joeyh at alioth.debian.org
2008-Feb-11 21:14 UTC
[Secure-testing-commits] r8137 - data/CVE
Author: joeyh
Date: 2008-02-11 21:14:09 +0000 (Mon, 11 Feb 2008)
New Revision: 8137
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-02-11 17:47:02 UTC (rev 8136)
+++ data/CVE/list 2008-02-11 21:14:09 UTC (rev 8137)
@@ -1,3 +1,47 @@
+CVE-2008-0663 (Novell Challenge Response Client (LCM) 2.7.5 and earlier, as
used with ...)
+ TODO: check
+CVE-2008-0662 (The Auto Local Logon feature in Check Point VPN-1 ...)
+ TODO: check
+CVE-2008-0661 (Buffer overflow in dBpowerAMP Audio Player Release 2 allows
remote ...)
+ TODO: check
+CVE-2008-0660 (Multiple stack-based buffer overflows in Aurigma Image Uploader
...)
+ TODO: check
+CVE-2008-0659 (Stack-based buffer overflow in Aurigma Image Uploader ActiveX
control ...)
+ TODO: check
+CVE-2008-0658
+ RESERVED
+CVE-2008-0657 (Multiple unspecified vulnerabilities in the Java Runtime
Environment ...)
+ TODO: check
+CVE-2008-0656 (Unrestricted file upload vulnerability in dmclTrace.jsp in EMC
...)
+ TODO: check
+CVE-2008-0655 (Multiple unspecified vulnerabilities in Adobe Reader before
8.1.2 have ...)
+ TODO: check
+CVE-2008-0654 (Multiple directory traversal vulnerabilities in Azucar CMS 1.3
allow ...)
+ TODO: check
+CVE-2008-0653 (SQL injection vulnerability in index.php in the Ynews
(com_ynews) ...)
+ TODO: check
+CVE-2008-0652 (SQL injection vulnerability in index.php in the Downloads ...)
+ TODO: check
+CVE-2008-0651 (SQL injection vulnerability in login.php in Pedro Santana Codice
CMS ...)
+ TODO: check
+CVE-2008-0650 (SQL injection vulnerability in login.php in Simple OS CMS 0.1c
beta ...)
+ TODO: check
+CVE-2008-0649 (SQL injection vulnerability in detail.php in Astanda Directory
Project ...)
+ TODO: check
+CVE-2008-0648 (Multiple PHP remote file inclusion vulnerabilities in
OpenSiteAdmin ...)
+ TODO: check
+CVE-2008-0647 (Multiple stack-based buffer overflows in the ...)
+ TODO: check
+CVE-2008-0646 (The bdecode_recursive function in include/libtorrent/bencode.hpp
in ...)
+ TODO: check
+CVE-2008-0645 (Multiple PHP remote file inclusion vulnerabilities in Portail
Web Php ...)
+ TODO: check
+CVE-2008-0644
+ RESERVED
+CVE-2008-0643
+ RESERVED
+CVE-2008-0642
+ RESERVED
CVE-2009-XXXX [htmlscrubber does not sanitise javascript in uris]
- ikiwiki 2.31.1 (low; bug #465110)
NOTE: CVE id pending
@@ -3,6 +47,6 @@
CVE-2008-0641
RESERVED
-CVE-2008-0640
- RESERVED
+CVE-2008-0640 (Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and
2.0.1 ...)
+ TODO: check
CVE-2008-0639
RESERVED
@@ -87,6 +131,7 @@
NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-0600 [linux vmsplice privilege escalation vulnerability]
RESERVED
+ {DSA-1494-1}
- linux-2.6 <unfixed> (high)
CVE-2008-0599
RESERVED
@@ -98,25 +143,21 @@
RESERVED
CVE-2008-0595
RESERVED
-CVE-2008-0594
- RESERVED
+CVE-2008-0594 (Mozilla Firefox before 2.0.0.12 does not always display a web
forgery ...)
{DSA-1489-1 DSA-1485-1 DSA-1484-1}
- iceweasel 2.0.0.12-1
- xulrunner 1.8.1.12-1
-CVE-2008-0593
- RESERVED
+CVE-2008-0593 (Gecko-based browsers, including Mozilla Firefox before 2.0.0.12
and ...)
{DSA-1489-1 DSA-1485-1 DSA-1484-1}
- iceweasel 2.0.0.12-1
- xulrunner 1.8.1.12-1
- iceape 1.1.8-1
-CVE-2008-0592
- RESERVED
+CVE-2008-0592 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8
allows ...)
{DSA-1489-1 DSA-1485-1 DSA-1484-1}
- iceweasel 2.0.0.12-1
- xulrunner 1.8.1.12-1
- iceape 1.1.8-1
-CVE-2008-0591
- RESERVED
+CVE-2008-0591 (Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12
allows ...)
{DSA-1489-1 DSA-1485-1 DSA-1484-1}
- iceweasel 2.0.0.12-1
- xulrunner 1.8.1.12-1
@@ -303,20 +344,17 @@
TODO: check
CVE-2007-6695 (Cross-site scripting (XSS) vulnerability in index.php in Drake
CMS ...)
NOT-FOR-US: Drake CMS
-CVE-2008-0664 [unauthorized content modification via xml-rpc in wordpress]
+CVE-2008-0664 (The XML-RPC implementation (xmlrpc.php) in WordPress before
2.3.3, ...)
- wordpress 2.3.3-1 (medium; bug #464170)
NOTE: The blog has to provide user accounts
NOTE: A crafted XML-RPC request referring to a valid user can exploit this
TODO: check if packages embedding xmlrpc share this code
-CVE-2008-0553 [buffer overflow in tk GIF handling]
- RESERVED
+CVE-2008-0553 (Stack-based buffer overflow in the ReadImage function in
tkImgGIF.c in ...)
{DSA-1491-1 DSA-1490-1}
- tk8.5 8.5.0-3
- tk8.4 8.4.17-2
- tk8.3 8.3.5-12
-CVE-2008-0554 [buffer overflow in netpbm GIF handling]
- RESERVED
- {DSA-1493-1}
+CVE-2008-0554 (Buffer overflow in the readImageData function in giftopnm.c in
netpbm ...)
- netpbm-free 10.0-11.1 (medium; bug #464056)
CVE-2008-0564 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman
before ...)
- mailman <unfixed> (low)
@@ -328,10 +366,12 @@
NOTE: This enhances the fix for CVE-2006-3636.
NOTE:
http://mail.python.org/pipermail/mailman-announce/2008-February/000095.html
CVE-2008-0665 [insecure tmp file usage in ipp backend in webwml]
+ RESERVED
{DSA-1492-1}
- wml 2.0.11-3.1 (low; bug #463907)
[sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
CVE-2008-0666 [insecure tmp file usage wmg.cgi and eperl backend in webwml]
+ RESERVED
{DSA-1492-1}
- wml 2.0.11-3.1 (low; bug #463907)
[sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
@@ -430,8 +470,8 @@
NOT-FOR-US: Liquit-Silver CMS
CVE-2008-0458 (Directory traversal vulnerability in function/sources.php in
SLAED CMS ...)
NOT-FOR-US: SLAED CMS
-CVE-2008-0457
- RESERVED
+CVE-2008-0457 (Unrestricted file upload vulnerability in the FileUpload class
running ...)
+ TODO: check
CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in
the ...)
- apache <unfixed> (low)
- apache2 <unfixed> (low)
@@ -520,50 +560,43 @@
NOT-FOR-US: Invision Gallery
CVE-2008-0420
RESERVED
-CVE-2008-0419
- RESERVED
+CVE-2008-0419 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8
allows ...)
{DSA-1489-1 DSA-1485-1 DSA-1484-1}
- iceweasel 2.0.0.12-1
- xulrunner 1.8.1.12-1
- iceape 1.1.8-1
- icedove <unfixed>
-CVE-2008-0418
- RESERVED
+CVE-2008-0418 (Directory traversal vulnerability in Mozilla Firefox before
2.0.0.12, ...)
{DSA-1489-1 DSA-1485-1 DSA-1484-1}
- iceweasel 2.0.0.12-1
- xulrunner 1.8.1.12-1
- iceape 1.1.8-1
- icedove <unfixed>
-CVE-2008-0417
- RESERVED
+CVE-2008-0417 (CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12
allows ...)
{DSA-1489-1 DSA-1485-1 DSA-1484-1}
- iceweasel 2.0.0.12-1
- xulrunner 1.8.1.12-1
CVE-2008-0416
RESERVED
{DSA-1489-1 DSA-1485-1 DSA-1484-1}
-CVE-2008-0415
- RESERVED
+CVE-2008-0415 (Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12,
and ...)
{DSA-1489-1 DSA-1485-1 DSA-1484-1}
- iceweasel 2.0.0.12-1
- iceape 1.1.8-1
- icedove <unfixed>
- xulrunner 1.8.1.12-1
-CVE-2008-0414
- RESERVED
+CVE-2008-0414 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8
allows ...)
{DSA-1489-1 DSA-1485-1 DSA-1484-1}
- iceweasel 2.0.0.12-1
- xulrunner 1.8.1.12-1
- iceape 1.1.8-1
-CVE-2008-0413
- RESERVED
+CVE-2008-0413 (The JavaScript engine in Mozilla Firefox before 2.0.0.12,
Thunderbird ...)
{DSA-1489-1 DSA-1485-1 DSA-1484-1}
- iceweasel 2.0.0.12-1
- xulrunner 1.8.1.12-1
- iceape 1.1.8-1
- icedove <unfixed>
-CVE-2008-0412
- RESERVED
+CVE-2008-0412 (The browser engine in Mozilla Firefox before 2.0.0.12,
Thunderbird ...)
{DSA-1489-1 DSA-1485-1 DSA-1484-1}
- iceweasel 2.0.0.12-1
- xulrunner 1.8.1.12-1
@@ -578,6 +611,7 @@
CVE-2008-XXXX [exempi buffer overflow in GIF ReadHeader() function]
- exempi 1.99.7-1 (bug #454297)
CVE-2008-0544 (Heap-based buffer overflow in the IMG_LoadLBM_RW function in
IMG_lbm.c ...)
+ {DSA-1493-1}
- sdl-image1.2 1.2.6-3 (medium)
CVE-2007-6697 (Buffer overflow in the LWZReadByte function in IMG_gif.c in
SDL_image ...)
{DSA-1493-1}
@@ -982,7 +1016,7 @@
NOT-FOR-US: Microsoft Visual FoxPro
CVE-2008-0235 (The Microsoft VFP_OLE_Server ActiveX control allows remote
attackers ...)
NOT-FOR-US: Microsoft VFP_OLE_Server ActiveX control
-CVE-2008-0234 (Stack-based buffer overflow in Apple Quicktime Player 7.3.1.70,
when ...)
+CVE-2008-0234 (Buffer overflow in Apple Quicktime Player 7.3.1.70 and other
versions ...)
NOT-FOR-US: Apple Quicktime Player
CVE-2008-0233 (Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and
...)
NOT-FOR-US: Zero CMS
@@ -1032,10 +1066,10 @@
- kfreebsd-7 <unfixed>
CVE-2008-0215
RESERVED
-CVE-2008-0214
- RESERVED
-CVE-2008-0213
- RESERVED
+CVE-2008-0214 (Multiple unspecified vulnerabilities in HP Select Identity 4.00,
4.01, ...)
+ TODO: check
+CVE-2008-0213 (Unspecified vulnerability in an ActiveX control for HP Virtual
Rooms ...)
+ TODO: check
CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) ...)
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-0211
@@ -1116,8 +1150,8 @@
NOT-FOR-US: Liferay Portal
CVE-2008-0178 (Cross-site scripting (XSS) vulnerability in the Enterprise Admin
...)
NOT-FOR-US: Liferay Portal
-CVE-2008-0177
- RESERVED
+CVE-2008-0177 (The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the
KAME ...)
+ TODO: check
CVE-2008-0176 (Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY
HMI ...)
NOT-FOR-US: GE Fanuc CIMPLICITY
CVE-2008-0175 (Unrestricted file upload vulnerability in GE Fanuc Proficy
Real-Time ...)
@@ -1144,6 +1178,7 @@
RESERVED
CVE-2008-0163 [linux vserver kernel allows to access other vservers via
symlinks]
RESERVED
+ {DSA-1494-1}
- linux-2.6 <unfixed> (high)
CVE-2008-0162
RESERVED
@@ -1442,8 +1477,8 @@
RESERVED
CVE-2008-0044
RESERVED
-CVE-2008-0043
- RESERVED
+CVE-2008-0043 (Format string vulnerability in Apple iPhoto before 7.1.2 allows
remote ...)
+ TODO: check
CVE-2008-0042
RESERVED
CVE-2008-0041
@@ -2579,6 +2614,7 @@
NOT-FOR-US: KML share
CVE-2008-0010 [linux vmsplice local priv escalation]
RESERVED
+ {DSA-1494-1}
- linux-2.6 <unfixed>
CVE-2008-0009 [kernel: insecure dereference of memory refs from user space,
local priv escalation]
RESERVED
@@ -2586,8 +2622,7 @@
CVE-2008-0008 (The pa_drop_root function in PulseAudio 0.9.8, and a certain
0.9.9 ...)
{DSA-1476-1}
- pulseaudio 0.9.9-1
-CVE-2008-0007 [kernel: insufficient range checks of certain fault handlers]
- RESERVED
+CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that
...)
- linux-2.6 <unfixed>
CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the
libfont ...)
{DSA-1466-2 DTSA-110-1}
@@ -7489,9 +7524,10 @@
NOT-FOR-US: Sophos
CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote
attackers ...)
NOT-FOR-US: Sophos
-CVE-2007-4576 (Unspecified vulnerability in HSQLDB 1.8.0.8, and possibly other
...)
+CVE-2007-4576
+ REJECTED
NOTE: duplicate of CVE-2007-4575, will be rejected
-CVE-2007-4575 (Unspecified vulnerability in HSQLDB before 1.8.0.9 in
OpenOffice.org ...)
+CVE-2007-4575 (Unspecified vulnerability in HSQLDB before 1.8.0.9, as used in
...)
{DSA-1419-1}
- openoffice.org 2.3.1~rc1-1 (medium; bug #454463)
- hsqldb 1.8.0.9-1
@@ -11030,7 +11066,7 @@
[sarge] - openssl <no-dsa> (Not exploitable in a real-world scenario)
[etch] - openssl <no-dsa> (Not exploitable in a real-world scenario)
[etch] - openssl097 <no-dsa> (Not exploitable in a real-world scenario)
-CVE-2007-3107 (The signal handling in the Linux kernel 2.6.2 and later, when
run on ...)
+CVE-2007-3107 (The signal handling in the Linux kernel before 2.6.22, including
...)
- linux-2.6 2.6.22-1 (unimportant)
NOTE: Not reproducibly reliably by an attacker, mostly a bug
NOTE: This is fixed by 9a08e732533b940d2d31f4e9999dfee5e1ca3914
@@ -63782,7 +63818,7 @@
- apache2 2.0.40
CVE-2002-0652 (xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to
execute ...)
NOT-FOR-US: IRIX
-CVE-2002-0649 (Multiple buffer overflows in SQL Server 2000 Resolution Service
allow ...)
+CVE-2002-0649 (Multiple buffer overflows in the Resolution Service for
Microsoft SQL ...)
NOT-FOR-US: Microsoft
CVE-2002-0646
REJECTED