Author: nion Date: 2008-04-09 17:50:34 +0000 (Wed, 09 Apr 2008) New Revision: 8496 Modified: data/CVE/list Log: NFUs new flashplugin-nonfree issue (CVE-2008-1654) new mondo issue (CVE-2008-1633) cuteflow has an itp open (CVE-2008-163[0-2]) new auditd issue (CVE-2008-1628) Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-04-09 13:34:35 UTC (rev 8495) +++ data/CVE/list 2008-04-09 17:50:34 UTC (rev 8496) @@ -103,7 +103,7 @@ CVE-2008-1655 RESERVED CVE-2008-1654 (Interaction error between Adobe Flash and multiple Universal Plug and ...) - TODO: check + - flashplugin-nonfree <unfixed> CVE-2008-1653 (Directory traversal vulnerability in index.php in Sava''s Link Manager ...) NOT-FOR-US: Sava''s Link Manager CVE-2008-1652 (Directory traversal vulnerability in the _serve_request_multiple ...) @@ -145,33 +145,34 @@ CVE-2008-1634 (Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder ...) NOT-FOR-US: JV2 Folder Gallery CVE-2008-1633 (Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown ...) - TODO: check + - mondo <unfixed> (bug #475221) CVE-2008-1632 (Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote ...) - TODO: check + - cuteflow <itp> (bug #465372) CVE-2008-1631 (SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 ...) - TODO: check + - cuteflow <itp> (bug #465372) CVE-2008-1630 (Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 ...) - TODO: check + - cuteflow <itp> (bug #465372) CVE-2008-1629 (Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows ...) - TODO: check + NOT-FOR-US: PHPkrm CVE-2008-1628 (Stack-based buffer overflow in the audit_log_user_command function in ...) - TODO: check + - auditd <unfixed> (medium; bug #475227) + NOTE: auditd runs as root CVE-2008-1627 (CDS Invenio 0.92.1 and earlier allows remote authenticated users to ...) - TODO: check + NOT-FOR-US: CDS Invenio CVE-2008-1626 (SQL injection vulnerability in eggBlog before 4.0.1 allows remote ...) - TODO: check + NOT-FOR-US: eggBlog CVE-2008-1625 (aavmker4.sys in avast! Home and Professional 4.7 for Windows does not ...) - TODO: check + NOT-FOR-US: avast! Home and Professional CVE-2008-1624 (Directory traversal vulnerability in v2demo/page.php in Jshop Server ...) - TODO: check + NOT-FOR-US: Jshop Server CVE-2008-1623 (SQL injection vulnerability in admin_view_image.php in Smoothflash ...) - TODO: check + NOT-FOR-US: Smoothflash CVE-2008-1622 (Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow ...) - TODO: check + NOT-FOR-US: GeeCarts CVE-2008-1621 (Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow ...) - TODO: check + NOT-FOR-US: GeeCarts CVE-2008-1620 (Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) ...) - TODO: check + NOT-FOR-US: ThinClientServer CVE-2008-1619 (The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers ...) TODO: check CVE-2008-1618 (The PPTP VPN service in Watchguard Firebox before 10, when performing ...)