[Secure-testing-commits] r9846 - data/CVE
thomasbl-guest at alioth.debian.org
thomasbl-guest at alioth.debian.org
Fri Sep 19 19:27:26 UTC 2008
Author: thomasbl-guest
Date: 2008-09-19 19:27:25 +0000 (Fri, 19 Sep 2008)
New Revision: 9846
Modified:
data/CVE/list
Log:
nfu's
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-09-19 18:44:18 UTC (rev 9845)
+++ data/CVE/list 2008-09-19 19:27:25 UTC (rev 9846)
@@ -301,7 +301,7 @@
CVE-2008-3973
RESERVED
CVE-2008-3972 (pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to ...)
- TODO: check
+ NOT-FOR-US: pkcs15-tool in OpenSC
CVE-2008-3971 (Heap-based buffer overflow in the open_man_file function in ...)
- gmanedit 0.4.1-1.1 (medium; bug #497835)
CVE-2008-3970 (pam_mount 0.10 through 0.45, when luserconf is enabled, does not ...)
@@ -345,9 +345,9 @@
CVE-2008-3948 (SQL injection vulnerability in admin/users/self-2.php in XRMS allows ...)
NOT-FOR-US: XRMS
CVE-2008-3947 (DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain ...)
- TODO: check
+ NOT-FOR-US: OpenVMS
CVE-2008-3946 (The finger client in HP TCP/IP Services for OpenVMS 5.x allows local ...)
- TODO: check
+ NOT-FOR-US: OpenVMS
CVE-2008-3945 (SQL injection vulnerability in index.php in Words tag 1.2 allows ...)
NOT-FOR-US: Words tag
CVE-2008-3944 (SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows ...)
@@ -359,7 +359,7 @@
CVE-2008-3941 (Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and ...)
NOT-FOR-US: BizDirectory
CVE-2008-3940 (Format string vulnerability in the finger client in HP TCP/IP Services ...)
- TODO: check
+ NOT-FOR-US: OpenVMS
CVE-2008-3939 (Directory traversal vulnerability in the web interface in AVTECH PageR ...)
NOT-FOR-US: AVTECH PageR Enterprise
CVE-2008-3938 (Cross-site request forgery (CSRF) vulnerability in user_admin.php in ...)
@@ -418,7 +418,7 @@
- ruby1.8 1.8.7.72-1 (bug #498978)
- ruby1.9 <unfixed> (bug #498977)
CVE-2008-3903 (Asterisk PBX 1.2 through 1.6 and Trixbox PBX 2.6.1, when running with ...)
- TODO: check
+ NOT-FOR-US: Asterisk PBX
CVE-2008-3902 (HP firmware 68DTT F.0D stores pre-boot authentication passwords in the ...)
NOT-FOR-US: HP firmware 68DTT
CVE-2007-6717 (Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and ...)
@@ -490,7 +490,7 @@
CVE-2008-3891 (The SAML Single Sign-On (SSO) Service for Google Apps allows remote ...)
NOT-FOR-US: SAML Service for Google Apps
CVE-2008-3890 (The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2008-3888 (SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 ...)
NOT-FOR-US: Mini-NUKE Freehost
CVE-2008-3887 (Multiple SQL injection vulnerabilities in index.php in dotProject ...)
@@ -1213,35 +1213,35 @@
CVE-2008-3623
RESERVED
CVE-2008-3622 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2008-3621 (VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-3620
RESERVED
CVE-2008-3619 (Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-3618 (The File Sharing pane in the Sharing preference pane in Apple Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-3617 (Remote Management and Screen Sharing in Apple Mac OS X 10.5 through ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-3616 (Multiple integer overflows in the SearchKit API in Apple Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-3615 (An unspecified third-party Indeo v5 codec for QuickTime, when used ...)
NOT-FOR-US: Apple QuickTime
CVE-2008-3614 (Integer overflow in Apple QuickTime before 7.5.5 on Windows allows ...)
NOT-FOR-US: Apple QuickTime
CVE-2008-3613 (Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-3612 (The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and ...)
NOT-FOR-US: Apple iPod
CVE-2008-3611 (Login Window in Apple Mac OS X 10.4.11 does not clear the current ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-3610 (Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-3609 (The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-3608 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-3607 (The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows ...)
NOT-FOR-US: NoticeWare Email Server NG
CVE-2008-3606 (Heap-based buffer overflow in the IMAP service in Qbik WinGate ...)
@@ -1291,7 +1291,7 @@
CVE-2008-3585 (Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP ...)
NOT-FOR-US: PozScripts GreenCart PHP Shopping Cart
CVE-2008-3584 (NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not ...)
- TODO: check
+ NOT-FOR-US: NetBSD
CVE-2008-3583 (Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote ...)
NOT-FOR-US: IntelliTamper 2.07
CVE-2008-3582 (SQL injection vulnerability in login.php in Keld PHP-MySQL News Script ...)
@@ -1379,7 +1379,7 @@
CVE-2008-3540
RESERVED
CVE-2008-3539 (Unspecified vulnerability in HP OpenView Select Identity (HPSI) ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Select Identity (HPSI)
CVE-2008-3538 (Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 ...)
NOT-FOR-US: HP Enterprise Discovery
CVE-2008-3537 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node ...)
@@ -1405,7 +1405,7 @@
CVE-2008-3531 (Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in ...)
TODO: check
CVE-2008-3530 (sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1 does not ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex function in ...)
- libxml2 <unfixed> (bug #498768)
CVE-2008-3528
@@ -2577,13 +2577,13 @@
CVE-2008-3016
RESERVED
CVE-2008-3015 (Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office XP
CVE-2008-3014 (Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3013 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3012 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3011
RESERVED
CVE-2008-3010
@@ -2591,9 +2591,9 @@
CVE-2008-3009
RESERVED
CVE-2008-3008 (Buffer overflow in a certain ActiveX control in wmex.dll in Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Media Encoder
CVE-2008-3007 (Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office XP
CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 ...)
NOT-FOR-US: Microsoft Office Excel
CVE-2008-3005 (Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 ...)
@@ -3264,15 +3264,15 @@
CVE-2008-2737
REJECTED
CVE-2008-2736 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...)
- TODO: check
+ NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2735 (The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 ...)
- TODO: check
+ NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2734 (Memory leak in the crypto functionality in Cisco Adaptive Security ...)
- TODO: check
+ NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2733 (Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 ...)
- TODO: check
+ NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2732 (Multiple unspecified vulnerabilities in the SIP inspection ...)
- TODO: check
+ NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2731
RESERVED
CVE-2008-2730 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...)
@@ -3846,7 +3846,7 @@
CVE-2008-2465
RESERVED
CVE-2008-2464 (The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD ...)
- TODO: check
+ NOT-FOR-US: NetBSD
CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx, ...)
NOT-FOR-US: Microsoft Office Snapshot Viewer ActiveX
CVE-2008-2462 (Cross-site scripting (XSS) vulnerability in the viewfile documentation ...)
@@ -3892,7 +3892,7 @@
CVE-2008-2442
RESERVED
CVE-2008-2441 (Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x ...)
- TODO: check
+ NOT-FOR-US: Cisco Secure ACS
CVE-2008-2440
RESERVED
CVE-2008-2439
@@ -3900,9 +3900,9 @@
CVE-2008-2438
RESERVED
CVE-2008-2437 (Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-2436 (Multiple heap-based buffer overflows in the IppCreateServerRef ...)
- TODO: check
+ NOT-FOR-US: Novell iPrint Client
CVE-2008-2435
RESERVED
CVE-2008-2434
@@ -4147,20 +4147,20 @@
CVE-2008-2333 (Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda ...)
NOT-FOR-US: Barracuda
CVE-2008-2332 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-2331 (Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-2330 (slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-2329 (Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-2328
RESERVED
CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, ...)
{DSA-1632-1 DTSA-160-1}
- tiff 3.8.2-11 (medium)
CVE-2008-2326 (mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for ...)
- TODO: check
+ NOT-FOR-US: Apple Bonjour for Windows
CVE-2008-2325 (QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers ...)
NOT-FOR-US: Apple Mac OS X
CVE-2008-2324 (The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 ...)
@@ -4192,7 +4192,7 @@
CVE-2008-2313 (Apple Mac OS X before 10.5 uses weak permissions for the User Template ...)
NOT-FOR-US: Mac OS X
CVE-2008-2312 (Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2008-2311 (Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is ...)
NOT-FOR-US: Mac OS X
CVE-2008-2310 (Format string vulnerability in c++filt in Apple Mac OS X 10.5 before ...)
@@ -4208,7 +4208,7 @@
CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret the ...)
NOT-FOR-US: Windows issue
CVE-2008-2305 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...)
- TODO: check
+ NOT-FOR-US: Apple Type Services (ATS)
CVE-2008-2304 (Buffer overflow in Apple Core Image Fun House 2.0 and earlier in ...)
NOT-FOR-US: Apple Core Image Fun House
CVE-2008-2303 (Integer signedness error in Safari on Apple iPhone before 2.0 and iPod ...)
@@ -4310,7 +4310,7 @@
CVE-2008-2254 (Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2253 (Unspecified vulnerability in Microsoft Windows Media Player 11 allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-2252
RESERVED
CVE-2008-2251
@@ -5488,7 +5488,7 @@
CVE-2008-1740 (The Presence Engine (PE) service in Cisco Unified Presence before ...)
NOT-FOR-US: Cisco firmware
CVE-2008-1739 (Apple QuickTime before 7.4.5 allows remote attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2008-1738 (Rising Antivirus 2008 before 20.38.20 allows local users to cause a ...)
NOT-FOR-US: Rising Antivirus
CVE-2008-1737 (Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime ...)
@@ -5685,7 +5685,7 @@
- linux-2.6.24 2.6.24-6~etchnhalf.2
NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9, fixed in 2.6.24.7 and 2.6.25.2
CVE-2008-1668 (ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns ...)
- TODO: check
+ NOT-FOR-US: wu-ftpd in HP-UX
CVE-2008-1667 (The Probe Builder Service (aka PBOVISServer.exe) in European ...)
NOT-FOR-US: Probe Builder 2.2
CVE-2008-1666 (Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, ...)
@@ -6807,7 +6807,7 @@
CVE-2008-1198 (The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 ...)
NOT-FOR-US: Red Hat specific
CVE-2008-1197 (The Marvell driver for the Netgear WN802T Wi-Fi access point with ...)
- TODO: check
+ NOT-FOR-US: Marvell driver for the Netgear WN802T Wi-Fi access point
CVE-2008-1196 (Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK ...)
- sun-java6 6-05-1 (medium)
- sun-java5 1.5.0-15-1 (medium)
@@ -6950,7 +6950,7 @@
- kfreebsd-6 <unfixed> (bug #483152)
- kfreebsd-7 <unfixed> (bug #483152)
CVE-2008-1144 (The Marvell driver for the Netgear WN802T Wi-Fi access point with ...)
- TODO: check
+ NOT-FOR-US: Marvell driver for the Netgear WN802T Wi-Fi access point
CVE-2008-1143
RESERVED
CVE-2008-1141 (Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier ...)
@@ -13255,7 +13255,7 @@
CVE-2007-5475
RESERVED
CVE-2007-5474 (The driver for the Linksys WRT350N Wi-Fi access point with firmware ...)
- TODO: check
+ NOT-FOR-US: Linksys WRT350N Wi-Fi access point
CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when ...)
- mono <not-affected> (Windows-specific vulnerability)
CVE-2007-5472 (Cross-site scripting (XSS) vulnerability in the Server component in CA ...)
@@ -13710,7 +13710,7 @@
CVE-2007-5349
RESERVED
CVE-2007-5348 (Heap-based buffer overflow in the vector graphics link library in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5347 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5346
More information about the Secure-testing-commits
mailing list