[Secure-testing-commits] r10051 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Thu Oct 9 21:14:15 UTC 2008


Author: joeyh
Date: 2008-10-09 21:14:13 +0000 (Thu, 09 Oct 2008)
New Revision: 10051

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-09 19:22:17 UTC (rev 10050)
+++ data/CVE/list	2008-10-09 21:14:13 UTC (rev 10051)
@@ -1,48 +1,58 @@
-CVE-2008-4502
+CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows context-dependent ...)
+	TODO: check
+CVE-2008-4480
+	RESERVED
+CVE-2008-4479
+	RESERVED
+CVE-2008-4478
+	RESERVED
+CVE-2008-4473
+	RESERVED
+CVE-2008-4502 (Multiple PHP remote file inclusion vulnerabilities in DataFeedFile ...)
 	NOT-FOR-US: DataFeedFile PHP Framework API
-CVE-2008-4501
+CVE-2008-4501 (Directory traversal vulnerability in the FTP server in Serv-U 7.3, and ...)
 	NOT-FOR-US: Serv-U
-CVE-2008-4500
+CVE-2008-4500 (Serv-U 7.3, and 7.2.0.1 and earlier, allows remote authenticated users ...)
 	NOT-FOR-US: Serv-U
-CVE-2008-4499
+CVE-2008-4499 (Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b ...)
 	NOT-FOR-US: PHP Web Explorer
-CVE-2008-4498
+CVE-2008-4498 (SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 ...)
 	NOT-FOR-US: PHP Autos
-CVE-2008-4497
+CVE-2008-4497 (SQL injection vulnerability in event_detail.php in Built2Go Real ...)
 	NOT-FOR-US: Built2Go Real Estate Listings
-CVE-2008-4496
+CVE-2008-4496 (SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows ...)
 	NOT-FOR-US: PHP Realtor
-CVE-2008-4495
+CVE-2008-4495 (SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 ...)
 	NOT-FOR-US: PHP Auto Dealer
-CVE-2008-4494
+CVE-2008-4494 (SQL injection vulnerability in completed-advance.php in TorrentTrader ...)
 	NOT-FOR-US: TorrentTrader Classic
-CVE-2008-4493
+CVE-2008-4493 (Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as ...)
 	NOT-FOR-US: PicturePusher ActiveX
-CVE-2008-4492
+CVE-2008-4492 (SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows ...)
 	NOT-FOR-US: YourOwnBux
-CVE-2008-4491
+CVE-2008-4491 (Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the ...)
 	NOT-FOR-US: Mac OS
-CVE-2008-4490
+CVE-2008-4490 (Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b ...)
 	NOT-FOR-US: phpAbook
-CVE-2008-4489
+CVE-2008-4489 (Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0 ...)
 	NOT-FOR-US: Atarone CMS
-CVE-2008-4488
+CVE-2008-4488 (Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone ...)
 	NOT-FOR-US: Atarone CMS
-CVE-2008-4487
+CVE-2008-4487 (SQL injection vulnerability in ap-save.php in Atarone CMS 1.2.0 allows ...)
 	NOT-FOR-US: Atarone CMS
-CVE-2008-4486
+CVE-2008-4486 (Directory traversal vulnerability in index.php in SAC.php (SACphp), as ...)
 	NOT-FOR-US: SACphp
-CVE-2008-4485
+CVE-2008-4485 (Cross-site scripting (XSS) vulnerability in the ICAP patience page in ...)
 	NOT-FOR-US: Blue Coat Security Gateway OS
-CVE-2008-4484
+CVE-2008-4484 (main.php in Crux Gallery 1.32 and earlier assumes that the user is an ...)
 	NOT-FOR-US: Crux Gallery
-CVE-2008-4483
+CVE-2008-4483 (Directory traversal vulnerability in index.php in Crux Gallery 1.32 ...)
 	NOT-FOR-US: Crux Gallery
-CVE-2008-4481
+CVE-2008-4481 (Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier ...)
 	NOT-FOR-US: Redmine
-CVE-2008-4472
+CVE-2008-4472 (The UpdateEngine class in the LiveUpdate ActiveX control ...)
 	NOT-FOR-US: LiveUpdate ActiveX
-CVE-2008-4471
+CVE-2008-4471 (Directory traversal vulnerability in the CExpressViewerControl class ...)
 	NOT-FOR-US: DWF Viewer ActiveX
 CVE-2008-4470 (Stack-based buffer overflow in Numark CUE 5.0 rev2 allows ...)
 	NOT-FOR-US: Numark
@@ -122,7 +132,8 @@
 	NOT-FOR-US: RMSOFT MiniShop (xoops)
 CVE-2008-4431 (SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and ...)
 	NOT-FOR-US: IceBB
-CVE-2008-4430 (The MagnatuneBrowser::listDownloadComplete function in ...)
+CVE-2008-4430
+	REJECTED
 	NOTE: duplicate of CVE-2008-3699, will be rejected soon
 CVE-2008-4429 (Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 ...)
 	NOT-FOR-US: SOURCENEXT Virus Security ZERO
@@ -139,8 +150,9 @@
 CVE-2008-4423 (SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows ...)
 	NOT-FOR-US: Ovidentia
 CVE-2008-4422
+	REJECTED
 	NOT-FOR-US: ** REJECT **
-CVE-2008-4421
+CVE-2008-4421 (Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably ...)
 	NOT-FOR-US: MetaGauge
 CVE-2008-4420
 	RESERVED
@@ -180,7 +192,7 @@
 	NOT-FOR-US: Trend Micro OfficeScan
 CVE-2008-4408 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, ...)
 	- mediawiki <unfixed> (low; bug #501115)
-CVE-2008-4475 [ibackup: insecure temp files]
+CVE-2008-4475 (ibackup 2.27 allows local users to overwrite arbitrary files via a ...)
 	- ibackup <removed> (low; bug #496432)
 	[etch] - ibackup <no-dsa> (Minor issues)
 CVE-2008-XXXX [aegis-web: insecure temp file]
@@ -231,7 +243,7 @@
 CVE-2008-XXXX [wims: insecure temp file]
 	- wims <unfixed> (low; bug #496387)
 	[etch] - wims <no-dsa> (Minor issue)
-CVE-2008-4474 [freeradius-dialupadmin: insecure temp file]
+CVE-2008-4474 (freeradius-dialupadmin in freeradius 2.0.4 allows local users to ...)
 	- freeradius 2.0.4+dfsg-6 (low; bug #496389)
 CVE-2008-XXXX [bk2site: insecure temp file]
 	- bk2site <unfixed> (unimportant; bug #496430)
@@ -246,7 +258,7 @@
 	RESERVED
 CVE-2008-4394
 	RESERVED
-CVE-2008-4393
+CVE-2008-4393 (Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery ...)
 	NOT-FOR-US: VeriSign Kontiki
 CVE-2008-4392
 	RESERVED
@@ -264,7 +276,7 @@
 	RESERVED
 CVE-2008-4385
 	RESERVED
-CVE-2008-4384
+CVE-2008-4384 (Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX ...)
 	NOT-FOR-US: LPViewer ActiveX
 CVE-2008-4383 (Stack-based buffer overflow in the Agranet-Emweb embedded management ...)
 	NOT-FOR-US: Agranet-Emweb
@@ -513,7 +525,7 @@
 	RESERVED
 CVE-2008-4280
 	RESERVED
-CVE-2008-4279 (Unspecified vulnerability in the CPU hardware emulation for 64-bit ...)
+CVE-2008-4279 (The CPU hardware emulation for 64-bit guest operating systems in ...)
 	TODO: check
 CVE-2008-4278 (VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows ...)
 	NOT-FOR-US: VMWare VirtualCenter
@@ -1118,7 +1130,7 @@
 	RESERVED
 CVE-2008-4019
 	RESERVED
-CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch, and ...)
+CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before ...)
 	{DSA-1638-1 CVE-2006-5051}
 	- openssh 1:4.6p1-1 (low)
 	NOTE: The patch backported for CVE-2006-5051 was incorrect and did not
@@ -1582,8 +1594,7 @@
 	- iceweasel 3.0
 	- iceape 1.1.12-1
 	- icedove <unfixed>
-CVE-2008-3834 [dbus DoS]
-	RESERVED
+CVE-2008-3834 (The dbus_signature_validate function in the D-bus library (libdbus) ...)
 	- dbus <unfixed> (bug #501443)
 CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the Linux ...)
 	TODO: check
@@ -1591,17 +1602,17 @@
 	- linux-2.6 <not-affected> (Fedora-specific patch)
 CVE-2008-3831
 	RESERVED
-CVE-2008-3830
+CVE-2008-3830 (Condor before 7.0.5 does not properly handle when the configuration ...)
 	- condor <itp> (bug #233482)
-CVE-2008-3829
+CVE-2008-3829 (Unspecified vulnerability in the condor_ schedd daemon in Condor ...)
 	- condor <itp> (bug #233482)
-CVE-2008-3828
+CVE-2008-3828 (Stack-based buffer overflow in the condor_ schedd daemon in Condor ...)
 	- condor <itp> (bug #233482)
 CVE-2008-3827 (Multiple integer underflows in MPlayer 1.0_rc2 and earlier allow ...)
 	{DSA-1644-1 DTSA-168-1}
 	- mplayer 1.0~rc2-18 (medium; bug #500683)
 	NOTE: http://www.ocert.org/advisories/ocert-2008-013.html
-CVE-2008-3826
+CVE-2008-3826 (Unspecified vulnerability in Condor before 7.0.5 allows attackers to ...)
 	- condor <itp> (bug #233482)
 CVE-2008-3825 (pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when ...)
 	NOT-FOR-US: Different code base than Debian's libpam-krb5
@@ -1627,7 +1638,7 @@
 	RESERVED
 CVE-2008-3815
 	RESERVED
-CVE-2008-3814
+CVE-2008-3814 (Unspecified vulnerability in Cisco Unity 4.x before 4.0ES161, 5.x ...)
 	NOT-FOR-US: Cisco
 CVE-2008-3813 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP ...)
 	NOT-FOR-US: Cisco IOS
@@ -1763,7 +1774,7 @@
 CVE-2008-XXXX [xastir: insecure temp files]
 	- xastir 1.9.2-1.1 (low; bug #496383)
 	[etch] - xastir <no-dsa> (Minor issue)
-CVE-2008-4477 [mon: insecure temp files]
+CVE-2008-4477 (alert.d/test.alert in mon 0.99.2 allows local users to overwrite ...)
 	{DSA-1648-1}
 	- mon 0.99.2-13 (medium; bug #496398)
 CVE-2008-3790 (The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through ...)
@@ -1817,7 +1828,7 @@
 CVE-2008-XXXX [mgetty: insecure temp files]
 	- mgetty 1.1.36-1.3 (low; bug #496403)
 	[etch] - mgetty <no-dsa> (Minor issue)
-CVE-2008-4476 [sympa: multiple insecure temp files]
+CVE-2008-4476 (sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary ...)
 	- sympa 5.3.4-5.1 (low; bug #496405; bug #494969)
 	[etch] - sympa <no-dsa> (Minor issues)
 CVE-2008-XXXX [sng: insecure temp file]
@@ -2359,7 +2370,7 @@
 	RESERVED
 CVE-2008-3544
 	RESERVED
-CVE-2008-3543
+CVE-2008-3543 (Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on ...)
 	NOT-FOR-US: HP-UX
 CVE-2008-3542 (Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 ...)
 	NOT-FOR-US: HP Insight Diagnostics
@@ -3475,13 +3486,13 @@
 	RESERVED
 CVE-2008-3064 (Unspecified vulnerability in RealNetworks RealPlayer Enterprise, ...)
 	NOT-FOR-US: RealNetworks RealPlayer Enterprise
-CVE-2008-3063
+CVE-2008-3063 (SQL injection vulnerability in login.php in V-webmail 1.5.0 might ...)
 	NOT-FOR-US: V-webmail
 CVE-2008-3062
 	RESERVED
-CVE-2008-3061
+CVE-2008-3061 (Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows ...)
 	NOT-FOR-US: V-webmail
-CVE-2008-3060
+CVE-2008-3060 (V-webmail 1.5.0 allows remote attackers to obtain sensitive ...)
 	NOT-FOR-US: V-webmail
 CVE-2008-3059
 	RESERVED




More information about the Secure-testing-commits mailing list