Author: nion
Date: 2008-04-03 10:59:54 +0000 (Thu, 03 Apr 2008)
New Revision: 8473
Modified:
data/CVE/list
Log:
NFUs
CVE-2008-156{1,2} fixed in wireshark 1.0.0-1
CVE-2008-1552 fixed in silc 1.1.4-1
sdpplin_parse overflow originally from xine-lib has its own cve for mplayer now
(CVE-2008-1558)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-04-02 23:04:53 UTC (rev 8472)
+++ data/CVE/list 2008-04-03 10:59:54 UTC (rev 8473)
@@ -63,59 +63,59 @@
CVE-2008-1566 (Cross-site scripting (XSS) vulnerability in Search.do in
ManageEngine ...)
NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-1565 (Directory traversal vulnerability in forum/irc/irc.php in the
PJIRC ...)
- TODO: check
+ NOT-FOR-US: PJIRC module for phpBB
CVE-2008-1564 (Directory traversal vulnerability in Dan Costin File Transfer
before ...)
- TODO: check
+ NOT-FOR-US: Dan Costin File Transfer
CVE-2008-1563 (The "decode as" feature in packet-bssap.c in
the SCCP dissector in ...)
- TODO: check
+ - wireshark 1.0.0-1 (low)
CVE-2008-1562 (The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2
through ...)
- TODO: check
+ - wireshark 1.0.0-1 (low)
CVE-2008-1561 (Multiple unspecified vulnerabilities in Wireshark (formerly
Ethereal) ...)
- TODO: check
+ - wireshark 1.0.0-1 (low)
CVE-2008-1560 (Multiple cross-site scripting (XSS) vulnerabilities in Digiappz
...)
- TODO: check
+ NOT-FOR-US: Digiappz DigiDomain
CVE-2008-1559 (SQL injection vulnerability in the Bernard Gilly AlphaContent
...)
- TODO: check
+ NOT-FOR-US: com_alphacontent component for Joomla!
CVE-2008-1558 (Uncontrolled array index in the sdpplin_parse function in ...)
- TODO: check
+ - mplayer 1.0~rc2-10 (medium; bug #473056)
CVE-2008-1557 (BolinOS 4.6.1 allows remote attackers to obtain sensitive
information ...)
- TODO: check
+ NOT-FOR-US: BolinOS
CVE-2008-1556 (Multiple cross-site scripting (XSS) vulnerabilities in BolinOS
4.6.1 ...)
- TODO: check
+ NOT-FOR-US: BolinOS
CVE-2008-1555 (Directory traversal vulnerability in ...)
- TODO: check
+ NOT-FOR-US: BolinOS
CVE-2008-1554 (SQL injection vulnerability in account/index.php in TopperMod
2.0, ...)
- TODO: check
+ NOT-FOR-US: TopperMod
CVE-2008-1553 (Directory traversal vulnerability in mod.php in TopperMod 1.0
allows ...)
- TODO: check
+ NOT-FOR-US: TopperMod
CVE-2008-1552 (The silc_pkcs1_decode function in the silccrypt library
(silcpkcs1.c) ...)
- TODO: check
+ - silc 1.1.4-1 (medium)
CVE-2008-1551 (SQL injection vulnerability in viewcat.php in the Photo 3.02
module ...)
- TODO: check
+ NOT-FOR-US: RunCMS
CVE-2008-1550 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2008-1549 (Multiple SQL injection vulnerabilities in Aeries Browser
Interface ...)
- TODO: check
+ NOT-FOR-US: Eagle Software Aries Student Information System
CVE-2008-1548 (Multiple cross-site scripting (XSS) vulnerabilities in Aeries
Browser ...)
- TODO: check
+ NOT-FOR-US: Eagle Software Aries Student Information System
CVE-2008-1547
RESERVED
CVE-2008-1546 (servlet/MIMEReceiveServlet in the web controller for Mitsubishi
...)
- TODO: check
+ NOT-FOR-US: Mitsubishi Electric GB-50 and GB-50A air-conditioning control
systems
CVE-2008-1545 (The setRequestHeader method of the XMLHttpRequest object in
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft IE7
CVE-2008-1544 (The setRequestHeader method of the XMLHttpRequest object in
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft IE7
CVE-2008-1543 (The Advanced User Interface Pages in the ProST Web Management
...)
- TODO: check
+ NOT-FOR-US: Airspan WiMAX ProST
CVE-2008-1542 (Airspan Base Station Distribution Unit (BSDU) has
"topsecret" as its ...)
- TODO: check
+ NOT-FOR-US: BSDU
CVE-2008-1541 (Directory traversal vulnerability in cgi-bin/his-webshop.pl in
HIS ...)
- TODO: check
+ NOT-FOR-US: HIS Webshop
CVE-2008-1540 (SQL injection vulnerability in the Datsogallery
(com_datsogallery) ...)
- TODO: check
+ NOT-FOR-US: com_datsogallery module for Joomla!
CVE-2008-1539 (SQL injection vulnerability in includes/dynamic_titles.php in
PHP-Nuke ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke Platinum
CVE-2008-1538 (Cross-site scripting (XSS) vulnerability in searchAction.do in
...)
TODO: check
CVE-2008-1537 (Directory traversal vulnerability in
pb_inc/admincenter/index.php in ...)
@@ -3560,7 +3560,6 @@
CVE-2008-0073 (Array index error in the sdpplin_parse function in ...)
{DSA-1536-1 DTSA-119-1}
- xine-lib 1.1.11-1 (medium)
- - mplayer 1.0~rc2-10 (medium; bug #473056)
- vlc 0.8.6.e-2 (medium; bug #473057)
NOTE: http://bugs.xine-project.org/show_bug.cgi?id=58
CVE-2008-0072 (Format string vulnerability in the emf_multipart_encrypted
function in ...)