thr3ads.net - Secure testing commits - [Secure-testing-commits] r8792

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-May-13 09:14 UTC
[Secure-testing-commits] r8792 - data/CVE

Author: joeyh
Date: 2008-05-13 09:14:15 +0000 (Tue, 13 May 2008)
New Revision: 8792

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-05-12 21:52:44 UTC (rev 8791)
+++ data/CVE/list	2008-05-13 09:14:15 UTC (rev 8792)
@@ -1,8 +1,104 @@
-CVE-2008-2142 [emacs code execution in fast-lock-mode]
+CVE-2008-2162 (Cross-site scripting (XSS) vulnerability in SonicWall Email
Security ...)
+	TODO: check
+CVE-2008-2161 (Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and
possibly ...)
+	TODO: check
+CVE-2008-2160 (Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF
image ...)
+	TODO: check
+CVE-2008-2159 (Microsoft Internet Explorer 7 can save encrypted pages in the
cache ...)
+	TODO: check
+CVE-2008-2158
+	RESERVED
+CVE-2008-2157
+	RESERVED
+CVE-2008-2156
+	RESERVED
+CVE-2008-2155
+	RESERVED
+CVE-2008-2154
+	RESERVED
+CVE-2008-2153
+	RESERVED
+CVE-2008-2152
+	RESERVED
+CVE-2008-2151
+	RESERVED
+CVE-2008-2150
+	RESERVED
+CVE-2008-2149 (Stack-based buffer overflow in the searchwn function in Wordnet
2.0, ...)
+	TODO: check
+CVE-2008-2148 (The utimensat system call in Linux kernel 2.6.22 and other
versions ...)
+	TODO: check
+CVE-2008-2145 (Stack-based buffer overflow in Novell Client 4.91 SP4 and
earlier ...)
+	TODO: check
+CVE-2008-2144 (Multiple unspecified vulnerabilities in Solaris print service
for Sun ...)
+	TODO: check
+CVE-2008-2143 (Unspecified versions of Microsoft Outlook Web Access (OWA) use
the ...)
+	TODO: check
+CVE-2008-2141
+	RESERVED
+CVE-2008-2140 (Cross-site request forgery (CSRF) vulnerability in the rootpw
plugin ...)
+	TODO: check
+CVE-2008-2139 (The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does
not ...)
+	TODO: check
+CVE-2008-2138 (Oracle Application Server (OracleAS) Portal 10g allows remote
...)
+	TODO: check
+CVE-2008-2137
+	RESERVED
+CVE-2008-2136
+	RESERVED
+CVE-2008-2135 (Multiple SQL injection vulnerabilities in VisualShapers
ezContents ...)
+	TODO: check
+CVE-2008-2134 (The Journal module in Tru-Zone Nuke ET 3.x allows remote
attackers to ...)
+	TODO: check
+CVE-2008-2133 (Cross-site scripting (XSS) vulnerability in the Journal module
in ...)
+	TODO: check
+CVE-2008-2132 (SQL injection vulnerability in step1.asp in Systementor
PostcardMentor ...)
+	TODO: check
+CVE-2008-2131 (Cross-site scripting (XSS) vulnerability in mvnForum 1.1 GA
allows ...)
+	TODO: check
+CVE-2008-2130 (SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5
allows ...)
+	TODO: check
+CVE-2008-2129 (SQL injection vulnerability in index.php in Galleristic 1.0,
when ...)
+	TODO: check
+CVE-2008-2128 (PHP remote file inclusion vulnerability in templates/header.php
in CMS ...)
+	TODO: check
+CVE-2008-2127 (Cross-site scripting (XSS) vulnerability in search.php in CMS
Faethon ...)
+	TODO: check
+CVE-2008-2126 (Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS
0.1 ...)
+	TODO: check
+CVE-2008-2125 (SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6
and ...)
+	TODO: check
+CVE-2008-2124 (SQL injection vulnerability in modules/print.asp in fipsASP
fipsCMS ...)
+	TODO: check
+CVE-2008-2123 (Cross-site scripting (XSS) vulnerability in WGate in SAP
Internet ...)
+	TODO: check
+CVE-2008-2122 (IBM Rational Build Forge 7.0.2 allows remote attackers to cause
a ...)
+	TODO: check
+CVE-2008-2121 (The TCP implementation in Sun Solaris 8, 9, and 10 allows remote
...)
+	TODO: check
+CVE-2008-2120 (Unspecified vulnerability in Sun Java System Application Server
7 ...)
+	TODO: check
+CVE-2008-2119
+	RESERVED
+CVE-2008-2118 (SQL injection vulnerability in info.php in Project Alumni 1.0.9
allows ...)
+	TODO: check
+CVE-2008-2117 (Cross-site scripting (XSS) vulnerability in pages/news.page.inc
in ...)
+	TODO: check
+CVE-2008-2116 (Multiple directory traversal vulnerabilities in editor.php in
...)
+	TODO: check
+CVE-2008-2115 (Multiple cross-site scripting (XSS) vulnerabilities in
editor.php in ...)
+	TODO: check
+CVE-2008-2114 (SQL injection vulnerability in emall/search.php in Pre Shopping
Mall ...)
+	TODO: check
+CVE-2008-2113 (SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4
...)
+	TODO: check
+CVE-2003-1558 (Buffer overflow in httpd.c of fnord 1.6 allows remote attackers
to ...)
+	TODO: check
+CVE-2008-2142 (Emacs 21 and XEmacs automatically load and execute .flc (fast
lock) ...)
 	- emacs22 <unfixed> (low; bug #480885)
 	- xemacs21 <unfixed> (low; bug #480886)
 	- emacs21 <unfixed> (low; bug #480877)
-CVE-2008-2147 [vlc privilege escalation]
+CVE-2008-2147 (Untrusted search path vulnerability in VideoLAN VLC before 0.9.0
...)
 	- vlc <unfixed> (low; bug #480724)
 	NOTE: https://trac.videolan.org/vlc/ticket/1578
 	NOTE:
http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181
@@ -29,7 +125,7 @@
 	NOTE: closely related to CVE-2008-2108
 CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote
authenticated ...)
 	NOT-FOR-US: Call of Duty
-CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, and later versions before 3.0,
allows ...)
+CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.3, and 3.1.x
before ...)
 	- bugzilla 3.0.4-1
 	[etch] - bugzilla <not-affected> (vulnerable code introduced in 2.23.4)
 CVE-2008-2104 (The WebService in Bugzilla before 3.1.3 allows remote
authenticated ...)
@@ -96,10 +192,10 @@
 	NOT-FOR-US: vlbook
 CVE-2008-2072 (Cross-site scripting (XSS) vulnerability in index.php in Virtual
...)
 	NOT-FOR-US: vlbook
-CVE-2008-2071
-	RESERVED
-CVE-2008-2070
-	RESERVED
+CVE-2008-2071 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the WHM ...)
+	TODO: check
+CVE-2008-2070 (The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and
11.22 ...)
+	TODO: check
 CVE-2008-2069 (Buffer overflow in Novell GroupWise 7 allows remote attackers to
cause ...)
 	NOT-FOR-US: Novell GroupWise
 CVE-2008-2068 (Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows
...)
@@ -150,8 +246,7 @@
 	NOT-FOR-US: netOffice Dwins
 CVE-2008-2043 (Multiple cross-site request forgery (CSRF) vulnerabilities in
cPanel, ...)
 	NOT-FOR-US: cPanel
-CVE-2008-2085 [stack-based buffer overflow in get_remote_ip_media and
get_remote_ipv6_media function]
-	RESERVED
+CVE-2008-2085 (Multiple stack-based buffer overflows in the (1)
get_remote_ip_media ...)
 	- sip-tester 2.0.1-1.2 (low; bug #479039)
 CVE-2008-2051 (The escapeshellcmd API function in PHP before 5.2.6 has unknown
impact ...)
 	{DSA-1572-1}
@@ -236,8 +331,8 @@
 	RESERVED
 CVE-2008-2005 (The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink
before ...)
 	NOT-FOR-US: SuiteLink
-CVE-2008-2004
-	RESERVED
+CVE-2008-2004 (The drive_init function in QEMU 0.9.1 determines the format of a
raw ...)
+	TODO: check
 CVE-2008-2003 (BadBlue 2.72 Personal Edition stores multiple programs in the
web ...)
 	NOT-FOR-US: BadBlue
 CVE-2008-2002 (Multiple cross-site request forgery (CSRF) vulnerabilities on
Motorola ...)
@@ -333,7 +428,7 @@
 	NOT-FOR-US: Tr Script News
 CVE-2008-1957 (SQL injection vulnerability in news.php in Tr Script News 2.1
allows ...)
 	NOT-FOR-US: Tr Script News
-CVE-2008-2146 [privilege escalation in wordpress]
+CVE-2008-2146 (wp-includes/vars.php in Wordpress before 2.2.3 does not properly
...)
 	{DSA-1564-1}
 	- wordpress 2.2.3-1
 	NOTE: http://trac.wordpress.org/ticket/4748
@@ -473,7 +568,7 @@
 	NOT-FOR-US: Carbon Communities
 CVE-2008-1899
 	RESERVED
-CVE-2008-1898 (WkImgSrv.dll 7.03.0616 in Microsoft Works 7 allows remote
attackers to ...)
+CVE-2008-1898 (A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as
distributed ...)
 	NOT-FOR-US: Microsoft Works
 CVE-2008-1897 (The IAX2 channel driver (chan_iax2) in Asterisk Open Source
1.0.x, ...)
 	{DSA-1563-1}
@@ -511,8 +606,8 @@
 CVE-2008-1881 (Stack-based buffer overflow in the ParseSSA function ...)
 	{DTSA-125-1}
 	- vlc 0.8.6.e-2.1 (medium; bug #477805)
-CVE-2008-1880
-	RESERVED
+CVE-2008-1880 (The default configuration of Firebird before 2.0.3.12981.0-r6 on
...)
+	TODO: check
 CVE-2008-1879
 	RESERVED
 CVE-2007-6715 (Mozilla Firefox allows remote attackers to cause a denial of
service ...)
@@ -672,16 +767,13 @@
 	RESERVED
 CVE-2008-1804
 	RESERVED
-CVE-2008-1803 [rdesktop signedness error in xrealloc]
-	RESERVED
+CVE-2008-1803 (Integer signedness error in the xrealloc function (rdesktop.c)
in ...)
 	{DSA-1573-1}
 	- rdesktop 1.5.0-4+cvs20071006 (bug #480135)
-CVE-2008-1802 [rdesktop heap overflow via RDP redirect request]
-	RESERVED
+CVE-2008-1802 (Buffer overflow in the process_redirect_pdu (rdp.c) function in
...)
 	{DSA-1573-1}
 	- rdesktop 1.5.0-4+cvs20071006 (bug #480134)
-CVE-2008-1801 [rdesktop heap overflow]
-	RESERVED
+CVE-2008-1801 (Integer underflow in the iso_recv_msg function (iso.c) in
rdesktop ...)
 	{DSA-1573-1}
 	- rdesktop 1.5.0-4+cvs20071006 (bug #480133)
 CVE-2008-1800 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
@@ -935,7 +1027,7 @@
 	NOTE: see GfxFont.cc GfxFont::readEmbFontFile, line 362 checks if the font
file is
 	NOTE: a stream or not. Anyone knows a fixed version?
 	- texlive-base <not-affected> (Vulnerable code not present)
-CVE-2008-1692 (Eterm 0.9.4 opens an xterm on :0 if -display is not specified
and the ...)
+CVE-2008-1692 (Eterm 0.9.4 opens a terminal window on :0 if -display is not
specified ...)
 	- eterm 0.9.4.0debian1-2.1 (unimportant; bug #473127)
 CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0
and ...)
 	NOT-FOR-US: SLMail Pro
@@ -975,8 +1067,8 @@
 	- python2.5 2.5.2-3
 CVE-2008-1678
 	RESERVED
-CVE-2008-1677
-	RESERVED
+CVE-2008-1677 (Buffer overflow in the regular expression handler in Red Hat
Directory ...)
+	TODO: check
 CVE-2008-1676
 	RESERVED
 CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in
Linux ...)
@@ -996,6 +1088,7 @@
 	- kdelibs <not-affected> (Vulnerable code introduce in kde 4.0)
 	- kde4libs 4:4.0.72-1 (bug #478283)
 CVE-2008-1669 (Linux kernel before 2.6.25.2 does not apply a certain protection
...)
+	{DSA-1575-1}
 	- linux-2.6 2.6.25-2 (low)
 	NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9
 CVE-2008-1668
@@ -1982,31 +2075,31 @@
 	- xulrunner 1.8.1.13-1
 	- iceape 1.1.9-1
 CVE-2008-1237 (Multiple unspecified vulnerabilities in Mozilla Firefox before
...)
-	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
+	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
 	- iceweasel 2.0.0.13-1
 	- xulrunner 1.8.1.13-1
 	- iceape 1.1.9-1
 	- icedove 2.0.0.14-1
 CVE-2008-1236 (Multiple unspecified vulnerabilities in Mozilla Firefox before
...)
-	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
+	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
 	- iceweasel 2.0.0.13-1
 	- xulrunner 1.8.1.13-1
 	- iceape 1.1.9-1
 	- icedove 2.0.0.14-1
 CVE-2008-1235 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13,
...)
-	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
+	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
 	- iceweasel 2.0.0.13-1
 	- xulrunner 1.8.1.13-1
 	- iceape 1.1.9-1
 	- icedove 2.0.0.14-1
 CVE-2008-1234 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox
before ...)
-	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
+	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
 	- iceweasel 2.0.0.13-1
 	- xulrunner 1.8.1.13-1
 	- iceape 1.1.9-1
 	- icedove 2.0.0.14-1
 CVE-2008-1233 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13,
...)
-	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
+	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
 	- iceweasel 2.0.0.13-1
 	- xulrunner 1.8.1.13-1
 	- iceape 1.1.9-1
@@ -2467,7 +2560,7 @@
 CVE-2008-1111 (mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts
...)
 	{DSA-1513-1}
 	- lighttpd 1.4.18-4 (low; bug #469307)
-CVE-2008-1142 (rxvt 2.6.4 opens an xterm on :0 if the DISPLAY environment
variable is ...)
+CVE-2008-1142 (rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY
environment ...)
 	- rxvt 1:2.6.4-13 (unimportant; bug #469296)
 CVE-2008-1055 (Format string vulnerability in webmail.exe in NetWin SurgeMail
38k4 ...)
 	NOT-FOR-US: SurgeMail
@@ -3449,7 +3542,7 @@
 CVE-2008-0600 (The vmsplice_to_pipe function in Linux kernel 2.6.17 through
2.6.24.1 ...)
 	{DSA-1494-1 DTSA-113-1}
 	- linux-2.6 2.6.24-4 (high)
-CVE-2008-0599 (cgi_main.c in PHP before 5.2.6 does not properly calculate the
length ...)
+CVE-2008-0599 (The init_request_info function in sapi/cgi/cgi_main.c in PHP
before ...)
 	- php5 5.2.6-1
 	[etch] - php5 <not-affected> (Vulnerable code not yet present)
 	[etch] - php4 <not-affected> (Vulnerable code not yet present)
@@ -27298,8 +27391,8 @@
 	RESERVED
 CVE-2006-4728
 	RESERVED
-CVE-2006-4727
-	RESERVED
+CVE-2006-4727 (Cross-site scripting (XSS) vulnerability in
emfadmin/statusView.do in ...)
+	TODO: check
 CVE-2006-4726 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX
6.1 ...)
 	NOT-FOR-US: Adobe
 CVE-2006-4725 (Adobe ColdFusion MX 7 and 7.01 allows local users to bypass
security ...)
@@ -49324,7 +49417,8 @@
 	NOT-FOR-US: no_package
 CVE-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view
...)
 	NOT-FOR-US: no_package
-CVE-2004-1886 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a
denial ...)
+CVE-2004-1886
+	REJECTED
 	NOT-FOR-US: no_package
 CVE-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users
to ...)
 	NOT-FOR-US: no_package
@@ -49400,7 +49494,7 @@
 	NOT-FOR-US: no_package
 CVE-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel
9.1.0 ...)
 	NOT-FOR-US: no_package
-CVE-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users
to ...)
+CVE-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a
denial ...)
 	NOT-FOR-US: no_package
 CVE-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass
authentication ...)
 	NOT-FOR-US: no_package
Secure testing commits - May 2008 - r8792 - data/CVE

[Secure-testing-commits] r8792 - data/CVE
