stef-guest at alioth.debian.org
2008-Mar-11 13:42 UTC
[Secure-testing-commits] r8309 - data/CVE
Author: stef-guest Date: 2008-03-11 13:42:26 +0000 (Tue, 11 Mar 2008) New Revision: 8309 Modified: data/CVE/list Log: - new jspwiki issue - new silc-toolkit issue already fixed - some NFUs - apache fixes Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-03-11 12:54:00 UTC (rev 8308) +++ data/CVE/list 2008-03-11 13:42:26 UTC (rev 8309) @@ -78,61 +78,61 @@ CVE-2008-1232 RESERVED CVE-2008-1231 (Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and ...) - TODO: check + - jspwiki <unfixed> (bug #470477) CVE-2008-1230 (Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 ...) - TODO: check + - jspwiki <unfixed> (bug #470477) CVE-2008-1229 (Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki ...) - TODO: check + - jspwiki <unfixed> (bug #470477) CVE-2008-1228 (Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly ...) - TODO: check + NOT-FOR-US: MG2 CVE-2008-1227 (Stack-based buffer overflow in the silc_fingerprint function in ...) - TODO: check + - silc-toolkit 1.1.6-1 CVE-2008-1226 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...) - TODO: check + NOT-FOR-US: Zimbra Collaboration Suite CVE-2008-1225 (Multiple cross-site scripting (XSS) vulnerabilities in WebCT Campus ...) - TODO: check + NOT-FOR-US: WebCT Campus Edition CVE-2008-1224 (Cross-site scripting (XSS) vulnerability in account.php in ...) - TODO: check + NOT-FOR-US: BosClassifieds Classified Ads System CVE-2008-1223 (Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers ...) - TODO: check + NOT-FOR-US: Dokeos CVE-2008-1222 (Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 ...) - TODO: check + NOT-FOR-US: Dokeos CVE-2008-1221 (Absolute path traversal vulnerability in the FTP server in MicroWorld ...) - TODO: check + NOT-FOR-US: MicroWorld eScan CVE-2008-1220 (SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke ...) - TODO: check + NOT-FOR-US: 4nChat for PHP-Nuke CVE-2008-1219 (SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 ...) - TODO: check + NOT-FOR-US: Kutub-i Sitte for PHP-Nuke CVE-2008-1218 RESERVED CVE-2008-1217 (Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus ...) - TODO: check + NOT-FOR-US: IBM Lotus Notes CVE-2008-1216 (IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not ...) - TODO: check + NOT-FOR-US: IBM Lotus Notes CVE-2008-1215 (Stack-based buffer overflow in the command_Expand_Interpret function ...) - TODO: check + NOT-FOR-US: BSD net/userppp CVE-2008-1214 (MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux ...) - TODO: check + NOT-FOR-US: Numara FootPrints CVE-2008-1213 (Cross-site scripting (XSS) vulnerability in Numara FootPrints for ...) - TODO: check + NOT-FOR-US: Numara FootPrints CVE-2008-1212 (Cross-site scripting (XSS) vulnerability in set_permissions.php in ...) - TODO: check + NOT-FOR-US: Podcast Generator CVE-2008-1211 (Cross-site scripting (XSS) vulnerability in BosDates 3.x and 4.x ...) - TODO: check + NOT-FOR-US: BosDates CVE-2008-1210 (Stack-based buffer overflow in the ctags parsing code in Programmer''s ...) - TODO: check + NOT-FOR-US: Programmer''s Notepad CVE-2008-1209 (Cross-site scripting (XSS) vulnerability in redirect.do in Xitex ...) - TODO: check + NOT-FOR-US: Xitex WebContent M1 CVE-2008-1208 (Cross-site scripting (XSS) vulnerability in the login page in Check ...) - TODO: check + NOT-FOR-US: CheckPoint VPN-1 CVE-2008-1207 (Multiple unspecified vulnerabilities in Fujitsu Interstage Smart ...) - TODO: check + NOT-FOR-US: Fujitsu Interstage CVE-2008-1206 (Format string vulnerability in the log_message function in lks.c in ...) - TODO: check + NOT-FOR-US: Linux Kiss Server CVE-2008-1205 (Unspecified vulnerability in the ipsecah kernel module in Sun Solaris ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2008-1204 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - TODO: check + NOT-FOR-US: Sun Java System CVE-2008-1203 RESERVED CVE-2008-1202 @@ -140,7 +140,7 @@ CVE-2008-1201 RESERVED CVE-2008-1200 (Unspecified vulnerability in Microsoft Access allows remote ...) - TODO: check + NOT-FOR-US: Microsoft Access CVE-2008-1198 (The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 ...) TODO: check CVE-2008-1197 @@ -7837,10 +7837,8 @@ CVE-2007-5000 (Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in ...) [sarge] - apache2 <no-dsa> (minor issue) [sarge] - apache <no-dsa> (minor issue) - [etch] - apache2 <no-dsa> (minor issue) - [etch] - apache <no-dsa> (minor issue) - apache2 2.2.8-1 (low) - - apache <unfixed> (low) + - apache <removed> (low) [etch] - apache2 2.2.3-4+etch4 [etch] - apache 1.3.34-4.1+etch1 CVE-2007-4999 (libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, ...) @@ -9137,7 +9135,7 @@ [sarge] - apache <no-dsa> (browser issue, low impact) [etch] - apache <no-dsa> (browser issue, low impact) [sarge] - apache2 <no-dsa> (browser issue, low impact) - [etch] - apache2 <no-dsa> (browser issue, low impact) + [etch] - apache2 2.2.3-4+etch4 NOTE: This is really a browser bug, see CVE-2006-5152. But still unfixed in MSIE. NOTE: Etch''s default configuration not vulnerable due to AddDefaultCharset, NOTE: but many users change this.