[Secure-testing-commits] r10019 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Tue Oct 7 09:14:12 UTC 2008
Author: joeyh
Date: 2008-10-07 09:14:11 +0000 (Tue, 07 Oct 2008)
New Revision: 10019
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-07 08:04:03 UTC (rev 10018)
+++ data/CVE/list 2008-10-07 09:14:11 UTC (rev 10019)
@@ -1,3 +1,55 @@
+CVE-2008-4470 (Stack-based buffer overflow in Numark CUE 5.0 rev2 allows ...)
+ TODO: check
+CVE-2008-4469 (SQL injection vulnerability in view_cresume.php in Vastal I-Tech ...)
+ TODO: check
+CVE-2008-4468 (SQL injection vulnerability in view_news.php in Vastal I-Tech Share ...)
+ TODO: check
+CVE-2008-4467 (SQL injection vulnerability in show_series_ink.php in Vastal I-Tech ...)
+ TODO: check
+CVE-2008-4466 (SQL injection vulnerability in view_products_cat.php in Vastal I-Tech ...)
+ TODO: check
+CVE-2008-4465 (SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone ...)
+ TODO: check
+CVE-2008-4464 (SQL injection vulnerability in view_mags.php in Vastal I-Tech Mag Zone ...)
+ TODO: check
+CVE-2008-4463 (SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs ...)
+ TODO: check
+CVE-2008-4462 (SQL injection vulnerability in view_news.php in Vastal I-Tech Visa ...)
+ TODO: check
+CVE-2008-4461 (SQL injection vulnerability in advanced_search_results.php in Vastal ...)
+ TODO: check
+CVE-2008-4460 (SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone ...)
+ TODO: check
+CVE-2008-4459 (SQL injection vulnerability in pick_users.php in the groups module in ...)
+ TODO: check
+CVE-2008-4458 (SQL injection vulnerability in listings.php in E-Php B2B Trading ...)
+ TODO: check
+CVE-2008-4457 (SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal ...)
+ TODO: check
+CVE-2008-4456 (Cross-site scripting (XSS) vulnerability in the command-line client in ...)
+ TODO: check
+CVE-2008-4455 (Directory traversal vulnerability in index.php in EKINdesigns MySQL ...)
+ TODO: check
+CVE-2008-4454 (Directory traversal vulnerability in EKINdesigns MySQL Quick Admin ...)
+ TODO: check
+CVE-2008-4453 (The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ...)
+ TODO: check
+CVE-2008-4452 (Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3 ...)
+ TODO: check
+CVE-2008-4451 (The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET ...)
+ TODO: check
+CVE-2008-4450 (Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for ...)
+ TODO: check
+CVE-2008-4449 (Stack-based buffer overflow in mIRC 6.34 allows remote attackers to ...)
+ TODO: check
+CVE-2008-4448 (Cross-site request forgery (CSRF) vulnerability in actions.php in ...)
+ TODO: check
+CVE-2008-4447 (Cross-site scripting (XSS) vulnerability in actions.php in Positive ...)
+ TODO: check
+CVE-2008-4446 (Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 ...)
+ TODO: check
+CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream ...)
+ TODO: check
CVE-2008-4444
RESERVED
CVE-2008-4443
@@ -248,10 +300,12 @@
CVE-2008-4361 (Directory traversal vulnerability in PowerPortal 2.0.13 allows remote ...)
NOT-FOR-US: PowerPortal
CVE-2008-4360 (mod_userdir in lighttpd before 1.4.20, when a case-insensitive ...)
+ {DSA-1645-1}
- lighttpd 1.4.19-5 (low)
NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
NOTE: CVE id requested
CVE-2008-4359 (lighttpd before 1.4.20 compares URIs to patterns in the (1) ...)
+ {DSA-1645-1}
- lighttpd 1.4.19-5 (low)
NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
CVE-2008-4358 (Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP ...)
@@ -369,7 +423,7 @@
RESERVED
CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before ...)
- linux-2.6 2.6.22-4 (low)
-CVE-2008-4301 (A certain ActiveX control in iisext.dll in Microsoft Internet ...)
+CVE-2008-4301 (** DISPUTED ** ...)
NOT-FOR-US: Microsoft
CVE-2008-4300 (A certain ActiveX control in adsiis.dll in Microsoft Internet ...)
NOT-FOR-US: Microsoft
@@ -413,10 +467,10 @@
RESERVED
CVE-2008-4280
RESERVED
-CVE-2008-4279
- RESERVED
-CVE-2008-4278
- RESERVED
+CVE-2008-4279 (Unspecified vulnerability in the CPU hardware emulation for 64-bit ...)
+ TODO: check
+CVE-2008-4278 (VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows ...)
+ TODO: check
CVE-2008-4277
RESERVED
CVE-2008-4276
@@ -610,6 +664,7 @@
- wordpress <unfixed> (bug #500295; unimportant)
NOTE: bigger problems, if attacker has access to /etc/wordpress/*
CVE-2008-4298 (Memory leak in the http_request_parse function in request.c in ...)
+ {DSA-1645-1}
- lighttpd 1.4.19-5 (medium)
NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
CVE-2008-XXXX [unsafe usage of temp file]
@@ -814,7 +869,7 @@
TODO: check
CVE-2008-4097 (MySQL 5.0.51a allows local users to bypass certain privilege checks by ...)
TODO: check
-CVE-2008-4095 (Multiple unspecified vulnerabilities in Flip4Mac WMV before 2.2.1 have ...)
+CVE-2008-4095 (Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV ...)
NOT-FOR-US: Flip4Mac WMV
CVE-2008-4094 (Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 ...)
- rails 2.1.0-1 (medium; bug #500791)
@@ -1356,8 +1411,8 @@
CVE-2008-3873 (The System.setClipboard method in Adobe Flash Player allows remote ...)
NOT-FOR-US: Adobe Flash Player
NOTE: System.setClipboard is not implemented (yet?) in gnash 0.8.3 and swfdec0.6 0.6.8
-CVE-2008-3872
- RESERVED
+CVE-2008-3872 (Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, ...)
+ TODO: check
CVE-2008-3871
RESERVED
CVE-2008-3870
@@ -1985,11 +2040,13 @@
- drupal5 <unfixed> (low; bug #501063)
- drupal6 <unfixed> (low; bug #501058)
CVE-2008-3660 (PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as a ...)
+ {DSA-1647-1}
- php5 5.2.6-4 (medium)
- php4 <removed>
NOTE: *not* duplicate after all, needs review
NOTE: http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.57&r2=1.267.2.15.2.58&view=patch
CVE-2008-3659 (Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and ...)
+ {DSA-1647-1}
- php4 <removed>
- php5 5.2.6-4 (medium)
NOTE: php5 -d memory_limit=256M -r '$res = explode(str_repeat("A",145999999),1);'
@@ -1997,6 +2054,7 @@
NOTE: could not reproduce locally
NOTE: fix in pkg-php svn for both etch and sid
CVE-2008-3658 (Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP ...)
+ {DSA-1647-1}
- php4 <removed>
- php5 5.2.6-4 (medium)
NOTE: fix in pkg-php svn for both etch and sid
@@ -6693,6 +6751,7 @@
CVE-2008-1613 (SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build ...)
NOT-FOR-US: RedDot CMS
CVE-2008-1612 (The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows ...)
+ {DSA-1646-1}
- squid 2.6.18-1 (medium)
CVE-2008-1611 (Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows ...)
NOT-FOR-US: TFTP Server for Windows
@@ -11587,7 +11646,7 @@
CVE-2007-6240 (SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 ...)
NOT-FOR-US: Snitz Forums
CVE-2007-6239 (The "cache update reply processing" functionality in Squid 2.x before ...)
- {DSA-1482-1}
+ {DSA-1646-1 DSA-1482-1}
- squid 2.6.17-1 (medium; bug #455910)
CVE-2007-6238 (Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows ...)
NOT-FOR-US: Apple QuickTime
More information about the Secure-testing-commits
mailing list