thr3ads.net - Secure testing commits - [Secure-testing-commits] r8594

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Apr-22 09:14 UTC
[Secure-testing-commits] r8594 - data/CVE

Author: joeyh
Date: 2008-04-22 09:14:13 +0000 (Tue, 22 Apr 2008)
New Revision: 8594

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-04-22 06:48:51 UTC (rev 8593)
+++ data/CVE/list	2008-04-22 09:14:13 UTC (rev 8594)
@@ -1,3 +1,75 @@
+CVE-2008-1914 (Stack-based buffer overflow in the AntServer module
(AntServer.exe) in ...)
+	TODO: check
+CVE-2008-1913 (SQL injection vulnerability in index.php in Lasernet CMS 1.5 and
1.11, ...)
+	TODO: check
+CVE-2008-1912 (Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22
and ...)
+	TODO: check
+CVE-2008-1911 (SQL injection vulnerability in includes/system.php in 1024 CMS
1.4.2 ...)
+	TODO: check
+CVE-2008-1910 (Stack-based buffer overflow in the database service
(ibserver.exe) in ...)
+	TODO: check
+CVE-2008-1909 (SQL injection vulnerability in comment.php in PHP Knowledge Base
...)
+	TODO: check
+CVE-2008-1908 (Multiple directory traversal vulnerabilities in cpCommerce 1.1.0
allow ...)
+	TODO: check
+CVE-2008-1907 (Multiple SQL injection vulnerabilities in ...)
+	TODO: check
+CVE-2008-1906 (Cross-site scripting (XSS) vulnerability in calendar.php in
cpCommerce ...)
+	TODO: check
+CVE-2008-1905 (NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used
in ...)
+	TODO: check
+CVE-2008-1904 (Cicoandcico CcMail 1.0.1 and earlier does not verify that the
...)
+	TODO: check
+CVE-2008-1903 (PHP remote file inclusion vulnerability in news_show.php in
Newanz ...)
+	TODO: check
+CVE-2008-1902 (The GUI for aptlinex before 0.91 does not sufficiently warn the
user ...)
+	TODO: check
+CVE-2008-1901 (aptlinex before 0.91 allows local users to overwrite arbitrary
files ...)
+	TODO: check
+CVE-2008-1900 (option_Update.asp in Carbon Communities 2.4 and earlier allows
remote ...)
+	TODO: check
+CVE-2008-1899
+	RESERVED
+CVE-2008-1898 (WkImgSrv.dll 7.03.0616 in Microsoft Works 7 allows remote
attackers to ...)
+	TODO: check
+CVE-2008-1897
+	RESERVED
+CVE-2008-1896 (Multiple cross-site scripting (XSS) vulnerabilities in Carbon
...)
+	TODO: check
+CVE-2008-1895 (Multiple SQL injection vulnerabilities in Carbon Communities 2.4
and ...)
+	TODO: check
+CVE-2008-1894 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2008-1893 (PHP remote file inclusion vulnerability in index.php in W2B
Online ...)
+	TODO: check
+CVE-2008-1892 (Cross-site scripting (XSS) vulnerability in bs_auth.php in ...)
+	TODO: check
+CVE-2008-1891 (Directory traversal vulnerability in WEBrick in Ruby 1.9.0 and
...)
+	TODO: check
+CVE-2008-1890 (SQL injection vulnerability in the Jom Comment 2.0 build 345
component ...)
+	TODO: check
+CVE-2008-1889 (SQL injection vulnerability in viewcat.php in XplodPHP
AutoTutorials ...)
+	TODO: check
+CVE-2008-1888 (Cross-site scripting (XSS) vulnerability in Microsoft Windows
...)
+	TODO: check
+CVE-2008-1886 (The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in
...)
+	TODO: check
+CVE-2008-1885 (Directory traversal vulnerability in the NeffyLauncher 1.0.5
ActiveX ...)
+	TODO: check
+CVE-2008-1884 (Directory traversal vulnerability in index.php in Wikepage Opus
13 ...)
+	TODO: check
+CVE-2008-1883 (The server in Blackboard Academic Suite 7.x stores MD5 password
hashes ...)
+	TODO: check
+CVE-2008-1882
+	RESERVED
+CVE-2008-1881 (Stack-based buffer overflow in the ParseSSA function ...)
+	TODO: check
+CVE-2008-1880
+	RESERVED
+CVE-2008-1879
+	RESERVED
+CVE-2007-6715 (Mozilla Firefox allows remote attackers to cause a denial of
service ...)
+	TODO: check
 CVE-2008-XXXX [unspecified egroupware issue]
 	- egroupware <unfixed> (bug #476977)
 	TODO: request CVE id
@@ -89,9 +161,9 @@
 	- clamav 0.92.1~dfsg2-1.1 (medium; bug #476694)
 CVE-2007-6713 (Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has
unknown ...)
 	NOT-FOR-US: Flip4Mac
-CVE-2007-6714 [dbmail auth bypass]
+CVE-2007-6714 (DBMail before 2.2.9, when using authldap with an LDAP server
that ...)
 	- dbmail 2.2.9
-CVE-2008-1878 [nsf buffer overflow in xine]
+CVE-2008-1878 (Stack-based buffer overflow in the demux_nsf_send_chunk function
in ...)
 	- xine-lib <unfixed> (medium; bug #476990)
 CVE-2008-XXXX [insecure tmp file handling in aptlinex]
 	- aptlinex 0.91-1 (medium; bug #476588)
@@ -141,7 +213,7 @@
 	NOT-FOR-US: Oracle
 CVE-2008-1812 (Unspecified vulnerability in the Oracle Enterprise Manager
component ...)
 	NOT-FOR-US: Oracle
-CVE-2008-1811 (Unspecified vulnerability in the Oracle Application Express
component ...)
+CVE-2008-1811 (Unspecified vulnerability in Oracle Application Express 3.0.1
has ...)
 	NOT-FOR-US: Oracle
 CVE-2008-1810
 	RESERVED
@@ -192,7 +264,7 @@
 	NOT-FOR-US: Prozilla Entertainers
 CVE-2008-1787 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
 	NOT-FOR-US: Poplar Gedcom Viewer
-CVE-2008-1786 (Unspecified vulnerability in the DSM gui_cm_ctrls ActiveX
control ...)
+CVE-2008-1786 (The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used
in ...)
 	NOT-FOR-US: CA products
 CVE-2008-1785 (delete.php in Prozilla Top 100 1.2 allows remote authenticated
users ...)
 	NOT-FOR-US: Prozilla Top 100
@@ -243,7 +315,7 @@
 	- phpbb2 <unfixed> (low)
 CVE-2008-1765
 	RESERVED
-CVE-2008-1764 (Unspecified vulnerability in Opera for Windows before 9.27 has
unknown ...)
+CVE-2008-1764 (Unspecified vulnerability in Opera before 9.27 has unknown
impact and ...)
 	NOT-FOR-US: Opera
 CVE-2008-1763 (SQL injection vulnerability in
_blogadata/include/sond_result.php in ...)
 	NOT-FOR-US: Blogator-script
@@ -303,8 +375,8 @@
 	RESERVED
 CVE-2008-1735
 	RESERVED
-CVE-2008-1734
-	RESERVED
+CVE-2008-1734 (Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo
Linux ...)
+	TODO: check
 CVE-2008-1733 (SQL injection vulnerability in puarcade.class.php 2.2 and
earlier in ...)
 	NOT-FOR-US: Joomla component Pragmatic Utopia PU Arcade
 CVE-2008-1732 (SQL injection vulnerability in showpredictionsformatch.php in
...)
@@ -365,11 +437,11 @@
 	NOT-FOR-US: IBM solidDB
 CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in
Linux ...)
 	- linux-2.6 <unfixed> (medium)
-CVE-2008-1887 [Incorrect input validation in PyString_FromStringAndSize()]
+CVE-2008-1887 (Python 2.5.2 and earlier allows context-dependent attackers to
execute ...)
 	{DSA-1551-1}
 	- python2.4 2.4.5-2
 	- python2.5 2.5.2-3
-CVE-2008-1877 [tss not properly dropping privileges]
+CVE-2008-1877 (tss 0.8.1 allows local users to read arbitrary files via the -a
...)
 	- tss <removed> (medium; bug #475747; bug #475736)
 CVE-2008-1720 (Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute
...)
 	{DSA-1545-1}
@@ -396,15 +468,13 @@
 	NOT-FOR-US: DaZPHPNews
 CVE-2008-1695
 	RESERVED
-CVE-2008-1694 [emacs insecure temp file in vcdiff]
-	RESERVED
+CVE-2008-1694 (vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows
local ...)
 	- emacs21 <unfixed> (low; bug #476612) 
 	[etch] - emacs21 <no-dsa> (Minor issue)
 	- emacs22 <unfixed> (low; bug #476611)
 	- xemacs21 <unfixed> (low; bug #476613)
 	[etch] - xemacs21 <no-dsa> (Minor issue)
-CVE-2008-1693 [xpdf lack of typechecking for embedded fonts]
-	RESERVED
+CVE-2008-1693 (The CairoFont::create function in CairoFontEngine.cc in Poppler,
...)
 	{DSA-1548-1}
 	- xpdf 3.02
 	- poppler <unfixed> (bug #476842)
@@ -422,7 +492,7 @@
 	- m4 <unfixed> (low)
 CVE-2008-1687 (The (1) maketemp and (2) mkstemp builtin functions in GNU m4
before ...)
 	- m4 <unfixed> (low)
-CVE-2008-1686 (Uncontrolled array index in Speex 1.1.12 and earlier, as used in
...)
+CVE-2008-1686 (Array index vulnerability in Speex 1.1.12 and earlier, as used
in ...)
 	- speex 1.2~beta2-1 (medium)
 	- libfishsound 0.7.0-2.2 (medium; bug #475152)
 	- xine-lib 1.1.12-1 (medium)
@@ -439,8 +509,7 @@
 	NOT-FOR-US: IBM DB2IBM DB2
 CVE-2008-1680 (PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain ...)
 	NOT-FOR-US: PHP-Nuke Platinum
-CVE-2008-1679 [initial fix for CVE-2007-4965 was incomplete]
-	RESERVED
+CVE-2008-1679 (Multiple integer overflows in imageop.c in Python before 2.5.3
allow ...)
 	{DSA-1551-1}
 	- python2.4 2.4.5-2
 	- python2.5 2.5.2-3
@@ -578,8 +647,8 @@
 CVE-2008-1614 (suPHP before 0.6.3 allows local users to gain privileges via (1)
a ...)
 	{DSA-1550-1 DTSA-124-1}
 	- suphp <unfixed> (low; bug #475431)
-CVE-2008-1613
-	RESERVED
+CVE-2008-1613 (SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build
...)
+	TODO: check
 CVE-2008-1612 (The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17
allows ...)
 	- squid 2.6.18-1 (medium)
 CVE-2008-1611 (Stack-based buffer overflow in TFTP Server SP 1.4 for Windows
allows ...)
@@ -971,8 +1040,8 @@
 	RESERVED
 CVE-2008-1437
 	RESERVED
-CVE-2008-1436
-	RESERVED
+CVE-2008-1436 (Microsoft Windows XP Professional SP2, Vista, and Server 2003
and 2008 ...)
+	TODO: check
 CVE-2008-1435
 	RESERVED
 CVE-2008-1434
@@ -1790,8 +1859,8 @@
 	RESERVED
 CVE-2008-1103
 	RESERVED
-CVE-2008-1102
-	RESERVED
+CVE-2008-1102 (Stack-based buffer overflow in the imb_loadhdr function in
Blender ...)
+	TODO: check
 CVE-2008-1101 (Buffer overflow in kvdocve.dll in the KeyView document viewing
engine ...)
 	NOT-FOR-US: KeyView
 CVE-2008-1100 (Buffer overflow in the cli_scanpe function in libclamav ...)
@@ -3564,7 +3633,7 @@
 	RESERVED
 CVE-2008-0321
 	RESERVED
-CVE-2008-0320 (Heap-based buffer overflow in OpenOffice.org before 2.4 allows
remote ...)
+CVE-2008-0320 (Heap-based buffer overflow in the OLE importer in OpenOffice.org
...)
 	{DSA-1547-1}
 	- openoffice.org 2.4.0~ooh680m5-1
 CVE-2008-0319
@@ -3942,8 +4011,7 @@
 	RESERVED
 CVE-2008-0166
 	RESERVED
-CVE-2008-0165
-	RESERVED
+CVE-2008-0165 (Cross-site request forgery (CSRF) vulnerability in Ikiwiki
before 2.42 ...)
 	{DSA-1553-1}
 	- ikiwiki 2.42
 CVE-2008-0164 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Plone ...)
@@ -6620,10 +6688,10 @@
 CVE-2007-5747 (Integer underflow in OpenOffice.org before 2.4 allows remote
attackers ...)
 	{DSA-1547-1}
 	- openoffice.org 2.4.0~ooh680m5-1
-CVE-2007-5746 (Heap-based buffer overflow in OpenOffice.org before 2.4 allows
remote ...)
+CVE-2007-5746 (Integer overflow in OpenOffice.org before 2.4 allows remote
attackers ...)
 	{DSA-1547-1}
 	- openoffice.org 2.4.0~ooh680m5-1
-CVE-2007-5745 (Heap-based buffer overflow in OpenOffice.org before 2.4 allows
remote ...)
+CVE-2007-5745 (Multiple heap-based buffer overflows in OpenOffice.org before
2.4 ...)
 	{DSA-1547-1}
 	- openoffice.org 2.4.0~ooh680m5-1
 CVE-2007-5744
@@ -21334,7 +21402,7 @@
 	[etch] - bcfg2 0.8.6.1-1.1etch1
 CVE-2007-XXXX [mysql 5.0 several DoS vulns]
 	- mysql-dfsg-5.0 5.0.32-1
-CVE-2007-0205 (Multiple directory traversal vulnerabilities in @lex Guestbook
4.0.2 ...)
+CVE-2007-0205 (Directory traversal vulnerability in admin/skins.php for @lex
...)
 	NOT-FOR-US: @alex
 CVE-2006-6920 (Cross-site scripting (XSS) vulnerability in Nucleus before 3.24
allows ...)
 	NOT-FOR-US: Nucleus
@@ -21655,7 +21723,7 @@
 	RESERVED
 CVE-2007-0072
 	RESERVED
-CVE-2007-0071 (Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and
earlier, ...)
+CVE-2007-0071 (Integer overflow in Adobe Flash Player 9.0.115.0 and earlier,
and ...)
 	TODO: check
 CVE-2007-0070
 	RESERVED
Secure testing commits - Apr 2008 - r8594 - data/CVE

[Secure-testing-commits] r8594 - data/CVE
