thr3ads.net - Secure testing commits - [Secure-testing-commits] r7964

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Jan-18 21:14 UTC
[Secure-testing-commits] r7964 - data/CVE

Author: joeyh
Date: 2008-01-18 21:14:10 +0000 (Fri, 18 Jan 2008)
New Revision: 7964

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-01-18 19:38:39 UTC (rev 7963)
+++ data/CVE/list	2008-01-18 21:14:10 UTC (rev 7964)
@@ -1,3 +1,141 @@
+CVE-2008-0352 (The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers
to ...)
+	TODO: check
+CVE-2008-0351 (admin/config.php in Evilsentinel 1.0.9 and earlier allows remote
...)
+	TODO: check
+CVE-2008-0350 (admin/index.php in Evilsentinel 1.0.9 and earlier sends a
redirect to ...)
+	TODO: check
+CVE-2008-0349 (Unspecified vulnerability in the PeopleTools component in Oracle
...)
+	TODO: check
+CVE-2008-0348 (Multiple unspecified vulnerabilities in the PeopleTools
component in ...)
+	TODO: check
+CVE-2008-0347 (Unspecified vulnerability in the Oracle Ultra Search component
in ...)
+	TODO: check
+CVE-2008-0346 (Unspecified vulnerability in the Oracle Jinitiator component in
Oracle ...)
+	TODO: check
+CVE-2008-0345 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
+	TODO: check
+CVE-2008-0344 (Unspecified vulnerability in the Oracle Spatial component in
Oracle ...)
+	TODO: check
+CVE-2008-0343 (Unspecified vulnerability in the Oracle Spatial component in
Oracle ...)
+	TODO: check
+CVE-2008-0342 (Unspecified vulnerability in the Upgrade/Downgrade component in
Oracle ...)
+	TODO: check
+CVE-2008-0341 (Unspecified vulnerability in the Advanced Queuing component in
Oracle ...)
+	TODO: check
+CVE-2008-0340 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5
FIPS+, ...)
+	TODO: check
+CVE-2008-0339 (Unspecified vulnerability in the XML DB component in Oracle
Database ...)
+	TODO: check
+CVE-2008-0338 (Directory traversal vulnerability in the mwGetLocalFileName
function ...)
+	TODO: check
+CVE-2008-0337 (Heap-based buffer overflow in the _mwProcessReadSocket function
in ...)
+	TODO: check
+CVE-2008-0336 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+	TODO: check
+CVE-2008-0335 (Cross-site scripting (XSS) vulnerability in BugTracker.NET
before ...)
+	TODO: check
+CVE-2008-0334 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2008-0333 (Directory traversal vulnerability in
download_view_attachment.aspx in ...)
+	TODO: check
+CVE-2008-0332 (Directory traversal vulnerability in arias/help/effect.php in
aria ...)
+	TODO: check
+CVE-2008-0331 (Unspecified vulnerability in Funkwerk System Software before
7.4.1 ...)
+	TODO: check
+CVE-2008-0330 (Radiator before 4.0 allows remote attackers to cause a denial of
...)
+	TODO: check
+CVE-2008-0329 (LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) ...)
+	TODO: check
+CVE-2008-0328 (SQL injection vulnerability in page.php in FaScript FaName 1.0
allows ...)
+	TODO: check
+CVE-2008-0327 (SQL injection vulnerability in show.php in FaScript FaMp3 1.0
allows ...)
+	TODO: check
+CVE-2008-0326 (SQL injection vulnerability in class/show.php in FaScript ...)
+	TODO: check
+CVE-2008-0325 (SQL injection vulnerability in show.php in FaScript FaPersian
Petition ...)
+	TODO: check
+CVE-2008-0324 (Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090
...)
+	TODO: check
+CVE-2008-0323
+	RESERVED
+CVE-2008-0322
+	RESERVED
+CVE-2008-0321
+	RESERVED
+CVE-2008-0320
+	RESERVED
+CVE-2008-0319
+	RESERVED
+CVE-2008-0318
+	RESERVED
+CVE-2008-0317
+	RESERVED
+CVE-2008-0316
+	RESERVED
+CVE-2008-0315
+	RESERVED
+CVE-2008-0314
+	RESERVED
+CVE-2008-0313
+	RESERVED
+CVE-2008-0312
+	RESERVED
+CVE-2008-0311
+	RESERVED
+CVE-2008-0310
+	RESERVED
+CVE-2008-0309
+	RESERVED
+CVE-2008-0308
+	RESERVED
+CVE-2008-0307
+	RESERVED
+CVE-2008-0306
+	RESERVED
+CVE-2008-0305
+	RESERVED
+CVE-2008-0304
+	RESERVED
+CVE-2008-0303
+	RESERVED
+CVE-2008-0301
+	RESERVED
+CVE-2008-0300
+	RESERVED
+CVE-2008-0298 (KHTML WebKit as used in Apple Safari 2.x allows remote attackers
to ...)
+	TODO: check
+CVE-2008-0297 (PhotoKorn allows remote attackers to obtain database credentials
via a ...)
+	TODO: check
+CVE-2008-0296 (Heap-based buffer overflow in the libaccess_realrtsp plugin in
...)
+	TODO: check
+CVE-2008-0295 (Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c
in ...)
+	TODO: check
+CVE-2008-0294 (Unspecified vulnerability in the seat-locking implementation in
...)
+	TODO: check
+CVE-2008-0293 (Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d,
when ...)
+	TODO: check
+CVE-2008-0292 (Cross-site scripting (XSS) vulnerability in photo_album.pl in
Dansie ...)
+	TODO: check
+CVE-2008-0291 (SQL injection vulnerability in showproduct.asp in RichStrong CMS
...)
+	TODO: check
+CVE-2007-6693 (Unspecified vulnerability in the WebCam module in Menalto
Gallery ...)
+	TODO: check
+CVE-2007-6692 (Open redirect vulnerability in Menalto Gallery before 2.2.4
allows ...)
+	TODO: check
+CVE-2007-6691 (Multiple unspecified vulnerabilities in Menalto Gallery before
2.2.4 ...)
+	TODO: check
+CVE-2007-6690 (The Gallery Remote module in Menalto Gallery before 2.2.4 does
not ...)
+	TODO: check
+CVE-2007-6689 (Menalto Gallery before 2.2.4 does not properly check for
malicious ...)
+	TODO: check
+CVE-2007-6688 (Unspecified vulnerability in the Installation application in
Menalto ...)
+	TODO: check
+CVE-2007-6687 (Multiple cross-site scripting (XSS) vulnerabilities in Menalto
Gallery ...)
+	TODO: check
+CVE-2007-6686 (The URL rewrite module in Menalto Gallery before 2.2.4 allows
...)
+	TODO: check
+CVE-2007-6685 (Unspecified vulnerability in the Publish XP module Menalto
Gallery ...)
+	TODO: check
 CVE-2008-0161
 	RESERVED
 CVE-2008-0290 (Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2
and ...)
@@ -6,7 +144,7 @@
 	NOT-FOR-US: Member Area System
 CVE-2008-0288 (Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2
allow ...)
 	NOT-FOR-US: ImageAlbum
-CVE-2008-0287 (PHP remote file inclusion vulnerability in VisionBurst vcart
3.3.2 and ...)
+CVE-2008-0287 (PHP remote file inclusion vulnerability in VisionBurst vcart
3.3.2 ...)
 	NOT-FOR-US: VisionBurst vcart
 CVE-2008-0286 (SQL injection vulnerability in admin/login.php in Article
Dashboard ...)
 	NOT-FOR-US: Article Dashboard
@@ -109,7 +247,7 @@
 CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont
function in ...)
 	{DTSA-109-1}
 	- xine-lib <unfixed> (medium; bug #460551)
-CVE-2008-0299 [insecure use of RandomPool]
+CVE-2008-0299 (common.py in Paramiko 1.7.1 and earlier, when using threads or
forked ...)
 	- python-paramiko <unfixed> (medium; bug #460706)
 	NOTE: http://www.lag.net/pipermail/paramiko/2008-January/000599.html
 CVE-2008-0237 (The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX)
6.1.97.82 ...)
@@ -227,9 +365,9 @@
 CVE-2008-0190 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: AwesomeTemplateEngine
 CVE-2008-0189
-	RESERVED
+	REJECTED
 CVE-2008-0188
-	RESERVED
+	REJECTED
 CVE-2008-0187 (SQL injection vulnerability in songinfo.php in SAM Broadcaster
...)
 	NOT-FOR-US: SAM Broadcaster samPHPweb
 CVE-2008-0186 (Cross-site scripting (XSS) vulnerability in index.php in NetRisk
1.9.7 ...)
@@ -258,11 +396,9 @@
 	RESERVED
 CVE-2008-0174
 	RESERVED
-CVE-2008-0172 [improper input validation in boost]
-	RESERVED
+CVE-2008-0172 (The get_repeat_type function in basic_regex_creator.hpp in the
Boost ...)
 	- boost 1.34.1-4 (low; bug #461236)
-CVE-2008-0171 [improper input validation in boost]
-	RESERVED
+CVE-2008-0171 (regex/v4/perl_matcher_non_recursive.hpp in the Boost regex
library ...)
 	- boost 1.34.1-4 (low; bug #461236)
 CVE-2008-0170
 	RESERVED
@@ -282,7 +418,7 @@
 	RESERVED
 CVE-2008-0162
 	RESERVED
-CVE-2008-0302 [insecure file handling in apt-listchanges]
+CVE-2008-0302 (Untrusted search path vulnerability in apt-listchanges.py in
...)
 	{DSA-1465-2}
 	- apt-listchanges 2.82 (medium)
 	[sarge] - apt-listchanges <not-affected> (Vulnerable code not present)
@@ -293,7 +429,8 @@
 	NOT-FOR-US: IBM AIX
 CVE-2007-6679 (Unspecified vulnerability in the Administrative Console in IBM
...)
 	NOT-FOR-US: IBM WebSphere Application Server
-CVE-2007-6678 (Untrusted search path vulnerability in yast2-core in SUSE Linux
might ...)
+CVE-2007-6678
+	REJECTED
 	NOT-FOR-US: yast2-core
 CVE-2007-6677 (Cross-site scripting (XSS) vulnerability in Peter''s
Random Anti-Spam ...)
 	NOT-FOR-US: Peter''s Random Anti-Spam Image
@@ -458,7 +595,7 @@
 	NOT-FOR-US: RapidShare Database
 CVE-2007-6673 (Cross-site scripting (XSS) vulnerability in Makale Scripti
allows ...)
 	NOT-FOR-US: Makale Scripti
-CVE-2007-6672 (Directory traversal vulnerability in Mortbay Jetty 6.1.5 and
6.1.6 ...)
+CVE-2007-6672 (Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass
...)
 	TODO: check
 	NOTE: poked upstream if this does affect jetty 5 as well
 CVE-2007-6671 (SQL injection vulnerability in login_form.asp in Instant
Softwares ...)
@@ -493,8 +630,8 @@
 	RESERVED
 CVE-2008-0082
 	RESERVED
-CVE-2008-0081
-	RESERVED
+CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2004 and earlier,
and ...)
+	TODO: check
 CVE-2008-0080
 	RESERVED
 CVE-2008-0079
@@ -819,19 +956,19 @@
 	NOT-FOR-US: Blakord Portal
 CVE-2007-6611 (Cross-site scripting (XSS) vulnerability in view.php in Mantis
before ...)
 	- mantis 1.0.8-4 (low; bug #458377)
-CVE-2007-6683 [vlc arbitrary file overwrite vulnerability via crafted m3u
playlists]
+CVE-2007-6683 (The browser plugin in VideoLAN VLC 0.8.6d allows remote
attackers to ...)
 	- vlc 0.8.6.c-4.1 (medium; bug #458318)
 	[lenny] - vlc 0.8.6.c-4.1~lenny1
 	NOTE: see https://trac.videolan.org/vlc/ticket/1371
-CVE-2007-6682 [vlc format string vulnerability in built-in web-server]
+CVE-2007-6682 (Format string vulnerability in the httpd_FileCallBack function
...)
 	- vlc 0.8.6.c-4.1 (medium; bug #458318)
 	[lenny] - vlc 0.8.6.c-4.1~lenny1
 	NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
-CVE-2007-6681 [vlc buffer overflow in subtitle handling]
+CVE-2007-6681 (Stack-based buffer overflow in modules/demux/subtitle.c in
VideoLAN ...)
 	- vlc 0.8.6.c-4.1 (low; bug #458318)
 	[lenny] - vlc 0.8.6.c-4.1~lenny1
 	NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
-CVE-2007-6684 [vlc remote denial of service in rtsp module]
+CVE-2007-6684 (The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers
to ...)
 	- vlc 0.8.6.c-4.1 (unimportant; bug #458318)
 	[lenny] - vlc 0.8.6.c-4.1~lenny1
 	NOTE: That''s hardly a security problem, just a bug
@@ -1140,8 +1277,8 @@
 	RESERVED
 CVE-2008-0028
 	RESERVED
-CVE-2008-0027
-	RESERVED
+CVE-2008-0027 (Heap-based buffer overflow in the Certificate Trust List (CTL)
...)
+	TODO: check
 CVE-2008-0026
 	RESERVED
 CVE-2007-6436 (Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro
2005, ...)
@@ -1698,9 +1835,10 @@
 CVE-2008-0007
 	RESERVED
 CVE-2008-0006
+	RESERVED
+	{DSA-1466-1}
 	- xorg-server 2:1.4.1~git20080105-2
 	- libxfont 1:1.3.1-2
-	RESERVED
 CVE-2008-0005 (mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before
...)
 	- apache2 2.2.8-1 (low)
 	- apache <unfixed> (low)
@@ -1712,7 +1850,7 @@
 	NOT-FOR-US: OpenPegasus CIM management server
 CVE-2008-0002
 	RESERVED
-CVE-2008-0001 (VFS in the Linux kernel before 2.6.23.14 performs tests of
access mode ...)
+CVE-2008-0001 (VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before
...)
 	- linux-2.6 <unfixed>
 CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems,
does not ...)
 	- xen-3 3.1.2-1
@@ -1814,7 +1952,7 @@
 	NOT-FOR-US: GOUAE DWD Realty
 CVE-2007-6168 (SQL injection vulnerability in default.asp in VU Case Manager
allows ...)
 	NOT-FOR-US: VU Case Manager
-CVE-2007-6167 (yast2-core includes the current working directory in its search
path, ...)
+CVE-2007-6167 (Untrusted search path vulnerability in yast2-core in SUSE Linux
might ...)
 	NOT-FOR-US: Yast2
 CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime before 7.3.1
allows ...)
 	NOT-FOR-US: Apple QuickTime
@@ -4567,7 +4705,7 @@
 	NOT-FOR-US: Joomla! and mambo extension
 CVE-2007-5361 (The Communication Server in Alcatel-Lucent OmniPCX Enterprise
7.1 and ...)
 	NOT-FOR-US: Alcatel-Lucent OmniPCX Enterprise
-CVE-2007-5360 (Buffer overflow in OpenPegasus Management server, as used in
VMWare ...)
+CVE-2007-5360 (Buffer overflow in OpenPegasus Management server, when compiled
to use ...)
 	NOT-FOR-US: OpenPegasus Management server
 CVE-2007-5359
 	RESERVED
Secure testing commits - Jan 2008 - r7964 - data/CVE

[Secure-testing-commits] r7964 - data/CVE
