joeyh at alioth.debian.org
2008-Apr-09 09:14 UTC
[Secure-testing-commits] r8491 - data/CVE
Author: joeyh
Date: 2008-04-09 09:14:17 +0000 (Wed, 09 Apr 2008)
New Revision: 8491
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-04-08 22:38:50 UTC (rev 8490)
+++ data/CVE/list 2008-04-09 09:14:17 UTC (rev 8491)
@@ -1,3 +1,27 @@
+CVE-2008-1704
+ RESERVED
+CVE-2008-1703
+ RESERVED
+CVE-2008-1702 (Absolute path traversal vulnerability in dload.php in the
my_gallery ...)
+ TODO: check
+CVE-2008-1701 (Novell NetWare 6.5 allows attackers to cause a denial of service
...)
+ TODO: check
+CVE-2008-1700 (The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in
WorkSite ...)
+ TODO: check
+CVE-2008-1699 (SQL injection vulnerability in permalink.php in Desi Quintans
Writer''s ...)
+ TODO: check
+CVE-2008-1698 (Cross-site scripting (XSS) vulnerability in gallery.php in
Simple ...)
+ TODO: check
+CVE-2008-1697 (Stack-based buffer overflow in ovwparser.dll in HP OpenView
Network ...)
+ TODO: check
+CVE-2008-1696 (Directory traversal vulnerability in makepost.php in DaZPHPNews
0.1-1, ...)
+ TODO: check
+CVE-2008-1695
+ RESERVED
+CVE-2008-1694
+ RESERVED
+CVE-2008-1693
+ RESERVED
CVE-2008-1692 (Eterm 0.9.4 opens an xterm on :0 if -display is not specified
and the ...)
TODO: check
CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0
and ...)
@@ -10,8 +34,8 @@
RESERVED
CVE-2008-1687
RESERVED
-CVE-2008-1686
- RESERVED
+CVE-2008-1686 (Uncontrolled array index in Speex 1.1.12 and earlier, as used in
...)
+ TODO: check
CVE-2008-1685 (gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts
are not ...)
TODO: check
CVE-2008-1684 (inetd on Sun Solaris 10, when debug logging is enabled, allows
local ...)
@@ -148,8 +172,8 @@
TODO: check
CVE-2008-1618 (The PPTP VPN service in Watchguard Firebox before 10, when
performing ...)
TODO: check
-CVE-2008-1617
- RESERVED
+CVE-2008-1617 (Double free vulnerability in Web TransferCtrl Class 8,2,1,4 ...)
+ TODO: check
CVE-2008-1616
RESERVED
CVE-2008-1615
@@ -335,7 +359,7 @@
- policyd-weight 0.1.14.17-1 (low)
CVE-2008-1568 (comix 3.6.4 allows attackers to execute arbitrary commands via a
...)
- comix 3.6.4-1.1 (low; bug #462840)
- [etch] - comix <no-dsa> (Minor issue)
+ [etch] - comix <no-dsa> (Minor issue)
NOTE: comix can''t be used in a non-interactive setup thus the impact
level
CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2)
...)
- phpmyadmin 2.11.5.1 (unimportant)
@@ -734,6 +758,7 @@
CVE-2008-1352 (Directory traversal vulnerability in search.php in EdiorCMS
(ecms) 3.0 ...)
NOT-FOR-US: EdiorCMS
CVE-2008-1351 (SQL injection vulnerability in the Tutorials 2.1b module for
XOOPS ...)
+ {DSA-1540-1}
NOT-FOR-US: Tutorials module for XOOPS
CVE-2008-1350 (SQL injection vulnerability in kb.php in Fully Modded phpBB
(phpbbfm) ...)
NOT-FOR-US: Fully Modded phpBB
@@ -1386,22 +1411,22 @@
NOT-FOR-US: Microsoft Jet Database Engine
CVE-2008-1091
RESERVED
-CVE-2008-1090
- RESERVED
-CVE-2008-1089
- RESERVED
-CVE-2008-1088
- RESERVED
-CVE-2008-1087
- RESERVED
-CVE-2008-1086
- RESERVED
-CVE-2008-1085
- RESERVED
-CVE-2008-1084
- RESERVED
-CVE-2008-1083
- RESERVED
+CVE-2008-1090 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2
and ...)
+ TODO: check
+CVE-2008-1089 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2
and ...)
+ TODO: check
+CVE-2008-1088 (Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2
...)
+ TODO: check
+CVE-2008-1087 (Stack-based buffer overflow in GDI in Microsoft Windows 2000
SP4, XP ...)
+ TODO: check
+CVE-2008-1086 (The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft
...)
+ TODO: check
+CVE-2008-1085 (Use after free vulnerability in Microsoft Internet Explorer 5.01
SP4, ...)
+ TODO: check
+CVE-2008-1084 (Unspecified vulnerability in the kernel in Microsoft Windows 200
SP4, ...)
+ TODO: check
+CVE-2008-1083 (Heap-based buffer overflow in GDI in Microsoft Windows 2000 SP4,
XP ...)
+ TODO: check
CVE-2008-1082 (Opera before 9.26 allows remote attackers to "bypass
sanitization ...)
NOT-FOR-US: Opera
CVE-2008-1081 (Opera before 9.26 allows user-assisted remote attackers to
execute ...)
@@ -2209,8 +2234,8 @@
RESERVED
CVE-2008-0712
RESERVED
-CVE-2008-0711
- RESERVED
+CVE-2008-0711 (Unspecified vulnerability in the embedded management console in
HP ...)
+ TODO: check
CVE-2008-0710
RESERVED
CVE-2008-0709 (Multiple unspecified vulnerabilities in HP Select Identity 4.00,
4.01, ...)
@@ -2314,6 +2339,7 @@
CVE-2008-0659 (Stack-based buffer overflow in Aurigma Image Uploader ActiveX
control ...)
NOT-FOR-US: Aurigma Image Uploader
CVE-2008-0658 (slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP
...)
+ {DSA-1541-1}
- openldap2.3 2.4.7-6.1 (low; bug #465875)
- openldap2.2 <removed>
- openldap2 <not-affected> (slapd not built from this version)
@@ -2655,6 +2681,7 @@
CVE-2007-6699 (Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX
control ...)
NOT-FOR-US: AIM PicEditor
CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36 allows
remote ...)
+ {DSA-1541-1}
- openldap2.3 2.3.38-1
- openldap2.2 <removed>
- openldap2 <not-affected> (slapd not built)
@@ -3141,10 +3168,10 @@
RESERVED
CVE-2008-0314
RESERVED
-CVE-2008-0313
- RESERVED
-CVE-2008-0312
- RESERVED
+CVE-2008-0313 (The ActiveDataInfo.LaunchProcess method in the ...)
+ TODO: check
+CVE-2008-0312 (Stack-based buffer overflow in the AutoFix Support Tool ActiveX
...)
+ TODO: check
CVE-2008-0311 (Stack-based buffer overflow in the PGMWebHandler::parse_request
...)
TODO: check
CVE-2008-0310 (Directory traversal vulnerability in pkgadd in SCO UnixWare
7.1.4 ...)
@@ -3393,7 +3420,7 @@
NOT-FOR-US: HP Select Identity
CVE-2008-0213 (Unspecified vulnerability in a certain ActiveX control for HP
Virtual ...)
NOT-FOR-US: HP Virtual Rooms
-CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) ...)
+CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01,
and ...)
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-0211 (Unspecified vulnerability in the BIOS F.04 through F.11 for the
HP ...)
TODO: check
@@ -3719,16 +3746,16 @@
NOT-FOR-US: ClipShare
CVE-2008-0088 (Unspecified vulnerability in Active Directory on Microsoft
Windows ...)
NOT-FOR-US: Windows
-CVE-2008-0087
- RESERVED
+CVE-2008-0087 (The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server
2003 SP1 ...)
+ TODO: check
CVE-2008-0086
RESERVED
CVE-2008-0085
RESERVED
CVE-2008-0084 (Unspecified vulnerability in the TCP/IP support in Microsoft
Windows ...)
NOT-FOR-US: Windows
-CVE-2008-0083
- RESERVED
+CVE-2008-0083 (The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll)
...)
+ TODO: check
CVE-2008-0082
RESERVED
CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through
2003 ...)
@@ -6580,11 +6607,12 @@
CVE-2002-2307 (The default configuration of BenHur Firewall release 3 update
066 fix ...)
NOT-FOR-US: not processed, predates tracker
CVE-2007-5707 (OpenLDAP before 2.3.39 allows remote attackers to cause a denial
of ...)
+ {DSA-1541-1}
- openldap2.3 2.3.38-1 (medium; bug #440632)
- openldap2.2 <removed>
- openldap2 <not-affected> (slapd not built)
CVE-2007-5708 (slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before
2.3.39, ...)
- {DTSA-87-1}
+ {DSA-1541-1 DTSA-87-1}
- openldap2.3 2.3.39-1 (medium; bug #448644)
CVE-2007-2983 (Multiple buffer overflows in the British Telecommunications
Consumer ...)
NOT-FOR-US: British Telecommunications Consumer webhelper
@@ -40658,7 +40686,7 @@
NOT-FOR-US: HP Advanced Server
CVE-2002-2137 (GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T,
and ...)
NOT-FOR-US: GlobalSunTech Wireless Access Points
-CVE-2002-2136 (The Web-Based Enterprise Management (WBEM) packages (1)
SUNWwbdoc, (2) ...)
+CVE-2002-2136
REJECTED
NOT-FOR-US: SUNW*
CVE-2002-2135