[Secure-testing-commits] r10092 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Oct 15 09:14:26 UTC 2008
Author: joeyh
Date: 2008-10-15 09:14:25 +0000 (Wed, 15 Oct 2008)
New Revision: 10092
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-15 08:16:33 UTC (rev 10091)
+++ data/CVE/list 2008-10-15 09:14:25 UTC (rev 10092)
@@ -1,4 +1,28 @@
-CVE-2008-4558 [vlc xspf memory corruption]
+CVE-2008-4557 (plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 ...)
+ TODO: check
+CVE-2008-4556 (Stack-based buffer overflow in the adm_build_path function in sadmind ...)
+ TODO: check
+CVE-2008-4555 (Stack-based buffer overflow in the push_subg function in parser.y ...)
+ TODO: check
+CVE-2008-4554
+ RESERVED
+CVE-2008-4553
+ RESERVED
+CVE-2008-4552 (nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the ...)
+ TODO: check
+CVE-2008-4551 (strongSwan 4.2.6 and earlier allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2008-4550
+ RESERVED
+CVE-2008-4549 (The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ...)
+ TODO: check
+CVE-2008-4548 (Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control ...)
+ TODO: check
+CVE-2008-4547 (Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control ...)
+ TODO: check
+CVE-2008-4546 (Adobe Flash Player 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 ...)
+ TODO: check
+CVE-2008-4558 (Array index error in VLC media player 0.9.2 allows remote attackers to ...)
- vlc <unfixed>
NOTE: http://www.coresecurity.com/content/vlc-xspf-memory-corruption
TODO: report bug
@@ -93,12 +117,12 @@
NOT-FOR-US: Adobe Flash Player
CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows context-dependent ...)
- xerces-c2 <unfixed> (low; bug #502102)
-CVE-2008-4480
- RESERVED
-CVE-2008-4479
- RESERVED
-CVE-2008-4478
- RESERVED
+CVE-2008-4480 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x ...)
+ TODO: check
+CVE-2008-4479 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 ...)
+ TODO: check
+CVE-2008-4478 (Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 ...)
+ TODO: check
CVE-2008-4473
RESERVED
CVE-2008-4502 (Multiple PHP remote file inclusion vulnerabilities in DataFeedFile ...)
@@ -207,8 +231,8 @@
RESERVED
CVE-2008-4442
RESERVED
-CVE-2008-4441
- RESERVED
+CVE-2008-4441 (The Marvell driver for the Linksys WAP4400N Wi-Fi access point with ...)
+ TODO: check
CVE-2008-4439 (PHP remote file inclusion vulnerability in admin/bin/patch.php in ...)
NOT-FOR-US: MartinWood Datafeed Studio
CVE-2008-4438 (Cross-site scripting (XSS) vulnerability in search.php in Datafeed ...)
@@ -291,6 +315,7 @@
CVE-2008-4402 (Multiple buffer overflows in CGI modules in the server in Trend Micro ...)
NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-4408 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, ...)
+ {DTSA-171-1}
- mediawiki 1:1.13.2-1 (low; bug #501115)
CVE-2008-4475 (ibackup 2.27 allows local users to overwrite arbitrary files via a ...)
- ibackup <removed> (low; bug #496432)
@@ -303,14 +328,14 @@
NOTE: Only present in example scripts
CVE-2008-4401
RESERVED
-CVE-2008-4400
- RESERVED
-CVE-2008-4399
- RESERVED
-CVE-2008-4398
- RESERVED
-CVE-2008-4397
- RESERVED
+CVE-2008-4400 (Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup ...)
+ TODO: check
+CVE-2008-4399 (Unspecified vulnerability in the database engine service in ...)
+ TODO: check
+CVE-2008-4398 (Unspecified vulnerability in the tape engine service in asdbapi.dll in ...)
+ TODO: check
+CVE-2008-4397 (Directory traversal vulnerability in the RPC interface (asdbapi.dll) ...)
+ TODO: check
CVE-2008-4396 (Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and ...)
NOT-FOR-US: Safer Networking FileAlyzer
CVE-2008-XXXX [ltp: insecure temp file]
@@ -374,8 +399,8 @@
RESERVED
CVE-2008-4386
RESERVED
-CVE-2008-4385
- RESERVED
+CVE-2008-4385 (Husdawg, LLC Systems Requirements Lab 3 allows remote attackers to ...)
+ TODO: check
CVE-2008-4384 (Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX ...)
NOT-FOR-US: LPViewer ActiveX
CVE-2008-4383 (Stack-based buffer overflow in the Agranet-Emweb embedded management ...)
@@ -1193,12 +1218,12 @@
NOT-FOR-US: Kyocera FS-118MFP
CVE-2008-4039 (SQL injection vulnerability in index.php in Spice Classifieds allows ...)
NOT-FOR-US: Spice Classifieds
-CVE-2008-4038
- RESERVED
+CVE-2008-4038 (Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...)
+ TODO: check
CVE-2008-4037
RESERVED
-CVE-2008-4036
- RESERVED
+CVE-2008-4036 (Integer overflow in Memory Manager in Microsoft Windows XP SP2 and ...)
+ TODO: check
CVE-2008-4035
RESERVED
CVE-2008-4034
@@ -1223,16 +1248,16 @@
RESERVED
CVE-2008-4024
RESERVED
-CVE-2008-4023
- RESERVED
+CVE-2008-4023 (Active Directory in Microsoft Windows 2000 SP4 does not properly ...)
+ TODO: check
CVE-2008-4022
RESERVED
CVE-2008-4021
RESERVED
-CVE-2008-4020
- RESERVED
-CVE-2008-4019
- RESERVED
+CVE-2008-4020 (Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 ...)
+ TODO: check
+CVE-2008-4019 (Integer overflow in the REPT function in Microsoft Excel 2000 SP3, ...)
+ TODO: check
CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before ...)
{DSA-1638-1 CVE-2006-5051}
- openssh 1:4.6p1-1 (low)
@@ -1264,84 +1289,84 @@
RESERVED
CVE-2008-4014
RESERVED
-CVE-2008-4013
- RESERVED
-CVE-2008-4012
- RESERVED
-CVE-2008-4011
- RESERVED
-CVE-2008-4010
- RESERVED
-CVE-2008-4009
- RESERVED
-CVE-2008-4008
- RESERVED
+CVE-2008-4013 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
+ TODO: check
+CVE-2008-4012 (Unspecified vulnerability in the WebLogic Workshop component in BEA ...)
+ TODO: check
+CVE-2008-4011 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
+ TODO: check
+CVE-2008-4010 (Unspecified vulnerability in the WebLogic Workshop component in BEA ...)
+ TODO: check
+CVE-2008-4009 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
+ TODO: check
+CVE-2008-4008 (Unspecified vulnerability in the WebLogic Server Plugins for Apache ...)
+ TODO: check
CVE-2008-4007
RESERVED
CVE-2008-4006
RESERVED
-CVE-2008-4005
- RESERVED
-CVE-2008-4004
- RESERVED
-CVE-2008-4003
- RESERVED
-CVE-2008-4002
- RESERVED
-CVE-2008-4001
- RESERVED
-CVE-2008-4000
- RESERVED
+CVE-2008-4005 (Unspecified vulnerability in the Oracle Application Express component ...)
+ TODO: check
+CVE-2008-4004 (Unspecified vulnerability in the JDE EnterpriseOne Business Service ...)
+ TODO: check
+CVE-2008-4003 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
+ TODO: check
+CVE-2008-4002 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
+ TODO: check
+CVE-2008-4001 (Unspecified vulnerability in the PeopleSoft Enterprise Portal ...)
+ TODO: check
+CVE-2008-4000 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
+ TODO: check
CVE-2008-3999
RESERVED
-CVE-2008-3998
- RESERVED
+CVE-2008-3998 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
+ TODO: check
CVE-2008-3997
RESERVED
-CVE-2008-3996
- RESERVED
-CVE-2008-3995
- RESERVED
-CVE-2008-3994
- RESERVED
-CVE-2008-3993
- RESERVED
-CVE-2008-3992
- RESERVED
-CVE-2008-3991
- RESERVED
-CVE-2008-3990
- RESERVED
-CVE-2008-3989
- RESERVED
-CVE-2008-3988
- RESERVED
-CVE-2008-3987
- RESERVED
-CVE-2008-3986
- RESERVED
-CVE-2008-3985
- RESERVED
-CVE-2008-3984
- RESERVED
-CVE-2008-3983
- RESERVED
-CVE-2008-3982
- RESERVED
+CVE-2008-3996 (Unspecified vulnerability in the Change Data Capture component in ...)
+ TODO: check
+CVE-2008-3995 (Unspecified vulnerability in the Change Data Capture component in ...)
+ TODO: check
+CVE-2008-3994 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
+ TODO: check
+CVE-2008-3993 (Unspecified vulnerability in the Oracle Applications Framework ...)
+ TODO: check
+CVE-2008-3992 (Unspecified vulnerability in the Oracle Data Mining component in ...)
+ TODO: check
+CVE-2008-3991 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
+ TODO: check
+CVE-2008-3990 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
+ TODO: check
+CVE-2008-3989 (Unspecified vulnerability in the Oracle Data Mining component in ...)
+ TODO: check
+CVE-2008-3988 (Unspecified vulnerability in the iSupplier Portal component in Oracle ...)
+ TODO: check
+CVE-2008-3987 (Unspecified vulnerability in the Oracle Discoverer Desktop component ...)
+ TODO: check
+CVE-2008-3986 (Unspecified vulnerability in the Oracle Discoverer Administrator ...)
+ TODO: check
+CVE-2008-3985 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
+ TODO: check
+CVE-2008-3984 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
+ TODO: check
+CVE-2008-3983 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
+ TODO: check
+CVE-2008-3982 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
+ TODO: check
CVE-2008-3981
RESERVED
-CVE-2008-3980
- RESERVED
+CVE-2008-3980 (Unspecified vulnerability in the Upgrade component in Oracle Database ...)
+ TODO: check
CVE-2008-3979
RESERVED
CVE-2008-3978
RESERVED
-CVE-2008-3977
- RESERVED
-CVE-2008-3976
- RESERVED
-CVE-2008-3975
- RESERVED
+CVE-2008-3977 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
+ TODO: check
+CVE-2008-3976 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
+ TODO: check
+CVE-2008-3975 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
+ TODO: check
CVE-2008-3974
RESERVED
CVE-2008-3973
@@ -2292,10 +2317,10 @@
NOT-FOR-US: Mac OS
CVE-2008-3641 (The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before ...)
TODO: check
-CVE-2008-3640
- RESERVED
-CVE-2008-3639
- RESERVED
+CVE-2008-3640 (Integer overflow in the WriteProlog function in texttops in CUPS ...)
+ TODO: check
+CVE-2008-3639 (Heap-based buffer overflow in the read_rle16 function in imagetops in ...)
+ TODO: check
CVE-2008-3638 (Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from ...)
NOT-FOR-US: Mac OSX
CVE-2008-3637 (The Hash-based Message Authentication Code (HMAC) provider in Java on ...)
@@ -2643,24 +2668,24 @@
NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-3480 (Stack-based buffer overflow in the Anzio Web Print Object (WePO) ...)
NOT-FOR-US: Anzio Web Print Object
-CVE-2008-3479
- RESERVED
+CVE-2008-3479 (The Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 ...)
+ TODO: check
CVE-2008-3478
RESERVED
-CVE-2008-3477
- RESERVED
-CVE-2008-3476
- RESERVED
-CVE-2008-3475
- RESERVED
-CVE-2008-3474
- RESERVED
-CVE-2008-3473
- RESERVED
-CVE-2008-3472
- RESERVED
-CVE-2008-3471
- RESERVED
+CVE-2008-3477 (Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not ...)
+ TODO: check
+CVE-2008-3476 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle ...)
+ TODO: check
+CVE-2008-3475 (Microsoft Internet Explorer 6 does not properly handle errors ...)
+ TODO: check
+CVE-2008-3474 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...)
+ TODO: check
+CVE-2008-3473 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...)
+ TODO: check
+CVE-2008-3472 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...)
+ TODO: check
+CVE-2008-3471 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold ...)
+ TODO: check
CVE-2008-3470
RESERVED
CVE-2008-3469
@@ -2669,12 +2694,12 @@
RESERVED
CVE-2008-3467
RESERVED
-CVE-2008-3466
- RESERVED
+CVE-2008-3466 (Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not ...)
+ TODO: check
CVE-2008-3465
RESERVED
-CVE-2008-3464
- RESERVED
+CVE-2008-3464 (afd.sys in the Ancillary Function Driver (AFD) component in Microsoft ...)
+ TODO: check
CVE-2008-3463
RESERVED
CVE-2008-3462
@@ -4646,10 +4671,10 @@
NOT-FOR-US: com_idoblog for Joomla!
CVE-2008-2626 (SQL injection vulnerability in comment.asp in Battle Blog 1.25 and ...)
NOT-FOR-US: Battle Blog
-CVE-2008-2625
- RESERVED
-CVE-2008-2624
- RESERVED
+CVE-2008-2625 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
+ TODO: check
+CVE-2008-2624 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
+ TODO: check
CVE-2008-2623
RESERVED
CVE-2008-2622 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
@@ -4658,8 +4683,8 @@
NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2620 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
NOT-FOR-US: Oracle PeopleSoft Enterprise
-CVE-2008-2619
- RESERVED
+CVE-2008-2619 (Unspecified vulnerability in the Oracle Reports Developer component in ...)
+ TODO: check
CVE-2008-2618 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2617 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
@@ -4720,8 +4745,8 @@
NOT-FOR-US: Oracle database
CVE-2008-2589 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
NOT-FOR-US: Oracle database
-CVE-2008-2588
- RESERVED
+CVE-2008-2588 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
+ TODO: check
CVE-2008-2587 (Unspecified vulnerability in the Advanced Replication component in ...)
NOT-FOR-US: Oracle database
CVE-2008-2586 (Unspecified vulnerability in the Oracle Application Object Library ...)
@@ -5439,12 +5464,12 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2253 (Unspecified vulnerability in Microsoft Windows Media Player 11 allows ...)
NOT-FOR-US: Microsoft Windows Media Player
-CVE-2008-2252
- RESERVED
-CVE-2008-2251
- RESERVED
-CVE-2008-2250
- RESERVED
+CVE-2008-2252 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
+ TODO: check
+CVE-2008-2251 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
+ TODO: check
+CVE-2008-2250 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
+ TODO: check
CVE-2008-2249
RESERVED
CVE-2008-2248 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
@@ -7336,8 +7361,8 @@
NOTE: Unbound, djbdns, pdnsd and PowerDNS are affected by the underlying protocol issue, but
NOTE: already use source port randomization.
NOTE: Marking non-caching stub resolvers as low since these really should be fixed, but are much less vulnerable than a caching server.
-CVE-2008-1446
- RESERVED
+CVE-2008-1446 (Integer overflow in the Internet Printing Protocol (IPP) ISAPI ...)
+ TODO: check
CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP Professional ...)
NOT-FOR-US: Microsoft Windows
CVE-2008-1444 (Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on ...)
@@ -21313,7 +21338,7 @@
NOT-FOR-US: GlossWord
CVE-2007-2742 (Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 ...)
NOT-FOR-US: w2box
-CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows ...)
+CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows ...)
- lcms 1.15-1 (medium)
CVE-2007-2740 (Unspecified vulnerability in xajax before 0.2.5 has unknown impact and ...)
- php-xajax 0.2.5-1 (bug #426103; low)
More information about the Secure-testing-commits
mailing list