[Secure-testing-commits] r9908 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Oct 1 09:14:15 UTC 2008
Author: joeyh
Date: 2008-10-01 09:14:14 +0000 (Wed, 01 Oct 2008)
New Revision: 9908
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-09-30 20:16:39 UTC (rev 9907)
+++ data/CVE/list 2008-10-01 09:14:14 UTC (rev 9908)
@@ -1,3 +1,351 @@
+CVE-2008-4366 (Unrestricted file upload vulnerability in the image upload component ...)
+ TODO: check
+CVE-2008-4365 (Cross-site scripting (XSS) vulnerability in search.php in Siteman ...)
+ TODO: check
+CVE-2008-4364 (SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb ...)
+ TODO: check
+CVE-2008-4363 (DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a ...)
+ TODO: check
+CVE-2008-4362 (The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 ...)
+ TODO: check
+CVE-2008-4361 (Directory traversal vulnerability in PowerPortal 2.0.13 allows remote ...)
+ TODO: check
+CVE-2008-4360
+ RESERVED
+CVE-2008-4359
+ RESERVED
+CVE-2008-4358 (Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP ...)
+ TODO: check
+CVE-2008-4357 (SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows ...)
+ TODO: check
+CVE-2008-4356 (Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 ...)
+ TODO: check
+CVE-2008-4355 (SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum ...)
+ TODO: check
+CVE-2008-4354 (SQL injection vulnerability in the products module in NetArt Media ...)
+ TODO: check
+CVE-2008-4353 (SQL injection vulnerability in link.php in Linkarity allows remote ...)
+ TODO: check
+CVE-2008-4352 (SQL injection vulnerability in inc/pages/viewprofile.php in ...)
+ TODO: check
+CVE-2008-4351 (Directory traversal vulnerability in index.php in phpSmartCom 0.2 ...)
+ TODO: check
+CVE-2008-4350 (SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 ...)
+ TODO: check
+CVE-2008-4349 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...)
+ TODO: check
+CVE-2008-4348 (SQL injection vulnerability in photo.php in PHPortfolio allows remote ...)
+ TODO: check
+CVE-2008-4347 (SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows ...)
+ TODO: check
+CVE-2008-4346 (Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows ...)
+ TODO: check
+CVE-2008-4345 (SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and ...)
+ TODO: check
+CVE-2008-4344 (SQL injection vulnerability in cat.php in 6rbScript allows remote ...)
+ TODO: check
+CVE-2008-4343 (The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) ...)
+ TODO: check
+CVE-2008-4342 (NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX ...)
+ TODO: check
+CVE-2008-4341 (add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-4340 (Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to ...)
+ TODO: check
+CVE-2008-4339 (Unspecified vulnerability in the Java Administration GUI (jnbSA) in ...)
+ TODO: check
+CVE-2008-4338 (SQL injection vulnerability in the brilliant_gallery_checklist_save ...)
+ TODO: check
+CVE-2008-4337 (Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows ...)
+ TODO: check
+CVE-2008-4336 (Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo ...)
+ TODO: check
+CVE-2008-4335 (SQL injection vulnerability in album.php in Atomic Photo Album (APA) ...)
+ TODO: check
+CVE-2008-4334 (PHP infoBoard V.7 Plus allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-4333 (Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus ...)
+ TODO: check
+CVE-2008-4332 (SQL injection vulnerability in the showjavatopic function in func.php ...)
+ TODO: check
+CVE-2008-4331 (Directory traversal vulnerability in library/pagefunctions.inc.php in ...)
+ TODO: check
+CVE-2008-4330 (Directory traversal vulnerability in index.php in LanSuite 3.3.2 ...)
+ TODO: check
+CVE-2008-4329 (PHP remote file inclusion vulnerability in cms/system/openengine.php ...)
+ TODO: check
+CVE-2008-4328 (SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 ...)
+ TODO: check
+CVE-2008-4327 (gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly ...)
+ TODO: check
+CVE-2008-4326 (The PMA_escapeJsString function in libraries/js_escape.lib.php in ...)
+ TODO: check
+CVE-2008-4325 (lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the ...)
+ TODO: check
+CVE-2008-4324 (The user interface event dispatcher in Mozilla Firefox 3.0.3 on ...)
+ TODO: check
+CVE-2008-4323 (Windows Explorer in Microsoft Windows XP SP3 allows user-assisted ...)
+ TODO: check
+CVE-2008-4322 (Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin ...)
+ TODO: check
+CVE-2008-4321 (Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP ...)
+ TODO: check
+CVE-2008-4320 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before ...)
+ TODO: check
+CVE-2008-4319 (fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 ...)
+ TODO: check
+CVE-2008-4318 (Observer 0.3.2.1 and earlier allows remote attackers to execute ...)
+ TODO: check
+CVE-2008-4317
+ RESERVED
+CVE-2008-4316
+ RESERVED
+CVE-2008-4315
+ RESERVED
+CVE-2008-4314
+ RESERVED
+CVE-2008-4313
+ RESERVED
+CVE-2008-4312
+ RESERVED
+CVE-2008-4311
+ RESERVED
+CVE-2008-4310
+ RESERVED
+CVE-2008-4309
+ RESERVED
+CVE-2008-4308
+ RESERVED
+CVE-2008-4307
+ RESERVED
+CVE-2008-4306
+ RESERVED
+CVE-2008-4305
+ RESERVED
+CVE-2008-4304
+ RESERVED
+CVE-2008-4303
+ RESERVED
+CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before ...)
+ TODO: check
+CVE-2008-4301 (A certain ActiveX control in iisext.dll in Microsoft Internet ...)
+ TODO: check
+CVE-2008-4300 (A certain ActiveX control in adsiis.dll in Microsoft Internet ...)
+ TODO: check
+CVE-2008-4299 (A certain ActiveX control in the Microsoft Internet Authentication ...)
+ TODO: check
+CVE-2008-4297 (Mercurial before 1.0.2 does not enforce the allowpull permission ...)
+ TODO: check
+CVE-2008-4296 (The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its ...)
+ TODO: check
+CVE-2008-4295 (Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices ...)
+ TODO: check
+CVE-2008-4294 (IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user ...)
+ TODO: check
+CVE-2008-4293 (Unspecified vulnerability in Opera before 9.52 on Windows, when ...)
+ TODO: check
+CVE-2008-4292 (Opera before 9.52 does not check the CRL override upon encountering a ...)
+ TODO: check
+CVE-2008-4291
+ RESERVED
+CVE-2008-4290
+ RESERVED
+CVE-2008-4289
+ RESERVED
+CVE-2008-4288
+ RESERVED
+CVE-2008-4287
+ RESERVED
+CVE-2008-4286
+ RESERVED
+CVE-2008-4285
+ RESERVED
+CVE-2008-4284
+ RESERVED
+CVE-2008-4283
+ RESERVED
+CVE-2008-4282
+ RESERVED
+CVE-2008-4281
+ RESERVED
+CVE-2008-4280
+ RESERVED
+CVE-2008-4279
+ RESERVED
+CVE-2008-4278
+ RESERVED
+CVE-2008-4277
+ RESERVED
+CVE-2008-4276
+ RESERVED
+CVE-2008-4275
+ RESERVED
+CVE-2008-4274
+ RESERVED
+CVE-2008-4273
+ RESERVED
+CVE-2008-4272
+ RESERVED
+CVE-2008-4271
+ RESERVED
+CVE-2008-4270
+ RESERVED
+CVE-2008-4269
+ RESERVED
+CVE-2008-4268
+ RESERVED
+CVE-2008-4267
+ RESERVED
+CVE-2008-4266
+ RESERVED
+CVE-2008-4265
+ RESERVED
+CVE-2008-4264
+ RESERVED
+CVE-2008-4263
+ RESERVED
+CVE-2008-4262
+ RESERVED
+CVE-2008-4261
+ RESERVED
+CVE-2008-4260
+ RESERVED
+CVE-2008-4259
+ RESERVED
+CVE-2008-4258
+ RESERVED
+CVE-2008-4257
+ RESERVED
+CVE-2008-4256
+ RESERVED
+CVE-2008-4255
+ RESERVED
+CVE-2008-4254
+ RESERVED
+CVE-2008-4253
+ RESERVED
+CVE-2008-4252
+ RESERVED
+CVE-2008-4251
+ RESERVED
+CVE-2008-4250
+ RESERVED
+CVE-2008-4249
+ RESERVED
+CVE-2008-4248
+ RESERVED
+CVE-2008-4246 (Unspecified vulnerability in Denora IRC Stats Server before 1.4.1 ...)
+ TODO: check
+CVE-2008-4245 (The Admin Control Panel in Rianxosencabos CMS 0.9 does not require ...)
+ TODO: check
+CVE-2008-4244 (Rianxosencabos CMS 0.9 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-4243 (Directory traversal vulnerability in ImageServer (aka UTImageServer) ...)
+ TODO: check
+CVE-2008-4242 (ProFTPD 1.3.1 interprets long commands from an FTP client as multiple ...)
+ TODO: check
+CVE-2008-4241 (SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows ...)
+ TODO: check
+CVE-2008-4240
+ RESERVED
+CVE-2008-4239
+ RESERVED
+CVE-2008-4238
+ RESERVED
+CVE-2008-4237
+ RESERVED
+CVE-2008-4236
+ RESERVED
+CVE-2008-4235
+ RESERVED
+CVE-2008-4234
+ RESERVED
+CVE-2008-4233
+ RESERVED
+CVE-2008-4232
+ RESERVED
+CVE-2008-4231
+ RESERVED
+CVE-2008-4230
+ RESERVED
+CVE-2008-4229
+ RESERVED
+CVE-2008-4228
+ RESERVED
+CVE-2008-4227
+ RESERVED
+CVE-2008-4226
+ RESERVED
+CVE-2008-4225
+ RESERVED
+CVE-2008-4224
+ RESERVED
+CVE-2008-4223
+ RESERVED
+CVE-2008-4222
+ RESERVED
+CVE-2008-4221
+ RESERVED
+CVE-2008-4220
+ RESERVED
+CVE-2008-4219
+ RESERVED
+CVE-2008-4218
+ RESERVED
+CVE-2008-4217
+ RESERVED
+CVE-2008-4216
+ RESERVED
+CVE-2008-4215
+ RESERVED
+CVE-2008-4214
+ RESERVED
+CVE-2008-4213
+ RESERVED
+CVE-2008-4212
+ RESERVED
+CVE-2008-4211
+ RESERVED
+CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly strip ...)
+ TODO: check
+CVE-2008-4209
+ RESERVED
+CVE-2008-4208 (Unspecified vulnerability in OSADS Alliance Database before 2.1 has ...)
+ TODO: check
+CVE-2008-4207 (Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php ...)
+ TODO: check
+CVE-2008-4206 (PHP remote file inclusion vulnerability in config.php in Attachmax ...)
+ TODO: check
+CVE-2008-4205 (SQL injection vulnerability in index.php in Attachmax Dolphin 2.1.0 ...)
+ TODO: check
+CVE-2008-4204 (SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation ...)
+ TODO: check
+CVE-2008-4203 (SQL injection vulnerability in cn_users.php in CzarNews 1.20 and ...)
+ TODO: check
+CVE-2008-4202 (SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 ...)
+ TODO: check
+CVE-2008-4200 (Opera before 9.52 does not ensure that the address field of a news ...)
+ TODO: check
+CVE-2008-4199 (Opera before 9.52 does not prevent use of links from web pages to feed ...)
+ TODO: check
+CVE-2008-4198 (Opera before 9.52, when rendering an http page that has loaded an ...)
+ TODO: check
+CVE-2008-4197 (Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when ...)
+ TODO: check
+CVE-2008-4196 (Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows ...)
+ TODO: check
+CVE-2008-4195 (Opera before 9.52 does not properly restrict the ability of a framed ...)
+ TODO: check
+CVE-2008-4194 (The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par ...)
+ TODO: check
+CVE-2008-4193 (Stack-based buffer overflow in SecurityGateway.dll in Alt-N ...)
+ TODO: check
+CVE-2008-4192 (The pserver_shutdown function in fence_egenera in cman 2.20080629 ...)
+ TODO: check
+CVE-2008-4191 (extract-table.pl in Emacspeak 26 and 28 allows local users to ...)
+ TODO: check
+CVE-2008-4190 (The IPSEC livetest tool in Openswan 2.4.4 and earlier allows local ...)
+ TODO: check
CVE-2008-XXXX [jumpnbump: insecure temp file]
- jumpnbump 1.50+dfsg1-1 (low; bug #500611)
CVE-2008-XXXX [gpsdrive: insecure temp file]
@@ -6,7 +354,7 @@
- dist 1:3.5-17-2 (low; bug #496412)
CVE-2008-XXXX [lustre: insecure temp files]
- lustre 1.6.5.1-1 (low; bug #496371)
-CVE-2008-4247 [Cross-site request forgery]
+CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, and NetBSD 4.0 interprets long ...)
- ftpd-ssl <unfixed> (bug #500518)
- ftpd <unfixed> (bug #500278)
CVE-2008-XXXX [possible script injection via /etc/wordpress/wp-config.php]
@@ -19,7 +367,7 @@
- lighttpd 1.4.19-5 (low)
NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
NOTE: CVE id requested
-CVE-2008-4298 [memory leak]
+CVE-2008-4298 (Memory leak in the http_request_parse function in request.c in ...)
- lighttpd 1.4.19-5 (medium)
NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
CVE-2008-XXXX [unsafe usage of temp file]
@@ -171,17 +519,17 @@
RESERVED
CVE-2008-4121
RESERVED
-CVE-2008-4120
- RESERVED
-CVE-2008-4119
- RESERVED
+CVE-2008-4120 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 ...)
+ TODO: check
+CVE-2008-4119 (Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk ...)
+ TODO: check
CVE-2008-4118 (Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd ...)
NOT-FOR-US: High Norm Sound Master
CVE-2008-4117 (Unspecified vulnerability in a web page in the PRM module in Sun ...)
NOT-FOR-US: Sun Management Center (SunMC)
CVE-2008-4116 (Heap-based buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 ...)
NOT-FOR-US: Apple
-CVE-2008-4201 [heap overflow in faad2]
+CVE-2008-4201 (Heap-based buffer overflow in the decodeMP4file function ...)
- faad2 2.6.1-3.1 (bug #499899)
NOTE: http://bugs.gentoo.org/show_bug.cgi?id=238445
NOTE: http://www.audiocoding.com/
@@ -225,8 +573,8 @@
TODO: check
CVE-2008-4095 (Multiple unspecified vulnerabilities in Flip4Mac WMV before 2.2.1 have ...)
NOT-FOR-US: Flip4Mac WMV
-CVE-2008-4094
- RESERVED
+CVE-2008-4094 (Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 ...)
+ TODO: check
CVE-2008-4093 (SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and ...)
NOT-FOR-US: YourOwnBux
CVE-2008-4092 (SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) ...)
@@ -273,42 +621,31 @@
NOT-FOR-US: phsBlog
CVE-2008-4071 (A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft ...)
NOT-FOR-US: Microsoft
-CVE-2008-4070 [mfsa2008-46 Heap overflow when canceling newsgroup message]
- RESERVED
-CVE-2008-4069 [mfsa2008-45 XBM image uninitialized memory reading]
- RESERVED
-CVE-2008-4068 [mfsa2008-44 resource: traversal vulnerabilities]
- RESERVED
+CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and ...)
+ TODO: check
+CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey ...)
+ TODO: check
+CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...)
- xulrunner 1.9.0.3-1
-CVE-2008-4067 [mfsa2008-44 resource: traversal vulnerabilities]
- RESERVED
+CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...)
- xulrunner 1.9.0.3-1
-CVE-2008-4066 [mfsa2008-43 chars stripped from JavaScript before execution]
- RESERVED
+CVE-2008-4066 (Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows ...)
- xulrunner 1.9.0.3-1
-CVE-2008-4065 [mfsa2008-43 chars stripped from JavaScript before execution]
- RESERVED
+CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...)
- xulrunner 1.9.0.3-1
-CVE-2008-4064 [mfsa2008-42 Crashes with evidence of memory corruption]
- RESERVED
+CVE-2008-4064 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
- xulrunner 1.9.0.3-1
-CVE-2008-4063 [mfsa2008-42 Crashes with evidence of memory corruption]
- RESERVED
+CVE-2008-4063 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
- xulrunner 1.9.0.3-1
-CVE-2008-4062 [mfsa2008-42 Crashes with evidence of memory corruption]
- RESERVED
+CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
- xulrunner 1.9.0.3-1
-CVE-2008-4061 [mfsa2008-42 Crashes with evidence of memory corruption]
- RESERVED
+CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox before ...)
- xulrunner 1.9.0.3-1
-CVE-2008-4060 [mfsa2008-41 Privilege escalation via XPCnativeWrapper]
- RESERVED
+CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...)
- xulrunner 1.9.0.3-1
-CVE-2008-4059 [mfsa2008-41 Privilege escalation via XPCnativeWrapper]
- RESERVED
+CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17 allows ...)
- xulrunner 1.9.0.3-1
-CVE-2008-4058 [mfsa2008-41 Privilege escalation via XPCnativeWrapper]
- RESERVED
+CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x ...)
- xulrunner 1.9.0.3-1
CVE-2008-4057 (Unspecified vulnerability in Objective Development Sharity 3 before ...)
NOT-FOR-US: Objective Development Sharity
@@ -830,13 +1167,12 @@
NOT-FOR-US: Solaris
CVE-2008-3838 (Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) ...)
NOT-FOR-US: Solaris
-CVE-2008-3837 [mfsa2008-40 click-hijacking]
- RESERVED
+CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey ...)
- xulrunner 1.9.0.3-1
-CVE-2008-3836
- RESERVED
-CVE-2008-3835
- RESERVED
+CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers ...)
+ TODO: check
+CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox ...)
+ TODO: check
CVE-2008-3834
RESERVED
CVE-2008-3833
@@ -851,8 +1187,7 @@
RESERVED
CVE-2008-3828
RESERVED
-CVE-2008-3827 [integer overflows in demuxing code]
- RESERVED
+CVE-2008-3827 (Multiple integer underflows in MPlayer 1.0_rc2 and earlier allow ...)
{DTSA-168-1}
- mplayer 1.0~rc2-18 (medium; bug #500683)
NOTE: http://www.ocert.org/advisories/ocert-2008-013.html
@@ -884,38 +1219,38 @@
RESERVED
CVE-2008-3814
RESERVED
-CVE-2008-3813
- RESERVED
-CVE-2008-3812
- RESERVED
-CVE-2008-3811
- RESERVED
-CVE-2008-3810
- RESERVED
-CVE-2008-3809
- RESERVED
-CVE-2008-3808
- RESERVED
-CVE-2008-3807
- RESERVED
-CVE-2008-3806
- RESERVED
-CVE-2008-3805
- RESERVED
-CVE-2008-3804
- RESERVED
-CVE-2008-3803
- RESERVED
-CVE-2008-3802
- RESERVED
-CVE-2008-3801
- RESERVED
-CVE-2008-3800
- RESERVED
-CVE-2008-3799
- RESERVED
-CVE-2008-3798
- RESERVED
+CVE-2008-3813 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP ...)
+ TODO: check
+CVE-2008-3812 (Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) ...)
+ TODO: check
+CVE-2008-3811 (Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) ...)
+ TODO: check
+CVE-2008-3810 (Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) ...)
+ TODO: check
+CVE-2008-3809 (Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices ...)
+ TODO: check
+CVE-2008-3808 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote ...)
+ TODO: check
+CVE-2008-3807 (Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when ...)
+ TODO: check
+CVE-2008-3806 (Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 ...)
+ TODO: check
+CVE-2008-3805 (Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 ...)
+ TODO: check
+CVE-2008-3804 (Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) ...)
+ TODO: check
+CVE-2008-3803 (A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol ...)
+ TODO: check
+CVE-2008-3802 (Unspecified vulnerability in the Session Initiation Protocol (SIP) ...)
+ TODO: check
+CVE-2008-3801 (Unspecified vulnerability in the Session Initiation Protocol (SIP) ...)
+ TODO: check
+CVE-2008-3800 (Unspecified vulnerability in the Session Initiation Protocol (SIP) ...)
+ TODO: check
+CVE-2008-3799 (Memory leak in the Session Initiation Protocol (SIP) implementation in ...)
+ TODO: check
+CVE-2008-3798 (Cisco IOS 12.4 allows remote attackers to cause a denial of service ...)
+ TODO: check
CVE-2008-3797
RESERVED
CVE-2008-3796 (Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial of ...)
@@ -1313,8 +1648,7 @@
RESERVED
CVE-2008-3664 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow ...)
NOT-FOR-US: XRMS
-CVE-2008-3663 [Squirrelmail: Session hijacking vulnerability]
- RESERVED
+CVE-2008-3663 (Squirrelmail 1.4.15 does not set the secure flag for the session ...)
- squirrelmail 2:1.4.15-3 (low; bug #499942)
[etch] - squirrelmail <no-dsa> (less important and fix changes behaviour)
NOTE: only relevant for installations that are also offered over http
@@ -1392,10 +1726,10 @@
RESERVED
CVE-2008-3639
RESERVED
-CVE-2008-3638
- RESERVED
-CVE-2008-3637
- RESERVED
+CVE-2008-3638 (Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from ...)
+ TODO: check
+CVE-2008-3637 (The Hash-based Message Authentication Code (HMAC) provider in Java on ...)
+ TODO: check
CVE-2008-3636 (Integer overflow in an unspecified third-party driver bundled with ...)
NOT-FOR-US: Apple iTunes
CVE-2008-3635 (Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an ...)
@@ -1622,8 +1956,8 @@
- kfreebsd-7 7.0-5
CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex function in ...)
- libxml2 <unfixed> (bug #498768)
-CVE-2008-3528
- RESERVED
+CVE-2008-3528 (The error-reporting functionality in (1) fs/ext2/dir.c, (2) ...)
+ TODO: check
CVE-2008-3527
RESERVED
CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in ...)
@@ -1633,8 +1967,8 @@
CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem ...)
- linux-2.6 <unfixed>
- linux-2.6.24 <unfixed>
-CVE-2008-3524
- RESERVED
+CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 in Fedora 9 allows local ...)
+ TODO: check
CVE-2008-3523
RESERVED
CVE-2008-3522 [jasper - buffer overflow]
@@ -2611,16 +2945,15 @@
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java5 1.5.0-16-1 (bug #490260)
- sun-java6 6-07-1 (bug #490260)
-CVE-2008-3102
- RESERVED
+CVE-2008-3102 (Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the ...)
+ TODO: check
CVE-2008-3101 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM ...)
NOT-FOR-US: vtiger CRM
CVE-2008-3100 (Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve ...)
- owl-dms 0.95-1.1 (low; bug #493579)
CVE-2008-3099
RESERVED
-CVE-2008-3098
- RESERVED
+CVE-2008-3098 (Cross-site scripting (XSS) vulnerability in admin/usercheck.php in ...)
NOT-FOR-US: fuzzylime
CVE-2008-3097 (Cross-site scripting (XSS) vulnerability in the Tinytax module (aka ...)
NOT-FOR-US: additional drupal module Tinytax
@@ -3474,8 +3807,8 @@
RESERVED
CVE-2008-2740
RESERVED
-CVE-2008-2739
- RESERVED
+CVE-2008-2739 (The SERVICE.DNS signature engine in the Intrusion Prevention System ...)
+ TODO: check
CVE-2008-2738
RESERVED
CVE-2008-2737
@@ -4042,8 +4375,8 @@
RESERVED
CVE-2008-2475
RESERVED
-CVE-2008-2474
- RESERVED
+CVE-2008-2474 (Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit ...)
+ TODO: check
CVE-2008-2473
RESERVED
CVE-2008-2472
@@ -6262,7 +6595,7 @@
[etch] - otrs <not-affected> (Vulnerable code not present)
[sarge] - otrs <not-affected> (Vulnerable code not present)
NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
-CVE-2008-1514 (ptrace in Linux kernel 2.6.9 on Fedora 7 and 8 allows local users to ...)
+CVE-2008-1514 (arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions ...)
- linux-2.6 <unfixed>
NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24 here
CVE-2008-1513 (SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and ...)
@@ -10562,8 +10895,8 @@
RESERVED
CVE-2008-0017
RESERVED
-CVE-2008-0016
- RESERVED
+CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in ...)
+ TODO: check
CVE-2008-0015
RESERVED
CVE-2008-0014
More information about the Secure-testing-commits
mailing list