joeyh at alioth.debian.org
2008-Aug-06 21:14 UTC
[Secure-testing-commits] r9523 - data/CVE
Author: joeyh
Date: 2008-08-06 21:14:17 +0000 (Wed, 06 Aug 2008)
New Revision: 9523
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-08-06 19:37:44 UTC (rev 9522)
+++ data/CVE/list 2008-08-06 21:14:17 UTC (rev 9523)
@@ -1,7 +1,131 @@
-CVE-2008-3431 [virtualbox local privilege escalation]
+CVE-2008-3484 (SQL injection vulnerability in eStoreAff 0.1 allows remote
attackers ...)
+ TODO: check
+CVE-2008-3483 (Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki
2.0.29 and ...)
+ TODO: check
+CVE-2008-3482 (Cross-site scripting (XSS) vulnerability in the error page
feature in ...)
+ TODO: check
+CVE-2008-3481 (themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18
and ...)
+ TODO: check
+CVE-2008-3480
+ RESERVED
+CVE-2008-3479
+ RESERVED
+CVE-2008-3478
+ RESERVED
+CVE-2008-3477
+ RESERVED
+CVE-2008-3476
+ RESERVED
+CVE-2008-3475
+ RESERVED
+CVE-2008-3474
+ RESERVED
+CVE-2008-3473
+ RESERVED
+CVE-2008-3472
+ RESERVED
+CVE-2008-3471
+ RESERVED
+CVE-2008-3470
+ RESERVED
+CVE-2008-3469
+ RESERVED
+CVE-2008-3468
+ RESERVED
+CVE-2008-3467
+ RESERVED
+CVE-2008-3466
+ RESERVED
+CVE-2008-3465
+ RESERVED
+CVE-2008-3464
+ RESERVED
+CVE-2008-3463
+ RESERVED
+CVE-2008-3462
+ RESERVED
+CVE-2008-3461
+ RESERVED
+CVE-2008-3460
+ RESERVED
+CVE-2008-3459 (Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8,
when ...)
+ TODO: check
+CVE-2008-3458 (Vtiger CRM before 5.0.4 stores sensitive information under the
web ...)
+ TODO: check
+CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in
phpMyAdmin ...)
+ TODO: check
+CVE-2008-3455 (PHP remote file inclusion vulnerability in include/admin.php in
...)
+ TODO: check
+CVE-2008-3454 (JnSHosts PHP Hosting Directory 2.0 allows remote attackers to
bypass ...)
+ TODO: check
+CVE-2008-3453 (Multiple unspecified vulnerabilities in ImpressCMS 1.0 have
unknown ...)
+ TODO: check
+CVE-2008-3452 (SQL injection vulnerability in the Calendar module in eNdonesia
8.4 ...)
+ TODO: check
+CVE-2008-3451 (PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users
with ...)
+ TODO: check
+CVE-2008-3450 (Unspecified vulnerability in the namefs kernel module in Sun
Solaris 8 ...)
+ TODO: check
+CVE-2008-3449 (MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote
...)
+ TODO: check
+CVE-2008-3448 (Cross-site scripting (XSS) vulnerability in index.php in common
...)
+ TODO: check
+CVE-2008-3447 (The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote
...)
+ TODO: check
+CVE-2008-3446 (Directory traversal vulnerability in inc/wysiwyg.php in LetterIt
2 ...)
+ TODO: check
+CVE-2008-3445 (SQL injection vulnerability in index.php in phpMyRealty (PMR)
2.0.0 ...)
+ TODO: check
+CVE-2008-3444 (The content layout component in Mozilla Firefox 3.0 and 3.0.1
allows ...)
+ TODO: check
+CVE-2008-3443
+ RESERVED
+CVE-2008-3442 (WinZip before 11.0 does not properly verify the authenticity of
...)
+ TODO: check
+CVE-2008-3441 (Nullsoft Winamp before 5.24 does not properly verify the
authenticity ...)
+ TODO: check
+CVE-2008-3440 (Sun Java before 1.6.0_03 does not properly verify the
authenticity of ...)
+ TODO: check
+CVE-2008-3439 (SpeedBit Video Acceleration before 2.2.1.8 does not properly
verify ...)
+ TODO: check
+CVE-2008-3438 (Apple Mac OS X does not properly verify the authenticity of
updates, ...)
+ TODO: check
+CVE-2008-3437 (OpenOffice.org (OOo) before 2.1.0 does not properly verify the
...)
+ TODO: check
+CVE-2008-3436 (The GUP generic update process in Notepad++ before 4.8.1 does
not ...)
+ TODO: check
+CVE-2008-3435 (LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not
properly ...)
+ TODO: check
+CVE-2008-3434 (Apple iTunes before 6.0.5.20 does not properly verify the
authenticity ...)
+ TODO: check
+CVE-2008-3433 (SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not
...)
+ TODO: check
+CVE-2008-3432
+ RESERVED
+CVE-2008-3430 (Buffer overflow in the CoVideoWindow.ocx ActiveX control
5.0.907.1 in ...)
+ TODO: check
+CVE-2008-3428 (Session fixation vulnerability in phpFreeChat 1.1 allows remote
...)
+ TODO: check
+CVE-2008-3427 (Multiple SQL injection vulnerabilities in Möbius for
Mimsy XG 1.4.4.1 ...)
+ TODO: check
+CVE-2008-3426 (Unspecified vulnerability in the Solaris Platform Information
and ...)
+ TODO: check
+CVE-2008-3425 (Unspecified vulnerability in the Sun Java System Web Server 7.0
plugin ...)
+ TODO: check
+CVE-2008-3424 (Condor before 7.0.4 does not properly handle wildcards in the
...)
+ TODO: check
+CVE-2008-3423 (IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers
to ...)
+ TODO: check
+CVE-2008-3422 (Multiple cross-site scripting (XSS) vulnerabilities in the
ASP.net ...)
+ TODO: check
+CVE-2004-2760 (sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled,
immediately ...)
+ TODO: check
+CVE-2003-1562 (sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is
disabled ...)
+ TODO: check
+CVE-2008-3431 (The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM
...)
- virtualbox-ose <not-affected> (affects only windows host systems)
NOTE: CORE-2008-0716
-CVE-2008-3456 [phpmyadmin ''cross site framing'' & xss in
setup]
+CVE-2008-3456 (phpMyAdmin before 2.11.8 does not sufficiently prevent its pages
from ...)
- phpmyadmin 4:2.11.8~rc1-1 (low)
[etch] - phpmyadmin <no-dsa> (Minor issue)
NOTE: exploitation circumstances are rare or require other vulnerabilities to
be present already. may fix combined with another issue but doesn''t
warrant DSA on its own
@@ -72,8 +196,8 @@
NOT-FOR-US: Web Wiz Forum
CVE-2008-3390 (Directory traversal vulnerability in libraries/general.init.php
in ...)
NOT-FOR-US: Minishowcase Image Gallery
-CVE-2008-3389
- RESERVED
+CVE-2008-3389 (Stack-based buffer overflow in the libbecompat library in Ingres
2.6, ...)
+ TODO: check
CVE-2008-3388 (Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow
remote ...)
NOT-FOR-US: Def-Blog
CVE-2008-3387 (SQL injection vulnerability in show.php in PHPFootball 1.6
allows ...)
@@ -139,10 +263,10 @@
TODO: we should remove this from Lenny w/o maintainer reaction
CVE-2008-3358
RESERVED
-CVE-2008-3357
- RESERVED
-CVE-2008-3356
- RESERVED
+CVE-2008-3357 (Untrusted search path vulnerability in ingvalidpw in Ingres 2.6,
...)
+ TODO: check
+CVE-2008-3356 (verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and
Ingres ...)
+ TODO: check
CVE-2008-3355 (SQL injection vulnerability in sitemap.xml.php in Camera Life
2.6.2 ...)
NOT-FOR-US: Camera Life
CVE-2008-3354 (Multiple PHP remote file inclusion vulnerabilities in the Newbb
Plus ...)
@@ -178,7 +302,7 @@
NOT-FOR-US: Jobbex JobSite
CVE-2008-3339 (search_result.cfm in Jobbex JobSite allows remote attackers to
obtain ...)
NOT-FOR-US: Jobbex JobSite
-CVE-2008-3429 [httrack buffer overflow]
+CVE-2008-3429 (Buffer overflow in URI processing in HTTrack and WinHTTrack
before ...)
{DSA-1626-1}
- httrack 3.42.3-1 (low)
CVE-2008-3338
@@ -452,6 +576,7 @@
CVE-2008-3199 (Multiple unspecified vulnerabilities in ReSIProcate before 1.3.4
allow ...)
NOT-FOR-US: ReSIProcate
CVE-2008-3198 (Mozilla Firefox 3.x before 3.0.1 allows remote attackers to
inject ...)
+ {DSA-1614-1}
- iceweasel 3.0.1-1 (low)
NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
CVE-2008-3195
@@ -534,8 +659,8 @@
NOT-FOR-US: Sophos virus detection engine
CVE-2008-3176
RESERVED
-CVE-2008-3175
- RESERVED
+CVE-2008-3175 (Integer underflow in rxRPC.dll in the LGServer service in the
...)
+ TODO: check
CVE-2008-3174
RESERVED
CVE-2008-3173 (Microsoft Internet Explorer allows web sites to set cookies for
...)
@@ -596,12 +721,12 @@
NOT-FOR-US: WeFi
CVE-2008-3146
RESERVED
-CVE-2008-3144
- RESERVED
-CVE-2008-3143
- RESERVED
-CVE-2008-3142
- RESERVED
+CVE-2008-3144 (Multiple integer overflows in the PyOS_vsnprintf function in
...)
+ TODO: check
+CVE-2008-3143 (Multiple integer overflows in Python before 2.5.2 might allow
...)
+ TODO: check
+CVE-2008-3142 (Multiple buffer overflows in Python 2.5.2 and earlier on 32bit
...)
+ TODO: check
CVE-2008-3136 (SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x
...)
NOT-FOR-US: AShop Delux
CVE-2008-3135 (Soldner Secret Wars 33724 and earlier allows remote attackers to
cause ...)
@@ -1055,8 +1180,7 @@
RESERVED
CVE-2008-2936
RESERVED
-CVE-2008-2935 [libxslt heap overflow]
- RESERVED
+CVE-2008-2935 (Multiple heap-based buffer overflows in the rc4 (1) encryption
(aka ...)
{DSA-1624-1 DTSA-152-1}
- libxslt 1.1.24-2 (bug #493162)
NOTE: http://www.ocert.org/advisories/ocert-2008-009.html
@@ -1330,7 +1454,7 @@
NOT-FOR-US: aspWebCalendar 2008
CVE-2008-2831
RESERVED
-CVE-2008-2830 (ARDAgent in Apple Mac OS X 10.4 and 10.5 allows local users to
gain ...)
+CVE-2008-2830 (Open Scripting Architecture in Apple Mac OS X 10.4.11 and
10.5.4, and ...)
NOT-FOR-US: Apple Mac OS
CVE-2008-2829 (php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses
obsolete ...)
{DTSA-144-1}
@@ -2378,8 +2502,8 @@
CVE-2008-2371 (Heap-based buffer overflow in pcre_compile.c in the
Perl-Compatible ...)
{DSA-1602-1 DTSA-145-1}
- pcre3 7.6-2.1 (medium; bug #488919)
-CVE-2008-2370
- RESERVED
+CVE-2008-2370 (Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and
6.0.0 ...)
+ TODO: check
CVE-2008-2369
RESERVED
CVE-2008-2368
@@ -2480,30 +2604,28 @@
RESERVED
CVE-2008-2326
RESERVED
-CVE-2008-2325
- RESERVED
-CVE-2008-2324
- RESERVED
-CVE-2008-2323
- RESERVED
-CVE-2008-2322
- RESERVED
-CVE-2008-2321
- RESERVED
-CVE-2008-2320
- RESERVED
+CVE-2008-2325 (QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote
attackers ...)
+ TODO: check
+CVE-2008-2324 (The Repair Permissions tool in Disk Utility in Apple Mac OS X
10.4.11 ...)
+ TODO: check
+CVE-2008-2323 (Unspecified vulnerability in Data Detectors Engine in Apple Mac
OS X ...)
+ TODO: check
+CVE-2008-2322 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11,
10.5.2, ...)
+ TODO: check
+CVE-2008-2321 (Unspecified vulnerability in CoreGraphics in Apple Mac OS X
10.4.11 ...)
+ TODO: check
+CVE-2008-2320 (Stack-based buffer overflow in CarbonCore in Apple Mac OS X
10.4.11 ...)
+ TODO: check
CVE-2008-2319
RESERVED
CVE-2008-2318 (The WOHyperlink implementation in WebObjects in Apple Xcode
tools ...)
NOT-FOR-US: Apple Xcode
CVE-2008-2317 (WebCore in Apple Safari does not properly perform garbage
collection ...)
NOT-FOR-US: Safari
-CVE-2008-2316
- RESERVED
+CVE-2008-2316 (Integer overflow in _hashopenssl.c in the hashlib module in
Python ...)
- python2.5 <unfixed> (bug #493797)
TODO: report python2.4 bug
-CVE-2008-2315
- RESERVED
+CVE-2008-2315 (Multiple integer overflows in Python 2.5.2 and earlier allow
...)
- python2.5 2.5.2-10
- python2.4 2.4.5-5
CVE-2008-2314 (Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé
hot corners is ...)
@@ -2664,8 +2786,7 @@
RESERVED
CVE-2008-2236
RESERVED
-CVE-2008-2235 [opensc initializes CardOS cards with improper access rights]
- RESERVED
+CVE-2008-2235 (OpenSC before 0.11.5 uses weak permissions (ADMIN file control
...)
{DSA-1627-1}
- opensc 0.11.4-4
NOTE: http://www.opensc-project.org/security.html
@@ -3642,8 +3763,8 @@
NOT-FOR-US: Oracle
CVE-2008-1811 (Unspecified vulnerability in Oracle Application Express 3.0.1
has ...)
NOT-FOR-US: Oracle
-CVE-2008-1810
- RESERVED
+CVE-2008-1810 (Untrusted search path vulnerability in dbmsrv in SAP MaxDB
7.6.03.15 ...)
+ TODO: check
CVE-2008-1809 (Heap-based buffer overflow in Novell eDirectory 8.7.3 before
...)
NOT-FOR-US: Novell eDirectory
CVE-2008-1808 (Multiple off-by-one errors in FreeType2 before 2.3.6 allow ...)
@@ -4014,8 +4135,8 @@
RESERVED
CVE-2008-1663 (Cross-site scripting (XSS) vulnerability in HP System Management
...)
NOT-FOR-US: HP System Management Homepage
-CVE-2008-1662
- RESERVED
+CVE-2008-1662 (Unspecified vulnerability in the HP System Administration
Manager ...)
+ TODO: check
CVE-2008-1661 (Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks
...)
NOT-FOR-US: HP StorageWorks
CVE-2008-1660 (Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23,
and ...)
@@ -4694,8 +4815,8 @@
CVE-2008-1377 (The (1) SProcRecordCreateContext and (2)
SProcRecordRegisterClients ...)
{DSA-1595-1 DTSA-141-1}
- xorg-server 2:1.4.1~git20080517-2
-CVE-2008-1376
- RESERVED
+CVE-2008-1376 (A certain Red Hat build script for nfs-utils before
1.0.9-35z.el5_2 on ...)
+ TODO: check
CVE-2008-1375 (Race condition in the directory notification subsystem (dnotify)
in ...)
{DSA-1565-1}
- linux-2.6 2.6.25-2 (low)
@@ -4703,7 +4824,7 @@
CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise
Linux ...)
- cupsys <not-affected> (Redhat-specific incomplete patch, upstream
patch is complete)
- cups <not-affected> (Redhat-specific incomplete patch, upstream patch
is complete)
-CVE-2008-1373 (Buffer overflow in the gif_read_lzw in CUPS 1.3.6 allows remote
...)
+CVE-2008-1373 (Buffer overflow in the gif_read_lzw function in CUPS 1.3.6
allows ...)
{DSA-1625-1 DTSA-122-1}
- cupsys 1.3.7-1 (medium)
- cups 1.3.7-1 (medium)
@@ -5055,8 +5176,8 @@
- xulrunner 1.8.1.13-1
- iceape 1.1.9-1
- icedove 2.0.0.14-1
-CVE-2008-1232
- RESERVED
+CVE-2008-1232 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0
...)
+ TODO: check
CVE-2008-1231 (Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104
and ...)
- jspwiki <unfixed> (bug #470477)
CVE-2008-1230 (Unrestricted file upload vulnerability in JSPWiki 2.4.104 and
2.5.139 ...)
@@ -17958,8 +18079,8 @@
CVE-2007-2953 (Format string vulnerability in the helptags_one function in ...)
{DSA-1364-2 DSA-1364-1}
- vim 1:7.1-056+1 (low)
-CVE-2007-2952
- RESERVED
+CVE-2007-2952 (Multiple stack-based buffer overflows in the filter service (aka
...)
+ TODO: check
CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in
KVIrc ...)
- kvirc 2:3.2.4-5 (bug #434419; medium)
CVE-2007-2950 (Centennial Discovery 2006 Feature Pack 1, which is used by (1)
Numara ...)