Author: nion Date: 2008-04-20 16:03:45 +0000 (Sun, 20 Apr 2008) New Revision: 8584 Modified: data/CVE/list Log: NFUs CVE-2008-1834 fixed in swfdec0.6, unfixed in swfdec0.5 CVE-2008-1878 bug filed CVE-2008-1796 fixed in comix 3.6.4-1.1 (unimportant) Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-04-20 14:13:44 UTC (rev 8583) +++ data/CVE/list 2008-04-20 16:03:45 UTC (rev 8584) @@ -79,7 +79,8 @@ CVE-2008-1836 (The rfc2231 function in message.c in libclamav in ClamAV before 0.93 ...) - clamav <not-affected> (Vulnerable code introduced later, checked back with upstream) CVE-2008-1834 (swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict ...) - TODO: check + - swfdec0.6 0.6.4-1 (low) + - swfdec0.5 <unfixed> (low; bug #477037) CVE-2008-1833 (Heap-based buffer overflow in libclamav in ClamAV 0.92.1 allows remote ...) - clamav 0.92.1~dfsg2-1.1 (medium; bug #476694) CVE-2007-6713 (Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown ...) @@ -87,7 +88,7 @@ CVE-2007-6714 [dbmail auth bypass] - dbmail 2.2.9 CVE-2008-1878 [nsf buffer overflow in xine] - - xine-lib <unfixed> + - xine-lib <unfixed> (medium; bug #476990) CVE-2008-XXXX [insecure tmp file handling in aptlinex] - aptlinex 0.91-1 (medium; bug #476588) NOTE: code execution via /tmp/gambas-apt-exec is also possible, maintainer confirmed this @@ -159,43 +160,44 @@ CVE-2008-1801 RESERVED CVE-2008-1800 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: DivXDB CVE-2008-1799 (Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 ...) - TODO: check + NOT-FOR-US: sabros.us CVE-2008-1798 (Directory traversal vulnerability in forum/kietu/libs/calendrier.php ...) - TODO: check + NOT-FOR-US: Dragoon CVE-2008-1797 (Unspecified vulnerability in Secure Computing Webwasher 5.30 before ...) - TODO: check + NOT-FOR-US: Secure Computing Webwasher CVE-2008-1796 (Comix 3.6.4 creates temporary directories with predictable names, ...) - TODO: check + - comix 3.6.4-1.1 (unimportant) + NOTE: only exploitable with insecure umask settings CVE-2008-1795 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard ...) - TODO: check + NOT-FOR-US: Blackboard Academic Suite CVE-2008-1794 (Multiple cross-site scripting (XSS) vulnerabilities in the Webform ...) - TODO: check + NOT-FOR-US: Webform Drupal module CVE-2008-1793 (Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in ...) - TODO: check + NOT-FOR-US: Smart CVE-2008-1792 (Cross-site scripting (XSS) vulnerability in the insertion filter in ...) - TODO: check + NOT-FOR-US: Flickr Drupal module CVE-2008-1791 (SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and ...) - TODO: check + NOT-FOR-US: My Gaming Ladder CVE-2008-1790 (Unrestricted file upload vulnerability in iScripts SocialWare allows ...) - TODO: check + NOT-FOR-US: iScripts CVE-2008-1789 (SQL injection vulnerability in forum.php in Prozilla Forum allows ...) - TODO: check + NOT-FOR-US: Prozilla Forum CVE-2008-1788 (SQL injection vulnerability in directory.php in Prozilla Entertainers ...) - TODO: check + NOT-FOR-US: Prozilla Entertainers CVE-2008-1787 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: Poplar Gedcom Viewer CVE-2008-1786 (Unspecified vulnerability in the DSM gui_cm_ctrls ActiveX control ...) - TODO: check + NOT-FOR-US: CA products CVE-2008-1785 (delete.php in Prozilla Top 100 1.2 allows remote authenticated users ...) - TODO: check + NOT-FOR-US: Prozilla Top 100 CVE-2008-1784 (Prozilla Topsites 1.0 allows remote attackers to perform ...) - TODO: check + NOT-FOR-US: Prozilla Topsites CVE-2008-1783 (Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users ...) - TODO: check + NOT-FOR-US: Prozilla Reviews CVE-2008-1782 (phpdemo/viewsource.php in Advanced Software Engineering ChartDirector ...) - TODO: check + NOT-FOR-US: Advanced Software Engineering ChartDirector CVE-2008-1837 (libclamunrar in ClamAV before 0.93 allows remote attackers to cause a ...) - clamav <not-affected> (Debian doesn''t include libunrar since it''s non-free) CVE-2008-1835 (ClamAV before 0.93 allows remote attackers to bypass the scanning ...) @@ -1616,7 +1618,7 @@ CVE-2008-1156 (Unspecified vulnerability in the Multicast Virtual Private Network ...) NOT-FOR-US: Cisco IOS CVE-2008-1155 (Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before ...) - TODO: check + NOT-FOR-US: Cisco CVE-2008-1154 (The Disaster Recovery Framework (DRF) master server in Cisco Unified ...) NOT-FOR-US: Cisco IOS CVE-2008-1153 (Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the ...) @@ -1961,7 +1963,7 @@ CVE-2008-1025 (Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in ...) TODO: check CVE-2008-1024 (Apple Safari before 3.1.1, when running on Windows XP or Vista, allows ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2008-1023 (Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime ...) NOT-FOR-US: Apple QuickTime CVE-2008-1022 (Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows ...) @@ -2233,9 +2235,9 @@ CVE-2008-0894 (Apple Safari might allow remote attackers to obtain potentially ...) NOT-FOR-US: Apple Safari CVE-2008-0893 (Red Hat Administration Server, as used by Red Hat Directory Server 8.0 ...) - TODO: check + NOT-FOR-US: Red Hat Administration Server CVE-2008-0892 (The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat ...) - TODO: check + NOT-FOR-US: Red Hat Administration Server CVE-2008-0891 RESERVED CVE-2008-0890 (Red Hat Directory Server 7.1 before SP4 uses insecure permissions for ...)