thr3ads.net - Secure testing commits - [Secure-testing-commits] r10092

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Oct-15 09:14 UTC
[Secure-testing-commits] r10092 - data/CVE

Author: joeyh
Date: 2008-10-15 09:14:25 +0000 (Wed, 15 Oct 2008)
New Revision: 10092

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-10-15 08:16:33 UTC (rev 10091)
+++ data/CVE/list	2008-10-15 09:14:25 UTC (rev 10092)
@@ -1,4 +1,28 @@
-CVE-2008-4558 [vlc xspf memory corruption]
+CVE-2008-4557 (plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru
1.1.1 ...)
+	TODO: check
+CVE-2008-4556 (Stack-based buffer overflow in the adm_build_path function in
sadmind ...)
+	TODO: check
+CVE-2008-4555 (Stack-based buffer overflow in the push_subg function in
parser.y ...)
+	TODO: check
+CVE-2008-4554
+	RESERVED
+CVE-2008-4553
+	RESERVED
+CVE-2008-4552 (nfs-utils 1.0.9, and possibly other versions before 1.1.3,
invokes the ...)
+	TODO: check
+CVE-2008-4551 (strongSwan 4.2.6 and earlier allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2008-4550
+	RESERVED
+CVE-2008-4549 (The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll)
in ...)
+	TODO: check
+CVE-2008-4548 (Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX
control ...)
+	TODO: check
+CVE-2008-4547 (Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX
control ...)
+	TODO: check
+CVE-2008-4546 (Adobe Flash Player 9.0.45.0, 9.0.112.0, 9.0.124.0, and
10.0.12.10 ...)
+	TODO: check
+CVE-2008-4558 (Array index error in VLC media player 0.9.2 allows remote
attackers to ...)
 	- vlc <unfixed>
 	NOTE: http://www.coresecurity.com/content/vlc-xspf-memory-corruption
 	TODO: report bug
@@ -93,12 +117,12 @@
 	NOT-FOR-US: Adobe Flash Player
 CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows
context-dependent ...)
 	- xerces-c2 <unfixed> (low; bug #502102)
-CVE-2008-4480
-	RESERVED
-CVE-2008-4479
-	RESERVED
-CVE-2008-4478
-	RESERVED
+CVE-2008-4480 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x
...)
+	TODO: check
+CVE-2008-4479 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8
...)
+	TODO: check
+CVE-2008-4478 (Multiple integer overflows in dhost.exe in Novell eDirectory 8.8
...)
+	TODO: check
 CVE-2008-4473
 	RESERVED
 CVE-2008-4502 (Multiple PHP remote file inclusion vulnerabilities in
DataFeedFile ...)
@@ -207,8 +231,8 @@
 	RESERVED
 CVE-2008-4442
 	RESERVED
-CVE-2008-4441
-	RESERVED
+CVE-2008-4441 (The Marvell driver for the Linksys WAP4400N Wi-Fi access point
with ...)
+	TODO: check
 CVE-2008-4439 (PHP remote file inclusion vulnerability in admin/bin/patch.php
in ...)
 	NOT-FOR-US: MartinWood Datafeed Studio
 CVE-2008-4438 (Cross-site scripting (XSS) vulnerability in search.php in
Datafeed ...)
@@ -291,6 +315,7 @@
 CVE-2008-4402 (Multiple buffer overflows in CGI modules in the server in Trend
Micro ...)
 	NOT-FOR-US: Trend Micro OfficeScan
 CVE-2008-4408 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1,
1.12.0, ...)
+	{DTSA-171-1}
 	- mediawiki 1:1.13.2-1 (low; bug #501115)
 CVE-2008-4475 (ibackup 2.27 allows local users to overwrite arbitrary files via
a ...)
 	- ibackup <removed> (low; bug #496432)
@@ -303,14 +328,14 @@
 	NOTE: Only present in example scripts
 CVE-2008-4401
 	RESERVED
-CVE-2008-4400
-	RESERVED
-CVE-2008-4399
-	RESERVED
-CVE-2008-4398
-	RESERVED
-CVE-2008-4397
-	RESERVED
+CVE-2008-4400 (Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup
...)
+	TODO: check
+CVE-2008-4399 (Unspecified vulnerability in the database engine service in ...)
+	TODO: check
+CVE-2008-4398 (Unspecified vulnerability in the tape engine service in
asdbapi.dll in ...)
+	TODO: check
+CVE-2008-4397 (Directory traversal vulnerability in the RPC interface
(asdbapi.dll) ...)
+	TODO: check
 CVE-2008-4396 (Stack-based buffer overflow in Safer Networking FileAlyzer
1.6.0.0 and ...)
 	NOT-FOR-US: Safer Networking FileAlyzer
 CVE-2008-XXXX [ltp: insecure temp file]
@@ -374,8 +399,8 @@
 	RESERVED
 CVE-2008-4386
 	RESERVED
-CVE-2008-4385
-	RESERVED
+CVE-2008-4385 (Husdawg, LLC Systems Requirements Lab 3 allows remote attackers
to ...)
+	TODO: check
 CVE-2008-4384 (Multiple stack-based buffer overflows in MGI Software LPViewer
ActiveX ...)
 	NOT-FOR-US: LPViewer ActiveX
 CVE-2008-4383 (Stack-based buffer overflow in the Agranet-Emweb embedded
management ...)
@@ -1193,12 +1218,12 @@
 	NOT-FOR-US: Kyocera FS-118MFP
 CVE-2008-4039 (SQL injection vulnerability in index.php in Spice Classifieds
allows ...)
 	NOT-FOR-US: Spice Classifieds
-CVE-2008-4038
-	RESERVED
+CVE-2008-4038 (Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3,
Server ...)
+	TODO: check
 CVE-2008-4037
 	RESERVED
-CVE-2008-4036
-	RESERVED
+CVE-2008-4036 (Integer overflow in Memory Manager in Microsoft Windows XP SP2
and ...)
+	TODO: check
 CVE-2008-4035
 	RESERVED
 CVE-2008-4034
@@ -1223,16 +1248,16 @@
 	RESERVED
 CVE-2008-4024
 	RESERVED
-CVE-2008-4023
-	RESERVED
+CVE-2008-4023 (Active Directory in Microsoft Windows 2000 SP4 does not properly
...)
+	TODO: check
 CVE-2008-4022
 	RESERVED
 CVE-2008-4021
 	RESERVED
-CVE-2008-4020
-	RESERVED
-CVE-2008-4019
-	RESERVED
+CVE-2008-4020 (Cross-site scripting (XSS) vulnerability in Microsoft Office XP
SP3 ...)
+	TODO: check
+CVE-2008-4019 (Integer overflow in the REPT function in Microsoft Excel 2000
SP3, ...)
+	TODO: check
 CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch;
before ...)
 	{DSA-1638-1 CVE-2006-5051}
 	- openssh 1:4.6p1-1 (low)
@@ -1264,84 +1289,84 @@
 	RESERVED
 CVE-2008-4014
 	RESERVED
-CVE-2008-4013
-	RESERVED
-CVE-2008-4012
-	RESERVED
-CVE-2008-4011
-	RESERVED
-CVE-2008-4010
-	RESERVED
-CVE-2008-4009
-	RESERVED
-CVE-2008-4008
-	RESERVED
+CVE-2008-4013 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+	TODO: check
+CVE-2008-4012 (Unspecified vulnerability in the WebLogic Workshop component in
BEA ...)
+	TODO: check
+CVE-2008-4011 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+	TODO: check
+CVE-2008-4010 (Unspecified vulnerability in the WebLogic Workshop component in
BEA ...)
+	TODO: check
+CVE-2008-4009 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+	TODO: check
+CVE-2008-4008 (Unspecified vulnerability in the WebLogic Server Plugins for
Apache ...)
+	TODO: check
 CVE-2008-4007
 	RESERVED
 CVE-2008-4006
 	RESERVED
-CVE-2008-4005
-	RESERVED
-CVE-2008-4004
-	RESERVED
-CVE-2008-4003
-	RESERVED
-CVE-2008-4002
-	RESERVED
-CVE-2008-4001
-	RESERVED
-CVE-2008-4000
-	RESERVED
+CVE-2008-4005 (Unspecified vulnerability in the Oracle Application Express
component ...)
+	TODO: check
+CVE-2008-4004 (Unspecified vulnerability in the JDE EnterpriseOne Business
Service ...)
+	TODO: check
+CVE-2008-4003 (Unspecified vulnerability in the PeopleTools component in Oracle
...)
+	TODO: check
+CVE-2008-4002 (Unspecified vulnerability in the PeopleTools component in Oracle
...)
+	TODO: check
+CVE-2008-4001 (Unspecified vulnerability in the PeopleSoft Enterprise Portal
...)
+	TODO: check
+CVE-2008-4000 (Unspecified vulnerability in the PeopleTools component in Oracle
...)
+	TODO: check
 CVE-2008-3999
 	RESERVED
-CVE-2008-3998
-	RESERVED
+CVE-2008-3998 (Unspecified vulnerability in the Oracle iStore component in
Oracle ...)
+	TODO: check
 CVE-2008-3997
 	RESERVED
-CVE-2008-3996
-	RESERVED
-CVE-2008-3995
-	RESERVED
-CVE-2008-3994
-	RESERVED
-CVE-2008-3993
-	RESERVED
-CVE-2008-3992
-	RESERVED
-CVE-2008-3991
-	RESERVED
-CVE-2008-3990
-	RESERVED
-CVE-2008-3989
-	RESERVED
-CVE-2008-3988
-	RESERVED
-CVE-2008-3987
-	RESERVED
-CVE-2008-3986
-	RESERVED
-CVE-2008-3985
-	RESERVED
-CVE-2008-3984
-	RESERVED
-CVE-2008-3983
-	RESERVED
-CVE-2008-3982
-	RESERVED
+CVE-2008-3996 (Unspecified vulnerability in the Change Data Capture component
in ...)
+	TODO: check
+CVE-2008-3995 (Unspecified vulnerability in the Change Data Capture component
in ...)
+	TODO: check
+CVE-2008-3994 (Unspecified vulnerability in the Workspace Manager component in
Oracle ...)
+	TODO: check
+CVE-2008-3993 (Unspecified vulnerability in the Oracle Applications Framework
...)
+	TODO: check
+CVE-2008-3992 (Unspecified vulnerability in the Oracle Data Mining component in
...)
+	TODO: check
+CVE-2008-3991 (Unspecified vulnerability in the Oracle OLAP component in Oracle
...)
+	TODO: check
+CVE-2008-3990 (Unspecified vulnerability in the Oracle OLAP component in Oracle
...)
+	TODO: check
+CVE-2008-3989 (Unspecified vulnerability in the Oracle Data Mining component in
...)
+	TODO: check
+CVE-2008-3988 (Unspecified vulnerability in the iSupplier Portal component in
Oracle ...)
+	TODO: check
+CVE-2008-3987 (Unspecified vulnerability in the Oracle Discoverer Desktop
component ...)
+	TODO: check
+CVE-2008-3986 (Unspecified vulnerability in the Oracle Discoverer Administrator
...)
+	TODO: check
+CVE-2008-3985 (Unspecified vulnerability in the Oracle Applications Technology
Stack ...)
+	TODO: check
+CVE-2008-3984 (Unspecified vulnerability in the Workspace Manager component in
Oracle ...)
+	TODO: check
+CVE-2008-3983 (Unspecified vulnerability in the Workspace Manager component in
Oracle ...)
+	TODO: check
+CVE-2008-3982 (Unspecified vulnerability in the Workspace Manager component in
Oracle ...)
+	TODO: check
 CVE-2008-3981
 	RESERVED
-CVE-2008-3980
-	RESERVED
+CVE-2008-3980 (Unspecified vulnerability in the Upgrade component in Oracle
Database ...)
+	TODO: check
 CVE-2008-3979
 	RESERVED
 CVE-2008-3978
 	RESERVED
-CVE-2008-3977
-	RESERVED
-CVE-2008-3976
-	RESERVED
-CVE-2008-3975
-	RESERVED
+CVE-2008-3977 (Unspecified vulnerability in the Oracle Portal component in
Oracle ...)
+	TODO: check
+CVE-2008-3976 (Unspecified vulnerability in the Oracle Spatial component in
Oracle ...)
+	TODO: check
+CVE-2008-3975 (Unspecified vulnerability in the Oracle Portal component in
Oracle ...)
+	TODO: check
 CVE-2008-3974
 	RESERVED
 CVE-2008-3973
@@ -2292,10 +2317,10 @@
 	NOT-FOR-US: Mac OS
 CVE-2008-3641 (The Hewlett-Packard Graphics Language (HPGL) filter in CUPS
before ...)
 	TODO: check
-CVE-2008-3640
-	RESERVED
-CVE-2008-3639
-	RESERVED
+CVE-2008-3640 (Integer overflow in the WriteProlog function in texttops in CUPS
...)
+	TODO: check
+CVE-2008-3639 (Heap-based buffer overflow in the read_rle16 function in
imagetops in ...)
+	TODO: check
 CVE-2008-3638 (Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent
applets from ...)
 	NOT-FOR-US: Mac OSX
 CVE-2008-3637 (The Hash-based Message Authentication Code (HMAC) provider in
Java on ...)
@@ -2643,24 +2668,24 @@
 	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2008-3480 (Stack-based buffer overflow in the Anzio Web Print Object (WePO)
...)
 	NOT-FOR-US: Anzio Web Print Object 
-CVE-2008-3479
-	RESERVED
+CVE-2008-3479 (The Microsoft Message Queuing (MSMQ) service in Microsoft
Windows 2000 ...)
+	TODO: check
 CVE-2008-3478
 	RESERVED
-CVE-2008-3477
-	RESERVED
-CVE-2008-3476
-	RESERVED
-CVE-2008-3475
-	RESERVED
-CVE-2008-3474
-	RESERVED
-CVE-2008-3473
-	RESERVED
-CVE-2008-3472
-	RESERVED
-CVE-2008-3471
-	RESERVED
+CVE-2008-3477 (Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does
not ...)
+	TODO: check
+CVE-2008-3476 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly
handle ...)
+	TODO: check
+CVE-2008-3475 (Microsoft Internet Explorer 6 does not properly handle errors
...)
+	TODO: check
+CVE-2008-3474 (Microsoft Internet Explorer 6 and 7 does not properly determine
the ...)
+	TODO: check
+CVE-2008-3473 (Microsoft Internet Explorer 6 and 7 does not properly determine
the ...)
+	TODO: check
+CVE-2008-3472 (Microsoft Internet Explorer 6 and 7 does not properly determine
the ...)
+	TODO: check
+CVE-2008-3471 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007
Gold ...)
+	TODO: check
 CVE-2008-3470
 	RESERVED
 CVE-2008-3469
@@ -2669,12 +2694,12 @@
 	RESERVED
 CVE-2008-3467
 	RESERVED
-CVE-2008-3466
-	RESERVED
+CVE-2008-3466 (Microsoft Host Integration Server (HIS) 2000, 2004, and 2006
does not ...)
+	TODO: check
 CVE-2008-3465
 	RESERVED
-CVE-2008-3464
-	RESERVED
+CVE-2008-3464 (afd.sys in the Ancillary Function Driver (AFD) component in
Microsoft ...)
+	TODO: check
 CVE-2008-3463
 	RESERVED
 CVE-2008-3462
@@ -4646,10 +4671,10 @@
 	NOT-FOR-US: com_idoblog for Joomla!
 CVE-2008-2626 (SQL injection vulnerability in comment.asp in Battle Blog 1.25
and ...)
 	NOT-FOR-US: Battle Blog
-CVE-2008-2625
-	RESERVED
-CVE-2008-2624
-	RESERVED
+CVE-2008-2625 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
+	TODO: check
+CVE-2008-2624 (Unspecified vulnerability in the Oracle OLAP component in Oracle
...)
+	TODO: check
 CVE-2008-2623
 	RESERVED
 CVE-2008-2622 (Unspecified vulnerability in the PeopleSoft PeopleTools
component in ...)
@@ -4658,8 +4683,8 @@
 	NOT-FOR-US: Oracle PeopleSoft Enterprise
 CVE-2008-2620 (Unspecified vulnerability in the PeopleSoft PeopleTools
component in ...)
 	NOT-FOR-US: Oracle PeopleSoft Enterprise
-CVE-2008-2619
-	RESERVED
+CVE-2008-2619 (Unspecified vulnerability in the Oracle Reports Developer
component in ...)
+	TODO: check
 CVE-2008-2618 (Unspecified vulnerability in the PeopleSoft PeopleTools
component in ...)
 	NOT-FOR-US: Oracle PeopleSoft Enterprise
 CVE-2008-2617 (Unspecified vulnerability in the PeopleSoft PeopleTools
component in ...)
@@ -4720,8 +4745,8 @@
 	NOT-FOR-US: Oracle database
 CVE-2008-2589 (Unspecified vulnerability in the Oracle Portal component in
Oracle ...)
 	NOT-FOR-US: Oracle database
-CVE-2008-2588
-	RESERVED
+CVE-2008-2588 (Unspecified vulnerability in the Oracle JDeveloper component in
Oracle ...)
+	TODO: check
 CVE-2008-2587 (Unspecified vulnerability in the Advanced Replication component
in ...)
 	NOT-FOR-US: Oracle database
 CVE-2008-2586 (Unspecified vulnerability in the Oracle Application Object
Library ...)
@@ -5439,12 +5464,12 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-2253 (Unspecified vulnerability in Microsoft Windows Media Player 11
allows ...)
 	NOT-FOR-US: Microsoft Windows Media Player
-CVE-2008-2252
-	RESERVED
-CVE-2008-2251
-	RESERVED
-CVE-2008-2250
-	RESERVED
+CVE-2008-2252 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 ...)
+	TODO: check
+CVE-2008-2251 (Double free vulnerability in the kernel in Microsoft Windows
2000 SP4, ...)
+	TODO: check
+CVE-2008-2250 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 ...)
+	TODO: check
 CVE-2008-2249
 	RESERVED
 CVE-2008-2248 (Cross-site scripting (XSS) vulnerability in Outlook Web Access
(OWA) ...)
@@ -7336,8 +7361,8 @@
 	NOTE: Unbound, djbdns, pdnsd and PowerDNS are affected by the underlying
protocol issue, but
 	NOTE: already use source port randomization.
 	NOTE: Marking non-caching stub resolvers as low since these really should be
fixed, but are much less vulnerable than a caching server.
-CVE-2008-1446
-	RESERVED
+CVE-2008-1446 (Integer overflow in the Internet Printing Protocol (IPP) ISAPI
...)
+	TODO: check
 CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP
Professional ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2008-1444 (Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on
...)
@@ -21313,7 +21338,7 @@
 	NOT-FOR-US: GlossWord
 CVE-2007-2742 (Unrestricted file upload vulnerability in labs.beffa.org w2box
4.0.0 ...)
 	NOT-FOR-US: w2box
-CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lmcs) before 1.15
allows ...)
+CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lcms) before 1.15
allows ...)
 	- lcms 1.15-1 (medium)
 CVE-2007-2740 (Unspecified vulnerability in xajax before 0.2.5 has unknown
impact and ...)
 	- php-xajax 0.2.5-1 (bug #426103; low)
Secure testing commits - Oct 2008 - r10092 - data/CVE

[Secure-testing-commits] r10092 - data/CVE
