thr3ads.net - Secure testing commits - [Secure-testing-commits] r8995

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Jun-06 09:14 UTC
[Secure-testing-commits] r8995 - data/CVE

Author: joeyh
Date: 2008-06-06 09:14:10 +0000 (Fri, 06 Jun 2008)
New Revision: 8995

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-06-06 04:51:56 UTC (rev 8994)
+++ data/CVE/list	2008-06-06 09:14:10 UTC (rev 8995)
@@ -1,3 +1,89 @@
+CVE-2008-2559 (Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256)
allows ...)
+	TODO: check
+CVE-2008-2558 (CRE Loaded 6.2.13.1 and earlier does not set the
&quot;Secure&quot; attribute ...)
+	TODO: check
+CVE-2008-2557 (Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1
and ...)
+	TODO: check
+CVE-2008-2556 (SQL injection vulnerability in read.php in PHP Visit Counter 0.4
and ...)
+	TODO: check
+CVE-2008-2555 (SQL injection vulnerability in index.php in EasyWay CMS allows
remote ...)
+	TODO: check
+CVE-2008-2554 (Multiple SQL injection vulnerabilities in BP Blog 6.0 allow
remote ...)
+	TODO: check
+CVE-2008-2553 (Cross-site scripting (XSS) vulnerability in Slashdot Like
Automated ...)
+	TODO: check
+CVE-2008-2552 (Unspecified vulnerability in the Service Tag Registry on Sun
Solaris ...)
+	TODO: check
+CVE-2008-2551 (The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona
SpA C6 ...)
+	TODO: check
+CVE-2008-2550 (Unspecified vulnerability in the Web Services Security component
in ...)
+	TODO: check
+CVE-2008-2549 (Adobe Acrobat Reader 8.1.2 and earlier allows remote attackers
to ...)
+	TODO: check
+CVE-2008-2548 (Stack-based buffer overflow in the JPEG thumbprint component in
the ...)
+	TODO: check
+CVE-2008-2547 (Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and
...)
+	TODO: check
+CVE-2008-2546
+	RESERVED
+CVE-2008-2545
+	RESERVED
+CVE-2008-2544
+	RESERVED
+CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9
and ...)
+	TODO: check
+CVE-2008-2542 (Stack-based buffer overflow in the getline function in Ppm/ppm.C
in ...)
+	TODO: check
+CVE-2008-2541 (Multiple stack-based buffer overflows in the HTTP Gateway
Service ...)
+	TODO: check
+CVE-2008-2540 (Apple Safari does not prompt the user before downloading an
object ...)
+	TODO: check
+CVE-2008-2539 (The Sun Cluster Global File System in Sun Cluster 3.1 on Sun
Solaris 8 ...)
+	TODO: check
+CVE-2008-2538 (Unspecified vulnerability in crontab on Sun Solaris 8 through
10, and ...)
+	TODO: check
+CVE-2008-2537 (SQL injection vulnerability in cat.php in HispaH Model Search
allows ...)
+	TODO: check
+CVE-2008-2536 (SQL injection vulnerability in out.php in YABSoft Advanced Image
...)
+	TODO: check
+CVE-2008-2535 (Multiple SQL injection vulnerabilities in Phoenix View CMS Pre
Alpha2 ...)
+	TODO: check
+CVE-2008-2534 (Directory traversal vulnerability in admin/admin_frame.php in
Phoenix ...)
+	TODO: check
+CVE-2008-2533 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix
View ...)
+	TODO: check
+CVE-2008-2532 (SQL injection vulnerability in forum/topic_detail.php in AJ
Square ...)
+	TODO: check
+CVE-2008-2531 (Cross-site scripting (XSS) vulnerability in the search script in
Build ...)
+	TODO: check
+CVE-2008-2530 (Multiple SQL injection vulnerabilities in Concepts &amp;
Solutions ...)
+	TODO: check
+CVE-2008-2529 (SQL injection vulnerability in read.php in Advanced Links
Management ...)
+	TODO: check
+CVE-2008-2528 (Unspecified vulnerability in Citrix Access Gateway Standard
Edition ...)
+	TODO: check
+CVE-2008-2527 (Cross-site scripting (XSS) vulnerability in view.php in
ActualScripts ...)
+	TODO: check
+CVE-2008-2526 (Cross-site scripting (XSS) vulnerability in the WT Gallery (aka
...)
+	TODO: check
+CVE-2008-2525 (Cross-site scripting (XSS) vulnerability in the Event Database
(aka ...)
+	TODO: check
+CVE-2008-2524 (BlogPHP 2.0 allows remote attackers to bypass authentication,
and post ...)
+	TODO: check
+CVE-2008-2523 (SQL injection vulnerability in the Autopatcher server plugin in
RakNet ...)
+	TODO: check
+CVE-2008-2522 (SQL injection vulnerability in members.php in Battle.net Clan
Script ...)
+	TODO: check
+CVE-2008-2521 (SQL injection vulnerability in members.php in YABSoft Mega File
...)
+	TODO: check
+CVE-2008-2520 (Multiple PHP remote file inclusion vulnerabilities in BigACE
2.4, when ...)
+	TODO: check
+CVE-2008-2519 (Directory traversal vulnerability in Core FTP client 2.1 Build
1565 ...)
+	TODO: check
+CVE-2008-2518 (Cross-site scripting (XSS) vulnerability in the advanced search
...)
+	TODO: check
+CVE-2008-2517 (The sarab.sh script in SaraB before 0.2.4 places the dar
program''s ...)
+	TODO: check
 CVE-2008-2515 (Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1
...)
 	NOT-FOR-US: IBM AIX
 CVE-2008-2514 (Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows
local ...)
@@ -210,23 +296,17 @@
 	NOT-FOR-US: Cerulean Studios Trillian
 CVE-2008-2407 (Stack-based buffer overflow in AIM.DLL in Cerulean Studios
Trillian ...)
 	NOT-FOR-US: Cerulean Studios Trillian
-CVE-2008-2406
-	RESERVED
+CVE-2008-2406 (The administration application server in Sun Java Active Server
Pages ...)
 	NOT-FOR-US: Sun Java System Active Server Pages
-CVE-2008-2405
-	RESERVED
+CVE-2008-2405 (Sun Java Active Server Pages (ASP) Server before 4.0.3 allows
remote ...)
 	NOT-FOR-US: Sun Java System Active Server Pages
-CVE-2008-2404
-	RESERVED
+CVE-2008-2404 (Stack-based buffer overflow in the request handling
implementation in ...)
 	NOT-FOR-US: Sun Java System Active Server Pages
-CVE-2008-2403
-	RESERVED
+CVE-2008-2403 (Multiple directory traversal vulnerabilities in unspecified ASP
...)
 	NOT-FOR-US: Sun Java System Active Server Pages
-CVE-2008-2402
-	RESERVED
+CVE-2008-2402 (The Admin Server in Sun Java Active Server Pages (ASP) Server
before ...)
 	NOT-FOR-US: Sun Java System Active Server Pages
-CVE-2008-2401
-	RESERVED
+CVE-2008-2401 (The Admin Server in Sun Java Active Server Pages (ASP) Server
before ...)
 	NOT-FOR-US: Sun Java System Active Server Pages
 CVE-2008-2400 (Unspecified vulnerability in stunnel before 4.23, when running
as a ...)
 	- stunnel4 <not-affected> (Windows specific issue)
@@ -237,7 +317,7 @@
 	NOTE: CVE id requested by Red Hat
 CVE-2008-XXXX [resizing the monitor with xrandr can crash xscreensaver]
 	- xscreensaver <unfixed> (unimportant; bug #482385)
-CVE-2008-2516 [authentication bypass in libpam-pgsql]
+CVE-2008-2516 (pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does
not ...)
 	- pam-pgsql 0.6.3-2 (medium; bug #481970)
 	[etch] - pam-pgsql <not-affected> (Vulnerable code not present)
 	NOTE: pam_pgsql is not configured as "sufficient" in Debian default
configuration
@@ -585,8 +665,7 @@
 	RESERVED
 CVE-2008-2232
 	RESERVED
-CVE-2008-2231 [SQL injection vulnerability]
-	RESERVED
+CVE-2008-2231 (SQL injection vulnerability in Slashdot Like Automated
Storytelling ...)
 	- slash <unfixed> (medium; bug #484499)
 CVE-2008-2230 [reportbug and reportbug-ng includes os.curdir in path]
 	RESERVED
@@ -731,7 +810,7 @@
 	NOT-FOR-US: IBM Lotus Quickr
 CVE-2008-2276 (Cross-site request forgery (CSRF) vulnerability in Mantis 1.1.1
allows ...)
 	- mantis 1.0.8-4.1 (bug #481504)
-CVE-2008-2266 (uulib/uunconc.c in UUDeview 0.5.20 allows local users to
overwrite ...)
+CVE-2008-2266 (uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before
0.3.0 and ...)
 	- uudeview 0.5.20-3.1 (low; bug #480972)
 	- libconvert-uulib-perl <not-affected> (Code patched by libconver-uulib
upstream to use mkstemp)
 	NOTE: See CVE-2004-2265, where the problem occured as well
@@ -826,8 +905,7 @@
 	NOT-FOR-US: Sun Solaris
 CVE-2008-2120 (Unspecified vulnerability in Sun Java System Application Server
7 ...)
 	NOT-FOR-US: Sun Java System Application Server
-CVE-2008-2119
-	RESERVED
+CVE-2008-2119 (Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business
...)
 	- asterisk <not-affected> (Vulnerable code not present in 1.4.x)
 	NOTE: http://downloads.digium.com/pub/security/AST-2008-008.html
 CVE-2008-2118 (SQL injection vulnerability in info.php in Project Alumni 1.0.9
allows ...)
@@ -890,14 +968,14 @@
 	RESERVED
 CVE-2008-2101
 	RESERVED
-CVE-2008-2100
-	RESERVED
+CVE-2008-2100 (Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build
93057 on ...)
+	TODO: check
 CVE-2008-2099 (Unspecified vulnerability in VMCI in VMware Workstation 6 before
6.0.4 ...)
 	- vmware-package <not-affected> (Windows issue according to CVE)
 CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System
(HGFS) ...)
 	- vmware-package <unfixed> (bug #484491)
-CVE-2008-2097
-	RESERVED
+CVE-2008-2097 (The openwsman management service in VMware ESXi 3.5 and ESX 3.5
allows ...)
+	TODO: check
 CVE-2008-2096 (SQL injection vulnerability in BackLinkSpider allows remote
attackers ...)
 	NOT-FOR-US: BackLinkSpider
 CVE-2008-2095 (SQL injection vulnerability in index.php in the FlippingBook
...)
@@ -971,16 +1049,16 @@
 	RESERVED
 CVE-2008-2060
 	RESERVED
-CVE-2008-2059
-	RESERVED
-CVE-2008-2058
-	RESERVED
-CVE-2008-2057
-	RESERVED
-CVE-2008-2056
-	RESERVED
-CVE-2008-2055
-	RESERVED
+CVE-2008-2059 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security
...)
+	TODO: check
+CVE-2008-2058 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security
...)
+	TODO: check
+CVE-2008-2057 (The Instant Messenger (IM) inspection engine in Cisco Adaptive
...)
+	TODO: check
+CVE-2008-2056 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security
...)
+	TODO: check
+CVE-2008-2055 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security
...)
+	TODO: check
 CVE-2008-2054 (Unspecified vulnerability in Cisco CiscoWorks Common Services
3.0.3 ...)
 	NOT-FOR-US: Cisco CiscoWorks Common Services
 CVE-2008-2053 (Unspecified vulnerability in Cisco Unified Customer Voice Portal
(CVP) ...)
@@ -1082,7 +1160,8 @@
 	TODO: check vulnerability of debian packages and value of upstream patch
 CVE-2008-2008 (Buffer overflow in the Display Names message feature in Cerulean
...)
 	NOT-FOR-US: Cerulean Studios Trillian Basic
-CVE-2008-2007 (Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and
...)
+CVE-2008-2007
+	REJECTED
 	NOT-FOR-US: Apple iCal
 CVE-2008-2006 (Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and
...)
 	NOT-FOR-US: Apple iCal
@@ -1228,8 +1307,7 @@
 	{DSA-1581-1}
 	- gnutls13 2.0.4-4 (medium)
 	- gnutls26 2.2.5-1 (medium)
-CVE-2008-1947 [Cross-site scripting (XSS) vulnerability via the name parameter]
-	RESERVED
+CVE-2008-1947 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9
...)
 	- tomcat5.5 <unfixed> (low; bug #484643)
 	TODO: Check whether tomcat5 in etch is affected
 CVE-2008-1946
@@ -1623,8 +1701,8 @@
 	NOT-FOR-US: iScripts SocialWare
 CVE-2008-1771 (Integer overflow in the ws_getpostvars function in Firefly Media
...)
 	- mt-daapd 0.9~r1696-1.3 (medium; bug #476241)
-CVE-2008-1770
-	RESERVED
+CVE-2008-1770 (Unspecified vulnerability in Akamai Download Manager ActiveX
control ...)
+	TODO: check
 CVE-2008-1769 (VLC before 0.8.6f allow remote attackers to cause a denial of
service ...)
 	{DTSA-125-1}
 	- vlc 0.8.6.e-2.1 (low; bug #478140)
@@ -1892,8 +1970,8 @@
 	RESERVED
 CVE-2008-1662
 	RESERVED
-CVE-2008-1661
-	RESERVED
+CVE-2008-1661 (Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks
...)
+	TODO: check
 CVE-2008-1660 (Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23,
and ...)
 	NOT-FOR-US: HP-UX
 CVE-2008-1659 (Unspecified vulnerability in HP LDAP-UX vB.04.10 through
vB.04.15 ...)
@@ -2221,8 +2299,8 @@
 	RESERVED
 CVE-2008-1519
 	RESERVED
-CVE-2008-1518
-	RESERVED
+CVE-2008-1518 (Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus
6.0 and ...)
+	TODO: check
 CVE-2008-1517
 	RESERVED
 CVE-2008-1516
@@ -3221,13 +3299,11 @@
 	- xine-lib 1.1.10-1
 	[etch] - xine-lib <not-affected> (Not affected per assessment of
maintainer)
 	[sarge] - xine-lib <not-affected> (Not affected per assessment of
maintainer)
-CVE-2008-1109 [Buffer overflow due to boundary error]
-	RESERVED
+CVE-2008-1109 (Heap-based buffer overflow in Evolution 2.22.1 allows
user-assisted ...)
 	- evolution <unfixed> (low; bug #484639)
 	NOTE: Requires that the user accepts the iCalendar request and replies
 	NOTE: to it from the "Calendars" window.
-CVE-2008-1108 [Buffer overflow due to boundary error]
-	RESERVED
+CVE-2008-1108 (Buffer overflow in Evolution 2.22.1, when the ITip Formatter
plugin is ...)
 	- evolution <unfixed> (low; bug #484639)
 	NOTE: Requires that the ITip Formatter plugin is disabled, which is enabled by
default.
 CVE-2008-1107
@@ -3401,8 +3477,8 @@
 	NOT-FOR-US: Packeteer PacketShaper
 CVE-2008-1036 (International Components for Unicode (ICU) in Apple Mac OS X
before ...)
 	NOT-FOR-US: Apple Mac OS
-CVE-2008-1035
-	RESERVED
+CVE-2008-1035 (Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X
allows ...)
+	TODO: check
 CVE-2008-1034 (Integer underflow in Help Viewer in Apple Mac OS X before 10.5
allows ...)
 	NOT-FOR-US: Apple Mac OS
 CVE-2008-1033 (The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when
debug ...)
@@ -3543,8 +3619,8 @@
 	RESERVED
 CVE-2008-0968
 	RESERVED
-CVE-2008-0967
-	RESERVED
+CVE-2008-0967 (Untrusted search path vulnerability in vmware-authd in VMware
...)
+	TODO: check
 CVE-2008-0966
 	RESERVED
 CVE-2008-0965
@@ -3571,10 +3647,10 @@
 	NOT-FOR-US: CTSUEng.ocx
 CVE-2008-0954
 	RESERVED
-CVE-2008-0953
-	RESERVED
-CVE-2008-0952
-	RESERVED
+CVE-2008-0953 (Unspecified vulnerability in a certain ActiveX control in ...)
+	TODO: check
+CVE-2008-0952 (Unspecified vulnerability in a certain ActiveX control in ...)
+	TODO: check
 CVE-2008-0951 (Microsoft Windows Vista does not properly enforce the ...)
 	NOT-FOR-US: Windows Vista
 CVE-2008-0950
@@ -5401,8 +5477,7 @@
 	[etch] - boost <no-dsa> (Minor issue)
 CVE-2008-0170
 	RESERVED
-CVE-2008-0169 [privilege escalation in ikiwiki]
-	RESERVED
+CVE-2008-0169 (Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki
1.34 ...)
 	- ikiwiki 2.48 (medium; bug #483770)
 	[etch] - ikiwiki <not-affected> (Vulnerable code introduced in 1.34)
 CVE-2008-0168
@@ -8598,8 +8673,8 @@
 	NOT-FOR-US: ifnet WebIf
 CVE-2007-5672
 	RESERVED
-CVE-2007-5671
-	RESERVED
+CVE-2007-5671 (HGFS.sys in the VMware Tools package in VMware Workstation 5.x
before ...)
+	TODO: check
 CVE-2007-5670
 	REJECTED
 CVE-2007-5669
@@ -8856,20 +8931,20 @@
 	NOT-FOR-US: IBM Director
 CVE-2007-5611
 	RESERVED
-CVE-2007-5610
-	RESERVED
+CVE-2007-5610 (Unspecified vulnerability in a certain ActiveX control in ...)
+	TODO: check
 CVE-2007-5609
 	RESERVED
-CVE-2007-5608
-	RESERVED
-CVE-2007-5607
-	RESERVED
-CVE-2007-5606
-	RESERVED
-CVE-2007-5605
-	RESERVED
-CVE-2007-5604
-	RESERVED
+CVE-2007-5608 (Unspecified vulnerability in a certain ActiveX control in ...)
+	TODO: check
+CVE-2007-5607 (Unspecified vulnerability in a certain ActiveX control in ...)
+	TODO: check
+CVE-2007-5606 (Unspecified vulnerability in a certain ActiveX control in ...)
+	TODO: check
+CVE-2007-5605 (Unspecified vulnerability in a certain ActiveX control in ...)
+	TODO: check
+CVE-2007-5604 (Unspecified vulnerability in a certain ActiveX control in ...)
+	TODO: check
 CVE-2007-5603 (Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender
...)
 	NOT-FOR-US: SonicWall SSL-VPN NetExtender
 CVE-2007-5602 (Multiple stack-based buffer overflows in SwiftView Viewer before
...)
Secure testing commits - Jun 2008 - r8995 - data/CVE

[Secure-testing-commits] r8995 - data/CVE
