[Secure-testing-commits] r42822 - data/CVE
Henri Salo
fgeek-guest at moszumanska.debian.org
Mon Jun 27 14:01:38 UTC 2016
Author: fgeek-guest
Date: 2016-06-27 14:01:38 +0000 (Mon, 27 Jun 2016)
New Revision: 42822
Modified:
data/CVE/list
Log:
cleanup
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-27 13:37:58 UTC (rev 42821)
+++ data/CVE/list 2016-06-27 14:01:38 UTC (rev 42822)
@@ -1105,7 +1105,7 @@
[wheezy] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2559
-CVE-2016-5322 [extractContigSamplesBytes: out-of-bounds read]
+CVE-2016-5322 [extractContigSamplesBytes: out-of-bounds read]
RESERVED
- tiff <unfixed>
[jessie] - tiff <no-dsa> (Minor issue)
@@ -1130,7 +1130,7 @@
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2557
TODO: check, disputable that this actually would be as well a nautilus issue
-CVE-2016-5316 [tif_pixarlog.c: PixarLogCleanup() Segmentation fault]
+CVE-2016-5316 [tif_pixarlog.c: PixarLogCleanup() Segmentation fault]
RESERVED
- tiff <unfixed>
- tiff3 <removed>
@@ -11117,7 +11117,7 @@
- ruby-actionpack-3.2 <removed>
- ruby-actionpack-2.3 <removed>
[wheezy] - ruby-actionpack-2.3 <end-of-life>
- NOTE: Versions Affected: 3.2.x, 4.0.x, 4.1.x
+ NOTE: Versions Affected: 3.2.x, 4.0.x, 4.1.x
NOTE: Not affected: 4.2+
NOTE: Fixed Versions: 3.2.22.2, 4.1.14.2
TODO: check, for src:rails should actually not be affected since original patch complete
@@ -11203,7 +11203,7 @@
{DSA-3472-1 DLA-418-1}
- wordpress 4.4.2+dfsg-1 (bug #813697)
NOTE: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
- NOTE: https://core.trac.wordpress.org/changeset/36444
+ NOTE: https://core.trac.wordpress.org/changeset/36444
NOTE: http://www.openwall.com/lists/oss-security/2016/02/04/4
CVE-2016-2222 (The wp_http_validate_url function in wp-includes/http.php in WordPress ...)
{DSA-3472-1 DLA-418-1}
@@ -12303,7 +12303,7 @@
CVE-2016-1834 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
{DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
- NOTE: https://git.gnome.org/browse/libxml2/commit/?id=8fbbf5513d609c1770b391b99e33314cd0742704 (v2.9.4)
+ NOTE: https://git.gnome.org/browse/libxml2/commit/?id=8fbbf5513d609c1770b391b99e33314cd0742704 (v2.9.4)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=763071
CVE-2016-1833 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
{DSA-3593-1 DLA-503-1}
@@ -12592,7 +12592,7 @@
[wheezy] - jasper <no-dsa> (Minor issue)
[squeeze] - jasper <no-dsa> (Minor issue)
CVE-2016-1715 (The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 ...)
- NOT-FOR-US: swin.sys kernel driver in McAfee Application Control
+ NOT-FOR-US: swin.sys kernel driver in McAfee Application Control
CVE-2016-1713
RESERVED
CVE-2016-1712
@@ -20869,7 +20869,7 @@
CVE-2015-7629 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 ...)
NOT-FOR-US: Adobe Flash Player
CVE-2015-7628 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on ...)
- NOT-FOR-US: Adobe Flash Player
+ NOT-FOR-US: Adobe Flash Player
CVE-2015-7627 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on ...)
NOT-FOR-US: Adobe Flash Player
CVE-2015-7626 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on ...)
@@ -21296,7 +21296,7 @@
- linux 4.3.3-3
- linux-2.6 <removed>
[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
- NOTE: https://git.kernel.org/linus/0185604c2d82c560dab2f2933a18f797e74ab5a8 (v4.4-rc7)
+ NOTE: https://git.kernel.org/linus/0185604c2d82c560dab2f2933a18f797e74ab5a8 (v4.4-rc7)
CVE-2015-7512 (Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in ...)
{DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-1 (bug #806741)
@@ -24306,7 +24306,7 @@
{DSA-3539-1 DLA-393-1}
[experimental] - srtp 1.5.3~dfsg-1
- srtp 1.4.5~20130609~dfsg-1.2 (bug #807698)
- NOTE: Fix: https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c21638b8dc3de2
+ NOTE: Fix: https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c21638b8dc3de2
NOTE: Fixup: https://github.com/cisco/libsrtp/commit/be95365fbb4788b688cab7af61c65b7989055fb4
NOTE: Fixup: https://github.com/cisco/libsrtp/commit/be06686c8e98cc7bd934e10abb6f5e971d03f8ee
NOTE: Fixup: https://github.com/cisco/libsrtp/commit/cdc69f2acde796a4152a250f869271298abc233f
@@ -37818,7 +37818,7 @@
[jessie] - openssl <not-affected> (Vulnerable code not present)
[wheezy] - openssl <not-affected> (Vulnerable code not present)
[squeeze] - openssl <not-affected> (Vulnerable code not present)
- NOTE: https://www.openssl.org/news/secadv/20151203.txt
+ NOTE: https://www.openssl.org/news/secadv/20151203.txt
CVE-2015-1793 (The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL ...)
- openssl 1.0.2d-1
[jessie] - openssl <not-affected> (Vulnerable code not present)
@@ -44467,7 +44467,7 @@
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://github.com/mantisbt/mantisbt/commit/511564cc
- NOTE: http://www.mantisbt.org/bugs/view.php?id=17890
+ NOTE: http://www.mantisbt.org/bugs/view.php?id=17890
CVE-2014-9280 (The current_user_get_bug_filter function in core/current_user_api.php ...)
{DSA-3120-1}
- mantis <removed>
@@ -54708,7 +54708,7 @@
CVE-2014-5251 (The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x ...)
- keystone 2014.1.2.1-1
[wheezy] - keystone <not-affected> (Affects 2014.1 versions up to 2014.1.1)
- NOTE: https://launchpad.net/bugs/1347961
+ NOTE: https://launchpad.net/bugs/1347961
NOTE: https://git.openstack.org/cgit/openstack/keystone/commit/?id=6cbf835542d62e6e5db4b4aef7141b1731cad9dc
CVE-2014-5263 (vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not ...)
- qemu 2.1+dfsg-1
@@ -61511,7 +61511,7 @@
- linux <not-affected> (Introduced and fixed in 3.14)
- linux-2.6 <not-affected> ((Introduced and fixed in 3.14)
CVE-2014-2729 (Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS ...)
- NOT-FOR-US: Ektron Web Content Management System
+ NOT-FOR-US: Ektron Web Content Management System
CVE-2014-2728
RESERVED
CVE-2014-2727
@@ -63368,7 +63368,7 @@
CVE-2014-2052
RESERVED
- owncloud 6.0.2+dfsg-1
- NOTE: owncloud advisory does not mention details for ZendFramework
+ NOTE: owncloud advisory does not mention details for ZendFramework
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
NOTE: The reference wrt zendframework is for CVE-2012-6532
CVE-2014-2051 (ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote ...)
@@ -65620,7 +65620,7 @@
{DSA-2846-1}
- libvirt 1.2.1-1 (bug #735676)
[squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1047577
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1047577
NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=066c8ef6c18bc1faf8b3e10787b39796a7a06cc0
NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=173c2914734eb5c32df6d35a82bf503e12261bcf
CVE-2014-1409
@@ -68178,7 +68178,7 @@
RESERVED
- clamav 0.97.7+dfsg-1
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6809
- NOTE: https://github.com/vrtadmin/clamav-devel/commit/e8e3746266dd3f82054ca137b81b800e54de6ebd
+ NOTE: https://github.com/vrtadmin/clamav-devel/commit/e8e3746266dd3f82054ca137b81b800e54de6ebd
CVE-2013-7087 [[clamav: WWPack corrupt heap memory]
RESERVED
- clamav 0.97.7+dfsg-1
@@ -70322,9 +70322,9 @@
CVE-2013-6686 (The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows ...)
NOT-FOR-US: Cisco IOS
CVE-2013-6685 (The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak ...)
- NOT-FOR-US: Cisco Unified IP phones
+ NOT-FOR-US: Cisco Unified IP phones
CVE-2013-6684 (The web framework on Cisco Wireless LAN Controller (WLC) devices does ...)
- NOT-FOR-US: Cisco Wireless LAN Controller
+ NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2013-6683 (The IPv6 implementation in Cisco NX-OS does not properly handle ...)
NOT-FOR-US: Cisco NX-OS
CVE-2013-6682 (The phone-proxy implementation in Cisco Adaptive Security Appliance ...)
@@ -72180,7 +72180,7 @@
CVE-2013-6011 (Citrix NetScaler Application Delivery Controller (ADC) 10.0 before ...)
NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6010 (Cross-site scripting (XSS) vulnerability in the Comment Attachment ...)
- NOT-FOR-US: Wordpress Comment-Attachment plugin, not in Debian
+ NOT-FOR-US: Wordpress Comment-Attachment plugin, not in Debian
CVE-2013-6009 (CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, ...)
- open-xchange <itp> (bug #269329)
CVE-2013-6008
@@ -73764,9 +73764,9 @@
CVE-2013-5418 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
NOT-FOR-US: IBM WebSphere
CVE-2013-5417 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
- NOT-FOR-US: IBM WebSphere Application Server
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-5416 (Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, ...)
- NOT-FOR-US: IBM Rational ClearCase
+ NOT-FOR-US: IBM Rational ClearCase
CVE-2013-5415 (Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x ...)
NOT-FOR-US: IBM Rational ClearCase
CVE-2013-5414 (The migration functionality in IBM WebSphere Application Server (WAS) ...)
@@ -76924,7 +76924,7 @@
CVE-2013-4245 [Arbitrary code execution due to insecure CWD Python module load]
RESERVED
- gnome-orca <unfixed> (unimportant)
- NOTE: Negligable security impact
+ NOTE: Negligable security impact
CVE-2013-4244 (The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier ...)
{DSA-2744-1}
- tiff 4.0.3-3
@@ -77547,7 +77547,7 @@
CVE-2013-4071
RESERVED
CVE-2013-4070 (The Portal application in IBM SPSS Collaboration and Deployment ...)
- NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
+ NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4069 (The Portal application in IBM SPSS Collaboration and Deployment ...)
NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4068 (Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 ...)
@@ -79741,7 +79741,7 @@
CVE-2013-3096
RESERVED
CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link ...)
- NOT-FOR-US: D-Link
+ NOT-FOR-US: D-Link
CVE-2013-3094
RESERVED
CVE-2013-3093
@@ -82587,7 +82587,7 @@
RESERVED
- dolibarr 3.3.4-1
CVE-2013-2090 (The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche ...)
- NOT-FOR-US: Creme Fraiche Ruby Gem
+ NOT-FOR-US: Creme Fraiche Ruby Gem
CVE-2013-2089 (Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows ...)
- owncloud <not-affected> (Only affects 5.0.x)
CVE-2013-2088 (contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 ...)
@@ -87191,7 +87191,7 @@
CVE-2013-0664 (The FactoryCast service on the Schneider Electric Quantum 140NOE77111 ...)
NOT-FOR-US: Schneider Electric Quantum modules
CVE-2013-0663 (Cross-site request forgery (CSRF) vulnerability on the Schneider ...)
- NOT-FOR-US: Schneider Electric Quantum modules
+ NOT-FOR-US: Schneider Electric Quantum modules
CVE-2013-0662 (Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider ...)
NOT-FOR-US: Schneider Electric
CVE-2013-0661
@@ -99170,7 +99170,7 @@
CVE-2012-2554
RESERVED
CVE-2012-2553 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
- NOT-FOR-US: Microsoft Windows
+ NOT-FOR-US: Microsoft Windows
CVE-2012-2552 (Cross-site scripting (XSS) vulnerability in the SQL Server Report ...)
NOT-FOR-US: Microsoft SQL Server
CVE-2012-2551 (The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, ...)
@@ -100320,7 +100320,7 @@
CVE-2012-2141 (Array index error in the handle_nsExtendOutput2Table function in ...)
- net-snmp 5.4.3~dfsg-2.5 (low; bug #672492)
[squeeze] - net-snmp 5.4.3~dfsg-2+squeeze1
- NOTE: Red Hat patch: https://bugzilla.redhat.com/attachment.cgi?id=580443&action=diff
+ NOTE: Red Hat patch: https://bugzilla.redhat.com/attachment.cgi?id=580443&action=diff
CVE-2012-2140 (The Mail gem before 2.4.3 for Ruby allows remote attackers to execute ...)
- ruby-mail 2.4.4-1
CVE-2012-2139 (Directory traversal vulnerability in ...)
@@ -120917,7 +120917,7 @@
CVE-2010-4544 (Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus ...)
NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5036 (traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows ...)
- NOT-FOR-US: IBM Lotus Notes Traveler
+ NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5035 (The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not ...)
NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5034 (IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated ...)
@@ -142361,7 +142361,7 @@
- kfreebsd-7 7.2-2
[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2009-1934 (Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in ...)
- NOT-FOR-US: Sun Java System Web Server
+ NOT-FOR-US: Sun Java System Web Server
CVE-2009-1933 (Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, ...)
NOT-FOR-US: Solaris
CVE-2008-6825 (Directory traversal vulnerability in user/index.php in Fonality ...)
@@ -142597,7 +142597,7 @@
CVE-2009-1854 (Million Dollar Text Links 1.0 allows remote attackers to bypass ...)
NOT-FOR-US: Million Dollar Text Links
CVE-2009-1853 (Multiple SQL injection vulnerabilities in index.php in Kensei Board ...)
- NOT-FOR-US: Kensei Board
+ NOT-FOR-US: Kensei Board
CVE-2009-1852 (Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow ...)
NOT-FOR-US: Graphiks MyForum
CVE-2009-1851 (SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and ...)
@@ -151289,7 +151289,7 @@
CVE-2008-5209 (Directory traversal vulnerability in modules/download/get_file.php in ...)
NOT-FOR-US: Admidio
CVE-2008-5208 (SQL injection vulnerability in sub_votepic.php in the Datsogallery ...)
- NOT-FOR-US: Datsogallery joomla module
+ NOT-FOR-US: Datsogallery joomla module
CVE-2008-5207 (Multiple directory traversal vulnerabilities in Jonascms 1.2 allow ...)
NOT-FOR-US: Jonascms
CVE-2008-5206 (PHP remote file inclusion vulnerability in modules/mod_mainmenu.php in ...)
@@ -151700,7 +151700,7 @@
CVE-2008-5039 (Cross-site scripting (XSS) vulnerability in the League module for ...)
NOT-FOR-US: PHP-Nuke
CVE-2008-5038 (Use-after-free vulnerability in the NetWare Core Protocol (NCP) ...)
- NOT-FOR-US: Novell eDirectory
+ NOT-FOR-US: Novell eDirectory
CVE-2008-5037 (SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 ...)
NOT-FOR-US: ElkaGroup Image Gallery
CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend]
@@ -151855,7 +151855,7 @@
{DSA-1680-1}
- clamav 0.94.dfsg.1-1 (bug #505134)
CVE-2008-4991 (SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and ...)
- NOT-FOR-US: LOCKON CO.,LTD. EC-CUBE
+ NOT-FOR-US: LOCKON CO.,LTD. EC-CUBE
CVE-2008-XXXX [yzis insecure temp file]
- yzis 1.0~alpha1-2 (bug #504680)
CVE-2008-5113 (WordPress 2.6.3 relies on the REQUEST superglobal array in certain ...)
@@ -152705,7 +152705,7 @@
CVE-2008-4602 (Directory traversal vulnerability in index.php in Post Affiliate Pro ...)
NOT-FOR-US: Post Affiliate Pro
CVE-2008-4601 (Cross-site scripting (XSS) vulnerability in the login feature in ...)
- NOT-FOR-US: Habari CMS
+ NOT-FOR-US: Habari CMS
CVE-2008-4600 (configure.php in PokerMax Poker League Tournament Script 0.13 allows ...)
NOT-FOR-US: PokerMax Poker League Tournament Script
CVE-2008-4599 (SQL injection vulnerability in category.php in Mosaic Commerce allows ...)
@@ -152902,7 +152902,7 @@
CVE-2008-4525 (SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows ...)
NOT-FOR-US: AmpJuke
CVE-2008-4524 (SQL injection vulnerability in the "Check User" feature ...)
- NOT-FOR-US: AdaptCMS
+ NOT-FOR-US: AdaptCMS
CVE-2008-4523 (SQL injection vulnerability in login.php in IP Reg 0.4 and earlier ...)
NOT-FOR-US: IP Reg
CVE-2008-4522 (Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio ...)
@@ -153049,9 +153049,9 @@
CVE-2008-4449 (Stack-based buffer overflow in mIRC 6.34 allows remote attackers to ...)
NOT-FOR-US: mIRC
CVE-2008-4448 (Cross-site request forgery (CSRF) vulnerability in actions.php in ...)
- NOT-FOR-US: Positive Software H-Sphere WebShell
+ NOT-FOR-US: Positive Software H-Sphere WebShell
CVE-2008-4447 (Cross-site scripting (XSS) vulnerability in actions.php in Positive ...)
- NOT-FOR-US: Positive Software H-Sphere WebShell
+ NOT-FOR-US: Positive Software H-Sphere WebShell
CVE-2008-4446 (Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 ...)
NOT-FOR-US: Nucleus EUC-JP
CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream ...)
@@ -153078,7 +153078,7 @@
CVE-2008-4436 (SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog ...)
NOT-FOR-US: bBlog
CVE-2008-4435 (Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT ...)
- NOT-FOR-US: RMSOFT Downloads Plus
+ NOT-FOR-US: RMSOFT Downloads Plus
CVE-2008-4434 (Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and ...)
NOT-FOR-US: uTorrent/Bittorrent
CVE-2008-4433 (SQL injection vulnerability in search.php in the RMSOFT MiniShop ...)
@@ -153383,7 +153383,7 @@
CVE-2008-4329 (PHP remote file inclusion vulnerability in cms/system/openengine.php ...)
NOT-FOR-US: openEngine
CVE-2008-4328 (SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 ...)
- NOT-FOR-US: EasyRealtorPRO
+ NOT-FOR-US: EasyRealtorPRO
CVE-2008-4327 (gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly ...)
NOT-FOR-US: Microsoft
CVE-2008-4326 (The PMA_escapeJsString function in libraries/js_escape.lib.php in ...)
@@ -153582,7 +153582,7 @@
CVE-2008-4235
RESERVED
CVE-2008-4234 (Incomplete blacklist vulnerability in the Quarantine feature in ...)
- NOT-FOR-US: CoreTypes Apple Mac OS X
+ NOT-FOR-US: CoreTypes Apple Mac OS X
CVE-2008-4233 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch ...)
NOT-FOR-US: Apple
CVE-2008-4232 (Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch ...)
@@ -154730,9 +154730,9 @@
CVE-2008-3773 (Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and ...)
NOT-FOR-US: vBulletin
CVE-2008-3772 (SQL injection vulnerability in categories_portal.php in Pars4u ...)
- NOT-FOR-US: Pars4u Videosharing
+ NOT-FOR-US: Pars4u Videosharing
CVE-2008-3771 (Cross-site scripting (XSS) vulnerability in members.php in Pars4u ...)
- NOT-FOR-US: Pars4u Videosharing
+ NOT-FOR-US: Pars4u Videosharing
CVE-2008-3770 (Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, ...)
NOT-FOR-US: Freeway
CVE-2008-3769 (PHP remote file inclusion vulnerability in admin/create_order_new.php ...)
@@ -154976,13 +154976,13 @@
CVE-2008-3706 (SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 ...)
NOT-FOR-US: ZEEJOBSITE
CVE-2008-3705 (Stack-based buffer overflow in the CLogger::WriteFormated function in ...)
- NOT-FOR-US: EchoVNC Linux
+ NOT-FOR-US: EchoVNC Linux
CVE-2008-3704 (Heap-based buffer overflow in the MaskedEdit ActiveX control in ...)
NOT-FOR-US: Msmask32.ocx
CVE-2008-3703 (The management console in the Volume Manager Scheduler Service (aka ...)
NOT-FOR-US: Symantec Veritas Storage Foundation
CVE-2008-3702 (Multiple stack-based buffer overflows in the Animation GIF ActiveX ...)
- NOT-FOR-US: SpeedBit Download Accelerator Plus
+ NOT-FOR-US: SpeedBit Download Accelerator Plus
CVE-2008-3701 (SQL injection vulnerability in staff/index.php in Kayako SupportSuite ...)
NOT-FOR-US: Kayako SupportSuite
CVE-2008-3700 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...)
@@ -155041,9 +155041,9 @@
CVE-2008-3674 (SQL injection vulnerability in ugroups.php in PozScripts TubeGuru ...)
NOT-FOR-US: PozScripts TubeGuru Video Sharing Script
CVE-2008-3673 (SQL injection vulnerability in browsecats.php in PozScripts Classified ...)
- NOT-FOR-US: PozScripts Classified Ads
+ NOT-FOR-US: PozScripts Classified Ads
CVE-2008-3672 (SQL injection vulnerability in showcategory.php in PozScripts ...)
- NOT-FOR-US: PozScripts Classified Ads
+ NOT-FOR-US: PozScripts Classified Ads
CVE-2008-3671 (Acronis True Image Echo Server 9.x build 8072 on Linux does not ...)
NOT-FOR-US: Echo Server
CVE-2008-3670 (SQL injection vulnerability in authordetail.php in Article Friendly ...)
@@ -155901,7 +155901,7 @@
- trac 0.11-1
[etch] - trac 0.10.3-1etch4
CVE-2008-3324 (The PartyGaming PartyPoker client program 121/120 does not properly ...)
- NOT-FOR-US: PartyGaming PartyPoker
+ NOT-FOR-US: PartyGaming PartyPoker
CVE-2008-3323 (setup.exe before 2.573.2.3 in Cygwin does not properly verify the ...)
NOT-FOR-US: Cygwin
CVE-2008-3322 (admin/index.php in Maian Recipe 1.2 and earlier allows remote ...)
@@ -156360,7 +156360,7 @@
CVE-2008-3128 (Directory traversal vulnerability in search.php in Pivot 1.40.5 allows ...)
NOT-FOR-US: Pivot
CVE-2008-3127 (PHP remote file inclusion vulnerability in hioxBannerRotate.php in ...)
- NOT-FOR-US: HIOX Banner Rotator
+ NOT-FOR-US: HIOX Banner Rotator
CVE-2008-3126 (Multiple stack-based buffer overflows in the ServerView web interface ...)
NOT-FOR-US: Fujitsu Siemens Computers ServerView
CVE-2008-3125 (SQL injection vulnerability in index.php in Mole Group Lastminute ...)
@@ -157852,7 +157852,7 @@
CVE-2008-2509 (SQL injection vulnerability in pwd.asp in Excuse Online allows remote ...)
NOT-FOR-US: Excuse Online
CVE-2008-2508 (Cross-site scripting (XSS) vulnerability in news.php in Tr Script News ...)
- NOT-FOR-US: Tr Script News
+ NOT-FOR-US: Tr Script News
CVE-2008-2507 (Cross-site scripting (XSS) vulnerability in Calcium40.pl in Brown Bear ...)
NOT-FOR-US: Brown Bear Software Calcium
CVE-2008-2506 (Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 ...)
@@ -158738,7 +158738,7 @@
CVE-2008-2115 (Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ...)
NOT-FOR-US: ScriptsEZ.net Power Editor
CVE-2008-2114 (SQL injection vulnerability in emall/search.php in Pre Shopping Mall ...)
- NOT-FOR-US: Pre Shopping Mall
+ NOT-FOR-US: Pre Shopping Mall
CVE-2008-2113 (SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 ...)
NOT-FOR-US: PHPEasyData
CVE-2003-1558 (Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to ...)
@@ -158956,9 +158956,9 @@
CVE-2008-2028 (miniBB 2.2, and possibly earlier, when register_globals is enabled, ...)
NOT-FOR-US: miniBB
CVE-2008-2027 (Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA ...)
- NOT-FOR-US: RSA Authentication Agent
+ NOT-FOR-US: RSA Authentication Agent
CVE-2008-2026 (Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in ...)
- NOT-FOR-US: RSA Authentication Agent
+ NOT-FOR-US: RSA Authentication Agent
CVE-2008-2025 (Cross-site scripting (XSS) vulnerability in Apache Struts before ...)
- libstruts1.2-java 1.2.9-3.1 (low; bug #528352)
[lenny] - libstruts1.2-java <no-dsa> (Minor issue)
@@ -160571,7 +160571,7 @@
CVE-2008-1370 (PHP remote file inclusion vulnerability in index.php in wildmary Yap ...)
NOT-FOR-US: wildmary Yap Blog
CVE-2008-1369 (A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and ...)
- NOT-FOR-US: Sun Solaris
+ NOT-FOR-US: Sun Solaris
CVE-2008-1368 (CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-1367 (gcc 4.3.x does not generate a cld instruction while compiling ...)
@@ -163238,7 +163238,7 @@
CVE-2008-0266 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
NOT-FOR-US: eTicket
CVE-2008-0265 (Multiple cross-site scripting (XSS) vulnerabilities in the Search ...)
- NOT-FOR-US: F5 BIG-IP
+ NOT-FOR-US: F5 BIG-IP
CVE-2008-0264 (Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 ...)
NOT-FOR-US: Meta Tags module for Drupal
CVE-2008-0263 (The SIP module in Ingate Firewall before 4.6.1 and SIParator before ...)
@@ -166723,7 +166723,7 @@
CVE-2007-5661 (The Macrovision InstallShield InstallScript One-Click Install (OCI) ...)
NOT-FOR-US: Macrovision InstallShield
CVE-2007-5660 (Unspecified vulnerability in the Update Service ActiveX control in ...)
- NOT-FOR-US: MacroVision FLEXnet Connect and InstallShield 2008
+ NOT-FOR-US: MacroVision FLEXnet Connect and InstallShield 2008
CVE-2007-5659 (Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and ...)
NOT-FOR-US: Adobe Reader
CVE-2007-5658 (Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and ...)
More information about the Secure-testing-commits
mailing list