Author: nion
Date: 2008-02-15 13:48:28 +0000 (Fri, 15 Feb 2008)
New Revision: 8164
Modified:
data/CVE/list
Log:
NFUs
new openldap2.3 issue (CVE-2008-0658)
CVE-2008-0002 does not affect tomcat5.5
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-02-15 12:12:02 UTC (rev 8163)
+++ data/CVE/list 2008-02-15 13:48:28 UTC (rev 8164)
@@ -65,35 +65,35 @@
CVE-2008-0747 (Stack-based buffer overflow in COWON America jetAudio 7.0.5 and
...)
NOT-FOR-US: COWON America jetAudio
CVE-2008-0746 (SQL injection vulnerability in index.php in the Gallery
(com_gallery) ...)
- TODO: check
+ NOT-FOR-US: Gallery component for Mambo and Joomla!
CVE-2008-0745 (Directory traversal vulnerability in aides/index.php in DomPHP
0.82 ...)
- TODO: check
+ NOT-FOR-US: DomPHP
CVE-2008-0744 (SQL injection vulnerability in user_login.asp in PreProjects.com
Pre ...)
- TODO: check
+ NOT-FOR-US: Pre Hotels & Resorts Management System
CVE-2008-0743 (PHP remote file inclusion vulnerability in members_help.php in
Joovili ...)
- TODO: check
+ NOT-FOR-US: Joovili
CVE-2008-0742 (Multiple directory traversal vulnerabilities in PowerScripts
PowerNews ...)
- TODO: check
+ NOT-FOR-US: PowerNews
CVE-2008-0741 (Unspecified vulnerability in the PropFilePasswordEncoder utility
in ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0740 (IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25
...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0739 (SQL injection vulnerability in admin/SA_shipFedExMeter.asp in
...)
- TODO: check
+ NOT-FOR-US: CandyPress
CVE-2008-0738 (Multiple SQL injection vulnerabilities in CandyPress (CP)
4.1.1.26, ...)
- TODO: check
+ NOT-FOR-US: CandyPress
CVE-2008-0737 (SQL injection vulnerability in admin/utilities_ConfigHelp.asp in
...)
- TODO: check
+ NOT-FOR-US: CandyPress
CVE-2008-0736 (admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and
possibly ...)
- TODO: check
+ NOT-FOR-US: CandyPress
CVE-2008-0735 (SQL injection vulnerability in mod/gallery/ajax/gallery_data.php
in ...)
- TODO: check
+ NOT-FOR-US: AuraCMS
CVE-2008-0734 (SQL injection vulnerability in class_auth.php in Limbo CMS
1.0.4.2, ...)
- TODO: check
+ NOT-FOR-US: Limbo CMS
CVE-2008-0733 (SQL injection vulnerability in index.php in CS Team Counter
Strike ...)
- TODO: check
+ NOT-FOR-US: CS Team Counter Strike Portals
CVE-2007-6701 (Multiple stack-based buffer overflows in the Spooler service
...)
- TODO: check
+ NOT-FOR-US: Novell Client
CVE-2006-7231 (SQL injection vulnerability in display.asp in Civica Software
Civica ...)
TODO: check
CVE-2003-1544 (Unrestricted critical resource lock in Terminal Services for
Windows ...)
@@ -249,7 +249,10 @@
CVE-2008-0659 (Stack-based buffer overflow in Aurigma Image Uploader ActiveX
control ...)
NOT-FOR-US: Aurigma Image Uploader
CVE-2008-0658 (slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP
...)
- TODO: check
+ - openldap2.3 <unfixed> (low; bug #465875)
+ - openldap2.2 <removed>
+ - openldap2 <not-affected> (slapd not built from this version)
+ NOTE: only authenticated users can exploit this
CVE-2008-0657 (Multiple unspecified vulnerabilities in the Java Runtime
Environment ...)
- sun-java6 6-02-1
- sun-java5 1.5.0-14-1
@@ -292,7 +295,7 @@
CVE-2008-0640 (Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and
2.0.1 ...)
NOT-FOR-US: Symantec Ghost Solution Suite
CVE-2008-0639 (Stack-based buffer overflow in the EnumPrinters function in the
...)
- TODO: check
+ NOT-FOR-US: Novell Client
CVE-2008-0638
RESERVED
CVE-2008-0637
@@ -2883,7 +2886,7 @@
CVE-2008-0003 (Stack-based buffer overflow in the
PAMBasicAuthenticator::PAMCallback ...)
NOT-FOR-US: OpenPegasus CIM management server
CVE-2008-0002 (Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the
context ...)
- TODO: check
+ - tomcat5.5 <not-affected> (referring to upstream)
CVE-2008-0001 (VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before
...)
{DSA-1479-1}
- linux-2.6 <unfixed>