thr3ads.net - Secure testing commits - [Secure-testing-commits] r8488

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Apr-08 09:14 UTC
[Secure-testing-commits] r8488 - data/CVE

Author: joeyh
Date: 2008-04-08 09:14:14 +0000 (Tue, 08 Apr 2008)
New Revision: 8488

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-04-06 19:09:03 UTC (rev 8487)
+++ data/CVE/list	2008-04-08 09:14:14 UTC (rev 8488)
@@ -1,3 +1,189 @@
+CVE-2008-1692 (Eterm 0.9.4 opens an xterm on :0 if -display is not specified
and the ...)
+	TODO: check
+CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0
and ...)
+	TODO: check
+CVE-2008-1690 (WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and
...)
+	TODO: check
+CVE-2008-1689 (Stack consumption vulnerability in WebContainer.exe 1.0.0.336
and ...)
+	TODO: check
+CVE-2008-1688
+	RESERVED
+CVE-2008-1687
+	RESERVED
+CVE-2008-1686
+	RESERVED
+CVE-2008-1685 (gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts
are not ...)
+	TODO: check
+CVE-2008-1684 (inetd on Sun Solaris 10, when debug logging is enabled, allows
local ...)
+	TODO: check
+CVE-2008-1683 (xscreensaver on Fedora 8, when an NIS authentication server is
...)
+	TODO: check
+CVE-2008-1682 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-1681 (Unspecified vulnerability in IBM DB2 Content Manager before 8.3
FP8 ...)
+	TODO: check
+CVE-2008-1680 (PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain ...)
+	TODO: check
+CVE-2008-1679
+	RESERVED
+CVE-2008-1678
+	RESERVED
+CVE-2008-1677
+	RESERVED
+CVE-2008-1676
+	RESERVED
+CVE-2008-1675
+	RESERVED
+CVE-2008-1674
+	RESERVED
+CVE-2008-1673
+	RESERVED
+CVE-2008-1672
+	RESERVED
+CVE-2008-1671
+	RESERVED
+CVE-2008-1670
+	RESERVED
+CVE-2008-1669
+	RESERVED
+CVE-2008-1668
+	RESERVED
+CVE-2008-1667
+	RESERVED
+CVE-2008-1666
+	RESERVED
+CVE-2008-1665
+	RESERVED
+CVE-2008-1664
+	RESERVED
+CVE-2008-1663
+	RESERVED
+CVE-2008-1662
+	RESERVED
+CVE-2008-1661
+	RESERVED
+CVE-2008-1660
+	RESERVED
+CVE-2008-1659
+	RESERVED
+CVE-2008-1658
+	RESERVED
+CVE-2008-1657 (OpenSSH before 4.9 allows remote authenticated users to bypass
the ...)
+	TODO: check
+CVE-2008-1656
+	RESERVED
+CVE-2008-1655
+	RESERVED
+CVE-2008-1654 (Interaction error between Adobe Flash and multiple Universal
Plug and ...)
+	TODO: check
+CVE-2008-1653 (Directory traversal vulnerability in index.php in
Sava''s Link Manager ...)
+	TODO: check
+CVE-2008-1652 (Directory traversal vulnerability in the _serve_request_multiple
...)
+	TODO: check
+CVE-2008-1651 (Directory traversal vulnerability in admin/login.php in EasyNews
4.0 ...)
+	TODO: check
+CVE-2008-1650 (SQL injection vulnerability in dynamicpages/index.php in
EasyNews 4.0 ...)
+	TODO: check
+CVE-2008-1649 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2008-1648 (Sympa before 5.4 allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CVE-2008-1647 (The ChilkatHttp.ChilkatHttp.1 and
ChilkatHttp.ChilkatHttpRequest.1 ...)
+	TODO: check
+CVE-2008-1646 (SQL injection vulnerability in wp-download.php in the
WP-Download 1.2 ...)
+	TODO: check
+CVE-2008-1645 (Directory traversal vulnerability in body.php in phpSpamManager
...)
+	TODO: check
+CVE-2008-1644 (SQL injection vulnerability in viewlinks.php in Sava''s
Link Manager ...)
+	TODO: check
+CVE-2008-1643 (Directory traversal vulnerability in the PXE TFTP Service ...)
+	TODO: check
+CVE-2008-1642 (Directory traversal vulnerability in index.php in
Sava''s GuestBook 2.0 ...)
+	TODO: check
+CVE-2008-1641 (SQL injection vulnerability in default.asp in EfesTECH Video 5.0
...)
+	TODO: check
+CVE-2008-1640 (SQL injection vulnerability in jgs_treffen.php in the JGS-XA
...)
+	TODO: check
+CVE-2008-1639 (SQL injection vulnerability in index.php in Neat weblog 0.2
allows ...)
+	TODO: check
+CVE-2008-1638 (Nik Sharpener Pro, possibly 2.0, uses world-writable permissions
for ...)
+	TODO: check
+CVE-2008-1637 (PowerDNS Recursor before 3.1.5 uses insufficient randomness to
...)
+	TODO: check
+CVE-2008-1636 (Cross-site scripting (XSS) vulnerability in index.php in JV2
Quick ...)
+	TODO: check
+CVE-2008-1635 (Directory traversal vulnerability in view_private.php in Keep It
...)
+	TODO: check
+CVE-2008-1634 (Cross-site scripting (XSS) vulnerability in index.php in JV2
Folder ...)
+	TODO: check
+CVE-2008-1633 (Unspecified vulnerability in Mondo Rescue before 2.2.5 has
unknown ...)
+	TODO: check
+CVE-2008-1632 (Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow
remote ...)
+	TODO: check
+CVE-2008-1631 (SQL injection vulnerability in login.php in CuteFlow 1.5.0 and
2.10.0 ...)
+	TODO: check
+CVE-2008-1630 (Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow
1.5.0 ...)
+	TODO: check
+CVE-2008-1629 (Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0
allows ...)
+	TODO: check
+CVE-2008-1628 (Stack-based buffer overflow in the audit_log_user_command
function in ...)
+	TODO: check
+CVE-2008-1627 (CDS Invenio 0.92.1 and earlier allows remote authenticated users
to ...)
+	TODO: check
+CVE-2008-1626 (SQL injection vulnerability in eggBlog before 4.0.1 allows
remote ...)
+	TODO: check
+CVE-2008-1625 (aavmker4.sys in avast! Home and Professional 4.7 for Windows
does not ...)
+	TODO: check
+CVE-2008-1624 (Directory traversal vulnerability in v2demo/page.php in Jshop
Server ...)
+	TODO: check
+CVE-2008-1623 (SQL injection vulnerability in admin_view_image.php in
Smoothflash ...)
+	TODO: check
+CVE-2008-1622 (Multiple PHP remote file inclusion vulnerabilities in GeeCarts
allow ...)
+	TODO: check
+CVE-2008-1621 (Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts
allow ...)
+	TODO: check
+CVE-2008-1620 (Directory traversal vulnerability in 2X TFTP service (TFTPd.exe)
...)
+	TODO: check
+CVE-2008-1619 (The ssm_i emulation in Xen 5.1 on IA64 architectures allows
attackers ...)
+	TODO: check
+CVE-2008-1618 (The PPTP VPN service in Watchguard Firebox before 10, when
performing ...)
+	TODO: check
+CVE-2008-1617
+	RESERVED
+CVE-2008-1616
+	RESERVED
+CVE-2008-1615
+	RESERVED
+CVE-2008-1614 (suPHP before 0.6.3 allows local users to gain privileges via (1)
a ...)
+	TODO: check
+CVE-2008-1613
+	RESERVED
+CVE-2008-1612 (The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17
allows ...)
+	TODO: check
+CVE-2008-1611 (Stack-based buffer overflow in TFTP Server SP 1.4 for Windows
allows ...)
+	TODO: check
+CVE-2008-1610 (Stack-based buffer overflow in TallSoft Quick TFTP Server Pro
2.1 ...)
+	TODO: check
+CVE-2008-1609 (Multiple PHP remote file inclusion vulnerabilities in just
another ...)
+	TODO: check
+CVE-2008-1608 (SQL injection vulnerability in postview.php in Clever Copy 3.0
allows ...)
+	TODO: check
+CVE-2008-1607 (SQL injection vulnerability in haberoku.php in Serbay Arslanhan
Bomba ...)
+	TODO: check
+CVE-2008-1606 (Multiple directory traversal vulnerabilities in Elastic Path
(EP) 4.1 ...)
+	TODO: check
+CVE-2008-1605 (The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and
(3) ...)
+	TODO: check
+CVE-2008-1604 (Cross-site scripting (XSS) vulnerability in PerlMailer before
3.02 ...)
+	TODO: check
+CVE-2008-1603 (Cross-site scripting (XSS) vulnerability in GNB DesignForm
before 3.9 ...)
+	TODO: check
+CVE-2008-1602 (Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4
allows ...)
+	TODO: check
+CVE-2003-1557 (Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through
2.43, ...)
+	TODO: check
+CVE-2003-1556 (Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in
CGI ...)
+	TODO: check
 CVE-2008-1601 (Stack-based buffer overflow in the reboot program on IBM AIX 5.2
and ...)
 	NOT-FOR-US: IBM AIX
 CVE-2008-1600 (The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not
properly ...)
@@ -150,7 +336,7 @@
 CVE-2008-1568 (comix 3.6.4 allows attackers to execute arbitrary commands via a
...)
 	- comix 3.6.4-1.1 (low; bug #462840)
 	NOTE: comix can''t be used in a non-interactive setup thus the impact
level
-CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the (1) MySQL username, (2)
...)
+CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2)
...)
 	- phpmyadmin 2.11.5.1 (unimportant)
 	NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2
 	NOTE: It is a workaround for the limited security that PHP has for
@@ -193,8 +379,8 @@
 	RESERVED
 CVE-2008-1516
 	RESERVED
-CVE-2008-1515
-	RESERVED
+CVE-2008-1515 (The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before
2.2.6 ...)
+	TODO: check
 CVE-2008-1514 (ptrace in Linux kernel 2.6.9 on Fedora 7 and 8 allows local
users to ...)
 	TODO: check
 	NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24
here
@@ -253,7 +439,7 @@
 	- php5-apc <itp> (bug #335404)
 CVE-2008-1487 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA
before ...)
 	NOT-FOR-US: LinPHA
-CVE-2008-1486 (SQL injection vulnerability in Phorum before 5.2.6 , when
mysql_use_ft ...)
+CVE-2008-1486 (SQL injection vulnerability in Phorum before 5.2.6, when
mysql_use_ft ...)
 	NOT-FOR-US: Phorum
 CVE-2008-1485 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and
earlier ...)
 	NOT-FOR-US: PunBB
@@ -496,10 +682,10 @@
 	RESERVED
 CVE-2008-1375
 	RESERVED
-CVE-2008-1374
-	RESERVED
-CVE-2008-1373
-	RESERVED
+CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise
Linux ...)
+	TODO: check
+CVE-2008-1373 (Buffer overflow in the gif_read_lzw in CUPS 1.3.6 allows remote
...)
+	TODO: check
 CVE-2008-1372 (bzlib.c in bzip2 before 1.0.5 allows user-assisted remote
attackers to ...)
 	- bzip2 1.0.5-0.1 (bug #471670)
 CVE-2008-1371 (Absolute path traversal vulnerability in install/index.php in
Drake ...)
@@ -531,7 +717,7 @@
 	NOT-FOR-US: VMware
 CVE-2008-1359 (Cross-site scripting (XSS) vulnerability in Invision Power Board
(IPB ...)
 	NOT-FOR-US: Invision Power Board
-CVE-2008-1358 (Sack-based buffer overflow in the IMAP server in Alt-N
Technologies ...)
+CVE-2008-1358 (Stack-based buffer overflow in the IMAP server in Alt-N
Technologies ...)
 	NOT-FOR-US: MDaemon
 CVE-2008-1357 (Format string vulnerability in the logDetail function of
applib.dll in ...)
 	NOT-FOR-US: McAfee Common Management Agent
@@ -590,14 +776,14 @@
 CVE-2008-1332 (Unspecified vulnerability in Asterisk Open Source 1.2.x before
1.2.27, ...)
 	{DSA-1525-1}
 	- asterisk 1:1.4.18.1~dfsg-1 (medium)
-CVE-2008-1331
-	RESERVED
+CVE-2008-1331 (Unspecified vulnerability in OmniPCX Office with Internet Access
...)
+	TODO: check
 CVE-2008-1330 (Unspecified vulnerability in the Windows client API in Novell
...)
 	NOT-FOR-US: Novell Groupwise
-CVE-2008-1329
-	RESERVED
-CVE-2008-1328
-	RESERVED
+CVE-2008-1329 (Unspecified vulnerability in the NetBackup service in CA
ARCserve ...)
+	TODO: check
+CVE-2008-1328 (Buffer overflow in the LGServer service in CA ARCserve Backup
for ...)
+	TODO: check
 CVE-2008-1327 (Gallarific does not require authentication for (1) users.php and
(2) ...)
 	NOT-FOR-US: Gallarific
 CVE-2008-1326 (Cross-site scripting (XSS) vulnerability in search.php in
Gallarific ...)
@@ -1009,8 +1195,8 @@
 	TODO: check
 CVE-2008-1155
 	RESERVED
-CVE-2008-1154
-	RESERVED
+CVE-2008-1154 (The Disaster Recovery Framework (DRF) master server in Cisco
Unified ...)
+	TODO: check
 CVE-2008-1153 (Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and
the ...)
 	TODO: check
 CVE-2008-1152 (The data-link switching (DLSw) component in Cisco IOS 12.0
through ...)
@@ -1287,8 +1473,7 @@
 CVE-2008-1111 (mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts
...)
 	{DSA-1513-1}
 	- lighttpd 1.4.18-4 (low; bug #469307)
-CVE-2008-1142 [insecure default behaviour in rxvt for handling DISPLAY
variable]
-	RESERVED
+CVE-2008-1142 (rxvt 2.6.4 opens an xterm on :0 if the DISPLAY environment
variable is ...)
 	- rxvt <unfixed> (unimportant; bug #469296)
 	- eterm <unfixed> (unimportant; bug #473127)
 	TODO: Let''s make sure it gets still fixed for Lenny
@@ -1356,28 +1541,28 @@
 	RESERVED
 CVE-2008-1024
 	RESERVED
-CVE-2008-1023
-	RESERVED
-CVE-2008-1022
-	RESERVED
-CVE-2008-1021
-	RESERVED
-CVE-2008-1020
-	RESERVED
-CVE-2008-1019
-	RESERVED
-CVE-2008-1018
-	RESERVED
-CVE-2008-1017
-	RESERVED
-CVE-2008-1016
-	RESERVED
-CVE-2008-1015
-	RESERVED
-CVE-2008-1014
-	RESERVED
-CVE-2008-1013
-	RESERVED
+CVE-2008-1023 (Heap-based buffer overflow in Clip opcode parsing in Apple
QuickTime ...)
+	TODO: check
+CVE-2008-1022 (Stack-based buffer overflow in Apple QuickTime before 7.4.5
allows ...)
+	TODO: check
+CVE-2008-1021 (Heap-based buffer overflow in Animation codec content handling
in ...)
+	TODO: check
+CVE-2008-1020 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime
before ...)
+	TODO: check
+CVE-2008-1019 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime
before ...)
+	TODO: check
+CVE-2008-1018 (Heap-based buffer overflow in Apple QuickTime before 7.4.5
allows ...)
+	TODO: check
+CVE-2008-1017 (Heap-based buffer overflow in clipping region (aka crgn) atom
handling ...)
+	TODO: check
+CVE-2008-1016 (Apple QuickTime before 7.4.5 does not properly handle movie
media ...)
+	TODO: check
+CVE-2008-1015 (Buffer overflow in the data reference atom handling in Apple
QuickTime ...)
+	TODO: check
+CVE-2008-1014 (Apple QuickTime before 7.4.5 does not properly handle external
URLs in ...)
+	TODO: check
+CVE-2008-1013 (Apple QuickTime before 7.4.5 enables deserialization of QTJava
objects ...)
+	TODO: check
 CVE-2008-1012 (Unspecified vulnerability in Apple AirPort Extreme Base Station
...)
 	NOT-FOR-US: Apple AirPort 
 CVE-2008-1011 (Cross-site scripting (XSS) vulnerability in WebKit, as used in
Apple ...)
@@ -1639,14 +1824,14 @@
 CVE-2008-0888 (The NEEDBITS macro in the inflate_dynamic function in inflate.c
for ...)
 	{DSA-1522-1}
 	- unzip 5.52-11
-CVE-2008-0887
-	RESERVED
+CVE-2008-0887 (gnome-screensaver before 2.22.1, when a remote authentication
server ...)
+	TODO: check
 CVE-2008-0886
 	REJECTED
 CVE-2008-0885
 	RESERVED
-CVE-2008-0884
-	RESERVED
+CVE-2008-0884 (The Replace function in the capp-lspp-config script in the (1)
...)
+	TODO: check
 CVE-2008-0882 (Double free vulnerability in the process_browse_data function in
CUPS ...)
 	{DSA-1530-1 DTSA-117-1}
 	- cupsys 1.3.6-1 (medium; bug #467653)
@@ -2027,10 +2212,10 @@
 	RESERVED
 CVE-2008-0710
 	RESERVED
-CVE-2008-0709
-	RESERVED
-CVE-2008-0708
-	RESERVED
+CVE-2008-0709 (Multiple unspecified vulnerabilities in HP Select Identity 4.00,
4.01, ...)
+	TODO: check
+CVE-2008-0708 (HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and
(2) ...)
+	TODO: check
 CVE-2008-0707 (HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on
HP-UX ...)
 	NOT-FOR-US: HP-UX
 CVE-2008-0706 (Unspecified vulnerability in the BIOS F.26 and earlier for the
HP ...)
@@ -2362,8 +2547,8 @@
 	NOT-FOR-US: CatalogShop componenent for Mambo and Joomla!
 CVE-2008-0556 (Cross-site request forgery (CSRF) vulnerability in OpenCA PKI
0.9.2.5, ...)
 	NOT-FOR-US: OpenCA PKI Project
-CVE-2008-0555
-	RESERVED
+CVE-2008-0555 (The ExpandCert function in Apache-SSL before
apache_1.3.41+ssl_1.59 ...)
+	TODO: check
 CVE-2008-0552 (Cross-site scripting (XSS) vulnerability in index.php in eTicket
...)
 	NOT-FOR-US: eTicket
 CVE-2008-0551 (The NamoInstaller.NamoInstall.1 ActiveX control in
NamoInstaller.dll ...)
@@ -2959,10 +3144,10 @@
 	RESERVED
 CVE-2008-0312
 	RESERVED
-CVE-2008-0311
-	RESERVED
-CVE-2008-0310
-	RESERVED
+CVE-2008-0311 (Stack-based buffer overflow in the PGMWebHandler::parse_request
...)
+	TODO: check
+CVE-2008-0310 (Directory traversal vulnerability in pkgadd in SCO UnixWare
7.1.4 ...)
+	TODO: check
 CVE-2008-0309 (Stack-based buffer overflow in Symantec Decomposer, as used in
certain ...)
 	NOT-FOR-US: Symantec Decomposer
 CVE-2008-0308 (Symantec Decomposer, as used in certain Symantec antivirus
products ...)
@@ -3574,8 +3759,8 @@
 	RESERVED
 CVE-2008-0070 (Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote
BETA ...)
 	TODO: check
-CVE-2008-0069
-	RESERVED
+CVE-2008-0069 (Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows
...)
+	TODO: check
 CVE-2008-0068
 	RESERVED
 CVE-2008-0067
@@ -6502,8 +6687,8 @@
 	NOT-FOR-US: Adobe Reader
 CVE-2007-5662
 	RESERVED
-CVE-2007-5661
-	RESERVED
+CVE-2007-5661 (The Macrovision InstallShield InstallScript One-Click Install
(OCI) ...)
+	TODO: check
 CVE-2007-5660 (Unspecified vulnerability in the Update Service ActiveX control
in ...)
 	NOT-FOR-US:  MacroVision FLEXnet Connect and InstallShield 2008
 CVE-2007-5659 (Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and
...)
@@ -9605,8 +9790,8 @@
 	NOT-FOR-US: IBM AIX
 CVE-2007-4621 (Buffer overflow in crontab in IBM AIX 5.2 allows local users to
gain ...)
 	NOT-FOR-US: IBM AIX
-CVE-2007-4620
-	RESERVED
+CVE-2007-4620 (Multiple stack-based buffer overflows in Computer Associates
(CA) ...)
+	TODO: check
 CVE-2007-4619 (Multiple integer overflows in Free Lossless Audio Codec (FLAC)
libFLAC ...)
 	{DSA-1469-1}
 	- flac 1.2.1-1 (medium)
@@ -35043,7 +35228,7 @@
 	NOT-FOR-US: PHPX
 CVE-2006-0932 (Directory traversal vulnerability in zip.lib.php 0.1.1 in ...)
 	NOT-FOR-US: zip.lib.php
-CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2
allows ...)
+CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and
other ...)
 	- php5 <unfixed> (bug #368545; unimportant)
 	- php4 <unfixed> (bug #368545; unimportant)
 	NOTE: is this really a vulnerability in pear?  it seems it should be a bug
Secure testing commits - Apr 2008 - r8488 - data/CVE

[Secure-testing-commits] r8488 - data/CVE
