thr3ads.net - Secure testing commits - [Secure-testing-commits] r9908

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Oct-01 09:14 UTC
[Secure-testing-commits] r9908 - data/CVE

Author: joeyh
Date: 2008-10-01 09:14:14 +0000 (Wed, 01 Oct 2008)
New Revision: 9908

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-09-30 20:16:39 UTC (rev 9907)
+++ data/CVE/list	2008-10-01 09:14:14 UTC (rev 9908)
@@ -1,3 +1,351 @@
+CVE-2008-4366 (Unrestricted file upload vulnerability in the image upload
component ...)
+	TODO: check
+CVE-2008-4365 (Cross-site scripting (XSS) vulnerability in search.php in
Siteman ...)
+	TODO: check
+CVE-2008-4364 (SQL injection vulnerability in default.aspx in ParsaGostar
ParsaWeb ...)
+	TODO: check
+CVE-2008-4363 (DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to
cause a ...)
+	TODO: check
+CVE-2008-4362 (The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+
3.2.7 ...)
+	TODO: check
+CVE-2008-4361 (Directory traversal vulnerability in PowerPortal 2.0.13 allows
remote ...)
+	TODO: check
+CVE-2008-4360
+	RESERVED
+CVE-2008-4359
+	RESERVED
+CVE-2008-4358 (Unspecified vulnerability in class/theme.class.php in SPAW
Editor PHP ...)
+	TODO: check
+CVE-2008-4357 (SQL injection vulnerability in linkto.php in Powie pLink 2.07
allows ...)
+	TODO: check
+CVE-2008-4356 (Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and
1.2.0 ...)
+	TODO: check
+CVE-2008-4355 (SQL injection vulnerability in showprofil.php in Powie PSCRIPT
Forum ...)
+	TODO: check
+CVE-2008-4354 (SQL injection vulnerability in the products module in NetArt
Media ...)
+	TODO: check
+CVE-2008-4353 (SQL injection vulnerability in link.php in Linkarity allows
remote ...)
+	TODO: check
+CVE-2008-4352 (SQL injection vulnerability in inc/pages/viewprofile.php in ...)
+	TODO: check
+CVE-2008-4351 (Directory traversal vulnerability in index.php in phpSmartCom
0.2 ...)
+	TODO: check
+CVE-2008-4350 (SQL injection vulnerability in main.php in vbLOGIX Tutorial
Script 1.0 ...)
+	TODO: check
+CVE-2008-4349 (Multiple cross-site scripting (XSS) vulnerabilities in news.php
in ...)
+	TODO: check
+CVE-2008-4348 (SQL injection vulnerability in photo.php in PHPortfolio allows
remote ...)
+	TODO: check
+CVE-2008-4347 (SQL injection vulnerability in newskom.php in Powie pNews 2.03
allows ...)
+	TODO: check
+CVE-2008-4346 (Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4
allows ...)
+	TODO: check
+CVE-2008-4345 (SQL injection vulnerability in download.php in WebPortal CMS
0.7.4 and ...)
+	TODO: check
+CVE-2008-4344 (SQL injection vulnerability in cat.php in 6rbScript allows
remote ...)
+	TODO: check
+CVE-2008-4343 (The Chilkat XML ChilkatUtil.CkData.1 ActiveX control
(ChilkatUtil.dll) ...)
+	TODO: check
+CVE-2008-4342 (NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1
ActiveX ...)
+	TODO: check
+CVE-2008-4341 (add.php in MyBlog 0.9.8 and earlier allows remote attackers to
bypass ...)
+	TODO: check
+CVE-2008-4340 (Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers
to ...)
+	TODO: check
+CVE-2008-4339 (Unspecified vulnerability in the Java Administration GUI (jnbSA)
in ...)
+	TODO: check
+CVE-2008-4338 (SQL injection vulnerability in the
brilliant_gallery_checklist_save ...)
+	TODO: check
+CVE-2008-4337 (Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2
allows ...)
+	TODO: check
+CVE-2008-4336 (Cross-site scripting (XSS) vulnerability in album.php in Atomic
Photo ...)
+	TODO: check
+CVE-2008-4335 (SQL injection vulnerability in album.php in Atomic Photo Album
(APA) ...)
+	TODO: check
+CVE-2008-4334 (PHP infoBoard V.7 Plus allows remote attackers to bypass ...)
+	TODO: check
+CVE-2008-4333 (Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7
Plus ...)
+	TODO: check
+CVE-2008-4332 (SQL injection vulnerability in the showjavatopic function in
func.php ...)
+	TODO: check
+CVE-2008-4331 (Directory traversal vulnerability in
library/pagefunctions.inc.php in ...)
+	TODO: check
+CVE-2008-4330 (Directory traversal vulnerability in index.php in LanSuite 3.3.2
...)
+	TODO: check
+CVE-2008-4329 (PHP remote file inclusion vulnerability in
cms/system/openengine.php ...)
+	TODO: check
+CVE-2008-4328 (SQL injection vulnerability in site_search.php in EasyRealtorPRO
2008 ...)
+	TODO: check
+CVE-2008-4327 (gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not
properly ...)
+	TODO: check
+CVE-2008-4326 (The PMA_escapeJsString function in libraries/js_escape.lib.php
in ...)
+	TODO: check
+CVE-2008-4325 (lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in
the ...)
+	TODO: check
+CVE-2008-4324 (The user interface event dispatcher in Mozilla Firefox 3.0.3 on
...)
+	TODO: check
+CVE-2008-4323 (Windows Explorer in Microsoft Windows XP SP3 allows
user-assisted ...)
+	TODO: check
+CVE-2008-4322 (Stack-based buffer overflow in RealFlex Technologies Ltd.
RealWin ...)
+	TODO: check
+CVE-2008-4321 (Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows
remote FTP ...)
+	TODO: check
+CVE-2008-4320 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS
before ...)
+	TODO: check
+CVE-2008-4319 (fileadmin.php in Libra File Manager (aka Libra PHP File Manager)
1.18 ...)
+	TODO: check
+CVE-2008-4318 (Observer 0.3.2.1 and earlier allows remote attackers to execute
...)
+	TODO: check
+CVE-2008-4317
+	RESERVED
+CVE-2008-4316
+	RESERVED
+CVE-2008-4315
+	RESERVED
+CVE-2008-4314
+	RESERVED
+CVE-2008-4313
+	RESERVED
+CVE-2008-4312
+	RESERVED
+CVE-2008-4311
+	RESERVED
+CVE-2008-4310
+	RESERVED
+CVE-2008-4309
+	RESERVED
+CVE-2008-4308
+	RESERVED
+CVE-2008-4307
+	RESERVED
+CVE-2008-4306
+	RESERVED
+CVE-2008-4305
+	RESERVED
+CVE-2008-4304
+	RESERVED
+CVE-2008-4303
+	RESERVED
+CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before
...)
+	TODO: check
+CVE-2008-4301 (A certain ActiveX control in iisext.dll in Microsoft Internet
...)
+	TODO: check
+CVE-2008-4300 (A certain ActiveX control in adsiis.dll in Microsoft Internet
...)
+	TODO: check
+CVE-2008-4299 (A certain ActiveX control in the Microsoft Internet
Authentication ...)
+	TODO: check
+CVE-2008-4297 (Mercurial before 1.0.2 does not enforce the allowpull permission
...)
+	TODO: check
+CVE-2008-4296 (The Cisco Linksys WRT350N with firmware 1.0.3.7 has
&quot;admin&quot; as its ...)
+	TODO: check
+CVE-2008-4295 (Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125
devices ...)
+	TODO: check
+CVE-2008-4294 (IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached
user ...)
+	TODO: check
+CVE-2008-4293 (Unspecified vulnerability in Opera before 9.52 on Windows, when
...)
+	TODO: check
+CVE-2008-4292 (Opera before 9.52 does not check the CRL override upon
encountering a ...)
+	TODO: check
+CVE-2008-4291
+	RESERVED
+CVE-2008-4290
+	RESERVED
+CVE-2008-4289
+	RESERVED
+CVE-2008-4288
+	RESERVED
+CVE-2008-4287
+	RESERVED
+CVE-2008-4286
+	RESERVED
+CVE-2008-4285
+	RESERVED
+CVE-2008-4284
+	RESERVED
+CVE-2008-4283
+	RESERVED
+CVE-2008-4282
+	RESERVED
+CVE-2008-4281
+	RESERVED
+CVE-2008-4280
+	RESERVED
+CVE-2008-4279
+	RESERVED
+CVE-2008-4278
+	RESERVED
+CVE-2008-4277
+	RESERVED
+CVE-2008-4276
+	RESERVED
+CVE-2008-4275
+	RESERVED
+CVE-2008-4274
+	RESERVED
+CVE-2008-4273
+	RESERVED
+CVE-2008-4272
+	RESERVED
+CVE-2008-4271
+	RESERVED
+CVE-2008-4270
+	RESERVED
+CVE-2008-4269
+	RESERVED
+CVE-2008-4268
+	RESERVED
+CVE-2008-4267
+	RESERVED
+CVE-2008-4266
+	RESERVED
+CVE-2008-4265
+	RESERVED
+CVE-2008-4264
+	RESERVED
+CVE-2008-4263
+	RESERVED
+CVE-2008-4262
+	RESERVED
+CVE-2008-4261
+	RESERVED
+CVE-2008-4260
+	RESERVED
+CVE-2008-4259
+	RESERVED
+CVE-2008-4258
+	RESERVED
+CVE-2008-4257
+	RESERVED
+CVE-2008-4256
+	RESERVED
+CVE-2008-4255
+	RESERVED
+CVE-2008-4254
+	RESERVED
+CVE-2008-4253
+	RESERVED
+CVE-2008-4252
+	RESERVED
+CVE-2008-4251
+	RESERVED
+CVE-2008-4250
+	RESERVED
+CVE-2008-4249
+	RESERVED
+CVE-2008-4248
+	RESERVED
+CVE-2008-4246 (Unspecified vulnerability in Denora IRC Stats Server before
1.4.1 ...)
+	TODO: check
+CVE-2008-4245 (The Admin Control Panel in Rianxosencabos CMS 0.9 does not
require ...)
+	TODO: check
+CVE-2008-4244 (Rianxosencabos CMS 0.9 allows remote attackers to bypass ...)
+	TODO: check
+CVE-2008-4243 (Directory traversal vulnerability in ImageServer (aka
UTImageServer) ...)
+	TODO: check
+CVE-2008-4242 (ProFTPD 1.3.1 interprets long commands from an FTP client as
multiple ...)
+	TODO: check
+CVE-2008-4241 (SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier
allows ...)
+	TODO: check
+CVE-2008-4240
+	RESERVED
+CVE-2008-4239
+	RESERVED
+CVE-2008-4238
+	RESERVED
+CVE-2008-4237
+	RESERVED
+CVE-2008-4236
+	RESERVED
+CVE-2008-4235
+	RESERVED
+CVE-2008-4234
+	RESERVED
+CVE-2008-4233
+	RESERVED
+CVE-2008-4232
+	RESERVED
+CVE-2008-4231
+	RESERVED
+CVE-2008-4230
+	RESERVED
+CVE-2008-4229
+	RESERVED
+CVE-2008-4228
+	RESERVED
+CVE-2008-4227
+	RESERVED
+CVE-2008-4226
+	RESERVED
+CVE-2008-4225
+	RESERVED
+CVE-2008-4224
+	RESERVED
+CVE-2008-4223
+	RESERVED
+CVE-2008-4222
+	RESERVED
+CVE-2008-4221
+	RESERVED
+CVE-2008-4220
+	RESERVED
+CVE-2008-4219
+	RESERVED
+CVE-2008-4218
+	RESERVED
+CVE-2008-4217
+	RESERVED
+CVE-2008-4216
+	RESERVED
+CVE-2008-4215
+	RESERVED
+CVE-2008-4214
+	RESERVED
+CVE-2008-4213
+	RESERVED
+CVE-2008-4212
+	RESERVED
+CVE-2008-4211
+	RESERVED
+CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly
strip ...)
+	TODO: check
+CVE-2008-4209
+	RESERVED
+CVE-2008-4208 (Unspecified vulnerability in OSADS Alliance Database before 2.1
has ...)
+	TODO: check
+CVE-2008-4207 (Attachmax Dolphin 2.1.0 and earlier does not properly protect
info.php ...)
+	TODO: check
+CVE-2008-4206 (PHP remote file inclusion vulnerability in config.php in
Attachmax ...)
+	TODO: check
+CVE-2008-4205 (SQL injection vulnerability in index.php in Attachmax Dolphin
2.1.0 ...)
+	TODO: check
+CVE-2008-4204 (SQL injection vulnerability in city.asp in SoftAcid Hotel
Reservation ...)
+	TODO: check
+CVE-2008-4203 (SQL injection vulnerability in cn_users.php in CzarNews 1.20 and
...)
+	TODO: check
+CVE-2008-4202 (SQL injection vulnerability in index.php in Gonafish
LinksCaffePRO 4.5 ...)
+	TODO: check
+CVE-2008-4200 (Opera before 9.52 does not ensure that the address field of a
news ...)
+	TODO: check
+CVE-2008-4199 (Opera before 9.52 does not prevent use of links from web pages
to feed ...)
+	TODO: check
+CVE-2008-4198 (Opera before 9.52, when rendering an http page that has loaded
an ...)
+	TODO: check
+CVE-2008-4197 (Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when
...)
+	TODO: check
+CVE-2008-4196 (Cross-site scripting (XSS) vulnerability in Opera before 9.52
allows ...)
+	TODO: check
+CVE-2008-4195 (Opera before 9.52 does not properly restrict the ability of a
framed ...)
+	TODO: check
+CVE-2008-4194 (The p_exec_query function in src/dns_query.c in pdnsd before
1.2.7-par ...)
+	TODO: check
+CVE-2008-4193 (Stack-based buffer overflow in SecurityGateway.dll in Alt-N ...)
+	TODO: check
+CVE-2008-4192 (The pserver_shutdown function in fence_egenera in cman
2.20080629 ...)
+	TODO: check
+CVE-2008-4191 (extract-table.pl in Emacspeak 26 and 28 allows local users to
...)
+	TODO: check
+CVE-2008-4190 (The IPSEC livetest tool in Openswan 2.4.4 and earlier allows
local ...)
+	TODO: check
 CVE-2008-XXXX [jumpnbump: insecure temp file]
 	- jumpnbump 1.50+dfsg1-1 (low; bug #500611)
 CVE-2008-XXXX [gpsdrive: insecure temp file]
@@ -6,7 +354,7 @@
 	- dist 1:3.5-17-2 (low; bug #496412)
 CVE-2008-XXXX [lustre: insecure temp files]
 	- lustre 1.6.5.1-1 (low; bug #496371)
-CVE-2008-4247 [Cross-site request forgery]
+CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, and NetBSD 4.0 interprets long
...)
 	- ftpd-ssl <unfixed> (bug #500518)
 	- ftpd <unfixed> (bug #500278)
 CVE-2008-XXXX [possible script injection via /etc/wordpress/wp-config.php]
@@ -19,7 +367,7 @@
 	- lighttpd 1.4.19-5 (low)
 	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
 	NOTE: CVE id requested
-CVE-2008-4298 [memory leak]
+CVE-2008-4298 (Memory leak in the http_request_parse function in request.c in
...)
 	- lighttpd 1.4.19-5 (medium)
 	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
 CVE-2008-XXXX [unsafe usage of temp file]
@@ -171,17 +519,17 @@
 	RESERVED
 CVE-2008-4121
 	RESERVED
-CVE-2008-4120
-	RESERVED
-CVE-2008-4119
-	RESERVED
+CVE-2008-4120 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress
0.804 ...)
+	TODO: check
+CVE-2008-4119 (Multiple cross-site scripting (XSS) vulnerabilities in CA
Service Desk ...)
+	TODO: check
 CVE-2008-4118 (Cross-site scripting (XSS) vulnerability in High Norm Sound
Master 2nd ...)
 	NOT-FOR-US: High Norm Sound Master
 CVE-2008-4117 (Unspecified vulnerability in a web page in the PRM module in Sun
...)
 	NOT-FOR-US: Sun Management Center (SunMC)
 CVE-2008-4116 (Heap-based buffer overflow in Apple QuickTime 7.5.5 and iTunes
8.0 ...)
 	NOT-FOR-US: Apple
-CVE-2008-4201 [heap overflow in faad2]
+CVE-2008-4201 (Heap-based buffer overflow in the decodeMP4file function ...)
 	- faad2 2.6.1-3.1 (bug #499899)
 	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=238445
 	NOTE: http://www.audiocoding.com/
@@ -225,8 +573,8 @@
 	TODO: check
 CVE-2008-4095 (Multiple unspecified vulnerabilities in Flip4Mac WMV before
2.2.1 have ...)
 	NOT-FOR-US: Flip4Mac WMV
-CVE-2008-4094
-	RESERVED
+CVE-2008-4094 (Multiple SQL injection vulnerabilities in Ruby on Rails before
2.1.1 ...)
+	TODO: check
 CVE-2008-4093 (SQL injection vulnerability in memberstats.php in YourOwnBux 3.1
and ...)
 	NOT-FOR-US: YourOwnBux
 CVE-2008-4092 (SQL injection vulnerability in printfeature.php in myPHPNuke
(MPN) ...)
@@ -273,42 +621,31 @@
 	NOT-FOR-US: phsBlog
 CVE-2008-4071 (A certain ActiveX control in Adobe Acrobat 9, when used with
Microsoft ...)
 	NOT-FOR-US: Microsoft
-CVE-2008-4070 [mfsa2008-46 Heap overflow when canceling newsgroup message]
-	RESERVED
-CVE-2008-4069 [mfsa2008-45 XBM image uninitialized memory reading]
-	RESERVED
-CVE-2008-4068 [mfsa2008-44 resource: traversal vulnerabilities]
-	RESERVED
+CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before
2.0.0.17 and ...)
+	TODO: check
+CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey
...)
+	TODO: check
+CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before
2.0.0.17 ...)
 	- xulrunner 1.9.0.3-1
-CVE-2008-4067 [mfsa2008-44 resource: traversal vulnerabilities]
-	RESERVED
+CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before
2.0.0.17 ...)
 	- xulrunner 1.9.0.3-1
-CVE-2008-4066 [mfsa2008-43 chars stripped from JavaScript before execution]
-	RESERVED
+CVE-2008-4066 (Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17,
allows ...)
 	- xulrunner 1.9.0.3-1
-CVE-2008-4065 [mfsa2008-43 chars stripped from JavaScript before execution]
-	RESERVED
+CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2,
Thunderbird ...)
 	- xulrunner 1.9.0.3-1
-CVE-2008-4064 [mfsa2008-42 Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2008-4064 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x
before ...)
 	- xulrunner 1.9.0.3-1
-CVE-2008-4063 [mfsa2008-42 Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2008-4063 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x
before ...)
 	- xulrunner 1.9.0.3-1
-CVE-2008-4062 [mfsa2008-42 Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before
...)
 	- xulrunner 1.9.0.3-1
-CVE-2008-4061 [mfsa2008-42 Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox
before ...)
 	- xulrunner 1.9.0.3-1
-CVE-2008-4060 [mfsa2008-41 Privilege escalation via XPCnativeWrapper]
-	RESERVED
+CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2,
Thunderbird ...)
 	- xulrunner 1.9.0.3-1
-CVE-2008-4059 [mfsa2008-41 Privilege escalation via XPCnativeWrapper]
-	RESERVED
+CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17
allows ...)
 	- xulrunner 1.9.0.3-1
-CVE-2008-4058 [mfsa2008-41 Privilege escalation via XPCnativeWrapper]
-	RESERVED
+CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and
3.x ...)
 	- xulrunner 1.9.0.3-1
 CVE-2008-4057 (Unspecified vulnerability in Objective Development Sharity 3
before ...)
 	NOT-FOR-US: Objective Development Sharity
@@ -830,13 +1167,12 @@
 	NOT-FOR-US: Solaris
 CVE-2008-3838 (Unspecified vulnerability in the NFS Remote Procedure Calls
(RPC) ...)
 	NOT-FOR-US: Solaris
-CVE-2008-3837 [mfsa2008-40 click-hijacking]
-	RESERVED
+CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and
SeaMonkey ...)
 	- xulrunner 1.9.0.3-1
-CVE-2008-3836
-	RESERVED
-CVE-2008-3835
-	RESERVED
+CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote
attackers ...)
+	TODO: check
+CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox
...)
+	TODO: check
 CVE-2008-3834
 	RESERVED
 CVE-2008-3833
@@ -851,8 +1187,7 @@
 	RESERVED
 CVE-2008-3828
 	RESERVED
-CVE-2008-3827 [integer overflows in demuxing code]
-	RESERVED
+CVE-2008-3827 (Multiple integer underflows in MPlayer 1.0_rc2 and earlier allow
...)
 	{DTSA-168-1}
 	- mplayer 1.0~rc2-18 (medium; bug #500683)
 	NOTE: http://www.ocert.org/advisories/ocert-2008-013.html
@@ -884,38 +1219,38 @@
 	RESERVED
 CVE-2008-3814
 	RESERVED
-CVE-2008-3813
-	RESERVED
-CVE-2008-3812
-	RESERVED
-CVE-2008-3811
-	RESERVED
-CVE-2008-3810
-	RESERVED
-CVE-2008-3809
-	RESERVED
-CVE-2008-3808
-	RESERVED
-CVE-2008-3807
-	RESERVED
-CVE-2008-3806
-	RESERVED
-CVE-2008-3805
-	RESERVED
-CVE-2008-3804
-	RESERVED
-CVE-2008-3803
-	RESERVED
-CVE-2008-3802
-	RESERVED
-CVE-2008-3801
-	RESERVED
-CVE-2008-3800
-	RESERVED
-CVE-2008-3799
-	RESERVED
-CVE-2008-3798
-	RESERVED
+CVE-2008-3813 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the
L2TP ...)
+	TODO: check
+CVE-2008-3812 (Cisco IOS 12.4, when IOS firewall Application Inspection Control
(AIC) ...)
+	TODO: check
+CVE-2008-3811 (Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol
(SCCP) ...)
+	TODO: check
+CVE-2008-3810 (Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol
(SCCP) ...)
+	TODO: check
+CVE-2008-3809 (Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR)
devices ...)
+	TODO: check
+CVE-2008-3808 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows
remote ...)
+	TODO: check
+CVE-2008-3807 (Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when
...)
+	TODO: check
+CVE-2008-3806 (Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200
...)
+	TODO: check
+CVE-2008-3805 (Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200
...)
+	TODO: check
+CVE-2008-3804 (Unspecified vulnerability in the Multi Protocol Label Switching
(MPLS) ...)
+	TODO: check
+CVE-2008-3803 (A &quot;logic error&quot; in Cisco IOS 12.0 through
12.4, when a Multiprotocol ...)
+	TODO: check
+CVE-2008-3802 (Unspecified vulnerability in the Session Initiation Protocol
(SIP) ...)
+	TODO: check
+CVE-2008-3801 (Unspecified vulnerability in the Session Initiation Protocol
(SIP) ...)
+	TODO: check
+CVE-2008-3800 (Unspecified vulnerability in the Session Initiation Protocol
(SIP) ...)
+	TODO: check
+CVE-2008-3799 (Memory leak in the Session Initiation Protocol (SIP)
implementation in ...)
+	TODO: check
+CVE-2008-3798 (Cisco IOS 12.4 allows remote attackers to cause a denial of
service ...)
+	TODO: check
 CVE-2008-3797
 	RESERVED
 CVE-2008-3796 (Swfdec 0.6 before 0.6.8 allows remote attackers to cause a
denial of ...)
@@ -1313,8 +1648,7 @@
 	RESERVED
 CVE-2008-3664 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS
allow ...)
 	NOT-FOR-US: XRMS
-CVE-2008-3663 [Squirrelmail: Session hijacking vulnerability]
-	RESERVED
+CVE-2008-3663 (Squirrelmail 1.4.15 does not set the secure flag for the session
...)
 	- squirrelmail 2:1.4.15-3 (low; bug #499942)
 	[etch] - squirrelmail <no-dsa> (less important and fix changes
behaviour)
 	NOTE: only relevant for installations that are also offered over http
@@ -1392,10 +1726,10 @@
 	RESERVED
 CVE-2008-3639
 	RESERVED
-CVE-2008-3638
-	RESERVED
-CVE-2008-3637
-	RESERVED
+CVE-2008-3638 (Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent
applets from ...)
+	TODO: check
+CVE-2008-3637 (The Hash-based Message Authentication Code (HMAC) provider in
Java on ...)
+	TODO: check
 CVE-2008-3636 (Integer overflow in an unspecified third-party driver bundled
with ...)
 	NOT-FOR-US: Apple iTunes
 CVE-2008-3635 (Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an
...)
@@ -1622,8 +1956,8 @@
 	- kfreebsd-7 7.0-5
 CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex
function in ...)
 	- libxml2 <unfixed> (bug #498768)
-CVE-2008-3528
-	RESERVED
+CVE-2008-3528 (The error-reporting functionality in (1) fs/ext2/dir.c, (2) ...)
+	TODO: check
 CVE-2008-3527
 	RESERVED
 CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in
...)
@@ -1633,8 +1967,8 @@
 CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan
subsystem ...)
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <unfixed>
-CVE-2008-3524
-	RESERVED
+CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 in Fedora 9 allows
local ...)
+	TODO: check
 CVE-2008-3523
 	RESERVED
 CVE-2008-3522 [jasper - buffer overflow]
@@ -2611,16 +2945,15 @@
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java5 1.5.0-16-1 (bug #490260)
 	- sun-java6 6-07-1 (bug #490260)
-CVE-2008-3102
-	RESERVED
+CVE-2008-3102 (Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not
set the ...)
+	TODO: check
 CVE-2008-3101 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger
CRM ...)
 	NOT-FOR-US: vtiger CRM
 CVE-2008-3100 (Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in
Steve ...)
 	- owl-dms 0.95-1.1 (low; bug #493579)
 CVE-2008-3099
 	RESERVED
-CVE-2008-3098
-	RESERVED
+CVE-2008-3098 (Cross-site scripting (XSS) vulnerability in admin/usercheck.php
in ...)
 	NOT-FOR-US: fuzzylime
 CVE-2008-3097 (Cross-site scripting (XSS) vulnerability in the Tinytax module
(aka ...)
 	NOT-FOR-US: additional drupal module Tinytax
@@ -3474,8 +3807,8 @@
 	RESERVED
 CVE-2008-2740
 	RESERVED
-CVE-2008-2739
-	RESERVED
+CVE-2008-2739 (The SERVICE.DNS signature engine in the Intrusion Prevention
System ...)
+	TODO: check
 CVE-2008-2738
 	RESERVED
 CVE-2008-2737
@@ -4042,8 +4375,8 @@
 	RESERVED
 CVE-2008-2475
 	RESERVED
-CVE-2008-2474
-	RESERVED
+CVE-2008-2474 (Buffer overflow in x87 before 3.5.5 in ABB Process Communication
Unit ...)
+	TODO: check
 CVE-2008-2473
 	RESERVED
 CVE-2008-2472
@@ -6262,7 +6595,7 @@
 	[etch] - otrs <not-affected> (Vulnerable code not present)
 	[sarge] - otrs <not-affected> (Vulnerable code not present)
 	NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
-CVE-2008-1514 (ptrace in Linux kernel 2.6.9 on Fedora 7 and 8 allows local
users to ...)
+CVE-2008-1514 (arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other
versions ...)
 	- linux-2.6 <unfixed>
 	NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24
here
 CVE-2008-1513 (SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and
...)
@@ -10562,8 +10895,8 @@
 	RESERVED
 CVE-2008-0017
 	RESERVED
-CVE-2008-0016
-	RESERVED
+CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in
...)
+	TODO: check
 CVE-2008-0015
 	RESERVED
 CVE-2008-0014
Secure testing commits - Oct 2008 - r9908 - data/CVE

[Secure-testing-commits] r9908 - data/CVE
