Author: nion
Date: 2008-02-13 17:29:32 +0000 (Wed, 13 Feb 2008)
New Revision: 8151
Modified:
data/CVE/list
Log:
NFUs
3 tintin++ issues (CVE-2008-067[1-3])
CVE-2008-0668 fixed in gnumeric 1.8.1-1
CVE-2008-0318 dup?
CVE-2008-0318 fixed in clamav 0.92.1~dfsg-1
two new tomcat issues (CVE-2007-6286, CVE-2007-5333)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-02-13 16:14:46 UTC (rev 8150)
+++ data/CVE/list 2008-02-13 17:29:32 UTC (rev 8151)
@@ -87,47 +87,47 @@
CVE-2008-0689 (SQL injection vulnerability in index.php in the Marketplace ...)
NOT-FOR-US: Marketplace component for Joomla!
CVE-2008-0688 (Cross-site scripting (XSS) vulnerability in catalog.php in
Smartscript ...)
- TODO: check
+ NOT-FOR-US: Smartscript Domain Trader
CVE-2008-0687 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Youtube Clone Script
CVE-2008-0686 (SQL injection vulnerability in index.php in the NeoReferences
...)
- TODO: check
+ NOT-FOR-US: NeoReferences component for Joomla!
CVE-2008-0685 (SQL injection vulnerability in ViewCat.php in iTechClassifieds
3.0 ...)
- TODO: check
+ NOT-FOR-US: iTechClassifieds
CVE-2008-0684 (Cross-site scripting (XSS) vulnerability in ViewCat.php in ...)
- TODO: check
+ NOT-FOR-US: iTechClassifieds
CVE-2008-0683 (SQL injection vulnerability in shiftthis-preview.php in the ...)
- TODO: check
+ NOT-FOR-US: st_newsletter plugin for WordPress
CVE-2008-0682 (SQL injection vulnerability in wordspew-rss.php in the Wordspew
plugin ...)
- TODO: check
+ NOT-FOR-US: Wordspew plugin for Wordpress
CVE-2008-0681 (SQL injection vulnerability in index.php in PHPShop 0.8.1 allows
...)
- TODO: check
+ NOT-FOR-US: PHPShop
CVE-2008-0680 (SNMPd in MicroTik RouterOS 3.2 and earlier allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: MicroTik RouterOS
CVE-2008-0679 (Cross-site scripting (XSS) vulnerability in index.php in BlogPHP
2.0 ...)
- TODO: check
+ NOT-FOR-US: BlogPHP
CVE-2008-0678 (SQL injection vulnerability in index.php in BlogPHP 2.0 allows
remote ...)
- TODO: check
+ NOT-FOR-US: BlogPHP
CVE-2008-0677 (SQL injection vulnerability in blog.php in A-Blog 2 allows
remote ...)
- TODO: check
+ NOT-FOR-US: A-Blog
CVE-2008-0676 (Cross-site scripting (XSS) vulnerability in search.php in A-Blog
2 ...)
- TODO: check
+ NOT-FOR-US: A-Blog
CVE-2008-0675 (SQL injection vulnerability in cms/index.pl in The Everything
...)
- TODO: check
+ NOT-FOR-US: Everything Development System
CVE-2008-0674
RESERVED
CVE-2008-0673 (TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of
an ...)
- TODO: check
+ - tintin++ <unfixed> (low; bug #465643)
CVE-2008-0672 (The process_chat_input function in TinTin++ 1.97.9 and WinTin++
1.97.9 ...)
- TODO: check
+ - tintin++ <unfixed> (low; bug #465643)
CVE-2008-0671 (Stack-based buffer overflow in the add_line_buffer function in
...)
- TODO: check
+ - tintin++ <unfixed> (medium; bug #465643)
CVE-2008-0670 (SQL injection vulnerability in index.php in the Noticias ...)
- TODO: check
+ NOT-FOR-US: Noticias component for Joomla!
CVE-2008-0669 (Cross-site scripting (XSS) vulnerability in search.cgi in Sift
Unity ...)
- TODO: check
+ NOT-FOR-US: Sift Unity
CVE-2008-0668 (The excel_read_HLINK function in plugins/excel/ms-excel-read.c
in ...)
- TODO: check
+ - gnumeric 1.8.1-1 (medium)
CVE-2008-0667 (The DOC.print function in the Adobe JavaScript API, as used by
Adobe ...)
NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-0663 (Novell Challenge Response Client (LCM) 2.7.5 and earlier, as
used with ...)
@@ -182,7 +182,7 @@
CVE-2008-0641
RESERVED
CVE-2008-0640 (Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and
2.0.1 ...)
- TODO: check
+ NOT-FOR-US: Symantec Ghost Solution Suite
CVE-2008-0639
RESERVED
CVE-2008-0638
@@ -190,7 +190,7 @@
CVE-2008-0637
RESERVED
CVE-2008-0636 (Level Platforms, Inc. (LPI) Managed Workplace Service Center
4.x, 5.x ...)
- TODO: check
+ NOT-FOR-US: Managed Workplace Service Center
CVE-2008-0635 (Unspecified vulnerability in the delivery engine in Openads
2.4.0 ...)
NOT-FOR-US: Openads
CVE-2008-0634 (Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX
control in ...)
@@ -600,7 +600,7 @@
CVE-2008-0458 (Directory traversal vulnerability in function/sources.php in
SLAED CMS ...)
NOT-FOR-US: SLAED CMS
CVE-2008-0457 (Unrestricted file upload vulnerability in the FileUpload class
running ...)
- TODO: check
+ NOT-FOR-US: Symantec LiveState Apache Tomcat server
CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in
the ...)
- apache <unfixed> (low)
- apache2 <unfixed> (low)
@@ -689,6 +689,7 @@
NOT-FOR-US: Invision Gallery
CVE-2008-0420 (Unspecified vulnerability in Mozilla Firefox, as used in Ubuntu
6.06 ...)
TODO: check
+ NOTE: dup? poked mitre
CVE-2008-0419 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8
allows ...)
{DSA-1489-1 DSA-1485-1 DSA-1484-1}
- iceweasel 2.0.0.12-1
@@ -940,7 +941,7 @@
CVE-2008-0319
RESERVED
CVE-2008-0318 (Integer overflow in libclamav in ClamAV before 0.92.1, as used
in ...)
- TODO: check
+ - clamav 0.92.1~dfsg-1 (medium)
CVE-2008-0317
RESERVED
CVE-2008-0316
@@ -1194,11 +1195,11 @@
- kfreebsd-6 <unfixed>
- kfreebsd-7 <unfixed>
CVE-2008-0215 (Multiple unspecified vulnerabilities in HP Storage Essentials
Storage ...)
- TODO: check
+ NOT-FOR-US: HP SRM
CVE-2008-0214 (Multiple unspecified vulnerabilities in HP Select Identity 4.00,
4.01, ...)
- TODO: check
+ NOT-FOR-US: HP Select Identity
CVE-2008-0213 (Unspecified vulnerability in a certain ActiveX control for HP
Virtual ...)
- TODO: check
+ NOT-FOR-US: HP Virtual Rooms
CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) ...)
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-0211
@@ -1280,7 +1281,7 @@
CVE-2008-0178 (Cross-site scripting (XSS) vulnerability in the Enterprise Admin
...)
NOT-FOR-US: Liferay Portal
CVE-2008-0177 (The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the
KAME ...)
- TODO: check
+ NOT-FOR-US: KAME
CVE-2008-0176 (Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY
HMI ...)
NOT-FOR-US: GE Fanuc CIMPLICITY
CVE-2008-0175 (Unrestricted file upload vulnerability in GE Fanuc Proficy
Real-Time ...)
@@ -1454,21 +1455,21 @@
CVE-2008-0110
RESERVED
CVE-2008-0109 (Unspecified vulnerability in Word in Microsoft Office 2000 SP3,
XP ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2008-0108 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and
SP3, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2008-0107
RESERVED
CVE-2008-0106
RESERVED
CVE-2008-0105 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and
SP3, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2008-0104 (Unspecified vulnerability in Microsoft Office Publisher 2000,
2002, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2008-0103 (Unspecified vulnerability in Microsoft Office 2000 SP3, Office
XP SP3, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2008-0102 (Unspecified vulnerability in Microsoft Office Publisher 2000,
2002, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2008-0101 (Format string vulnerability in the swDebugf function in
DuneApp.cpp in ...)
- whitedune 0.28.13-1 (medium)
CVE-2008-0100 (Stack-based buffer overflow in the Scene::errorf function in
Scene.cpp ...)
@@ -1518,7 +1519,7 @@
CVE-2008-0089 (SQL injection vulnerability in uprofile.php in ClipShare allows
remote ...)
NOT-FOR-US: ClipShare
CVE-2008-0088 (Unspecified vulnerability in Active Directory on Microsoft
Windows ...)
- TODO: check
+ NOT-FOR-US: Windows
CVE-2008-0087
RESERVED
CVE-2008-0086
@@ -1526,7 +1527,7 @@
CVE-2008-0085
RESERVED
CVE-2008-0084 (Unspecified vulnerability in the TCP/IP support in Microsoft
Windows ...)
- TODO: check
+ NOT-FOR-US: Windows
CVE-2008-0083
RESERVED
CVE-2008-0082
@@ -1534,19 +1535,19 @@
CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2004 and earlier,
and ...)
NOT-FOR-US: Microsoft
CVE-2008-0080 (Heap-based buffer overflow in the WebDAV Mini-Redirector in
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Windows
CVE-2008-0079
RESERVED
CVE-2008-0078 (Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in
...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0077 (Unspecified vulnerability in Microsoft Internet Explorer 6 SP1,
6 SP2, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0076 (Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6
SP1 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0075 (Unspecified vulnerability in Microsoft Internet Information
Services ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0074 (Unspecified vulnerability in Microsoft Internet Information
Services ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0073
RESERVED
CVE-2008-0072
@@ -1606,19 +1607,19 @@
CVE-2008-0044
RESERVED
CVE-2008-0043 (Format string vulnerability in Apple iPhoto before 7.1.2 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Apple iPhoto
CVE-2008-0042 (Argument injection vulnerability in Terminal.app in Terminal in
Apple ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OSX
CVE-2008-0041 (Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts
...)
- TODO: check
+ NOT-FOR-US: Apple Mac OSX
CVE-2008-0040 (Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through
10.5.1 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OSX
CVE-2008-0039 (Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11
allows ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OSX
CVE-2008-0038 (Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an
...)
- TODO: check
+ NOT-FOR-US: Apple Mac OSX
CVE-2008-0037 (X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly
handle ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OSX
CVE-2008-0036 (Buffer overflow in Apple QuickTime before 7.4 allows remote
attackers ...)
NOT-FOR-US: Apple QuickTime
CVE-2008-0035 (Unspecified vulnerability in Foundation, as used in Apple iPhone
1.0 ...)
@@ -2555,7 +2556,8 @@
CVE-2007-6287 (Cross-site scripting (XSS) vulnerability in the login page in
Lxlabs ...)
NOT-FOR-US: HyperVM
CVE-2007-6286 (Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15,
when the ...)
- TODO: check
+ - tomcat5.5 unfixed (medium; bug #465644)
+ - tomcat5 <removed>
CVE-2007-6285 (The default configuration for autofs 5 (autofs5) in some Linux
...)
NOTE: maintainer will patch autofs5 in upload to unstable
TODO: check when autofs5 hits unstable
@@ -4458,13 +4460,13 @@
CVE-2007-5667 (NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows
2000, ...)
NOT-FOR-US: Novell Client
CVE-2007-5666 (Untrusted search path vulnerability in Adobe Reader and Acrobat
8.1.1 ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2007-5665 (STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security
Management ...)
NOT-FOR-US: Novell ZENworks Endpoint Security Management
CVE-2007-5664
RESERVED
CVE-2007-5663 (Adobe Reader and Acrobat 8.1.1 and earlier allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2007-5662
RESERVED
CVE-2007-5661
@@ -4472,7 +4474,7 @@
CVE-2007-5660 (Unspecified vulnerability in the Update Service ActiveX control
in ...)
NOT-FOR-US: MacroVision FLEXnet Connect and InstallShield 2008
CVE-2007-5659 (Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and
...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2007-5658 (Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0
and ...)
NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5657 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before
4.0.4, ...)
@@ -5717,7 +5719,8 @@
- iceape 1.1.5
NOTE: MFSA2007-33
CVE-2007-5333 (Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and
4.1.0 ...)
- TODO: check
+ - tomcat5.5 unfixed (medium; bug #465645)
+ - tomcat5 <removed>
CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2)
caloggerd ...)
NOT-FOR-US: ARCServe BackUp
CVE-2007-5331 (Queue.dll for the message queuing service (LQserver.exe) in CA
...)