joeyh at alioth.debian.org
2008-Dec-10 21:14 UTC
[Secure-testing-commits] r10671 - data/CVE
Author: joeyh
Date: 2008-12-10 21:14:14 +0000 (Wed, 10 Dec 2008)
New Revision: 10671
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-12-10 16:23:31 UTC (rev 10670)
+++ data/CVE/list 2008-12-10 21:14:14 UTC (rev 10671)
@@ -1,3 +1,25 @@
+CVE-2008-5420 (The SAN Manager Master Agent service (aka msragent.exe) in EMC
Control ...)
+ TODO: check
+CVE-2008-5419 (Stack-based buffer overflow in SAN Manager Master Agent service
(aka ...)
+ TODO: check
+CVE-2008-5418 (Directory traversal vulnerability in login.php in the PunPortal
module ...)
+ TODO: check
+CVE-2008-5417 (HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha
platform uses ...)
+ TODO: check
+CVE-2008-5416 (Heap-based buffer overflow in Microsoft SQL Server 2000
8.00.2050, ...)
+ TODO: check
+CVE-2008-5415
+ RESERVED
+CVE-2008-5414 (Unspecified vulnerability in the Feature Pack for Web Services
in the ...)
+ TODO: check
+CVE-2008-5413 (PerfServlet in the PMI/Performance Tools component in IBM
WebSphere ...)
+ TODO: check
+CVE-2008-5412 (Unspecified vulnerability in IBM WebSphere Application Server
(WAS) 7 ...)
+ TODO: check
+CVE-2008-5411 (IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends
SSL ...)
+ TODO: check
+CVE-2008-5410 (The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun
Solaris 10 ...)
+ TODO: check
CVE-2008-5409 (Unspecified vulnerability in the pdf.xmd module in (1)
BitDefender ...)
NOT-FOR-US: itDefender Free Edition and Antivirus Standard, BullGuard Internet
Security and Software602 Groupware Server
CVE-2008-5408 (Buffer overflow in the data management protocol in Symantec
Backup ...)
@@ -225,10 +247,10 @@
NOT-FOR-US: PG Roommate Finder Solution
CVE-2008-5306 (SQL injection vulnerability in admin/index.php in PG Real Estate
...)
NOT-FOR-US: PG Real Estate Solution
-CVE-2008-5305
- RESERVED
-CVE-2008-5304
- RESERVED
+CVE-2008-5305 (Eval injection vulnerability in TWiki before 4.2.4 allows remote
...)
+ TODO: check
+CVE-2008-5304 (Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4
allows ...)
+ TODO: check
CVE-2008-5303 (Race condition in the rmtree function in File::Path 1.08 ...)
{DSA-1678-1}
- perl 5.10.0-18
@@ -1258,16 +1280,16 @@
RESERVED
CVE-2008-4842
RESERVED
-CVE-2008-4841
- RESERVED
+CVE-2008-4841 (The WordPad Text Converter for Word 97 files in Microsoft
Windows 2000 ...)
+ TODO: check
CVE-2008-4840
RESERVED
CVE-2008-4839
RESERVED
CVE-2008-4838
RESERVED
-CVE-2008-4837
- RESERVED
+CVE-2008-4837 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007
Gold and ...)
+ TODO: check
CVE-2008-4836
RESERVED
CVE-2008-4835
@@ -2529,8 +2551,8 @@
NOT-FOR-US: OpenPegasus
CVE-2008-4312
RESERVED
-CVE-2008-4311
- RESERVED
+CVE-2008-4311 (The default configuration of system.conf in D-Bus (aka DBus)
before ...)
+ TODO: check
CVE-2008-4310 (httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5 allows remote
...)
TODO: check
CVE-2008-4309 (Integer overflow in the netsnmp_create_subtree_cache function in
...)
@@ -2617,42 +2639,42 @@
RESERVED
CVE-2008-4270
RESERVED
-CVE-2008-4269
- RESERVED
-CVE-2008-4268
- RESERVED
+CVE-2008-4269 (The search-ms protocol handler in Windows Explorer in Microsoft
...)
+ TODO: check
+CVE-2008-4268 (The Windows Search component in Microsoft Windows Vista Gold and
SP1 ...)
+ TODO: check
CVE-2008-4267
RESERVED
-CVE-2008-4266
- RESERVED
-CVE-2008-4265
- RESERVED
-CVE-2008-4264
- RESERVED
+CVE-2008-4266 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel
Viewer ...)
+ TODO: check
+CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to
execute ...)
+ TODO: check
+CVE-2008-4264 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007
Gold and ...)
+ TODO: check
CVE-2008-4263
RESERVED
CVE-2008-4262
RESERVED
-CVE-2008-4261
- RESERVED
-CVE-2008-4260
- RESERVED
-CVE-2008-4259
- RESERVED
-CVE-2008-4258
- RESERVED
+CVE-2008-4261 (Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and
6 on ...)
+ TODO: check
+CVE-2008-4260 (Microsoft Internet Explorer 7 sometimes attempts to access a
deleted ...)
+ TODO: check
+CVE-2008-4259 (Microsoft Internet Explorer 7 sometimes attempts to access ...)
+ TODO: check
+CVE-2008-4258 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly
...)
+ TODO: check
CVE-2008-4257
RESERVED
-CVE-2008-4256
- RESERVED
-CVE-2008-4255
- RESERVED
-CVE-2008-4254
- RESERVED
-CVE-2008-4253
- RESERVED
-CVE-2008-4252
- RESERVED
+CVE-2008-4256 (The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual
...)
+ TODO: check
+CVE-2008-4255 (The Windows Common ActiveX control in Microsoft Visual Basic
6.0, ...)
+ TODO: check
+CVE-2008-4254 (The Hierarchical FlexGrid ActiveX control in Microsoft Visual
Basic ...)
+ TODO: check
+CVE-2008-4253 (The FlexGrid ActiveX control in Microsoft Visual Basic 6.0,
Visual ...)
+ TODO: check
+CVE-2008-4252 (The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and
Visual ...)
+ TODO: check
CVE-2008-4251
RESERVED
CVE-2008-4250 (The Server service in Microsoft Windows 2000 SP4, XP SP2 and
SP3, ...)
@@ -3193,24 +3215,24 @@
RESERVED
CVE-2008-4033 (Cross-domain vulnerability in Microsoft XML Core Services 3.0
through ...)
NOT-FOR-US: Microsoft XML Core
-CVE-2008-4032
- RESERVED
-CVE-2008-4031
- RESERVED
-CVE-2008-4030
- RESERVED
+CVE-2008-4032 (Microsoft Office SharePoint Server 2007 Gold and SP1 and
Microsoft ...)
+ TODO: check
+CVE-2008-4031 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007
Gold and ...)
+ TODO: check
+CVE-2008-4030 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007
Gold and ...)
+ TODO: check
CVE-2008-4029 (Cross-domain vulnerability in Microsoft XML Core Services 3.0
and 4.0, ...)
NOT-FOR-US: Microsoft XML Core
-CVE-2008-4028
- RESERVED
-CVE-2008-4027
- RESERVED
-CVE-2008-4026
- RESERVED
-CVE-2008-4025
- RESERVED
-CVE-2008-4024
- RESERVED
+CVE-2008-4028 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007
Gold and ...)
+ TODO: check
+CVE-2008-4027 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007
Gold and ...)
+ TODO: check
+CVE-2008-4026 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007
Gold and ...)
+ TODO: check
+CVE-2008-4025 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007
Gold and ...)
+ TODO: check
+CVE-2008-4024 (Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for
Mac ...)
+ TODO: check
CVE-2008-4023 (Active Directory in Microsoft Windows 2000 SP4 does not properly
...)
NOT-FOR-US: Microsoft Windows
CVE-2008-4022
@@ -4685,8 +4707,8 @@
RESERVED
CVE-2008-3466 (Microsoft Host Integration Server (HIS) 2000, 2004, and 2006
does not ...)
NOT-FOR-US: Microsoft
-CVE-2008-3465
- RESERVED
+CVE-2008-3465 (Heap-based buffer overflow in an API in GDI in Microsoft Windows
2000 ...)
+ TODO: check
CVE-2008-3464 (afd.sys in the Ancillary Function Driver (AFD) component in
Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2008-3463
@@ -5739,10 +5761,10 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3011
RESERVED
-CVE-2008-3010
- RESERVED
-CVE-2008-3009
- RESERVED
+CVE-2008-3010 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime
7.1 ...)
+ TODO: check
+CVE-2008-3009 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime
7.1 ...)
+ TODO: check
CVE-2008-3008 (Stack-based buffer overflow in the WMEncProfileManager ActiveX
control ...)
NOT-FOR-US: Microsoft Windows Media Encoder
CVE-2008-3007 (Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System
Gold and ...)
@@ -7480,8 +7502,8 @@
NOT-FOR-US: Microsoft
CVE-2008-2250 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 ...)
NOT-FOR-US: Microsoft
-CVE-2008-2249
- RESERVED
+CVE-2008-2249 (Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2
and SP3, ...)
+ TODO: check
CVE-2008-2248 (Cross-site scripting (XSS) vulnerability in Outlook Web Access
(OWA) ...)
NOT-FOR-US: Exchange Server
CVE-2008-2247 (Cross-site scripting (XSS) vulnerability in Outlook Web Access
(OWA) ...)
@@ -19476,7 +19498,7 @@
[sarge] - cupsys <not-affected> (Only vulnerable to code injection since
1.2.x, effects are harmless otherwise)
CVE-2007-4350 (Cross-site scripting (XSS) vulnerability in the management
interface ...)
NOT-FOR-US: HP SiteScope
-CVE-2007-4349 (The Shared Trace Service (aka OVTrace) in HP OpenView Report
3.70 and ...)
+CVE-2007-4349 (The Shared Trace Service (aka OVTrace) in HP Performance Agent
C.04.70 ...)
NOT-FOR-US: HP OpenView Report
CVE-2007-4348 (Cross-site scripting (XSS) vulnerability in the CAD service in
IBM ...)
NOT-FOR-US: IBM Tivoli Storage Manager