed
CVE-2008-5139 (updatejail in jailer 0.4 allows local users to overwrite arbitrary ...)
- jailer <unfixed>
@@ -288,21 +288,21 @@
CVE-2008-5048 (Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and ...)
NOT-FOR-US: ISecSoft Anti-Trojan
CVE-2008-5047 (SQL injection vulnerability in admin/index.php in Mole Group Rental ...)
- TODO: check
+ NOT-FOR-US: Mole Group Rental Script
CVE-2008-5046 (SQL injection vulnerability in index.php in Mole Group Pizza Script ...)
- TODO: check
+ NOT-FOR-US: Mole Group Pizza Script
CVE-2008-5045 (Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly ...)
TODO: check
CVE-2008-5044 (Race condition in Microsoft Windows Server 2003 and Vista allows local ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2008-5043 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...)
TODO: check
CVE-2008-5042 (Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to ...)
TODO: check
CVE-2008-5041 (Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default ...)
- TODO: check
+ NOT-FOR-US: Sweex RO002 Router
CVE-2008-5040 (Graphiks MyForum 1.3 allows remote attackers to bypass authentication ...)
- TODO: check
+ NOT-FOR-US: Graphiks MyForum
CVE-2008-5039 (Cross-site scripting (XSS) vulnerability in the League module for ...)
TODO: check
CVE-2008-5038 (Use after free vulnerability in the NetWare Core Protocol (NCP) ...)
@@ -2613,7 +2613,7 @@
CVE-2008-4038 (Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...)
NOT-FOR-US: Microsoft Windows
CVE-2008-4037 (Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2008-4036 (Integer overflow in Memory Manager in Microsoft Windows XP SP2 and ...)
NOT-FOR-US: Microsoft Windows
CVE-2008-4035
@@ -2621,7 +2621,7 @@
CVE-2008-4034
RESERVED
CVE-2008-4033 (Cross-domain vulnerability in Microsoft XML Core Services 3.0 through ...)
- TODO: check
+ NOT-FOR-US: Microsoft XML Core
CVE-2008-4032
RESERVED
CVE-2008-4031
@@ -2629,7 +2629,7 @@
CVE-2008-4030
RESERVED
CVE-2008-4029 (Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, ...)
- TODO: check
+ NOT-FOR-US: Microsoft XML Core
CVE-2008-4028
RESERVED
CVE-2008-4027
@@ -12951,11 +12951,11 @@
CVE-2008-0015
RESERVED
CVE-2008-0014 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2008-0013 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2008-0012 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2008-0011 (Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 ...)
NOT-FOR-US: Microsoft DirectX
CVE-2007-6387 (Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ...)
@@ -29668,11 +29668,11 @@
CVE-2007-0075 (AspBB stores sensitive information under the web root with ...)
NOT-FOR-US: AspBB
CVE-2007-0074 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2007-0073 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2007-0072 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2007-0071 (Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and ...)
- flashplugin-nonfree 1:1.4
NOTE: Fix came from Adobe via new Adobe Flash Player, debian package didn't change
More information about the Secure-testing-commits
mailing list