joeyh at alioth.debian.org
2008-Mar-18 21:14 UTC
[Secure-testing-commits] r8369 - data/CVE
Author: joeyh
Date: 2008-03-18 21:14:13 +0000 (Tue, 18 Mar 2008)
New Revision: 8369
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-03-18 20:57:29 UTC (rev 8368)
+++ data/CVE/list 2008-03-18 21:14:13 UTC (rev 8369)
@@ -1,16 +1,177 @@
-CVE-2008-1360 [XSS in nagios]
+CVE-2008-1368 (CRLF injection vulnerability in Microsoft Internet Explorer 5
and 6 ...)
+ TODO: check
+CVE-2008-1367 (gcc 4.3.x does not generate a cld instruction while compiling
...)
+ TODO: check
+CVE-2008-1366 (Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189
and ...)
+ TODO: check
+CVE-2008-1365 (Stack-based buffer overflow in Trend Micro OfficeScan Corporate
...)
+ TODO: check
+CVE-2008-1364
+ RESERVED
+CVE-2008-1363
+ RESERVED
+CVE-2008-1362
+ RESERVED
+CVE-2008-1361
+ RESERVED
+CVE-2008-1359 (Cross-site scripting (XSS) vulnerability in Invision Power Board
(IPB ...)
+ TODO: check
+CVE-2008-1358 (Sack-based buffer overflow in the IMAP server in Alt-N
Technologies ...)
+ TODO: check
+CVE-2008-1357 (Format string vulnerability in the logDetail function of
applib.dll in ...)
+ TODO: check
+CVE-2008-1356 (Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java
...)
+ TODO: check
+CVE-2008-1355 (Cross-site scripting (XSS) vulnerability in index.php in Jeebles
...)
+ TODO: check
+CVE-2008-1354 (SQL injection vulnerability in MyIssuesView.asp in Advanced Data
...)
+ TODO: check
+CVE-2008-1353 (zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a
...)
+ TODO: check
+CVE-2008-1352 (Directory traversal vulnerability in search.php in EdiorCMS
(ecms) 3.0 ...)
+ TODO: check
+CVE-2008-1351 (SQL injection vulnerability in the Tutorials 2.1b module for
XOOPS ...)
+ TODO: check
+CVE-2008-1350 (SQL injection vulnerability in kb.php in Fully Modded phpBB
(phpbbfm) ...)
+ TODO: check
+CVE-2008-1349 (SQL injection vulnerability in viewcat.php in the bamaGalerie
(Bama ...)
+ TODO: check
+CVE-2008-1348 (Cross-site scripting (XSS) vulnerability in index.php in the
eWebsite ...)
+ TODO: check
+CVE-2008-1347 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-1346 (SQL injection vulnerability in staticpages/easygallery/index.php
in ...)
+ TODO: check
+CVE-2008-1345 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2008-1344 (Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar
4.0tr ...)
+ TODO: check
+CVE-2008-1343 (Directory traversal vulnerability in pkgadd and pkgrm in SCO
UnixWare ...)
+ TODO: check
+CVE-2008-1342 (Multiple cross-site scripting (XSS) vulnerabilities in the
search ...)
+ TODO: check
+CVE-2008-1341 (SQL injection vulnerability in SearchResults.aspx in LaGarde
...)
+ TODO: check
+CVE-2008-1340
+ RESERVED
+CVE-2008-1339
+ RESERVED
+CVE-2008-1338 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793
and ...)
+ TODO: check
+CVE-2008-1337 (The instant message service in Timbuktu Pro 8.6.5 RC 229 and
earlier ...)
+ TODO: check
+CVE-2008-1336 (SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0
allows ...)
+ TODO: check
+CVE-2008-1335 (The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through
3.1 ...)
+ TODO: check
+CVE-2008-1334 (cgi/b on the BT Home Hub router allows remote attackers to
bypass ...)
+ TODO: check
+CVE-2008-1333
+ RESERVED
+CVE-2008-1332
+ RESERVED
+CVE-2008-1331
+ RESERVED
+CVE-2008-1330
+ RESERVED
+CVE-2008-1329
+ RESERVED
+CVE-2008-1328
+ RESERVED
+CVE-2008-1327 (Gallarific does not require authentication for (1) users.php and
(2) ...)
+ TODO: check
+CVE-2008-1326 (Cross-site scripting (XSS) vulnerability in search.php in
Gallarific ...)
+ TODO: check
+CVE-2008-1325 (Multiple directory traversal vulnerabilities in index.php in
Uberghey ...)
+ TODO: check
+CVE-2008-1324 (Multiple directory traversal vulnerabilities in index.php in
...)
+ TODO: check
+CVE-2008-1323 (Cross-site request forgery (CSRF) vulnerability in index.php in
...)
+ TODO: check
+CVE-2008-1322 (The File Check Utility (fcheck.exe) in ASG-Sentry Network
Manager ...)
+ TODO: check
+CVE-2008-1321 (The FxIAList service in ASG-Sentry Network Manager 7.0.0 and
earlier ...)
+ TODO: check
+CVE-2008-1320 (Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0
and ...)
+ TODO: check
+CVE-2008-1319 (Untrusted search path and argument injection vulnerability in
the ...)
+ TODO: check
+CVE-2008-1317 (Unspecified vulnerability in the Inter-Process Communication
(IPC) ...)
+ TODO: check
+CVE-2008-1316 (SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute
...)
+ TODO: check
+CVE-2008-1315 (SQL injection vulnerability in the ZClassifieds module for
PHP-Nuke ...)
+ TODO: check
+CVE-2008-1314 (SQL injection vulnerability in the Johannes Hass gaestebuch 2.2
module ...)
+ TODO: check
+CVE-2008-1313 (Multiple SQL injection vulnerabilities in index.php in Bloo 1.00
and ...)
+ TODO: check
+CVE-2008-1312 (Unspecified vulnerability in the TFTP server in PacketTrap
Networks ...)
+ TODO: check
+CVE-2008-1311 (The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0
and ...)
+ TODO: check
+CVE-2008-1310 (Directory traversal vulnerability in the TFTP server in
PacketTrap ...)
+ TODO: check
+CVE-2008-1309 (The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll
...)
+ TODO: check
+CVE-2008-1308 (SQL injection vulnerability in the Sudirman Angriawan NukeC30
3.0 ...)
+ TODO: check
+CVE-2008-1307 (Heap-based buffer overflow in the KUpdateObj2 Class ActiveX
control in ...)
+ TODO: check
+CVE-2008-1306 (Multiple cross-site scripting (XSS) vulnerabilities in Savvy
Content ...)
+ TODO: check
+CVE-2008-1305 (SQL injection vulnerability in filebase.php in the Filebase mod
for ...)
+ TODO: check
+CVE-2008-1304 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress
2.3.2 ...)
+ TODO: check
+CVE-2008-1303 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793
and ...)
+ TODO: check
+CVE-2008-1302 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793
and ...)
+ TODO: check
+CVE-2008-1301 (Absolute path traversal vulnerability in ...)
+ TODO: check
+CVE-2008-1300 (Cross-site scripting (XSS) vulnerability in the Logfile Viewer
...)
+ TODO: check
+CVE-2008-1299 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in
...)
+ TODO: check
+CVE-2008-1298 (SQL injection vulnerability in Hadith module for PHP-Nuke allows
...)
+ TODO: check
+CVE-2008-1297 (SQL injection vulnerability in index.php in the eWriting ...)
+ TODO: check
+CVE-2008-1296 (Multiple cross-site scripting (XSS) vulnerabilities in
EncapsGallery ...)
+ TODO: check
+CVE-2008-1295 (SQL injection vulnerability in archives.php in Gregory Kokanosky
(aka ...)
+ TODO: check
+CVE-2008-1292
+ RESERVED
+CVE-2008-1291
+ RESERVED
+CVE-2008-1290
+ RESERVED
+CVE-2008-1289
+ RESERVED
+CVE-2007-6710
+ RESERVED
+CVE-2007-6709 (The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03
and ...)
+ TODO: check
+CVE-2007-6708 (Multiple cross-site request forgery (CSRF) vulnerabilities on
the ...)
+ TODO: check
+CVE-2007-6707 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco
...)
+ TODO: check
+CVE-2008-1360 (Cross-site scripting (XSS) vulnerability in Nagios before 2.11
allows ...)
- nagios2 2.11-1 (low)
CVE-2008-XXXX [tmp race in axyl leading to symlink attack]
- axyl <unfixed> (low; bug #471227)
[sarge] - axyl <not-affected> (Vulnerable code not present)
[etch] - axyl <not-affected> (Vulnerable code not present)
CVE-2008-1294 [setrlimit(RLIMIT_CPUINFO) with zero value doesn''t
inherit properly across children]
+ RESERVED
- linux-2.6 <unfixed> (bug #419706)
-CVE-2008-1318 [Mediawiki Cross-site information leak]
+CVE-2008-1318 (Unspecified vulnerability in MediaWiki 1.11 to 1.11.2 allows
remote ...)
- mediawiki 1:1.11.2-1 (low)
CVE-2008-1288 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or
...)
NOT-FOR-US: IBM Rational ClearQuest
-CVE-2008-1287 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 ggenerates different
error ...)
+CVE-2008-1287 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different
error ...)
NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-1286 (Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3,
and ...)
NOT-FOR-US: Sun Javav Web Console
@@ -295,8 +456,8 @@
RESERVED
CVE-2008-1158
RESERVED
-CVE-2008-1157
- RESERVED
+CVE-2008-1157 (Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6
creates a ...)
+ TODO: check
CVE-2008-1156
RESERVED
CVE-2008-1155
@@ -387,10 +548,12 @@
NOTE: exploitable through code introduced in 1.0.11
NOTE: http://www.dovecot.org/list/dovecot-news/2008-March/000064.html
CVE-2008-1293 [ldm information disclosure]
+ RESERVED
+ {DTSA-118-1}
- ldm 2:0.1~bzr20080308-1 (bug #469462)
- ltsp 5.0.40~bzr20071229-1
NOTE: In revision 5.0.40~bzr20071229-1 ldm has been split into a separate
source package
-CVE-2008-1145 (Directory traversal vulnerability in WEBrick 1.8 before
1.8.5-p115 and ...)
+CVE-2008-1145 (Directory traversal vulnerability in WEBrick in Ruby 1.8 before
...)
- ruby1.8 1.8.6.114-1 (unimportant; bug #469475)
- ruby1.9 1.9.0.1-1 (unimportant; bug #469482)
[sarge] - ruby1.8 <no-dsa> (case insensitive FS, corner case)
@@ -429,10 +592,10 @@
NOT-FOR-US: ICQ
CVE-2008-1119 (Directory traversal vulnerability in include/doc/get_image.php
in ...)
NOT-FOR-US: Centreon
-CVE-2008-1118
- RESERVED
-CVE-2008-1117
- RESERVED
+CVE-2008-1118 (Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X,
does ...)
+ TODO: check
+CVE-2008-1117 (Directory traversal vulnerability in the Notes (aka Flash Notes
or ...)
+ TODO: check
CVE-2008-1116 (Insecure method vulnerability in the Web Scan Object ActiveX
control ...)
NOT-FOR-US: Rising Antivirus
CVE-2008-1115 (Unspecified vulnerability in Sun Solaris 8 directory functions
allows ...)
@@ -796,14 +959,15 @@
RESERVED
CVE-2008-0950
RESERVED
-CVE-2008-0949
- RESERVED
+CVE-2008-0949 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS)
7.x ...)
+ TODO: check
CVE-2008-0948
RESERVED
- krb5 1.3-1 (unimportant)
NOTE: glibc properly defines FD_SETSIZE
CVE-2008-0947
RESERVED
+ {DSA-1524-1}
- krb5 1.6.dfsg.3~beta1-4 (medium)
CVE-2008-0946 (Directory traversal vulnerability in the IM Server (aka IMserve
or ...)
NOT-FOR-US: Ipswitch Instant Messaging
@@ -923,9 +1087,9 @@
NOT-FOR-US: Red Hat Directory Server
CVE-2008-0889
RESERVED
-CVE-2008-0888
- RESERVED
+CVE-2008-0888 (The NEEDBITS macro in the inflate_dynamic function in inflate.c
for ...)
{DSA-1522-1}
+ TODO: check
CVE-2008-0887
RESERVED
CVE-2008-0886
@@ -1277,8 +1441,8 @@
NOT-FOR-US: Apple iPhone
CVE-2008-0728 (The unmew11 function in libclamav/mew.c in libclamav in ClamAV
before ...)
- clamav 0.92.1~dfsg-1
-CVE-2008-0727
- RESERVED
+CVE-2008-0727 (Multiple buffer overflows in oninit.exe in IBM Informix Dynamic
Server ...)
+ TODO: check
CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier
allows ...)
NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-0725 (Multiple heap-based buffer overflows in the (1) FTP service and
(2) ...)
@@ -1686,10 +1850,10 @@
RESERVED
CVE-2008-0534
RESERVED
-CVE-2008-0533
- RESERVED
-CVE-2008-0532
- RESERVED
+CVE-2008-0533 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-0532 (Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in ...)
+ TODO: check
CVE-2008-0531 (Heap-based buffer overflow in Cisco Unified IP Phone 7940,
7940G, ...)
NOT-FOR-US: Cisco
CVE-2008-0530 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and
7960G ...)
@@ -2265,7 +2429,7 @@
- iceape 1.1.8-1 (medium)
CVE-2008-0303 (The FTP print feature in multiple Canon printers, including ...)
NOT-FOR-US: Canon printer firmware
-CVE-2008-0301 (Multiple SQL injection vulnerabilities in Mapbender 2.4 through
2.4.4 ...)
+CVE-2008-0301 (Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow
remote ...)
NOT-FOR-US: Mapbender
CVE-2008-0300 (mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers
to ...)
NOT-FOR-US: Mapbender
@@ -2739,7 +2903,7 @@
NOT-FOR-US: Microsoft Office
CVE-2008-0117 (Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002
SP2, ...)
NOT-FOR-US: Microsoft Excel
-CVE-2008-0116 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through
2003 ...)
+CVE-2008-0116 (Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003,
Compatibility ...)
NOT-FOR-US: Microsoft Excel
CVE-2008-0115 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through
2007, ...)
NOT-FOR-US: Microsoft Excel
@@ -2869,9 +3033,11 @@
NOT-FOR-US: XnView, nconvert GFL SDK for Windows
CVE-2008-0063
RESERVED
+ {DSA-1524-1}
- krb5 1.6.dfsg.3~beta1-4 (medium)
CVE-2008-0062
RESERVED
+ {DSA-1524-1}
- krb5 1.6.dfsg.3~beta1-4 (high)
CVE-2008-0060
RESERVED
@@ -3953,7 +4119,7 @@
RESERVED
CVE-2007-6254
RESERVED
-CVE-2007-6253 (Multiple unspecified vulnerabilities in Adobe Form Designer 5.0
and ...)
+CVE-2007-6253 (Multiple buffer overflows in Adobe Form Designer 5.0 and Form
Client ...)
NOT-FOR-US: Adobe Form Designer
CVE-2007-6252 (Multiple stack-based buffer overflows in the Learn2 Corporation
...)
NOT-FOR-US: Street Technologies
@@ -6880,7 +7046,7 @@
NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5384 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
-CVE-2007-5383 (The Thomson/Alcatel SpeedTouch 7G router, as used for the BT
Home Hub, ...)
+CVE-2007-5383 (The Thomson/Alcatel SpeedTouch 7G router, as used for the BT
Home Hub ...)
NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5382 (The conversion utility for converting CiscoWorks Wireless LAN
Solution ...)
NOT-FOR-US: CiscoWorks
@@ -52911,7 +53077,7 @@
- maxdb-webtools 7.5.00.19-1
CVE-2004-1167 (mirrorselect before 0.89 creates temporary files in a
world-writable ...)
NOT-FOR-US: gentoo mirrorselect
-CVE-2004-1166 (Microsoft Internet Explorer 6.0.2800.1106 and earlier allows
remote ...)
+CVE-2004-1166 (CRLF injection vulnerability in Microsoft Internet Explorer ...)
NOT-FOR-US: Microsoft
CVE-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP
...)
{DSA-631-1}