joeyh at alioth.debian.org
2008-Mar-12 09:14 UTC
[Secure-testing-commits] r8319 - data/CVE
Author: joeyh
Date: 2008-03-12 09:14:10 +0000 (Wed, 12 Mar 2008)
New Revision: 8319
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-03-11 23:23:45 UTC (rev 8318)
+++ data/CVE/list 2008-03-12 09:14:10 UTC (rev 8319)
@@ -1,4 +1,43 @@
-CVE-2008-1270 [configuration error in lighttpd possibly leading to file
disclosure]
+CVE-2008-1288 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or
...)
+ TODO: check
+CVE-2008-1287 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 ggenerates different
error ...)
+ TODO: check
+CVE-2008-1286 (Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3,
and ...)
+ TODO: check
+CVE-2008-1285 (Cross-site scripting (XSS) vulnerability in Sun Java Server
Faces ...)
+ TODO: check
+CVE-2008-1284 (Directory traversal vulnerability in Horde 3.1.6, Groupware
before ...)
+ TODO: check
+CVE-2008-1283 (Cross-site scripting (XSS) vulnerability in Neptune Web Server
3.0 ...)
+ TODO: check
+CVE-2008-1282 (Buffer overflow in the BFup ActiveX control (BFup.dll) in
B21Soft BFup ...)
+ TODO: check
+CVE-2008-1281 (Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and
earlier, ...)
+ TODO: check
+CVE-2008-1280 (Acronis True Image Windows Agent 1.0.0.54 and earlier, included
in ...)
+ TODO: check
+CVE-2008-1279 (Acronis True Image Group Server 1.5.19.191 and earlier, included
in ...)
+ TODO: check
+CVE-2008-1278 (The RemotelyAnywhere.exe service in the Remotely Anywhere Server
and ...)
+ TODO: check
+CVE-2008-1277 (The IMAP service (MEIMAPS.exe) in MailEnable Professional
Edition and ...)
+ TODO: check
+CVE-2008-1276 (Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in
...)
+ TODO: check
+CVE-2008-1275 (Multiple unspecified vulnerabilities in the SMTP service in
MailEnable ...)
+ TODO: check
+CVE-2008-1274 (Untrusted search path vulnerability in man in IBM AIX 6.1.0
invokes ...)
+ TODO: check
+CVE-2008-1273 (Multiple cross-site scripting (XSS) vulnerabilities in imageVue
1.7 ...)
+ TODO: check
+CVE-2008-1272 (Multiple SQL injection vulnerabilities in BM Classifieds
20080309 and ...)
+ TODO: check
+CVE-2008-1271
+ REJECTED
+ TODO: check
+CVE-2004-2759 (Shared Sun StorEdge QFS and SAM-QFS file systems, as used in
...)
+ TODO: check
+CVE-2008-1270 (mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is
not ...)
- lighttpd <unfixed> (unimportant)
NOTE: user configuration error, default documented in moduserdir documentation
CVE-2008-1269 (cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2
Plus ...)
@@ -131,10 +170,10 @@
NOT-FOR-US: Sun Solaris
CVE-2008-1204 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: Sun Java System
-CVE-2008-1203
- RESERVED
-CVE-2008-1202
- RESERVED
+CVE-2008-1203 (The administrator interface for Adobe ColdFusion 8 and
ColdFusion MX7 ...)
+ TODO: check
+CVE-2008-1202 (Cross-site scripting (XSS) vulnerability in the web management
...)
+ TODO: check
CVE-2008-1201
RESERVED
CVE-2008-1200 (Unspecified vulnerability in Microsoft Access allows remote ...)
@@ -213,8 +252,8 @@
TODO: check
CVE-2008-1162 (SQL injection vulnerability in album.php in PHP WEB SCRIPT
Dynamic ...)
TODO: check
-CVE-2008-1161
- RESERVED
+CVE-2008-1161 (Buffer overflow in the Matroska demuxer
(demuxers/demux_matroska.c) in ...)
+ TODO: check
CVE-2008-1160
RESERVED
CVE-2008-1159
@@ -291,8 +330,7 @@
TODO: check
CVE-2003-1546 (Cross-site scripting (XSS) vulnerability in gbook.php in
Filebased ...)
TODO: check
-CVE-2008-1218 [dovecot authentication bypass]
- RESERVED
+CVE-2008-1218 (Argument injection vulnerability in Dovecot 1.0.x before 1.0.13,
and ...)
- dovecot 1:1.0.13-1
[etch] - dovecot <not-affected> (Vulnerable code not present)
[sarge] - dovecot <not-affected> (Vulnerable code not present)
@@ -821,8 +859,8 @@
RESERVED
CVE-2008-0891
RESERVED
-CVE-2008-0890
- RESERVED
+CVE-2008-0890 (Red Hat Directory Server 7.1 before SP4 uses insecure
permissions for ...)
+ TODO: check
CVE-2008-0889
RESERVED
CVE-2008-0888
@@ -1348,10 +1386,10 @@
- deluge-torrent 0.5.8.3-1 (unknown; bug #463357)
CVE-2008-0645 (Multiple PHP remote file inclusion vulnerabilities in Portail
Web Php ...)
NOT-FOR-US: Portail Web Php
-CVE-2008-0644
- RESERVED
-CVE-2008-0643
- RESERVED
+CVE-2008-0644 (Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers
to ...)
+ TODO: check
+CVE-2008-0643 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX
7 and ...)
+ TODO: check
CVE-2008-0642 (Cross-site scripting (XSS) vulnerability in files created by
Adobe ...)
NOT-FOR-US: Adobe
CVE-2008-0808 (Cross-site scripting (XSS) vulnerability in the meta plugin in
Ikiwiki ...)
@@ -2149,10 +2187,10 @@
NOT-FOR-US: Symantec Decomposer
CVE-2008-0308 (Symantec Decomposer, as used in certain Symantec antivirus
products ...)
NOT-FOR-US: Symantec Decomposer
-CVE-2008-0307
- RESERVED
-CVE-2008-0306
- RESERVED
+CVE-2008-0307 (Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and
...)
+ TODO: check
+CVE-2008-0306 (sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions,
allows ...)
+ TODO: check
CVE-2008-0305
RESERVED
CVE-2008-0304 (Heap-based buffer overflow in Mozilla Thunderbird before
2.0.0.12 and ...)
@@ -2160,10 +2198,10 @@
- iceape 1.1.8-1 (medium)
CVE-2008-0303 (The FTP print feature in multiple Canon printers, including ...)
NOT-FOR-US: Canon printer firmware
-CVE-2008-0301
- RESERVED
-CVE-2008-0300
- RESERVED
+CVE-2008-0301 (Multiple SQL injection vulnerabilities in Mapbender 2.4 through
2.4.4 ...)
+ TODO: check
+CVE-2008-0300 (mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers
to ...)
+ TODO: check
CVE-2008-0298 (KHTML WebKit as used in Apple Safari 2.x allows remote attackers
to ...)
- webkit <unfixed> (unimportant)
NOTE: khtml originates from konqueror. browser crashes are considered
unimportant
@@ -2630,24 +2668,24 @@
RESERVED
CVE-2008-0119
RESERVED
-CVE-2008-0118
- RESERVED
-CVE-2008-0117
- RESERVED
-CVE-2008-0116
- RESERVED
-CVE-2008-0115
- RESERVED
-CVE-2008-0114
- RESERVED
-CVE-2008-0113
- RESERVED
-CVE-2008-0112
- RESERVED
-CVE-2008-0111
- RESERVED
-CVE-2008-0110
- RESERVED
+CVE-2008-0118 (Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3,
2003 ...)
+ TODO: check
+CVE-2008-0117 (Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002
SP2, ...)
+ TODO: check
+CVE-2008-0116 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through
2003 ...)
+ TODO: check
+CVE-2008-0115 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through
2007, ...)
+ TODO: check
+CVE-2008-0114 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through
2003 ...)
+ TODO: check
+CVE-2008-0113 (Unspecified vulnerability in Microsoft Office Excel Viewer 2003
up to ...)
+ TODO: check
+CVE-2008-0112 (Unspecified vulnerability in Microsoft Excel 2000 SP3, and
Office for ...)
+ TODO: check
+CVE-2008-0111 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through
2007, ...)
+ TODO: check
+CVE-2008-0110 (Unspecified vulnerability in Microsoft Outlook in Office 2000
SP3, XP ...)
+ TODO: check
CVE-2008-0109 (Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and
Office ...)
NOT-FOR-US: Microsoft Office
CVE-2008-0108 (Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6
File ...)
@@ -2724,7 +2762,7 @@
RESERVED
CVE-2008-0082
RESERVED
-CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2004 and earlier,
and ...)
+CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through
2003 ...)
NOT-FOR-US: Microsoft
CVE-2008-0080 (Heap-based buffer overflow in the WebDAV Mini-Redirector in
Microsoft ...)
NOT-FOR-US: Windows
@@ -3638,6 +3676,7 @@
CVE-2007-6342 (SQL injection vulnerability in the David Castro AuthCAS module
...)
NOT-FOR-US: Apache AuthCAS module
CVE-2007-6341 (Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages
such ...)
+ {DSA-1515-1}
- libnet-dns-perl 0.63-1 (low; bug #457445)
NOTE: maybe this should be unimportant as applications using net-dns should
handle this croak
CVE-2007-6340 (Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4
stream ...)
@@ -3846,8 +3885,8 @@
RESERVED
CVE-2007-6254
RESERVED
-CVE-2007-6253
- RESERVED
+CVE-2007-6253 (Multiple unspecified vulnerabilities in Adobe Form Designer 5.0
and ...)
+ TODO: check
CVE-2007-6252 (Multiple stack-based buffer overflows in the Learn2 Corporation
...)
NOT-FOR-US: Street Technologies
CVE-2007-6251
@@ -11645,6 +11684,7 @@
CVE-2007-3410 (Stack-based buffer overflow in the
SmilTimeValue::parseWallClockValue ...)
- helix-player <not-affected> (Debian versions of Helix player not
affected according to maintainer)
CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to
cause ...)
+ {DSA-1515-1}
- libnet-dns-perl 0.60-1 (low)
CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have
...)
- dia <not-affected> (Windows packaging with bundled FreeType libs)
@@ -11729,6 +11769,7 @@
- php4 <unfixed> (unimportant)
- php5 5.2.4-1 (unimportant)
CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates
...)
+ {DSA-1515-1}
- libnet-dns-perl 0.60-1 (low)
CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows
...)
NOT-FOR-US: Apple Safari
@@ -17076,8 +17117,8 @@
NOT-FOR-US: Microsoft Excel
CVE-2007-1202 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003
SP2, ...)
NOT-FOR-US: Microsoft Word
-CVE-2007-1201
- RESERVED
+CVE-2007-1201 (Unspecified vulnerability in certain COM objects in Microsoft
Office ...)
+ TODO: check
CVE-2007-1200
RESERVED
CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read
...)
@@ -25276,8 +25317,8 @@
NOT-FOR-US: Microsoft
CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft
Windows ...)
NOT-FOR-US: Microsoft
-CVE-2006-4695
- RESERVED
+CVE-2006-4695 (Unspecified vulnerability in certain COM objects in Microsoft
Office ...)
+ TODO: check
CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office
2000, ...)
NOT-FOR-US: Microsoft
CVE-2006-4693 (Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X
for ...)