joeyh at alioth.debian.org
2008-Apr-15 09:14 UTC
[Secure-testing-commits] r8527 - data/CVE
Author: joeyh
Date: 2008-04-15 09:14:11 +0000 (Tue, 15 Apr 2008)
New Revision: 8527
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-04-14 17:01:00 UTC (rev 8526)
+++ data/CVE/list 2008-04-15 09:14:11 UTC (rev 8527)
@@ -1,3 +1,157 @@
+CVE-2008-1781
+ RESERVED
+CVE-2008-1780 (Unspecified vulnerability in the labeled networking
functionality in ...)
+ TODO: check
+CVE-2008-1779 (Sun Solaris 8, 9, and 10 allows "remote
privileged" users to cause a ...)
+ TODO: check
+CVE-2008-1778 (Unspecified vulnerability in the floating point context switch
...)
+ TODO: check
+CVE-2008-1777 (The eDirectory Host Environment service (dhost.exe) in Novell
...)
+ TODO: check
+CVE-2008-1776 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-1775 (Cross-site scripting (XSS) vulnerability in mindex.do in
ManageEngine ...)
+ TODO: check
+CVE-2008-1774 (SQL injection vulnerability in editlink.php in Pligg 9.9.0
allows ...)
+ TODO: check
+CVE-2008-1773 (PHP remote file inclusion vulnerability in
includes/header.inc.php in ...)
+ TODO: check
+CVE-2008-1772 (iScripts SocialWare stores passwords in cleartext in a database,
which ...)
+ TODO: check
+CVE-2008-1771
+ RESERVED
+CVE-2008-1770
+ RESERVED
+CVE-2008-1769
+ RESERVED
+CVE-2008-1768
+ RESERVED
+CVE-2008-1767
+ RESERVED
+CVE-2008-1766 (Multiple unspecified vulnerabilities in phpBB before 3.0.1 have
...)
+ TODO: check
+CVE-2008-1765
+ RESERVED
+CVE-2008-1764 (Unspecified vulnerability in Opera for Windows before 9.27 has
unknown ...)
+ TODO: check
+CVE-2008-1763 (SQL injection vulnerability in
_blogadata/include/sond_result.php in ...)
+ TODO: check
+CVE-2008-1762 (Opera before 9.27 allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2008-1761 (Opera before 9.27 allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2008-1760 (Multiple PHP remote file inclusion vulnerabilities in
Blogator-script ...)
+ TODO: check
+CVE-2008-1759 (SQL injection vulnerability in the jeuxflash module for KwsPHP
allows ...)
+ TODO: check
+CVE-2008-1758 (SQL injection vulnerability in the ConcoursPhoto module for
KwsPHP ...)
+ TODO: check
+CVE-2008-1757 (Cross-site scripting (XSS) vulnerability in index.php in the
...)
+ TODO: check
+CVE-2008-1756 (Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid
Engine ...)
+ TODO: check
+CVE-2008-1755 (Directory traversal vulnerability in the showSource function in
...)
+ TODO: check
+CVE-2008-1754 (Symantec Altiris Deployment Solution before 6.9.164 stores the
...)
+ TODO: check
+CVE-2008-1753 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2008-1752 (ezRADIUS 0.1 stores sensitive information under the web root
with ...)
+ TODO: check
+CVE-2008-1751 (Multiple directory traversal vulnerabilities in index.php in
Ksemail ...)
+ TODO: check
+CVE-2008-1750 (SQL injection vulnerability in Integry Systems LiveCart 1.1.1
and ...)
+ TODO: check
+CVE-2008-1749
+ RESERVED
+CVE-2008-1748
+ RESERVED
+CVE-2008-1747
+ RESERVED
+CVE-2008-1746
+ RESERVED
+CVE-2008-1745
+ RESERVED
+CVE-2008-1744
+ RESERVED
+CVE-2008-1743
+ RESERVED
+CVE-2008-1742
+ RESERVED
+CVE-2008-1741
+ RESERVED
+CVE-2008-1740
+ RESERVED
+CVE-2008-1739
+ RESERVED
+CVE-2008-1738
+ RESERVED
+CVE-2008-1737
+ RESERVED
+CVE-2008-1736
+ RESERVED
+CVE-2008-1735
+ RESERVED
+CVE-2008-1734
+ RESERVED
+CVE-2008-1733 (SQL injection vulnerability in puarcade.class.php 2.2 and
earlier in ...)
+ TODO: check
+CVE-2008-1732 (SQL injection vulnerability in showpredictionsformatch.php in
...)
+ TODO: check
+CVE-2008-1731 (The Simple Access module for Drupal 5.x through 5.x-1.2-2 does
not ...)
+ TODO: check
+CVE-2008-1730 (Directory traversal vulnerability in download.html in ARWScripts
...)
+ TODO: check
+CVE-2008-1729 (The menu system in Drupal 6 before 6.2 has incorrect menu
settings, ...)
+ TODO: check
+CVE-2008-1728 (ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5
allows ...)
+ TODO: check
+CVE-2008-1727 (KnowledgeQuest 2.5 and 2.6 does not require authentication for
access ...)
+ TODO: check
+CVE-2008-1726 (Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6,
when ...)
+ TODO: check
+CVE-2008-1725 (The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in
IBiz ...)
+ TODO: check
+CVE-2008-1724 (Stack-based buffer overflow in the IActiveXTransfer.FileTransfer
...)
+ TODO: check
+CVE-2008-1723
+ RESERVED
+CVE-2008-1722 (Multiple integer overflows in (1) filter/image-png.c and (2)
...)
+ TODO: check
+CVE-2008-1721 (Integer signedness error in the zlib extension module in Python
2.5.2 ...)
+ TODO: check
+CVE-2008-1719 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Nuke ET ...)
+ TODO: check
+CVE-2008-1718 (Buffer overflow in mimesr.dll in Autonomy (formerly Verity)
KeyView, ...)
+ TODO: check
+CVE-2008-1717 (WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board
3.0.5 ...)
+ TODO: check
+CVE-2008-1716 (Cross-site scripting (XSS) vulnerability in WoltLab Community
...)
+ TODO: check
+CVE-2008-1715 (SQL injection vulnerability in content/user.php in AuraCMS 2.2.1
and ...)
+ TODO: check
+CVE-2008-1714 (SQL injection vulnerability in show.php in FaScript FaPhoto 1.0,
when ...)
+ TODO: check
+CVE-2008-1713 (MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote
...)
+ TODO: check
+CVE-2008-1712 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-1711 (Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0
stores ...)
+ TODO: check
+CVE-2008-1710 (Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1
allows ...)
+ TODO: check
+CVE-2008-1709 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows
...)
+ TODO: check
+CVE-2008-1708 (IBM solidDB 06.00.1018 and earlier does not validate a certain
field ...)
+ TODO: check
+CVE-2008-1707 (IBM solidDB 06.00.1018 and earlier allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2008-1706 (Uncontrolled array index in IBM solidDB 06.00.1018 and earlier
allows ...)
+ TODO: check
+CVE-2008-1705 (Format string vulnerability in the logging function in IBM
solidDB ...)
+ TODO: check
+CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in
Linux ...)
+ TODO: check
CVE-2008-XXXX [Incorrect input validation in PyString_FromStringAndSize()]
- python2.5 <unfixed>
TODO: python2.4 needs to be checked
@@ -7,15 +161,15 @@
CVE-2008-XXXX [tss not properly dropping privileges]
- tss <unfixed> (medium; bug #475747; bug #475736)
TODO: request CVE ids
-CVE-2008-1720 [rsync xattrs buffer overflow]
+CVE-2008-1720 (Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute
...)
{DSA-1545-1}
- rsync 3.0.2-1
NOTE: Etch is affected (it enables the acl upstream patch)
NOTE: http://samba.anu.edu.au/rsync/security.html#s3_0_2
-CVE-2008-1704
- RESERVED
-CVE-2008-1703
- RESERVED
+CVE-2008-1704 (Multiple buffer overflows in TIBCO Software Enterprise Message
Service ...)
+ TODO: check
+CVE-2008-1703 (Multiple buffer overflows in TIBCO Software Rendezvous before
8.1.0, ...)
+ TODO: check
CVE-2008-1702 (Absolute path traversal vulnerability in dload.php in the
my_gallery ...)
NOT-FOR-US: my_gallery plugin for e107
CVE-2008-1701 (Novell NetWare 6.5 allows attackers to cause a denial of service
...)
@@ -45,10 +199,10 @@
NOT-FOR-US: SLMail Pro
CVE-2008-1689 (Stack consumption vulnerability in WebContainer.exe 1.0.0.336
and ...)
NOT-FOR-US: SLMail Pro
-CVE-2008-1688
- RESERVED
-CVE-2008-1687
- RESERVED
+CVE-2008-1688 (Unspecified vulnerability in GNU m4 before 1.4.11 might allow
...)
+ TODO: check
+CVE-2008-1687 (The (1) maketemp and (2) mkstemp builtin functions in GNU m4
before ...)
+ TODO: check
CVE-2008-1686 (Uncontrolled array index in Speex 1.1.12 and earlier, as used in
...)
- speex 1.2~beta2-1 (medium)
- libfishsound 0.7.0-2.2 (medium; bug #475152)
@@ -57,7 +211,8 @@
NOTE: dup of CVE-2006-1902 which is fixed in Debian?
CVE-2008-1684 (inetd on Sun Solaris 10, when debug logging is enabled, allows
local ...)
NOT-FOR-US: Sun Solaris
-CVE-2008-1683 (xscreensaver on Fedora 8, when an NIS authentication server is
...)
+CVE-2008-1683
+ REJECTED
NOTE: will be rejected, dup of CVE-2008-0887
CVE-2008-1682 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: com_onlineflashquiz component for Joomla!
@@ -107,14 +262,14 @@
RESERVED
CVE-2008-1659
RESERVED
-CVE-2008-1658
- RESERVED
+CVE-2008-1658 (Format string vulnerability in the grant helper ...)
+ TODO: check
CVE-2008-1657 (OpenSSH before 4.9 allows remote authenticated users to bypass
the ...)
- openssh 1:4.7p1-8 (low; bug #475156)
-CVE-2008-1656
- RESERVED
-CVE-2008-1655
- RESERVED
+CVE-2008-1656 (Adobe ColdFusion 8 and 8.0.1 does not properly implement the
public ...)
+ TODO: check
+CVE-2008-1655 (Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and
earlier, ...)
+ TODO: check
CVE-2008-1654 (Interaction error between Adobe Flash and multiple Universal
Plug and ...)
- flashplugin-nonfree <unfixed>
CVE-2008-1653 (Directory traversal vulnerability in index.php in
Sava''s Link Manager ...)
@@ -361,7 +516,7 @@
- joomla <itp> (bug #326398)
CVE-2008-1532 (Perlbal before 1.70, when buffered upload is enabled, allows
remote ...)
- perlbal <itp> (bug #456534)
-CVE-2008-1531 (lighttpd 1.4.19 and earlier allows remote attackers to cause a
denial ...)
+CVE-2008-1531 (lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows
remote ...)
{DSA-1540-1}
- lighttpd 1.4.19-2 (low; bug #475438)
CVE-2005-4874 (The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP
TRACE ...)
@@ -713,8 +868,8 @@
NOTE: Only exploitable through malicious script
CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile
or ...)
NOT-FOR-US: Gentoo Linux Ebuilds
-CVE-2008-1382
- RESERVED
+CVE-2008-1382 (libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and
1.4.0beta01 ...)
+ TODO: check
CVE-2008-1381
RESERVED
CVE-2008-1380
@@ -1410,10 +1565,10 @@
RESERVED
CVE-2008-1102
RESERVED
-CVE-2008-1101
- RESERVED
-CVE-2008-1100
- RESERVED
+CVE-2008-1101 (Buffer overflow in kvdocve.dll in the KeyView document viewing
engine ...)
+ TODO: check
+CVE-2008-1100 (Buffer overflow in the cli_scanpe function in libclamav ...)
+ TODO: check
CVE-2008-1099 (_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does
not ...)
{DSA-1514-1}
- moin 1.5.8-5.1
@@ -1448,9 +1603,9 @@
NOT-FOR-US: Microsoft
CVE-2008-1085 (Use after free vulnerability in Microsoft Internet Explorer 5.01
SP4, ...)
NOT-FOR-US: Microsoft
-CVE-2008-1084 (Unspecified vulnerability in the kernel in Microsoft Windows 200
SP4, ...)
+CVE-2008-1084 (Unspecified vulnerability in the kernel in Microsoft Windows
2000 SP4, ...)
NOT-FOR-US: Microsoft
-CVE-2008-1083 (Heap-based buffer overflow in GDI in Microsoft Windows 2000 SP4,
XP ...)
+CVE-2008-1083 (Heap-based buffer overflow in the CreateDIBPatternBrushPt
function in ...)
NOT-FOR-US: Microsoft
CVE-2008-1082 (Opera before 9.26 allows remote attackers to "bypass
sanitization ...)
NOT-FOR-US: Opera
@@ -1715,12 +1870,12 @@
RESERVED
CVE-2008-0964
RESERVED
-CVE-2008-0963
- RESERVED
-CVE-2008-0962
- RESERVED
-CVE-2008-0961
- RESERVED
+CVE-2008-0963 (Format string vulnerability in EMC DiskXtender MediaStor
6.20.060 ...)
+ TODO: check
+CVE-2008-0962 (Stack-based buffer overflow in the File System Manager for EMC
...)
+ TODO: check
+CVE-2008-0961 (EMV DiskXtender 6.20.060 has a hard-coded login and password,
which ...)
+ TODO: check
CVE-2008-0960
RESERVED
CVE-2008-0959
@@ -1793,8 +1948,8 @@
- xen-3 3.2.0-4 (bug #469662)
- xen-3.0 <removed>
- kvm 63+dfsg-1 (bug #469666)
-CVE-2008-0927
- RESERVED
+CVE-2008-0927 (dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2
allows ...)
+ TODO: check
CVE-2008-0926 (Unspecified vulnerability in the eMBox utility in Novell
eDirectory ...)
NOT-FOR-US: Novell eDirectory
CVE-2008-0925
@@ -3822,8 +3977,8 @@
RESERVED
CVE-2008-0067
RESERVED
-CVE-2008-0066
- RESERVED
+CVE-2008-0066 (Multiple buffer overflows in htmsr.dll in the HTML speed reader
in ...)
+ TODO: check
CVE-2008-0065 (Multiple stack-based buffer overflows in in_mp3.dll in Winamp
5.21, ...)
NOT-FOR-US: Winamp
CVE-2008-0064 (Stack-based buffer overflow in Pierre-emmanuel Gougelet (1)
XnView ...)
@@ -3848,7 +4003,7 @@
NOT-FOR-US: Apple Mac OS X
CVE-2008-0054 (Foundation in Apple Mac OS X 10.4.11 might allow
context-dependent ...)
NOT-FOR-US: Apple Mac OS X
-CVE-2008-0053 (Unspecified vulnerability in CUPS before 1.3.6 in Apple Mac OS X
...)
+CVE-2008-0053 (Multiple buffer overflows in the HP-GL/2-to-PostScript filter in
CUPS ...)
- cupsys 1.3.6-1
NOTE: https://bugzilla.redhat.com/attachment.cgi?id=298651
CVE-2008-0052 (CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe
file ...)
@@ -5510,10 +5665,10 @@
RESERVED
CVE-2007-6021
RESERVED
-CVE-2007-6020
- RESERVED
-CVE-2007-6019
- RESERVED
+CVE-2007-6020 (Multiple stack-based buffer overflows in foliosr.dll in the
Folio Flat ...)
+ TODO: check
+CVE-2007-6019 (Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and
earlier, ...)
+ TODO: check
CVE-2007-6018 (IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and
Horde ...)
{DSA-1470-1}
- horde3 3.1.6-1 (bug #461131; low)
@@ -7669,10 +7824,10 @@
NOT-FOR-US: cpDynaLinks
CVE-2007-5407 (Multiple PHP remote file inclusion vulnerabilities in the ...)
NOT-FOR-US: Joomla! extension
-CVE-2007-5406
- RESERVED
-CVE-2007-5405
- RESERVED
+CVE-2007-5406 (kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader
in ...)
+ TODO: check
+CVE-2007-5405 (Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in
the ...)
+ TODO: check
CVE-2007-5404 (Layton HelpBox 3.7.1 generates different responses depending on
...)
NOT-FOR-US: Layton HelpBox
CVE-2007-5403 (Multiple cross-site scripting (XSS) vulnerabilities in Layton
HelpBox ...)
@@ -7683,8 +7838,8 @@
NOT-FOR-US: Layton HelpBox
CVE-2007-5400
RESERVED
-CVE-2007-5399
- RESERVED
+CVE-2007-5399 (Multiple heap-based buffer overflows in emlsr.dll in the EML
reader in ...)
+ TODO: check
CVE-2007-5398 (Stack-based buffer overflow in the reply_netbios_packet function
in ...)
{DSA-1409-3 DSA-1409-2 DSA-1409-1}
- samba 3.0.27-1 (high)
@@ -21258,8 +21413,8 @@
RESERVED
CVE-2007-0072
RESERVED
-CVE-2007-0071
- RESERVED
+CVE-2007-0071 (Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and
earlier, ...)
+ TODO: check
CVE-2007-0070
RESERVED
CVE-2007-0069 (Unspecified vulnerability in the kernel in Microsoft Windows XP
SP2, ...)