[Secure-testing-commits] r9728 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Tue Sep 2 21:14:30 UTC 2008 

Author: joeyh
Date: 2008-09-02 21:14:29 +0000 (Tue, 02 Sep 2008)
New Revision: 9728

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-09-02 17:26:13 UTC (rev 9727)
+++ data/CVE/list	2008-09-02 21:14:29 UTC (rev 9728)
@@ -1,6 +1,97 @@
+CVE-2008-3888 (SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 ...)
+	TODO: check
+CVE-2008-3887 (Multiple SQL injection vulnerabilities in index.php in dotProject ...)
+	TODO: check
+CVE-2008-3886 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+	TODO: check
+CVE-2008-3885 (Cross-site request forgery (CSRF) vulnerability in Blogn (BURO GUN) ...)
+	TODO: check
+CVE-2008-3884 (Cross-site scripting (XSS) vulnerability in Blogn (BURO GUN) 1.9.7 and ...)
+	TODO: check
+CVE-2008-3883 (configvar in Caudium 1.4.12 allows local users to overwrite arbitrary ...)
+	TODO: check
+CVE-2008-3882 (ZoneMinder 1.23.3 and earlier allows remote attackers to execute ...)
+	TODO: check
+CVE-2008-3881 (Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder ...)
+	TODO: check
+CVE-2008-3880 (SQL injection vulnerability in zm_html_view_event.php in ZoneMinder ...)
+	TODO: check
+CVE-2008-3879 (The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 ...)
+	TODO: check
+CVE-2008-3878 (Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control ...)
+	TODO: check
+CVE-2008-3877 (Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96 and 4.2 ...)
+	TODO: check
+CVE-2008-3876 (Apple iPhone 2.0.2, in some configurations, allows physically ...)
+	TODO: check
+CVE-2008-3875 (The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 ...)
+	TODO: check
+CVE-2008-3874 (Cross-site scripting (XSS) vulnerability in account.php in Lussumo ...)
+	TODO: check
+CVE-2008-3873 (The System.setClipboard method in Adobe Flash Player allows remote ...)
+	TODO: check
+CVE-2008-3872
+	RESERVED
+CVE-2008-3871
+	RESERVED
+CVE-2008-3870
+	RESERVED
+CVE-2008-3869
+	RESERVED
+CVE-2008-3868
+	RESERVED
+CVE-2008-3867
+	RESERVED
+CVE-2008-3866
+	RESERVED
+CVE-2008-3865
+	RESERVED
+CVE-2008-3864
+	RESERVED
+CVE-2008-3863
+	RESERVED
+CVE-2008-3862
+	RESERVED
+CVE-2008-3861 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and ...)
+	TODO: check
+CVE-2008-3860 (Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG ...)
+	TODO: check
+CVE-2008-3859 (Davlin Thickbox Gallery 2 allows remote attackers to obtain the ...)
+	TODO: check
+CVE-2008-3858 (The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a ...)
+	TODO: check
+CVE-2008-3857 (The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 ...)
+	TODO: check
+CVE-2008-3856 (The routine infrastructure component in IBM DB2 9.1 before Fixpak 5 on ...)
+	TODO: check
+CVE-2008-3855 (Unspecified vulnerability in the DB2 Administration Server (DAS) in ...)
+	TODO: check
+CVE-2008-3854 (Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 ...)
+	TODO: check
+CVE-2008-3853 (Buffer overflow in the DAS server program in the Core DAS function ...)
+	TODO: check
+CVE-2008-3852 (Unspecified vulnerability in the CLR stored procedure deployment from ...)
+	TODO: check
+CVE-2008-3851 (Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on ...)
+	TODO: check
+CVE-2008-3850 (Cross-site scripting (XSS) vulnerability in Accellion File Transfer ...)
+	TODO: check
+CVE-2008-3849 (Cross-site scripting (XSS) vulnerability in the calendar controller in ...)
+	TODO: check
+CVE-2008-3848 (SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows ...)
+	TODO: check
+CVE-2008-3847 (Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook ...)
+	TODO: check
+CVE-2008-3846 (Cross-site scripting (XSS) vulnerability in mysql-lists 1.2 and ...)
+	TODO: check
+CVE-2008-3845 (Multiple SQL injection vulnerabilities in Crafty Syntax Live Help ...)
+	TODO: check
+CVE-2003-1564 (libxml2, possibly before 2.5.0, does not properly detect recursion ...)
+	TODO: check
 CVE-2008-XXXX [nfdump vulnerable to symlink attacks]
 	- nfdump <unfixed> (bug #497452)
 CVE-2008-3889 [postfix local DoS]
+	RESERVED
 	- postfix <unfixed> (low)
 	[etch] - postfix <not-affected> (Vulnerable code not present)
 	NOTE: http://www.postfix.org/announcements/20080902.html
@@ -9,7 +100,6 @@
 	[lenny] - wordnet 3.0-11+lenny1
 	[etch] - wordnet 1:2.1-4+etch1
 CVE-2008-XXXX [code execution in newsbeuter via crafted url when opened in external browser]
-	{DTSA-164-1}
 	[lenny] - newsbeuter 0.9.1-1+lenny2
 	- newsbeuter 1.2-1 (medium)
 	NOTE: medium as versions < 1.0-1 didn't include a patch to wrap long article URLs so the
@@ -415,7 +505,7 @@
 	NOT-FOR-US: ZEEJOBSITE
 CVE-2008-3705 (Stack-based buffer overflow in the CLogger::WriteFormated function in ...)
 	NOT-FOR-US:  EchoVNC Linux
-CVE-2008-3704 (Stack-based buffer overflow in the MaskedEdit ActiveX control in ...)
+CVE-2008-3704 (Heap-based buffer overflow in the MaskedEdit ActiveX control in ...)
 	NOT-FOR-US: Msmask32.ocx
 CVE-2008-3703 (The management console in the Volume Manager Scheduler Service (aka ...)
 	NOT-FOR-US: Symantec Veritas Storage Foundation
@@ -801,8 +891,8 @@
 	RESERVED
 CVE-2008-3539
 	RESERVED
-CVE-2008-3538
-	RESERVED
+CVE-2008-3538 (libxml2, possibly before 2.5.0, does not properly detect recursion ...)
+	TODO: check
 CVE-2008-3537
 	RESERVED
 CVE-2008-3536
@@ -933,8 +1023,8 @@
 	NOT-FOR-US: Panasonic Network Camera
 CVE-2008-3481 (themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and ...)
 	NOT-FOR-US: Coppermine Photo Gallery
-CVE-2008-3480
-	RESERVED
+CVE-2008-3480 (Stack-based buffer overflow in the Anzio Web Print Object (WePO) ...)
+	TODO: check
 CVE-2008-3479
 	RESERVED
 CVE-2008-3478
@@ -1348,10 +1438,10 @@
 	NOT-FOR-US: Filesys::SmbClientParser
 CVE-2008-3284
 	RESERVED
-CVE-2008-3283
-	RESERVED
-CVE-2008-3282
-	RESERVED
+CVE-2008-3283 (Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red ...)
+	TODO: check
+CVE-2008-3282 (Integer overflow in the rtl_allocateMemory function in ...)
+	TODO: check
 CVE-2008-3281 (libxml2 2.6.32 and earlier does not properly detect recursion during ...)
 	{DSA-1631-1 DTSA-158-1}
 	- libxml2 2.6.32.dfsg-3 (medium)
@@ -1662,8 +1752,8 @@
 	NOT-FOR-US: OllyDBG/ImpREC
 CVE-2008-3147 (WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) ...)
 	NOT-FOR-US: WeFi
-CVE-2008-3146
-	RESERVED
+CVE-2008-3146 (Unspecified vulnerability in Wireshark and Ethereal on SUSE Linux ...)
+	TODO: check
 CVE-2008-3144 (Multiple integer overflows in the PyOS_vsnprintf function in ...)
 	{DTSA-157-1}
 	- python2.4 2.4.5-5
@@ -2143,12 +2233,12 @@
 	{DSA-1630-1}
 	- linux-2.6 2.6.22
 	NOTE: ee6f958291e2a768fd727e7a67badfff0b67711a
-CVE-2008-2930
-	RESERVED
-CVE-2008-2929
-	RESERVED
-CVE-2008-2928
-	RESERVED
+CVE-2008-2930 (Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, ...)
+	TODO: check
+CVE-2008-2929 (Multiple cross-site scripting (XSS) vulnerabilities in the adminutil ...)
+	TODO: check
+CVE-2008-2928 (Multiple buffer overflows in the adminutil library in CGI applications ...)
+	TODO: check
 CVE-2008-2926 (The kmxfw.sys driver in CA Host-Based Intrusion Prevention System ...)
 	NOT-FOR-US: r8 (Host-Based Intrusion Prevention System)
 CVE-2008-2925 (SQL injection vulnerability in Webmatic before 2.8 allows remote ...)
@@ -2681,10 +2771,10 @@
 	{DSA-1630-1}
 	- linux-2.6 2.6.19-1
 	NOTE: 3022d734a54cbd2b65eea9a024564821101b4a9a
-CVE-2008-2728
-	RESERVED
-CVE-2008-2727
-	RESERVED
+CVE-2008-2728 (Integer overflow in the rb_ary_splice function in Ruby 1.6.x allows ...)
+	TODO: check
+CVE-2008-2727 (Integer overflow in the rb_ary_splice function in Ruby 1.6.x allows ...)
+	TODO: check
 CVE-2008-2726 (Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and ...)
 	{DSA-1618-1 DSA-1612-1}
 	- ruby1.9 1.9.0.2-1
@@ -4355,7 +4445,7 @@
 	NOT-FOR-US: Cezanne
 CVE-2008-1967 (Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in ...)
 	NOT-FOR-US: Cezanne
-CVE-2008-1966 (IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows ...)
+CVE-2008-1966 (Multiple buffer overflows in the JAR file administration routines in ...)
 	NOT-FOR-US: Windows specific
 CVE-2008-1965 (Argument injection vulnerability in the cai: URI handler in ...)
 	NOT-FOR-US: Lotus Expeditor

More information about the Secure-testing-commits mailing list