joeyh at alioth.debian.org
2008-Mar-04 21:14 UTC
[Secure-testing-commits] r8259 - data/CVE
Author: joeyh
Date: 2008-03-04 21:14:10 +0000 (Tue, 04 Mar 2008)
New Revision: 8259
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-03-04 16:18:05 UTC (rev 8258)
+++ data/CVE/list 2008-03-04 21:14:10 UTC (rev 8259)
@@ -1,4 +1,160 @@
+CVE-2008-1132 (Untrusted search path vulnerability in src/mainwindow.c in Net
...)
+ TODO: check
+CVE-2008-1131 (Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows
remote ...)
+ TODO: check
+CVE-2008-1130 (Unspecified vulnerability in IBM WebSphere MQ 6.0.x before
6.0.2.2 and ...)
+ TODO: check
+CVE-2008-1129 (Cross-site scripting (XSS) vulnerability in admin/users/self.php
in ...)
+ TODO: check
+CVE-2008-1128 (PHP remote file inclusion vulnerability in tourney/index.php in
...)
+ TODO: check
+CVE-2008-1127 (Format string vulnerability in the cryactio function in Crysis
...)
+ TODO: check
+CVE-2008-1126 (PHP remote file inclusion vulnerability in main.php in Barryvan
Compo ...)
+ TODO: check
+CVE-2008-1125 (Multiple directory traversal vulnerabilities in Podcast
Generator 1.0 ...)
+ TODO: check
+CVE-2008-1124 (Multiple PHP remote file inclusion vulnerabilities in Podcast
...)
+ TODO: check
+CVE-2008-1123 (Multiple PHP remote file inclusion vulnerabilities in
SiteBuilder ...)
+ TODO: check
+CVE-2008-1122 (SQL injection vulnerability in index.php in Koobi Pro 5.7 allows
...)
+ TODO: check
+CVE-2008-1121 (SQL injection vulnerability in index.php in eazyPortal 1.0 and
earlier ...)
+ TODO: check
+CVE-2008-1120 (Format string vulnerability in the embedded Internet Explorer
...)
+ TODO: check
+CVE-2008-1119 (Directory traversal vulnerability in include/doc/get_image.php
in ...)
+ TODO: check
+CVE-2008-1118
+ RESERVED
+CVE-2008-1117
+ RESERVED
+CVE-2008-1116 (Insecure method vulnerability in the Web Scan Object ActiveX
control ...)
+ TODO: check
+CVE-2008-1115 (Unspecified vulnerability in Sun Solaris 8 directory functions
allows ...)
+ TODO: check
+CVE-2008-1114 (Vocera Communications wireless handsets, when using Protected
...)
+ TODO: check
+CVE-2008-1113 (Cisco Unified Wireless IP Phone 7921, when using Protected
Extensible ...)
+ TODO: check
+CVE-2008-1112
+ REJECTED
+ TODO: check
+CVE-2008-1110 (Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in
the ...)
+ TODO: check
+CVE-2008-1109
+ RESERVED
+CVE-2008-1108
+ RESERVED
+CVE-2008-1107
+ RESERVED
+CVE-2008-1106
+ RESERVED
+CVE-2008-1105
+ RESERVED
+CVE-2008-1104
+ RESERVED
+CVE-2008-1103
+ RESERVED
+CVE-2008-1102
+ RESERVED
+CVE-2008-1101
+ RESERVED
+CVE-2008-1100
+ RESERVED
+CVE-2008-1099
+ RESERVED
+CVE-2008-1098
+ RESERVED
+CVE-2008-1097
+ RESERVED
+CVE-2008-1096
+ RESERVED
+CVE-2008-1095 (Unspecified vulnerability in the Internet Protocol (IP)
implementation ...)
+ TODO: check
+CVE-2008-1094
+ RESERVED
+CVE-2008-1093
+ RESERVED
+CVE-2008-1092
+ RESERVED
+CVE-2008-1091
+ RESERVED
+CVE-2008-1090
+ RESERVED
+CVE-2008-1089
+ RESERVED
+CVE-2008-1088
+ RESERVED
+CVE-2008-1087
+ RESERVED
+CVE-2008-1086
+ RESERVED
+CVE-2008-1085
+ RESERVED
+CVE-2008-1084
+ RESERVED
+CVE-2008-1083
+ RESERVED
+CVE-2008-1082 (Opera before 9.26 allows remote attackers to "bypass
sanitization ...)
+ TODO: check
+CVE-2008-1081 (Opera before 9.26 allows user-assisted remote attackers to
execute ...)
+ TODO: check
+CVE-2008-1080 (Opera before 9.26 allows user-assisted remote attackers to read
...)
+ TODO: check
+CVE-2008-1079
+ RESERVED
+CVE-2008-1078 (expn in the am-utils and net-fs packages for Gentoo, rPath
Linux, and ...)
+ TODO: check
+CVE-2008-1077 (SQL injection vulnerability in index.php in the Simpleboard ...)
+ TODO: check
+CVE-2008-1076 (Cross-site scripting (XSS) vulnerability in search.php in
Interspire ...)
+ TODO: check
+CVE-2008-1075 (Cross-site scripting (XSS) vulnerability in index.php in Maian
Cart ...)
+ TODO: check
+CVE-2008-1074 (PHP remote file inclusion vulnerability in lib/head_auth.php in
...)
+ TODO: check
+CVE-2008-1073 (Cross-site scripting (XSS) vulnerability in the report interface
in ...)
+ TODO: check
+CVE-2008-1072 (The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0
through ...)
+ TODO: check
+CVE-2008-1071 (The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6
through ...)
+ TODO: check
+CVE-2008-1070 (The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5
through ...)
+ TODO: check
+CVE-2008-1069 (Multiple PHP remote file inclusion vulnerabilities in Quantum
Game ...)
+ TODO: check
+CVE-2008-1068 (Multiple PHP remote file inclusion vulnerabilities in Portail
Web Php ...)
+ TODO: check
+CVE-2008-1067 (Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin
2.2.7 ...)
+ TODO: check
+CVE-2008-1066 (The modifier.regex_replace.php plugin in Smarty before 2.6.19,
as used ...)
+ TODO: check
+CVE-2008-1065 (Multiple SQL injection vulnerabilities in index.php in the ...)
+ TODO: check
+CVE-2008-1064 (Cross-site scripting (XSS) vulnerability in images.php in the
Red ...)
+ TODO: check
+CVE-2008-1063 (Cross-site scripting (XSS) vulnerability index.php in the ...)
+ TODO: check
+CVE-2008-1062 (InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home
Theater ...)
+ TODO: check
+CVE-2008-1061 (Multiple cross-site scripting (XSS) vulnerabilities in the
Sniplets ...)
+ TODO: check
+CVE-2008-1060 (Eval injection vulnerability in modules/execute.php in the
Sniplets ...)
+ TODO: check
+CVE-2008-1059 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-1058 (The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1
and 4.2 ...)
+ TODO: check
+CVE-2008-1057 (The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD
4.2 ...)
+ TODO: check
+CVE-2008-1056 (Multiple stack-based buffer overflows in Symark PowerBroker 2.8
...)
+ TODO: check
+CVE-2003-1545 (Absolute path traversal vulnerability in nukestyles.com
viewpage.php ...)
+ TODO: check
CVE-2008-1111 [lighttpd sends cgi source if it fails to fork the cgi handler]
+ RESERVED
- lighttpd <unfixed> (low; bug #469307)
CVE-2008-XXXX [insecure default behaviour in rxvt for handling DISPLAY
variable]
- rxvt <unfixed> (bug #469296)
@@ -154,7 +310,7 @@
CVE-2006-7232 (sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before
5.1.14 ...)
- mysql-dfsg-4.1 <removed>
- mysql-dfsg-5.0 5.0.32-1
-CVE-2008-0984 (The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier
allows ...)
+CVE-2008-0984 (The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier,
as ...)
{DTSA-116-1}
- vlc 0.8.6.c-6 (medium; bug #467652)
CVE-2008-6426
@@ -259,18 +415,16 @@
NOT-FOR-US: NukeC phpnuke module
CVE-2008-0933 (Multiple race conditions in the CPU Performance Counters (cpc)
...)
NOT-FOR-US: Sun Solaris
-CVE-2008-0931 [broken permissions in xwine configuration]
- RESERVED
+CVE-2008-0931 (w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure ...)
- xwine <unfixed> (low; bug #468050)
NOTE: will be removed soon
-CVE-2008-0930 [insecure use of temporary files in xwine]
- RESERVED
+CVE-2008-0930 (w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local
users to ...)
- xwine <unfixed> (low; bug #468050)
NOTE: will be removed soon
CVE-2008-0929
REJECTED
-CVE-2008-0928
- RESERVED
+CVE-2008-0928 (Qemu 0.9.1 and earlier does not perform range checks for block
device ...)
+ TODO: check
CVE-2008-0927
RESERVED
CVE-2008-0926
@@ -354,7 +508,7 @@
CVE-2008-0887
RESERVED
CVE-2008-0886
- RESERVED
+ REJECTED
CVE-2008-0885
RESERVED
CVE-2008-0884
@@ -977,8 +1131,7 @@
- cupsys <not-affected> (mimeDeleteType included since 1.2.x)
CVE-2008-0596 (Memory leak in CUPS before 1.1.22, and possibly other versions,
allows ...)
- cupsys <not-affected> (version in unstable has better array handling
and is not vulnerable, exact version unknown)
-CVE-2008-0595
- RESERVED
+CVE-2008-0595 (dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20,
recognizes ...)
- dbus 1.1.20-1
CVE-2008-0594 (Mozilla Firefox before 2.0.0.12 does not always display a web
forgery ...)
{DSA-1506-1 DSA-1489-1 DSA-1485-1 DSA-1484-1}
@@ -1439,8 +1592,7 @@
- xulrunner 1.8.1.12-1
- iceape 1.1.8-1
- icedove <unfixed>
-CVE-2008-0411 [ghostscript buffer overflow]
- RESERVED
+CVE-2008-0411 (Stack-based buffer overflow in the zseticcspace function in
zicc.c in ...)
{DSA-1510-1}
- ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190)
CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel
2.4.21 ...)
@@ -1511,8 +1663,8 @@
CVE-2008-0386 (Xdg-utils 1.0.2 and earlier allows user-assisted remote
attackers to ...)
- xdg-utils <not-affected> (Ships a patch that modifies the vulnerable
code and uses sed secure)
NOTE: xdg-open-generic replaces the vulnerable code and runs view-mailcap or
sensible-browser
-CVE-2008-0385
- RESERVED
+CVE-2008-0385 (SQL injection vulnerability in server/widgetallocator.php in
Urulu 2.1 ...)
+ TODO: check
CVE-2008-0384 (OpenBSD 4.2 allows local users to cause a denial of service
(kernel ...)
NOT-FOR-US: OpenBSD
CVE-2008-0383 (Multiple SQL injection vulnerabilities in MyBB 1.2.10 and
earlier ...)
@@ -1669,20 +1821,20 @@
RESERVED
CVE-2008-0310
RESERVED
-CVE-2008-0309
- RESERVED
-CVE-2008-0308
- RESERVED
+CVE-2008-0309 (Stack-based buffer overflow in Symantec Decomposer, as used in
certain ...)
+ TODO: check
+CVE-2008-0308 (Symantec Decomposer, as used in certain Symantec antivirus
products ...)
+ TODO: check
CVE-2008-0307
RESERVED
CVE-2008-0306
RESERVED
CVE-2008-0305
RESERVED
-CVE-2008-0304
- RESERVED
-CVE-2008-0303
- RESERVED
+CVE-2008-0304 (Heap-based buffer overflow in Mozilla Thunderbird before
2.0.0.12 and ...)
+ TODO: check
+CVE-2008-0303 (The FTP print feature in multiple Canon printers, including ...)
+ TODO: check
CVE-2008-0301
RESERVED
CVE-2008-0300
@@ -2131,8 +2283,8 @@
RESERVED
CVE-2008-0125
RESERVED
-CVE-2008-0124
- RESERVED
+CVE-2008-0124 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y)
before ...)
+ TODO: check
CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for
Moodle ...)
- moodle <unfixed> (unimportant)
NOTE: the issue itself has a quite small attack vector
@@ -2788,7 +2940,7 @@
NOT-FOR-US: Oracle database component in Sun Management Center
CVE-2007-6479 (Unrestricted file upload vulnerability in the "My
productions" ...)
NOT-FOR-US: Dokeos
-CVE-2007-6478 (Stack-based buffer overflow in Rosoft Media Player 4.1.7 allows
remote ...)
+CVE-2007-6478 (Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8,
and ...)
NOT-FOR-US: Rosoft Media Player
CVE-2007-6477 (Cross-site scripting (XSS) vulnerability in the on-line help
feature ...)
NOT-FOR-US: Citrix Web Interface and NFuse
@@ -3368,8 +3520,8 @@
RESERVED
CVE-2007-6253
RESERVED
-CVE-2007-6252
- RESERVED
+CVE-2007-6252 (Multiple stack-based buffer overflows in the Learn2 Corporation
...)
+ TODO: check
CVE-2007-6251
RESERVED
CVE-2007-6250 (Stack-based buffer overflow in AOL AOLMediaPlaybackControl ...)
@@ -3960,10 +4112,10 @@
{DSA-1470-1}
- horde3 3.1.6-1 (bug #461131; low)
- imp4 <not-affected> (xss.php is only present in horde3 package)
-CVE-2007-6017
- RESERVED
-CVE-2007-6016
- RESERVED
+CVE-2007-6017 (A Symantec ActiveX control related to the scheduler component in
the ...)
+ TODO: check
+CVE-2007-6016 (Multiple stack-based buffer overflows in a Symantec ActiveX
control ...)
+ TODO: check
CVE-2007-6015 (Stack-based buffer overflow in the send_mailslot function in
nmbd in ...)
{DSA-1427-1 DTSA-100-1}
- samba 3.0.28-1 (high)
@@ -6130,8 +6282,8 @@
CVE-2007-5398 (Stack-based buffer overflow in the reply_netbios_packet function
in ...)
{DSA-1409-3 DSA-1409-2 DSA-1409-1}
- samba 3.0.27-1 (high)
-CVE-2007-5397
- RESERVED
+CVE-2007-5397 (Heap-based buffer overflow in the activePDF Server service (aka
...)
+ TODO: check
CVE-2007-5396 (Format string vulnerability in the ext_yahoo_contact_added
function in ...)
NOT-FOR-US: Miranda
CVE-2007-5395 (Stack-based buffer overflow in the separate_word function in
...)