[Secure-testing-commits] r10957 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Jan 14 21:14:15 UTC 2009
Author: joeyh
Date: 2009-01-14 21:14:14 +0000 (Wed, 14 Jan 2009)
New Revision: 10957
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-14 20:44:23 UTC (rev 10956)
+++ data/CVE/list 2009-01-14 21:14:14 UTC (rev 10957)
@@ -1,40 +1,46 @@
-CVE-2008-5901
+CVE-2009-0117
+ RESERVED
+CVE-2009-0116
+ RESERVED
+CVE-2009-0115
+ RESERVED
+CVE-2008-5901 (iyzi Forum 1.0 beta 3 stores sensitive information under the web root ...)
NOT-FOR-US: iyzi Forum
-CVE-2008-5900
+CVE-2008-5900 (CodeAvalanche Articles stores sensitive information under the web root ...)
NOT-FOR-US: CodeAvalanche Articles
-CVE-2008-5899
+CVE-2008-5899 (CodeAvalanche FreeForAll stores sensitive information under the web ...)
NOT-FOR-US: CodeAvalanche FreeForAll
-CVE-2008-5898
+CVE-2008-5898 (CodeAvalanche Directory stores sensitive information under the web ...)
NOT-FOR-US: CodeAvalanche Directory
-CVE-2008-5897
+CVE-2008-5897 (CodeAvalanche FreeWallpaper stores sensitive information under the web ...)
NOT-FOR-US: CodeAvalanche FreeWallpaper
-CVE-2008-5896
+CVE-2008-5896 (CodeAvalanche RateMySite stores sensitive information under the web ...)
NOT-FOR-US: CodeAvalanche RateMySite
-CVE-2008-5895
+CVE-2008-5895 (SQL injection vulnerability in connection.php in Mediatheka 4.2 and ...)
NOT-FOR-US: Mediatheka
-CVE-2008-5894
+CVE-2008-5894 (Directory traversal vulnerability in index.php in Mediatheka 4.2 ...)
NOT-FOR-US: Mediatheka
-CVE-2008-5893
+CVE-2008-5893 (Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ...)
NOT-FOR-US: ClickAndEmail
-CVE-2008-5892
+CVE-2008-5892 (Multiple SQL injection vulnerabilities in ClickAndEmail allow remote ...)
NOT-FOR-US: ClickAndEmail
-CVE-2008-5891
+CVE-2008-5891 (Cross-site scripting (XSS) vulnerability in the profile editing ...)
NOT-FOR-US: Injader
-CVE-2008-5890
+CVE-2008-5890 (SQL injection vulnerability in feeds.php in Injader before 2.1.2 ...)
NOT-FOR-US: Injader
-CVE-2008-5889
+CVE-2008-5889 (Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank ...)
NOT-FOR-US: Click&Rank
-CVE-2008-5888
+CVE-2008-5888 (Multiple SQL injection vulnerabilities in Click&Rank allow remote ...)
NOT-FOR-US: Click&Rank
-CVE-2008-5887
+CVE-2008-5887 (phplist before 2.10.8 allows remote attackers to include files via ...)
NOT-FOR-US: phplist
-CVE-2008-5886
+CVE-2008-5886 (TAKempis Discussion Web 4.0 stores sensitive information under the web ...)
NOT-FOR-US: TAKempis Discussion Web
-CVE-2008-5885
+CVE-2008-5885 (The Net Guys ASPired2Quote stores sensitive information under the web ...)
NOT-FOR-US: Net Guys ASPired2Quote
-CVE-2008-5884
+CVE-2008-5884 (AyeView 2.20 allows user-assisted attackers to cause a denial of ...)
NOT-FOR-US: AyeView
-CVE-2008-5883
+CVE-2008-5883 (Absolute path traversal vulnerability in front-end/dir.php in mini-pub ...)
NOT-FOR-US: mini-pub
CVE-2009-XXXX [xrdp: multiple vulnerabilities]
- xrdp <unfixed> (bug #511641)
@@ -259,7 +265,8 @@
NOT-FOR-US: Emefa Guestbook
CVE-2008-5851 (SQL injection vulnerability in index.php in My PHP Baseball Stats ...)
NOT-FOR-US: My PHP Baseball Stats
-CVE-2008-5850 (** UNVERIFIABLE ** ...)
+CVE-2008-5850
+ REJECTED
NOT-FOR-US: Check Point
CVE-2008-5849 (Check Point VPN-1 R55, R65, and other versions, when Port Address ...)
NOT-FOR-US: Check Point
@@ -852,8 +859,7 @@
NOTE: unlike the advisory states it is DSA_do_verify not DSA_verify
NOTE: low severity because it is believed hard to trigger and only
NOTE: affects DNSSEC with DSA, which is supposedly rarely used.
-CVE-2009-0024 [sys_remap_file_pages privilege escalation]
- RESERVED
+CVE-2009-0024 (The sys_remap_file_pages function in mm/fremap.c in the Linux kernel ...)
- linux-2.6 2.6.24-4
[etch] - linux-2.6 <not-affected> (Introduced in 2.6.23)
NOTE: Fixed in 2.6.24 before initial upload
@@ -1046,8 +1052,8 @@
RESERVED
CVE-2008-5518
RESERVED
-CVE-2008-5517
- RESERVED
+CVE-2008-5517 (The web interface in git in SUSE openSUSE 10.3 allows remote attackers ...)
+ TODO: check
CVE-2008-5516
RESERVED
CVE-2008-5515
@@ -1059,13 +1065,13 @@
CVE-2008-5513 (Unspecified vulnerability in the session-restore feature in Mozilla ...)
- iceweasel 3.0.5-1
CVE-2008-5512 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
- {DSA-1697-1 DSA-1696-1}
+ {DSA-1704-1 DSA-1697-1 DSA-1696-1}
- iceweasel 3.0.5-1
- icedove 2.0.0.19-1
- iceape 1.1.14-1
- xulrunner 1.9.0.5-1
CVE-2008-5511 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
- {DSA-1697-1 DSA-1696-1}
+ {DSA-1704-1 DSA-1697-1 DSA-1696-1}
- iceweasel 3.0.5-1
- icedove 2.0.0.19-1
- iceape 1.1.14-1
@@ -1078,19 +1084,19 @@
CVE-2008-5509
RESERVED
CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
- {DSA-1697-1 DSA-1696-1}
+ {DSA-1704-1 DSA-1697-1 DSA-1696-1}
- iceweasel 3.0.5-1
- icedove 2.0.0.19-1
- iceape 1.1.14-1
- xulrunner 1.9.0.5-1
CVE-2008-5507 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
- {DSA-1697-1 DSA-1696-1}
+ {DSA-1704-1 DSA-1697-1 DSA-1696-1}
- iceweasel 3.0.5-1
- icedove 2.0.0.19-1
- iceape 1.1.14-1
- xulrunner 1.9.0.5-1
CVE-2008-5506 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
- {DSA-1697-1 DSA-1696-1}
+ {DSA-1704-1 DSA-1697-1 DSA-1696-1}
- iceweasel 3.0.5-1
- icedove 2.0.0.19-1
- iceape 1.1.14-1
@@ -1103,7 +1109,7 @@
NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
NOTE: Original fix for CVE-2008-3836 was incomplete
CVE-2008-5503 (The loadBindingDocument function in Mozilla Firefox 2.x before ...)
- {DSA-1697-1 DSA-1696-1}
+ {DSA-1704-1 DSA-1697-1 DSA-1696-1}
- iceape 1.1.13-1
- iceweasel 3.0
- xulrunner 1.9
@@ -1123,7 +1129,7 @@
[etch] - xulrunner <not-affected> (Xulrunner 1.8 not affected)
- icedove <not-affected> (This issue was FF3 only, CVE-2008-5500 affects icedove)
CVE-2008-5500 (The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before ...)
- {DSA-1697-1 DSA-1696-1}
+ {DSA-1704-1 DSA-1697-1 DSA-1696-1}
- iceweasel 3.0.5-1
- icedove 2.0.0.19-1
- iceape 1.1.14-1
@@ -1216,62 +1222,62 @@
RESERVED
CVE-2008-5464
RESERVED
-CVE-2008-5463
- RESERVED
-CVE-2008-5462
- RESERVED
-CVE-2008-5461
- RESERVED
-CVE-2008-5460
- RESERVED
-CVE-2008-5459
- RESERVED
-CVE-2008-5458
- RESERVED
-CVE-2008-5457
- RESERVED
-CVE-2008-5456
- RESERVED
-CVE-2008-5455
- RESERVED
-CVE-2008-5454
- RESERVED
+CVE-2008-5463 (Unspecified vulnerability in the PeopleSoft Enterprise Campus ...)
+ TODO: check
+CVE-2008-5462 (Unspecified vulnerability in the WebLogic Portal component in BEA ...)
+ TODO: check
+CVE-2008-5461 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
+ TODO: check
+CVE-2008-5460 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
+ TODO: check
+CVE-2008-5459 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
+ TODO: check
+CVE-2008-5458 (Unspecified vulnerability in the Oracle Application Object Library ...)
+ TODO: check
+CVE-2008-5457 (Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins ...)
+ TODO: check
+CVE-2008-5456 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
+ TODO: check
+CVE-2008-5455 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ...)
+ TODO: check
+CVE-2008-5454 (Unspecified vulnerability in the iProcurement component in Oracle ...)
+ TODO: check
CVE-2008-5453
RESERVED
-CVE-2008-5452
- RESERVED
-CVE-2008-5451
- RESERVED
-CVE-2008-5450
- RESERVED
-CVE-2008-5449
- RESERVED
-CVE-2008-5448
- RESERVED
-CVE-2008-5447
- RESERVED
-CVE-2008-5446
- RESERVED
-CVE-2008-5445
- RESERVED
-CVE-2008-5444
- RESERVED
-CVE-2008-5443
- RESERVED
-CVE-2008-5442
- RESERVED
-CVE-2008-5441
- RESERVED
-CVE-2008-5440
- RESERVED
-CVE-2008-5439
- RESERVED
-CVE-2008-5438
- RESERVED
-CVE-2008-5437
- RESERVED
-CVE-2008-5436
- RESERVED
+CVE-2008-5452 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
+ TODO: check
+CVE-2008-5451 (Unspecified vulnerability in the JD Edwards Tools component in Oracle ...)
+ TODO: check
+CVE-2008-5450 (Unspecified vulnerability in the Oracle Applications Platform ...)
+ TODO: check
+CVE-2008-5449 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
+ TODO: check
+CVE-2008-5448 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
+ TODO: check
+CVE-2008-5447 (Unspecified vulnerability in the Oracle Enterprise Manager component ...)
+ TODO: check
+CVE-2008-5446 (Unspecified vulnerability in the Oracle Applications Framework ...)
+ TODO: check
+CVE-2008-5445 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
+ TODO: check
+CVE-2008-5444 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
+ TODO: check
+CVE-2008-5443 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
+ TODO: check
+CVE-2008-5442 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
+ TODO: check
+CVE-2008-5441 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
+ TODO: check
+CVE-2008-5440 (Unspecified vulnerability in the TimesTen Data Server component in ...)
+ TODO: check
+CVE-2008-5439 (Unspecified vulnerability in the SQL*Plus Windows GUI component in ...)
+ TODO: check
+CVE-2008-5438 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
+ TODO: check
+CVE-2008-5437 (Unspecified vulnerability in the Job Queue component in Oracle ...)
+ TODO: check
+CVE-2008-5436 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
+ TODO: check
CVE-2008-5435 (Cross-site scripting (XSS) vulnerability in moderate.php in PunBB ...)
NOT-FOR-US: PunBB
CVE-2008-5434 (Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow ...)
@@ -1739,8 +1745,8 @@
NOT-FOR-US: Tornado Knowledge Retrieval System
CVE-2008-5263
RESERVED
-CVE-2008-5262
- RESERVED
+CVE-2008-5262 (Multiple stack-based buffer overflows in the iGetHdrHeader function in ...)
+ TODO: check
CVE-2008-5261
RESERVED
CVE-2008-5260
@@ -4008,8 +4014,7 @@
- net-snmp 5.4.1~dfsg-11 (bug #504150)
CVE-2008-4308
RESERVED
-CVE-2008-4307 [kernel: BUG() in locks_remove_flock]
- RESERVED
+CVE-2008-4307 (Race condition in the do_setlk function in fs/nfs/file.c in the Linux ...)
- linux-2.6 2.6.26-1
- linux-2.6.24 <removed>
CVE-2008-4306 (Buffer overflow in enscript before 1.6.4 has unknown impact and attack ...)
@@ -4718,14 +4723,14 @@
NOTE: script is an example, which can be used by users
CVE-2008-4018 (swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local ...)
NOT-FOR-US: IBM AIX
-CVE-2008-4017
- RESERVED
-CVE-2008-4016
- RESERVED
-CVE-2008-4015
- RESERVED
-CVE-2008-4014
- RESERVED
+CVE-2008-4017 (Unspecified vulnerability in the OC4J component in Oracle Application ...)
+ TODO: check
+CVE-2008-4016 (Unspecified vulnerability in the Collaborative Workspaces component in ...)
+ TODO: check
+CVE-2008-4015 (Unspecified vulnerability in the Oracle Streams component in Oracle ...)
+ TODO: check
+CVE-2008-4014 (Unspecified vulnerability in the Oracle BPEL Process Manager component ...)
+ TODO: check
CVE-2008-4013 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
NOT-FOR-US: BEA WebLogic
CVE-2008-4012 (Unspecified vulnerability in the WebLogic Workshop component in BEA ...)
@@ -4738,10 +4743,10 @@
NOT-FOR-US: BEA WebLogic
CVE-2008-4008 (Unspecified vulnerability in the WebLogic Server Plugins for Apache ...)
NOT-FOR-US: BEA WebLogic
-CVE-2008-4007
- RESERVED
-CVE-2008-4006
- RESERVED
+CVE-2008-4007 (Unspecified vulnerability in the PeopleSoft Enterprise Components ...)
+ TODO: check
+CVE-2008-4006 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
+ TODO: check
CVE-2008-4005 (Unspecified vulnerability in the Oracle Application Express component ...)
NOT-FOR-US: Oracle
CVE-2008-4004 (Unspecified vulnerability in the JDE EnterpriseOne Business Service ...)
@@ -4754,12 +4759,12 @@
NOT-FOR-US: Oracle
CVE-2008-4000 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
NOT-FOR-US: Oracle
-CVE-2008-3999
- RESERVED
+CVE-2008-3999 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
+ TODO: check
CVE-2008-3998 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
NOT-FOR-US: Oracle
-CVE-2008-3997
- RESERVED
+CVE-2008-3997 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
+ TODO: check
CVE-2008-3996 (Unspecified vulnerability in the Change Data Capture component in ...)
NOT-FOR-US: Oracle
CVE-2008-3995 (Unspecified vulnerability in the Change Data Capture component in ...)
@@ -4790,24 +4795,24 @@
NOT-FOR-US: Oracle
CVE-2008-3982 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
NOT-FOR-US: Oracle
-CVE-2008-3981
- RESERVED
+CVE-2008-3981 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
+ TODO: check
CVE-2008-3980 (Unspecified vulnerability in the Upgrade component in Oracle Database ...)
NOT-FOR-US: Oracle
-CVE-2008-3979
- RESERVED
-CVE-2008-3978
- RESERVED
+CVE-2008-3979 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
+ TODO: check
+CVE-2008-3978 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
+ TODO: check
CVE-2008-3977 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
NOT-FOR-US: Oracle
CVE-2008-3976 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
NOT-FOR-US: Oracle
CVE-2008-3975 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
NOT-FOR-US: Oracle
-CVE-2008-3974
- RESERVED
-CVE-2008-3973
- RESERVED
+CVE-2008-3974 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
+ TODO: check
+CVE-2008-3973 (Unspecified vulnerability in the SQL*Plus Windows GUI component in ...)
+ TODO: check
CVE-2008-3972 (pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to ...)
{DSA-1627-2}
- opensc 0.11.4-5
@@ -8163,8 +8168,8 @@
NOT-FOR-US: Oracle
CVE-2008-2624 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
NOT-FOR-US: Oracle
-CVE-2008-2623
- RESERVED
+CVE-2008-2623 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
+ TODO: check
CVE-2008-2622 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2621 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
More information about the Secure-testing-commits
mailing list