[Secure-testing-commits] r9836 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Sep 17 09:14:36 UTC 2008
Author: joeyh
Date: 2008-09-17 09:14:34 +0000 (Wed, 17 Sep 2008)
New Revision: 9836
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-09-16 21:14:14 UTC (rev 9835)
+++ data/CVE/list 2008-09-17 09:14:34 UTC (rev 9836)
@@ -1,21 +1,211 @@
+CVE-2008-4115 (TalkBack 2.3.6 allows remote attackers to obtain configuration ...)
+ TODO: check
+CVE-2008-4114 (srv.sys in Microsoft Windows Vista SP1 allows remote attackers to ...)
+ TODO: check
+CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the ...)
+ TODO: check
+CVE-2008-4112 (Directory traversal vulnerability in bin/configure in TWiki before ...)
+ TODO: check
+CVE-2008-4111 (Unspecified vulnerability in Servlet Engine/Web Container in IBM ...)
+ TODO: check
+CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in ...)
+ TODO: check
+CVE-2008-4107
+ RESERVED
+CVE-2008-4106
+ RESERVED
+CVE-2008-4105
+ RESERVED
+CVE-2008-4104
+ RESERVED
+CVE-2008-4103
+ RESERVED
+CVE-2008-4102
+ RESERVED
+CVE-2008-4101
+ RESERVED
+CVE-2008-4098
+ RESERVED
+CVE-2008-4097
+ RESERVED
+CVE-2008-4095 (Multiple unspecified vulnerabilities in Flip4Mac WMV before 2.2.1 have ...)
+ TODO: check
+CVE-2008-4094
+ RESERVED
+CVE-2008-4093 (SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and ...)
+ TODO: check
+CVE-2008-4092 (SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) ...)
+ TODO: check
+CVE-2008-4091 (SQL injection vulnerability in index.php in Web Directory Script 1.5.3 ...)
+ TODO: check
+CVE-2008-4090 (SQL injection vulnerability in index.php in PHP Coupon Script 4.0 ...)
+ TODO: check
+CVE-2008-4089 (Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke ...)
+ TODO: check
+CVE-2008-4088 (SQL injection vulnerability in print.php in myPHPNuke (MPN) before ...)
+ TODO: check
+CVE-2008-4087 (Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 ...)
+ TODO: check
+CVE-2008-4086 (SQL injection vulnerability in index.php in Reciprocal Links Manager ...)
+ TODO: check
+CVE-2008-4085 (Plait before 1.6 allows local users to overwrite arbitrary files via a ...)
+ TODO: check
+CVE-2008-4084 (SQL injection vulnerability in staticpages/easyclassifields/index.php ...)
+ TODO: check
+CVE-2008-4083 (Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in ...)
+ TODO: check
+CVE-2008-4082 (SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when ...)
+ TODO: check
+CVE-2008-4081 (admin/login.php in Stash 1.0.3 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-4080 (SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is ...)
+ TODO: check
+CVE-2008-4079 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x ...)
+ TODO: check
+CVE-2008-4078 (SQL injection vulnerability in the AR/AP transaction report in (1) ...)
+ TODO: check
+CVE-2008-4077 (The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) ...)
+ TODO: check
+CVE-2008-4076 (Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board ...)
+ TODO: check
+CVE-2008-4075 (Directory traversal vulnerability in index.php in D-iscussion Board ...)
+ TODO: check
+CVE-2008-4074 (SQL injection vulnerability in index.php in Zanfi Autodealers CMS ...)
+ TODO: check
+CVE-2008-4073 (SQL injection vulnerability in index.php in Zanfi Autodealers CMS ...)
+ TODO: check
+CVE-2008-4072 (Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 ...)
+ TODO: check
+CVE-2008-4071 (A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft ...)
+ TODO: check
+CVE-2008-4070
+ RESERVED
+CVE-2008-4069
+ RESERVED
+CVE-2008-4068
+ RESERVED
+CVE-2008-4067
+ RESERVED
+CVE-2008-4066
+ RESERVED
+CVE-2008-4065
+ RESERVED
+CVE-2008-4064
+ RESERVED
+CVE-2008-4063
+ RESERVED
+CVE-2008-4062
+ RESERVED
+CVE-2008-4061
+ RESERVED
+CVE-2008-4060
+ RESERVED
+CVE-2008-4059
+ RESERVED
+CVE-2008-4058
+ RESERVED
+CVE-2008-4057 (Unspecified vulnerability in Objective Development Sharity 3 before ...)
+ TODO: check
+CVE-2008-4056 (Cross-site scripting (XSS) vulnerability in admin/login.php in ...)
+ TODO: check
+CVE-2008-4055 (SQL injection vulnerability in tops_top.php in Million Pixel Ad Script ...)
+ TODO: check
+CVE-2008-4054 (SQL injection vulnerability in indir.php in Kolifa.net Download Script ...)
+ TODO: check
+CVE-2008-4053 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2008-4052 (Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity ...)
+ TODO: check
+CVE-2008-4051 (Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart ...)
+ TODO: check
+CVE-2008-4050 (A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly ...)
+ TODO: check
+CVE-2008-4049 (A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly ...)
+ TODO: check
+CVE-2008-4048 (Heap-based buffer overflow in a certain ActiveX control in ...)
+ TODO: check
+CVE-2008-4047 (Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) ...)
+ TODO: check
+CVE-2008-4046 (SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote ...)
+ TODO: check
+CVE-2008-4045 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 ...)
+ TODO: check
+CVE-2008-4044 (SQL injection vulnerability in article/readarticle.php in AJ Square ...)
+ TODO: check
+CVE-2008-4043 (Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow ...)
+ TODO: check
+CVE-2008-4042
+ REJECTED
+ TODO: check
+CVE-2008-4041 (The IMAP server in Softalk Mail Server (formerly WorkgroupMail) ...)
+ TODO: check
+CVE-2008-4040 (Directory traversal vulnerability in the Kyocera Command Center in ...)
+ TODO: check
+CVE-2008-4039 (SQL injection vulnerability in index.php in Spice Classifieds allows ...)
+ TODO: check
+CVE-2008-4038
+ RESERVED
+CVE-2008-4037
+ RESERVED
+CVE-2008-4036
+ RESERVED
+CVE-2008-4035
+ RESERVED
+CVE-2008-4034
+ RESERVED
+CVE-2008-4033
+ RESERVED
+CVE-2008-4032
+ RESERVED
+CVE-2008-4031
+ RESERVED
+CVE-2008-4030
+ RESERVED
+CVE-2008-4029
+ RESERVED
+CVE-2008-4028
+ RESERVED
+CVE-2008-4027
+ RESERVED
+CVE-2008-4026
+ RESERVED
+CVE-2008-4025
+ RESERVED
+CVE-2008-4024
+ RESERVED
+CVE-2008-4023
+ RESERVED
+CVE-2008-4022
+ RESERVED
+CVE-2008-4021
+ RESERVED
+CVE-2008-4020
+ RESERVED
+CVE-2008-4019
+ RESERVED
CVE-2008-4109 [unsafe sigdie function called by signal handler]
+ RESERVED
{DSA-1638-1 CVE-2006-5051}
- openssh 1:4.6p1-1 (low)
NOTE: The patch backported for CVE-2006-5051 was incorrect and did not
NOTE: fully address the issue. The upstream fix in 4.4p1 was
NOTE: right, and it the next unstable upload after that was 4.6p1.
CVE-2008-4100 [adns predictable transaction id's and source port]
+ RESERVED
- adns <unfixed> (unimportant; bug #492698)
NOTE: adns is not supported in untrusted contexts, see BR
CVE-2008-4099 [pydns predictable transaction id's and source port]
+ RESERVED
{DSA-1619-1}
- python-dns 2.3.1-5 (low; bug #490217)
CVE-2008-4096 [phpmyadmin code execution PMASA-2008-7]
+ RESERVED
- phpmyadmin <unfixed> (medium)
CVE-2008-XXXX [unsafe use of tempfile in ssmclient]
- smsclient <unfixed> (unimportant; bug #498901)
NOTE: script is not in use and only a suggestion for users
CVE-2008-4108 [unsafe use of tempfile in python]
+ RESERVED
- python-defaults <unfixed> (unimportant; bug #498899)
NOTE: script is an example, which can be used by users
CVE-2008-4018 (swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local ...)
@@ -148,8 +338,8 @@
NOT-FOR-US: EsFaq
CVE-2008-3951 (SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent ...)
NOT-FOR-US: The Real Estate Script
-CVE-2008-3950
- RESERVED
+CVE-2008-3950 (Off-by-one error in the ...)
+ TODO: check
CVE-2008-3949
RESERVED
CVE-2008-3948 (SQL injection vulnerability in admin/users/self-2.php in XRMS allows ...)
@@ -235,7 +425,7 @@
NOT-FOR-US: IBM AIX
CVE-2007-6716 (fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 ...)
TODO: check
-CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.62, in certain ...)
+CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain ...)
- ssmtp <unfixed> (low; bug #498366)
CVE-2008-3963 (MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does ...)
- mysql-dfsg-5.0 5.0.51a-15 (low; bug #498362)
@@ -310,7 +500,7 @@
NOT-FOR-US: Blogn
CVE-2008-3883 (configvar in Caudium 1.4.12 allows local users to overwrite arbitrary ...)
- caudium 1.4.12-11.1 (low; bug #496404)
-CVE-2008-3882 (ZoneMinder 1.23.3 and earlier allows remote attackers to execute ...)
+CVE-2008-3882 (Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and ...)
- zoneminder <unfixed> (bug #497640)
CVE-2008-3881 (Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder ...)
- zoneminder <unfixed> (low; bug #497640)
@@ -390,8 +580,7 @@
NOT-FOR-US: Old CVE id
CVE-2008-XXXX [nfdump vulnerable to symlink attacks]
- nfdump 1.5.7-5 (bug #497452)
-CVE-2008-3889 [postfix local DoS]
- RESERVED
+CVE-2008-3889 (Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before ...)
- postfix 2.5.5-1 (low)
[etch] - postfix <not-affected> (Vulnerable code not present)
NOTE: http://www.postfix.org/announcements/20080902.html
@@ -458,12 +647,10 @@
RESERVED
CVE-2008-3825
RESERVED
-CVE-2008-3824 [horde XSS]
- RESERVED
+CVE-2008-3824 (Cross-site scripting (XSS) vulnerability in (1) ...)
{DTSA-165-1}
- horde3 <unfixed>
-CVE-2008-3823 [horde missing input sanitation]
- RESERVED
+CVE-2008-3823 (Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in ...)
{DTSA-165-1}
- horde3 <unfixed>
CVE-2008-3822
@@ -1003,7 +1190,7 @@
RESERVED
CVE-2008-3632 (Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through ...)
TODO: check
-CVE-2008-3631 (Application Sandbox in Apple iPod touch 2.0 through 2.0.2 does not ...)
+CVE-2008-3631 (Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone ...)
NOT-FOR-US: Apple iPod
CVE-2008-3630 (mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an ...)
NOT-FOR-US: Apple Bonjour
@@ -1021,36 +1208,36 @@
NOT-FOR-US: Apple QuickTime
CVE-2008-3623
RESERVED
-CVE-2008-3622
- RESERVED
-CVE-2008-3621
- RESERVED
+CVE-2008-3622 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...)
+ TODO: check
+CVE-2008-3621 (VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 ...)
+ TODO: check
CVE-2008-3620
RESERVED
-CVE-2008-3619
- RESERVED
-CVE-2008-3618
- RESERVED
-CVE-2008-3617
- RESERVED
-CVE-2008-3616
- RESERVED
+CVE-2008-3619 (Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak ...)
+ TODO: check
+CVE-2008-3618 (The File Sharing pane in the Sharing preference pane in Apple Mac OS X ...)
+ TODO: check
+CVE-2008-3617 (Remote Management and Screen Sharing in Apple Mac OS X 10.5 through ...)
+ TODO: check
+CVE-2008-3616 (Multiple integer overflows in the SearchKit API in Apple Mac OS X ...)
+ TODO: check
CVE-2008-3615 (An unspecified third-party Indeo v5 codec for QuickTime, when used ...)
NOT-FOR-US: Apple QuickTime
CVE-2008-3614 (Integer overflow in Apple QuickTime before 7.5.5 on Windows allows ...)
NOT-FOR-US: Apple QuickTime
-CVE-2008-3613
- RESERVED
-CVE-2008-3612 (The Networking subsystem in Apple iPod touch 2.0 through 2.0.2 uses ...)
+CVE-2008-3613 (Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers ...)
+ TODO: check
+CVE-2008-3612 (The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and ...)
NOT-FOR-US: Apple iPod
-CVE-2008-3611
- RESERVED
-CVE-2008-3610
- RESERVED
-CVE-2008-3609
- RESERVED
-CVE-2008-3608
- RESERVED
+CVE-2008-3611 (Login Window in Apple Mac OS X 10.4.11 does not clear the current ...)
+ TODO: check
+CVE-2008-3610 (Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, ...)
+ TODO: check
+CVE-2008-3609 (The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly ...)
+ TODO: check
+CVE-2008-3608 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows ...)
+ TODO: check
CVE-2008-3607 (The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows ...)
NOT-FOR-US: NoticeWare Email Server NG
CVE-2008-3606 (Heap-based buffer overflow in the IMAP service in Qbik WinGate ...)
@@ -1099,8 +1286,8 @@
NOT-FOR-US: EZ Store (com_ezstore) component for Joomla!
CVE-2008-3585 (Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP ...)
NOT-FOR-US: PozScripts GreenCart PHP Shopping Cart
-CVE-2008-3584
- RESERVED
+CVE-2008-3584 (NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not ...)
+ TODO: check
CVE-2008-3583 (Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote ...)
NOT-FOR-US: IntelliTamper 2.07
CVE-2008-3582 (SQL injection vulnerability in login.php in Keld PHP-MySQL News Script ...)
@@ -1215,8 +1402,7 @@
TODO: check
CVE-2008-3530 (sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1 does not ...)
TODO: check
-CVE-2008-3529 [libxml long entity names]
- RESERVED
+CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex function in ...)
- libxml2 <unfixed> (bug #498768)
CVE-2008-3528
RESERVED
@@ -1771,8 +1957,8 @@
- linux-2.6.24 <unfixed>
- linux-2.6 <unfixed>
NOTE: d70b67c8bc72ee23b55381bd6a884f4796692f77
-CVE-2008-3274
- RESERVED
+CVE-2008-3274 (The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA ...)
+ TODO: check
CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP) before ...)
NOT-FOR-US: JBoss
CVE-2008-3272 (The snd_seq_oss_synth_make_info function in ...)
@@ -2541,8 +2727,8 @@
CVE-2008-2933 (Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' ...)
{DSA-1615-1 DSA-1614-1}
- iceweasel 3.0.1-1 (low)
-CVE-2008-2932
- RESERVED
+CVE-2008-2932 (Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote ...)
+ TODO: check
CVE-2008-2931 (The do_change_type function in fs/namespace.c in the Linux kernel ...)
{DSA-1630-1}
- linux-2.6 2.6.22
@@ -3708,8 +3894,8 @@
RESERVED
CVE-2008-2438
RESERVED
-CVE-2008-2437
- RESERVED
+CVE-2008-2437 (Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro ...)
+ TODO: check
CVE-2008-2436 (Multiple heap-based buffer overflows in the IppCreateServerRef ...)
TODO: check
CVE-2008-2435
@@ -3955,14 +4141,14 @@
NOT-FOR-US: W1L3D4 Philboard
CVE-2008-2333 (Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda ...)
NOT-FOR-US: Barracuda
-CVE-2008-2332
- RESERVED
-CVE-2008-2331
- RESERVED
-CVE-2008-2330
- RESERVED
-CVE-2008-2329
- RESERVED
+CVE-2008-2332 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows ...)
+ TODO: check
+CVE-2008-2331 (Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update ...)
+ TODO: check
+CVE-2008-2330 (slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 ...)
+ TODO: check
+CVE-2008-2329 (Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active ...)
+ TODO: check
CVE-2008-2328
RESERVED
CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, ...)
@@ -4000,8 +4186,8 @@
NOT-FOR-US: Mac OS X
CVE-2008-2313 (Apple Mac OS X before 10.5 uses weak permissions for the User Template ...)
NOT-FOR-US: Mac OS X
-CVE-2008-2312
- RESERVED
+CVE-2008-2312 (Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in ...)
+ TODO: check
CVE-2008-2311 (Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is ...)
NOT-FOR-US: Mac OS X
CVE-2008-2310 (Format string vulnerability in c++filt in Apple Mac OS X 10.5 before ...)
@@ -4016,8 +4202,8 @@
NOTE: http://trac.webkit.org/changeset/34204
CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret the ...)
NOT-FOR-US: Windows issue
-CVE-2008-2305
- RESERVED
+CVE-2008-2305 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...)
+ TODO: check
CVE-2008-2304 (Buffer overflow in Apple Core Image Fun House 2.0 and earlier in ...)
NOT-FOR-US: Apple Core Image Fun House
CVE-2008-2303 (Integer signedness error in Safari on Apple iPhone before 2.0 and iPod ...)
@@ -13202,7 +13388,7 @@
- php5 <unfixed> (unimportant)
NOTE: if the function is blacklisted but not its alias it is a configuration
NOTE: issue of the site not a vulnerability in php
-CVE-2007-5423 (Eval injection vulnerability in tiki-graph_formula.php in TikiWiki ...)
+CVE-2007-5423 (tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to ...)
- tikiwiki <removed>
CVE-2007-5422 (Unspecified vulnerability in "Solaris Auditing" in the Basic Security ...)
NOT-FOR-US: Solaris Auditing
@@ -37149,7 +37335,7 @@
NOT-FOR-US: Cosmoshop
CVE-2006-2474 (SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and ...)
NOT-FOR-US: Cosmoshop
-CVE-2006-2473 (Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki 0.78 ...)
+CVE-2006-2473 (** DISPUTED ** ...)
NOT-FOR-US: OpenWiki
CVE-2006-2472 (Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 ...)
NOT-FOR-US: BEA
More information about the Secure-testing-commits
mailing list