thr3ads.net - Secure testing commits - [Secure-testing-commits] r9560

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Aug-13 09:14 UTC
[Secure-testing-commits] r9560 - data/CVE

Author: joeyh
Date: 2008-08-13 09:14:09 +0000 (Wed, 13 Aug 2008)
New Revision: 9560

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-08-13 09:11:32 UTC (rev 9559)
+++ data/CVE/list	2008-08-13 09:14:09 UTC (rev 9560)
@@ -1,3 +1,359 @@
+CVE-2008-3665
+	RESERVED
+CVE-2008-3664
+	RESERVED
+CVE-2008-3663
+	RESERVED
+CVE-2008-3662
+	RESERVED
+CVE-2008-3661
+	RESERVED
+CVE-2008-3660
+	RESERVED
+CVE-2008-3659
+	RESERVED
+CVE-2008-3658
+	RESERVED
+CVE-2008-3657 (The dl module in Ruby 1.8.5 and earlier, 1.8.5 through
1.8.6-p286, ...)
+	TODO: check
+CVE-2008-3656 (Algorithmic complexity vulnerability in ...)
+	TODO: check
+CVE-2008-3655 (Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through
...)
+	TODO: check
+CVE-2008-3654 (Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0
allows ...)
+	TODO: check
+CVE-2008-3653 (Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware
before ...)
+	TODO: check
+CVE-2008-3652 (src/racoon/handler.c in racoon in ipsec-tools does not remove an
...)
+	TODO: check
+CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in
ipsec-tools ...)
+	TODO: check
+CVE-2008-3650 (Multiple unspecified vulnerabilities in Horde Groupware Webmail
before ...)
+	TODO: check
+CVE-2008-3649 (SQL injection vulnerability in categorydetail.php in Article
Friendly ...)
+	TODO: check
+CVE-2008-3648 (nslookup.exe in Microsoft Windows XP SP2 allows user-assisted
remote ...)
+	TODO: check
+CVE-2008-3647
+	RESERVED
+CVE-2008-3646
+	RESERVED
+CVE-2008-3645
+	RESERVED
+CVE-2008-3644
+	RESERVED
+CVE-2008-3643
+	RESERVED
+CVE-2008-3642
+	RESERVED
+CVE-2008-3641
+	RESERVED
+CVE-2008-3640
+	RESERVED
+CVE-2008-3639
+	RESERVED
+CVE-2008-3638
+	RESERVED
+CVE-2008-3637
+	RESERVED
+CVE-2008-3636
+	RESERVED
+CVE-2008-3635
+	RESERVED
+CVE-2008-3634
+	RESERVED
+CVE-2008-3633
+	RESERVED
+CVE-2008-3632
+	RESERVED
+CVE-2008-3631
+	RESERVED
+CVE-2008-3630
+	RESERVED
+CVE-2008-3629
+	RESERVED
+CVE-2008-3628
+	RESERVED
+CVE-2008-3627
+	RESERVED
+CVE-2008-3626
+	RESERVED
+CVE-2008-3625
+	RESERVED
+CVE-2008-3624
+	RESERVED
+CVE-2008-3623
+	RESERVED
+CVE-2008-3622
+	RESERVED
+CVE-2008-3621
+	RESERVED
+CVE-2008-3620
+	RESERVED
+CVE-2008-3619
+	RESERVED
+CVE-2008-3618
+	RESERVED
+CVE-2008-3617
+	RESERVED
+CVE-2008-3616
+	RESERVED
+CVE-2008-3615
+	RESERVED
+CVE-2008-3614
+	RESERVED
+CVE-2008-3613
+	RESERVED
+CVE-2008-3612
+	RESERVED
+CVE-2008-3611
+	RESERVED
+CVE-2008-3610
+	RESERVED
+CVE-2008-3609
+	RESERVED
+CVE-2008-3608
+	RESERVED
+CVE-2008-3607 (The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier
allows ...)
+	TODO: check
+CVE-2008-3606 (Heap-based buffer overflow in the IMAP service in Qbik WinGate
...)
+	TODO: check
+CVE-2008-3605 (Unspecified vulnerability in McAfee Encrypted USB Manager
3.1.0.0, ...)
+	TODO: check
+CVE-2008-3604 (SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1
allows ...)
+	TODO: check
+CVE-2008-3603 (SQL injection vulnerability in index.php in Vacation Rental
Script 3.0 ...)
+	TODO: check
+CVE-2008-3602 (admin/wr_admin.php in PHP-Ring Webring System (aka
uPHP_ring_website) ...)
+	TODO: check
+CVE-2008-3601 (SQL injection vulnerability in index.php in Quicksilver Forums
1.4.1 ...)
+	TODO: check
+CVE-2008-3600 (Directory traversal vulnerability in contrib/phpBB2/modules.php
in ...)
+	TODO: check
+CVE-2008-3599 (SQL injection vulnerability in image.php in OpenImpro 1.1 allows
...)
+	TODO: check
+CVE-2008-3598 (Multiple SQL injection vulnerabilities in psipuss 1.0 allow
remote ...)
+	TODO: check
+CVE-2008-3597 (Skulltag before 0.97d2-RC6 allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2008-3596 (Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7
...)
+	TODO: check
+CVE-2008-3595 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-3594 (SQL injection vulnerability in viewdetails.php in MagicScripts
E-Store ...)
+	TODO: check
+CVE-2008-3593 (Directory traversal vulnerability in index.php in SyzygyCMS 0.3
allows ...)
+	TODO: check
+CVE-2008-3592 (Unrestricted file upload vulnerability in the File Manager in
the ...)
+	TODO: check
+CVE-2008-3591 (SQL injection vulnerability in lib/class.admin.php in Twentyone
...)
+	TODO: check
+CVE-2008-3590 (Multiple SQL injection vulnerabilities in admin/login.asp in E.
Z. ...)
+	TODO: check
+CVE-2008-3589 (Directory traversal vulnerability in download.php in moziloCMS
1.10.1, ...)
+	TODO: check
+CVE-2008-3588 (Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow
remote ...)
+	TODO: check
+CVE-2008-3587 (Cross-site scripting (XSS) vulnerability in result.php in Chris
...)
+	TODO: check
+CVE-2008-3586 (SQL injection vulnerability in the EZ Store (com_ezstore)
component ...)
+	TODO: check
+CVE-2008-3585 (Multiple SQL injection vulnerabilities in PozScripts GreenCart
PHP ...)
+	TODO: check
+CVE-2008-3584
+	RESERVED
+CVE-2008-3583 (Buffer overflow in the HTML parser in IntelliTamper 2.07 allows
remote ...)
+	TODO: check
+CVE-2008-3582 (SQL injection vulnerability in login.php in Keld PHP-MySQL News
Script ...)
+	TODO: check
+CVE-2008-3581 (Cross-site scripting (XSS) vulnerability in index.php in Qsoft
K-Links ...)
+	TODO: check
+CVE-2008-3580 (Multiple SQL injection vulnerabilities in Qsoft K-Links allow
remote ...)
+	TODO: check
+CVE-2008-3579 (Calacode @Mail 5.41 on Linux does not require administrative
...)
+	TODO: check
+CVE-2008-3578 (HydraIRC 0.3.164 and earlier allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2008-3577 (Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2
allows ...)
+	TODO: check
+CVE-2008-3576 (Buffer overflow in the TruncateString function in src/gfx.cpp in
...)
+	TODO: check
+CVE-2008-3575 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Pluck
4.5.2, ...)
+	TODO: check
+CVE-2008-3573 (The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2)
...)
+	TODO: check
+CVE-2008-3572 (Cross-site scripting (XSS) vulnerability in index.php in Pligg
9.9.5 ...)
+	TODO: check
+CVE-2008-3571 (The Xerox Phaser 8400 allows remote attackers to cause a denial
of ...)
+	TODO: check
+CVE-2008-3570 (PHP remote file inclusion vulnerability in index.php in Africa
Be Gone ...)
+	TODO: check
+CVE-2008-3569 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP
1.6.7, ...)
+	TODO: check
+CVE-2008-3568 (Absolute path traversal vulnerability in ...)
+	TODO: check
+CVE-2008-3567 (Unspecified vulnerability in the NowPlaying functionality in
NullSoft ...)
+	TODO: check
+CVE-2008-3566 (Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum
1.7 ...)
+	TODO: check
+CVE-2008-3565 (Multiple cross-site scripting (XSS) vulnerabilities in Meeting
Room ...)
+	TODO: check
+CVE-2008-3564 (Multiple directory traversal vulnerabilities in index.php in
Dayfox ...)
+	TODO: check
+CVE-2008-3563 (Multiple SQL injection vulnerabilities in Plogger 3.0 and
earlier ...)
+	TODO: check
+CVE-2008-3562 (Directory traversal vulnerability in index.php in the Contact
module ...)
+	TODO: check
+CVE-2008-3561 (SQL injection vulnerability in s03.php in Powergap Shopsystem,
when ...)
+	TODO: check
+CVE-2008-3560 (Cross-site scripting (XSS) vulnerability in kshop_search.php in
the ...)
+	TODO: check
+CVE-2008-3559 (Multiple cross-site scripting (XSS) vulnerabilities in
KAPhotoservice ...)
+	TODO: check
+CVE-2008-3558 (Stack-based buffer overflow in the WebexUCFObject ActiveX
control in ...)
+	TODO: check
+CVE-2008-3557 (Free Hosting Manager 1.2 and 2.0 allows remote attackers to
bypass ...)
+	TODO: check
+CVE-2008-3556 (Multiple SQL injection vulnerabilities in index.php in
Battle.net Clan ...)
+	TODO: check
+CVE-2008-3555 (Directory traversal vulnerability in index.php in (1) WSN Forum
4.1.43 ...)
+	TODO: check
+CVE-2008-3554 (SQL injection vulnerability in index.php in Discuz! 6.0.1 allows
...)
+	TODO: check
+CVE-2008-3553 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd
edition ...)
+	TODO: check
+CVE-2008-3552 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd
edition ...)
+	TODO: check
+CVE-2008-3551 (Multiple unspecified vulnerabilities in Sun Java Platform Micro
...)
+	TODO: check
+CVE-2008-3550 (The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows
remote ...)
+	TODO: check
+CVE-2008-3549 (Unspecified vulnerability in the pthread_mutex_reltimedlock_np
API in ...)
+	TODO: check
+CVE-2008-3548 (Unspecified vulnerability in the Sun Netra T5220 Server with
firmware ...)
+	TODO: check
+CVE-2008-3545
+	RESERVED
+CVE-2008-3544
+	RESERVED
+CVE-2008-3543
+	RESERVED
+CVE-2008-3542
+	RESERVED
+CVE-2008-3541
+	RESERVED
+CVE-2008-3540
+	RESERVED
+CVE-2008-3539
+	RESERVED
+CVE-2008-3538
+	RESERVED
+CVE-2008-3537
+	RESERVED
+CVE-2008-3536
+	RESERVED
+CVE-2008-3535 (Off-by-one error in the iov_iter_advance function in
mm/filemap.c in ...)
+	TODO: check
+CVE-2008-3534 (The shmem_delete_inode function in mm/shmem.c in the tmpfs ...)
+	TODO: check
+CVE-2008-3533
+	RESERVED
+CVE-2008-3531
+	RESERVED
+CVE-2008-3530
+	RESERVED
+CVE-2008-3529
+	RESERVED
+CVE-2008-3528
+	RESERVED
+CVE-2008-3527
+	RESERVED
+CVE-2008-3526
+	RESERVED
+CVE-2008-3525
+	RESERVED
+CVE-2008-3524
+	RESERVED
+CVE-2008-3523
+	RESERVED
+CVE-2008-3522
+	RESERVED
+CVE-2008-3521
+	RESERVED
+CVE-2008-3520
+	RESERVED
+CVE-2008-3519
+	RESERVED
+CVE-2008-3518
+	RESERVED
+CVE-2008-3517
+	RESERVED
+CVE-2008-3516 (Multiple cross-site scripting (XSS) vulnerabilities in files
generated ...)
+	TODO: check
+CVE-2008-3515 (Multiple cross-site scripting (XSS) vulnerabilities in files
generated ...)
+	TODO: check
+CVE-2008-3514 (Unspecified vulnerability in VMware VirtualCenter 2.5 before
Update 2 ...)
+	TODO: check
+CVE-2008-3513 (SQL injection vulnerability in the Book Catalog module 1.0 for
...)
+	TODO: check
+CVE-2008-3512 (SQL injection vulnerability in the Kleinanzeigen module for
PHP-Nuke ...)
+	TODO: check
+CVE-2008-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz
Image ...)
+	TODO: check
+CVE-2008-3510 (Cross-site scripting (XSS) vulnerability in livehelp_js.php in
Crafty ...)
+	TODO: check
+CVE-2008-3509 (LoveCMS 1.6.2 does not require administrative authentication for
(1) ...)
+	TODO: check
+CVE-2008-3508 (LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows
remote ...)
+	TODO: check
+CVE-2008-3507 (SQL injection vulnerability in index.php in LiteNews 0.1 (aka
01), and ...)
+	TODO: check
+CVE-2008-3506 (SQL injection vulnerability in PolyPager 1.0 rc2 and earlier
allows ...)
+	TODO: check
+CVE-2008-3505 (Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2
and ...)
+	TODO: check
+CVE-2008-3504 (Unspecified vulnerability in mask PHP File Manager (mPFM) before
2.3 ...)
+	TODO: check
+CVE-2008-3503 (RSSFromParent in Plain Black WebGUI before 7.5.13 does not
restrict ...)
+	TODO: check
+CVE-2008-3502 (Unspecified vulnerability in Best Practical Solutions RT 3.0.0
through ...)
+	TODO: check
+CVE-2008-3501 (Cross-site scripting (XSS) vulnerability in the WebAccess simple
...)
+	TODO: check
+CVE-2008-3500 (Cross-site scripting (XSS) vulnerability in the Suggested Terms
module ...)
+	TODO: check
+CVE-2008-3499 (Unspecified vulnerability in &quot;a page in the workarea
folder&quot; in Ektron ...)
+	TODO: check
+CVE-2008-3498 (SQL injection vulnerability in the nBill (com_netinvoice)
component ...)
+	TODO: check
+CVE-2008-3497 (SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1
allows ...)
+	TODO: check
+CVE-2008-3496 (Buffer overflow in format descriptor parsing in the
uvc_parse_format ...)
+	TODO: check
+CVE-2008-3495 (SQL injection vulnerability in kategori.asp in Pcshey Portal
allows ...)
+	TODO: check
+CVE-2008-3494 (8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to
bypass ...)
+	TODO: check
+CVE-2008-3493 (vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote
VNC ...)
+	TODO: check
+CVE-2008-3492 (America''s Army (aka AA or Army Game Project) 2.8.3.1
and earlier ...)
+	TODO: check
+CVE-2008-3491 (SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1
and ...)
+	TODO: check
+CVE-2008-3490 (SQL injection vulnerability in members/mail.php in E-topbiz
Online ...)
+	TODO: check
+CVE-2008-3489 (SQL injection vulnerability in checkCookie function in ...)
+	TODO: check
+CVE-2008-3488 (Unspecified vulnerability in Novell iManager before 2.7 SP1
(2.7.1) ...)
+	TODO: check
+CVE-2008-3487 (SQL injection vulnerability in profile.php in PHPAuction GPL
Enhanced ...)
+	TODO: check
+CVE-2008-3486 (Directory traversal vulnerability in the user_get_profile
function in ...)
+	TODO: check
+CVE-2008-3485 (Untrusted search path vulnerability in Citrix MetaFrame
Presentation ...)
+	TODO: check
 CVE-2008-XXXX [several ruby issues]
 	- ruby1.8 <unfixed> (bug #494401)
 	- ruby1.9 <unfixed> (bug #494402)
@@ -3,10 +359,10 @@
 	NOTE:
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
 	NOTE: CVE ids requested
-CVE-2008-3532 [pidgin does not verify SSL certificate]
+CVE-2008-3532 (The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL
...)
 	- pidgin <unfixed> (bug #492434)
 	- gaim 1:2.0.0+fake.1
 	NOTE: gaim is now a transitional package depending on pidgin with its own
source package
 	NOTE: http://developer.pidgin.im/ticket/6500
-CVE-2008-3546 [git-core git-grep stack based buffer overflow]
+CVE-2008-3546 (Stack-based buffer overflow in the (1) diff_addremove and (2)
...)
 	{DTSA-153-1}
 	- git-core 1:1.5.6.3-1.1 (medium; bug #494097)
@@ -59,8 +415,8 @@
 	RESERVED
 CVE-2008-3461
 	RESERVED
-CVE-2008-3460
-	RESERVED
+CVE-2008-3460 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office
Converter ...)
+	TODO: check
 CVE-2008-3459 (Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8,
when ...)
 	- openvpn <unfixed> (low; bug #493488)
 	NOTE: pull/push needs to be allowed, successful authentication, compromised or
malicious server
@@ -149,6 +505,7 @@
 	[etch] - phpmyadmin <no-dsa> (Minor issue)
 	NOTE: exploitation circumstances are rare or require other vulnerabilities to
be present already. may fix combined with another issue but doesn''t
warrant DSA on its own
 CVE-2008-3547 [openttd remote buffer overflow]
+	RESERVED
 	- openttd 0.6.2-1 (medium; bug #493714)
 CVE-2008-3421 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
 	NOT-FOR-US: Blackboard Academic Suite
@@ -325,8 +682,7 @@
 	- httrack 3.42.3-1 (low)
 CVE-2008-3338
 	RESERVED
-CVE-2008-3337 [PowerDNS dropped malformed queries instead of rejecting them]
-	RESERVED
+CVE-2008-3337 (PowerDNS Authoritative Server before 2.9.21.1 drops malformed
queries, ...)
 	{DSA-1628-1}
 	- pdns 2.9.21.1-1 (low)
 CVE-2008-3336 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB
before ...)
@@ -448,14 +804,14 @@
 	RESERVED
 CVE-2008-3276
 	RESERVED
-CVE-2008-3275
-	RESERVED
+CVE-2008-3275 (The (1) real_lookup and (2) __lookup_hash functions in
fs/namei.c in ...)
+	TODO: check
 CVE-2008-3274
 	RESERVED
-CVE-2008-3273
-	RESERVED
-CVE-2008-3272
-	RESERVED
+CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP)
before ...)
+	TODO: check
+CVE-2008-3272 (The snd_seq_oss_synth_make_info function in ...)
+	TODO: check
 CVE-2008-3271
 	RESERVED
 CVE-2008-3270
@@ -681,8 +1037,8 @@
 	RESERVED
 CVE-2008-3175 (Integer underflow in rxRPC.dll in the LGServer service in the
...)
 	NOT-FOR-US: CA ARCserve Backup
-CVE-2008-3174
-	RESERVED
+CVE-2008-3174 (Unspecified vulnerability in the kmxfw.sys driver in CA
Host-Based ...)
+	TODO: check
 CVE-2008-3173 (Microsoft Internet Explorer allows web sites to set cookies for
...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-3172 (Opera allows web sites to set cookies for country-specific
top-level ...)
@@ -1045,14 +1401,14 @@
 	NOT-FOR-US: FreeStyle Wiki
 CVE-2008-3022 (Multiple PHP remote file inclusion vulnerabilities in ...)
 	NOT-FOR-US: PHPortal
-CVE-2008-3021
-	RESERVED
-CVE-2008-3020
-	RESERVED
-CVE-2008-3019
-	RESERVED
-CVE-2008-3018
-	RESERVED
+CVE-2008-3021 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office
Converter ...)
+	TODO: check
+CVE-2008-3020 (Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and
Works ...)
+	TODO: check
+CVE-2008-3019 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office
Converter ...)
+	TODO: check
+CVE-2008-3018 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office
Converter ...)
+	TODO: check
 CVE-2008-3017
 	RESERVED
 CVE-2008-3016
@@ -1075,14 +1431,14 @@
 	RESERVED
 CVE-2008-3007
 	RESERVED
-CVE-2008-3006
-	RESERVED
-CVE-2008-3005
-	RESERVED
-CVE-2008-3004
-	RESERVED
-CVE-2008-3003
-	RESERVED
+CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and
2007 ...)
+	TODO: check
+CVE-2008-3005 (Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004
and 2008 ...)
+	TODO: check
+CVE-2008-3004 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3;
...)
+	TODO: check
+CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1, does not properly
delete the ...)
+	TODO: check
 CVE-2008-3002
 	RESERVED
 CVE-2008-3001 (The Aggregation module 5.x before 5.x-4.4 for Drupal allows
remote ...)
@@ -1190,13 +1546,12 @@
 	RESERVED
 CVE-2008-2940
 	RESERVED
-CVE-2008-2939 [apache mod_proxy_ftp XSS]
-	RESERVED
+CVE-2008-2939 (Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the
...)
 	- apache2 2.2.9-7 (low)
 	[etch] - apache2 <no-dsa> (minor issue)
 	- apache <not-affected> (vulnerable code not present)
-CVE-2008-2938
-	RESERVED
+CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 6.0.0 through
...)
+	TODO: check
 CVE-2008-2937
 	RESERVED
 CVE-2008-2936
@@ -1221,8 +1576,8 @@
 	RESERVED
 CVE-2008-2928
 	RESERVED
-CVE-2008-2926
-	RESERVED
+CVE-2008-2926 (The kmxfw.sys driver in CA Host-Based Intrusion Prevention
System ...)
+	TODO: check
 CVE-2008-2925 (SQL injection vulnerability in Webmatic before 2.8 allows remote
...)
 	NOT-FOR-US: Webmatic
 CVE-2008-2924 (Cross-site scripting (XSS) vulnerability in Webmatic before 2.8
allows ...)
@@ -2051,7 +2406,7 @@
 	NOT-FOR-US: Oracle database
 CVE-2008-2593 (Unspecified vulnerability in the Oracle Portal component in
Oracle ...)
 	NOT-FOR-US: Oracle database
-CVE-2008-2592 (Unspecified vulnerability ...)
+CVE-2008-2592 (Unspecified vulnerability in the Advanced Replication component
in ...)
 	NOT-FOR-US: Oracle database
 CVE-2008-2591 (Unspecified vulnerability in the Oracle Database Vault component
in ...)
 	NOT-FOR-US: Oracle database
@@ -2498,8 +2853,7 @@
 	RESERVED
 CVE-2008-2378
 	RESERVED
-CVE-2008-2377 [GNUTLS-SA-2008-2]
-	RESERVED
+CVE-2008-2377 (Use after free vulnerability in the ...)
 	- gnutls26 2.4.1-1 (medium)
 CVE-2008-2376 (Integer overflow in the rb_ary_fill function in array.c in Ruby
before ...)
 	{DSA-1618-1 DSA-1612-1}
@@ -2759,18 +3113,18 @@
 	RESERVED
 CVE-2008-2260
 	RESERVED
-CVE-2008-2259
-	RESERVED
-CVE-2008-2258
-	RESERVED
-CVE-2008-2257
-	RESERVED
-CVE-2008-2256
-	RESERVED
-CVE-2008-2255
-	RESERVED
-CVE-2008-2254
-	RESERVED
+CVE-2008-2259 (Microsoft Internet Explorer 6 and 7 does not perform proper
&quot;argument ...)
+	TODO: check
+CVE-2008-2258 (Microsoft Internet Explorer 5.01, 6, and 7 accesses
uninitialized ...)
+	TODO: check
+CVE-2008-2257 (Microsoft Internet Explorer 5.01, 6, and 7 accesses
uninitialized ...)
+	TODO: check
+CVE-2008-2256 (Microsoft Internet Explorer 5.01, 6, and 7 does not properly
handle ...)
+	TODO: check
+CVE-2008-2255 (Microsoft Internet Explorer 5.01, 6, and 7 accesses
uninitialized ...)
+	TODO: check
+CVE-2008-2254 (Microsoft Internet Explorer 5.01, 6, and 7 accesses
uninitialized ...)
+	TODO: check
 CVE-2008-2253
 	RESERVED
 CVE-2008-2252
@@ -2785,10 +3139,10 @@
 	NOT-FOR-US: Exchange Server
 CVE-2008-2247 (Cross-site scripting (XSS) vulnerability in Outlook Web Access
(OWA) ...)
 	NOT-FOR-US: Exchange Server
-CVE-2008-2246
-	RESERVED
-CVE-2008-2245
-	RESERVED
+CVE-2008-2246 (Microsoft Windows Vista through SP1 and Server 2008 do not
properly ...)
+	TODO: check
+CVE-2008-2245 (Heap-based buffer overflow in Microsoft Windows Image Color
Management ...)
+	TODO: check
 CVE-2008-2244 (Microsoft Office Word 2002 SP3 allows remote attackers to
execute ...)
 	NOT-FOR-US: Microsoft Office Word 
 CVE-2008-2243
@@ -3486,8 +3840,8 @@
 	- tomcat5 <removed>
 CVE-2008-1946 (The default configuration of su in /etc/pam.d/su in GNU
coreutils ...)
 	- coreutils 5.93-1
-CVE-2008-1945
-	RESERVED
+CVE-2008-1945 (QEMU 0.9.0 does not properly handle changes to removable media,
which ...)
+	TODO: check
 CVE-2008-1944 (Buffer overflow in the backend framebuffer of XenSource Xen ...)
 	- xen-3 3.2.1-2 (medium; bug #487095)
 	- xen-unstable 3.3-unstable+hg17602-1 (medium; bug #487097)
@@ -4152,8 +4506,8 @@
 	NOT-FOR-US: HP Oracle for OpenView
 CVE-2008-1665 (Multiple unspecified vulnerabilities in HP Select Identity
(HPSI) ...)
 	NOT-FOR-US: HP Select Identity
-CVE-2008-1664
-	RESERVED
+CVE-2008-1664 (Unspecified vulnerability in libc on HP HP-UX B.11.23 and
B.11.31 ...)
+	TODO: check
 CVE-2008-1663 (Cross-site scripting (XSS) vulnerability in HP System Management
...)
 	NOT-FOR-US: HP System Management Homepage
 CVE-2008-1662 (Unspecified vulnerability in the HP System Administration
Manager ...)
@@ -4625,12 +4979,12 @@
 	NOT-FOR-US: com_alberghi component for Mambo and Joomla!
 CVE-2008-1458 (Cross-site scripting (XSS) vulnerability in index.php in CS-Cart
1.3.2 ...)
 	NOT-FOR-US: CS-Cart
-CVE-2008-1457
-	RESERVED
-CVE-2008-1456
-	RESERVED
-CVE-2008-1455
-	RESERVED
+CVE-2008-1457 (The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3,
Server ...)
+	TODO: check
+CVE-2008-1456 (Array index vulnerability in the Event System in Microsoft
Windows ...)
+	TODO: check
+CVE-2008-1455 (A &quot;memory calculation error&quot; in Microsoft
Office PowerPoint 2000 SP3, ...)
+	TODO: check
 CVE-2008-1454 (Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4,
Server ...)
 	NOT-FOR-US: Windows issue
 CVE-2008-1453 (The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and
Vista ...)
@@ -4643,8 +4997,8 @@
 	RESERVED
 CVE-2008-1449
 	RESERVED
-CVE-2008-1448
-	RESERVED
+CVE-2008-1448 (The MHTML protocol handler in a component of Microsoft Outlook
Express ...)
+	TODO: check
 CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before
9.5.0-P1, ...)
 	{DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
 	- bind9 1:9.5.0.dfsg-5 (high)
@@ -5850,10 +6204,10 @@
 	NOTE: does not download them, however it needs to update its hashes for
upstream tarballs
 CVE-2008-0966
 	RESERVED
-CVE-2008-0965
-	RESERVED
-CVE-2008-0964
-	RESERVED
+CVE-2008-0965 (Unspecified vulnerability in snoop on Sun Solaris 8 through 10
and ...)
+	TODO: check
+CVE-2008-0964 (Unspecified vulnerability in snoop on Sun Solaris 8 through 10
and ...)
+	TODO: check
 CVE-2008-0963 (Format string vulnerability in EMC DiskXtender MediaStor
6.20.060 ...)
 	NOT-FOR-US: EMC DiskXtender
 CVE-2008-0962 (Stack-based buffer overflow in the File System Manager for EMC
...)
@@ -7863,10 +8217,10 @@
 	- glibc 2.2-1
 	NOTE: The fix for the BIND-based resolver in GNU libc was made in 2000.
 	NOTE: libbind9 is distinct code, not related to the old libbind.
-CVE-2008-0121
-	RESERVED
-CVE-2008-0120
-	RESERVED
+CVE-2008-0121 (A &quot;memory calculation error&quot; in Microsoft
PowerPoint Viewer 2003 ...)
+	TODO: check
+CVE-2008-0120 (A &quot;memory allocation error&quot; in Microsoft
PowerPoint Viewer 2003 allows ...)
+	TODO: check
 CVE-2008-0119 (Unspecified vulnerability in Microsoft Publisher in Office 2000
and XP ...)
 	NOT-FOR-US: Microsoft Publisher
 CVE-2008-0118 (Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3,
2003 ...)
@@ -7961,8 +8315,8 @@
 	NOT-FOR-US: Windows
 CVE-2008-0083 (The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll)
...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2008-0082
-	RESERVED
+CVE-2008-0082 (An ActiveX control (Messenger.UIAutomation.1) in Windows
Messenger 4.7 ...)
+	TODO: check
 CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through
2003 ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-0080 (Heap-based buffer overflow in the WebDAV Mini-Redirector in
Microsoft ...)
@@ -25547,7 +25901,7 @@
 	NOT-FOR-US: Windows
 CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation
before ...)
 	- vmware-package 0.16
-CVE-2007-0062 (Integer overflow in the DHCP server in EMC VMware Workstation
before ...)
+CVE-2007-0062 (Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x
before ...)
 	- vmware-package 0.16
 CVE-2007-0061 (The DHCP server in EMC VMware Workstation before 5.5.5 Build
56455 and ...)
 	- vmware-package 0.16
Secure testing commits - Aug 2008 - r9560 - data/CVE

[Secure-testing-commits] r9560 - data/CVE
