joeyh at alioth.debian.org
2008-Jul-08 09:14 UTC
[Secure-testing-commits] r9256 - data/CVE
Author: joeyh Date: 2008-07-08 09:14:08 +0000 (Tue, 08 Jul 2008) New Revision: 9256 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-07-08 09:10:20 UTC (rev 9255) +++ data/CVE/list 2008-07-08 09:14:08 UTC (rev 9256) @@ -1,8 +1,440 @@ -CVE-2008-2950 [poppler unitinialized pointer leading to code execution] +CVE-2008-3068 (Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, ...) + TODO: check +CVE-2008-3067 (sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when ...) + TODO: check +CVE-2008-3066 + RESERVED +CVE-2008-3065 + RESERVED +CVE-2008-3064 + RESERVED +CVE-2008-3063 + RESERVED +CVE-2008-3062 + RESERVED +CVE-2008-3061 + RESERVED +CVE-2008-3060 + RESERVED +CVE-2008-3059 + RESERVED +CVE-2008-3058 + RESERVED +CVE-2008-3057 + RESERVED +CVE-2008-3056 (SQL injection vulnerability in the Codeon Petition (cd_petition) ...) + TODO: check +CVE-2008-3055 (SQL injection vulnerability in the Support view (ext_tbl) extension ...) + TODO: check +CVE-2008-3054 (SQL injection vulnerability in the Branchenbuch (aka Yellow Pages ...) + TODO: check +CVE-2008-3053 (SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension ...) + TODO: check +CVE-2008-3052 (Unspecified vulnerability in the SQL Frontend (mh_omsqlio) extension ...) + TODO: check +CVE-2008-3051 (SQL injection vulnerability in the Pinboard extension 0.0.6 and ...) + TODO: check +CVE-2008-3050 (Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) ...) + TODO: check +CVE-2008-3049 (The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for ...) + TODO: check +CVE-2008-3048 (Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) ...) + TODO: check +CVE-2008-3047 (Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) ...) + TODO: check +CVE-2008-3046 (Incomplete blacklist vulnerability in the Packman (kb_packman) ...) + TODO: check +CVE-2008-3045 (Unspecified vulnerability in the Industry Database (aka ...) + TODO: check +CVE-2008-3044 (SQL injection vulnerability in the News Calendar (newscalendar) ...) + TODO: check +CVE-2008-3043 (Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) ...) + TODO: check +CVE-2008-3042 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...) + TODO: check +CVE-2008-3041 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...) + TODO: check +CVE-2008-3040 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...) + TODO: check +CVE-2008-3039 (SQL injection vulnerability in the DAM Frontend (dam_frontend) ...) + TODO: check +CVE-2008-3038 (SQL injection vulnerability in the Address Directory (sp_directory) ...) + TODO: check +CVE-2008-3037 (Cross-site scripting (XSS) vulnerability in the Address Directory ...) + TODO: check +CVE-2008-3036 (Directory traversal vulnerability in index.php in CMS little 0.0.1 ...) + TODO: check +CVE-2008-3035 (SQL injection vulnerability in newThread.php in XchangeBoard 1.70 ...) + TODO: check +CVE-2008-3034 (Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow ...) + TODO: check +CVE-2008-3033 (RSS-aggregator 1.0 does not require administrative authentication for ...) + TODO: check +CVE-2008-3032 (Cross-site scripting (XSS) vulnerability in the phpMyAdmin ...) + TODO: check +CVE-2008-3031 (Directory traversal vulnerability in index.php in Simple PHP Agenda ...) + TODO: check +CVE-2008-3030 (SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows ...) + TODO: check +CVE-2008-3029 (Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum ...) + TODO: check +CVE-2008-3028 (Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card ...) + TODO: check +CVE-2008-3027 (SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 ...) + TODO: check +CVE-2008-3026 (SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet ...) + TODO: check +CVE-2008-3025 (SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows ...) + TODO: check +CVE-2008-3024 (Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) ...) + TODO: check +CVE-2008-3023 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and ...) + TODO: check +CVE-2008-3022 (Multiple PHP remote file inclusion vulnerabilities in ...) + TODO: check +CVE-2008-3021 + RESERVED +CVE-2008-3020 + RESERVED +CVE-2008-3019 + RESERVED +CVE-2008-3018 + RESERVED +CVE-2008-3017 + RESERVED +CVE-2008-3016 + RESERVED +CVE-2008-3015 + RESERVED +CVE-2008-3014 + RESERVED +CVE-2008-3013 + RESERVED +CVE-2008-3012 + RESERVED +CVE-2008-3011 + RESERVED +CVE-2008-3010 + RESERVED +CVE-2008-3009 + RESERVED +CVE-2008-3008 + RESERVED +CVE-2008-3007 + RESERVED +CVE-2008-3006 + RESERVED +CVE-2008-3005 + RESERVED +CVE-2008-3004 + RESERVED +CVE-2008-3003 + RESERVED +CVE-2008-3002 + RESERVED +CVE-2008-3001 (The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote ...) + TODO: check +CVE-2008-3000 (The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access ...) + TODO: check +CVE-2008-2999 (Multiple SQL injection vulnerabilities in the Aggregation module 5.x ...) + TODO: check +CVE-2008-2998 (Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation ...) + TODO: check +CVE-2008-2997 (Cross-site scripting (XSS) vulnerability in index.php in Gravity Board ...) + TODO: check +CVE-2008-2996 (Multiple SQL injection vulnerabilities in index.php in Gravity Board X ...) + TODO: check +CVE-2008-2995 (Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow ...) + TODO: check +CVE-2008-2994 (Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData ...) + TODO: check +CVE-2008-2993 (Multiple directory traversal vulnerabilities in index.php in FOG Forum ...) + TODO: check +CVE-2008-2992 + RESERVED +CVE-2008-2991 + RESERVED +CVE-2008-2990 (PHP remote file inclusion vulnerability in facileforms.frame.php in ...) + TODO: check +CVE-2008-2989 (SQL injection vulnerability in index.php in HoMaP-CMS 0.1 allows ...) + TODO: check +CVE-2008-2988 (Unrestricted file upload vulnerability in admin/upload.php in Benja ...) + TODO: check +CVE-2008-2987 (Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 ...) + TODO: check +CVE-2008-2986 (Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 ...) + TODO: check +CVE-2008-2985 (Directory traversal vulnerability in load_language.php in CMReams CMS ...) + TODO: check +CVE-2008-2984 (Cross-site scripting (XSS) vulnerability in backend/umleitung.php in ...) + TODO: check +CVE-2008-2983 (SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows ...) + TODO: check +CVE-2008-2982 (Multiple directory traversal vulnerabilities in HomePH Design 2.10 ...) + TODO: check +CVE-2008-2981 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2008-2980 (Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design ...) + TODO: check +CVE-2008-2979 (Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php ...) + TODO: check +CVE-2008-2978 (Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, ...) + TODO: check +CVE-2008-2977 (Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 ...) + TODO: check +CVE-2008-2976 (Multiple directory traversal vulnerabilities in TinX/cms 1.1, when ...) + TODO: check +CVE-2008-2975 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check +CVE-2008-2974 (Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, ...) + TODO: check +CVE-2008-2973 (Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in ...) + TODO: check +CVE-2008-2972 (SQL injection vulnerability in index.php in KbLance allows remote ...) + TODO: check +CVE-2008-2971 (SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows ...) + TODO: check +CVE-2008-2970 (Multiple session fixation vulnerabilities in Academic Web Tools (AWT ...) + TODO: check +CVE-2008-2969 (Directory traversal vulnerability in download.php in Academic Web ...) + TODO: check +CVE-2008-2968 (SQL injection vulnerability in rating.php in Academic Web Tools (AWT ...) + TODO: check +CVE-2008-2967 (Multiple cross-site scripting (XSS) vulnerabilities in Academic Web ...) + TODO: check +CVE-2008-2966 (Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 ...) + TODO: check +CVE-2008-2965 (Cross-site scripting (XSS) vulnerability in viewforum.php in ...) + TODO: check +CVE-2008-2964 (SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows ...) + TODO: check +CVE-2008-2963 (Multiple SQL injection vulnerabilities in MyBlog allow remote ...) + TODO: check +CVE-2008-2962 (Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow ...) + TODO: check +CVE-2008-2961 (Multiple directory traversal vulnerabilities in view/index.php in CMS ...) + TODO: check +CVE-2008-2959 (Buffer overflow in a certain ActiveX control (vb6skit.dll) in ...) + TODO: check +CVE-2008-2951 + RESERVED +CVE-2008-2949 (Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 ...) + TODO: check +CVE-2008-2948 (Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 ...) + TODO: check +CVE-2008-2947 (Cross-domain vulnerability in Microsoft Internet Explorer 6 allows ...) + TODO: check +CVE-2008-2946 (The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice ...) + TODO: check +CVE-2008-2945 (Sun Java System Access Manager 6.3 through 7.1 and Sun Java System ...) + TODO: check +CVE-2008-2944 (Double free vulnerability in the utrace support in the Linux kernel, ...) + TODO: check +CVE-2008-2943 (Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 ...) + TODO: check +CVE-2008-2941 + RESERVED +CVE-2008-2940 + RESERVED +CVE-2008-2939 + RESERVED +CVE-2008-2938 + RESERVED +CVE-2008-2937 + RESERVED +CVE-2008-2936 + RESERVED +CVE-2008-2935 + RESERVED +CVE-2008-2934 + RESERVED +CVE-2008-2933 + RESERVED +CVE-2008-2932 + RESERVED +CVE-2008-2931 + RESERVED +CVE-2008-2930 + RESERVED +CVE-2008-2929 + RESERVED +CVE-2008-2928 + RESERVED +CVE-2008-2926 + RESERVED +CVE-2008-2925 (SQL injection vulnerability in Webmatic before 2.8 allows remote ...) + TODO: check +CVE-2008-2924 (Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows ...) + TODO: check +CVE-2008-2923 (Cross-site scripting (XSS) vulnerability in read/search/results in ...) + TODO: check +CVE-2008-2922 (Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier ...) + TODO: check +CVE-2008-2921 (SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and ...) + TODO: check +CVE-2008-2920 (admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and ...) + TODO: check +CVE-2008-2919 (SQL injection vulnerability in listing.php in Gryphon gllcTS2 4.2.4 ...) + TODO: check +CVE-2008-2918 (SQL injection vulnerability in details.php in Application Dynamics ...) + TODO: check +CVE-2008-2917 (SQL injection vulnerability in productsofcat.asp in E-SMART CART ...) + TODO: check +CVE-2008-2916 (Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and ...) + TODO: check +CVE-2008-2915 (Multiple SQL injection vulnerabilities in jobseekers/JobSearch.php ...) + TODO: check +CVE-2008-2914 (SQL injection vulnerability in jobseekers/JobSearch3.php (aka the ...) + TODO: check +CVE-2008-2913 (Directory traversal vulnerability in func.php in Devalcms 1.4a, when ...) + TODO: check +CVE-2008-2912 (Multiple PHP remote file inclusion vulnerabilities in Contenido CMS ...) + TODO: check +CVE-2008-2911 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) + TODO: check +CVE-2008-2910 (Buffer overflow in the DXTTextOutEffect ActiveX control (aka the ...) + TODO: check +CVE-2008-2909 (SQL injection vulnerability in results.php in Clever Copy 3.0 allows ...) + TODO: check +CVE-2008-2908 (Multiple stack-based buffer overflows in a certain ActiveX control in ...) + TODO: check +CVE-2008-2907 (SQL injection vulnerability in admin/index.php in WebChamado 1.1, when ...) + TODO: check +CVE-2008-2906 (SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 ...) + TODO: check +CVE-2008-2905 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2008-2904 (SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows ...) + TODO: check +CVE-2008-2903 (SQL injection vulnerability in news.php in Advanced Webhost Billing ...) + TODO: check +CVE-2008-2902 (SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 ...) + TODO: check +CVE-2008-2901 (Multiple SQL injection vulnerabilities in Haudenschilt Family ...) + TODO: check +CVE-2008-2900 (SQL injection vulnerability in item.php in PHPAuction 3.2 allows ...) + TODO: check +CVE-2008-2899 (Unspecified vulnerability in includes/classes/page.php in j00lean-CMS ...) + TODO: check +CVE-2008-2898 (Directory traversal vulnerability in includes/header.php in ...) + TODO: check +CVE-2008-2897 (SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta ...) + TODO: check +CVE-2008-2896 (Directory traversal vulnerability in index.php in FireAnt 1.3 allows ...) + TODO: check +CVE-2008-2895 (Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 ...) + TODO: check +CVE-2008-2894 (Directory traversal vulnerability in the FTP client in NCH Software ...) + TODO: check +CVE-2008-2893 (SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ ...) + TODO: check +CVE-2008-2892 (SQL injection vulnerability in the EXP Shop (com_expshop) component ...) + TODO: check +CVE-2008-2891 (SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows ...) + TODO: check +CVE-2008-2890 (Multiple SQL injection vulnerabilities in Online Fantasy Football ...) + TODO: check +CVE-2008-2889 (Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP ...) + TODO: check +CVE-2008-2888 (Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, ...) + TODO: check +CVE-2008-2887 (Directory traversal vulnerability in index.php in chaozz at work ...) + TODO: check +CVE-2008-2886 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2008-2885 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2008-2884 (PHP remote file inclusion vulnerability in display.php in ...) + TODO: check +CVE-2008-2883 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2008-2882 (upgrade.asp in sHibby sHop 2.2 and earlier does not require ...) + TODO: check +CVE-2008-2881 (Relative Real Estate Systems 3.0 and earlier stores passwords in ...) + TODO: check +CVE-2008-2880 (Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and ...) + TODO: check +CVE-2008-2879 (Benja CMS 0.1 does not require authentication for access to admin/, ...) + TODO: check +CVE-2008-2878 (Open redirect vulnerability in rss_getfile.php in Academic Web Tools ...) + TODO: check +CVE-2008-2877 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2008-2876 (Directory traversal vulnerability in index.php in mUnky 0.0.1 allows ...) + TODO: check +CVE-2008-2875 (SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 ...) + TODO: check +CVE-2008-2874 (SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics ...) + TODO: check +CVE-2008-2873 (sHibby sHop 2.2 and earlier stores sensitive information under the web ...) + TODO: check +CVE-2008-2872 (SQL injection vulnerability in default.asp in sHibby sHop 2.2 and ...) + TODO: check +CVE-2008-2871 (Multiple cross-site scripting (XSS) vulnerabilities in template2.php ...) + TODO: check +CVE-2008-2870 (Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow ...) + TODO: check +CVE-2008-2869 (SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows ...) + TODO: check +CVE-2008-2868 (SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and ...) + TODO: check +CVE-2008-2867 (SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 ...) + TODO: check +CVE-2008-2866 (SQL injection vulnerability in csc_article_details.php in Caupo.net ...) + TODO: check +CVE-2008-2865 (SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site ...) + TODO: check +CVE-2008-2864 (eLineStudio Site Composer (ESC) 2.6 and earlier allows remote ...) + TODO: check +CVE-2008-2863 (Multiple absolute path traversal vulnerabilities in eLineStudio Site ...) + TODO: check +CVE-2008-2862 (Multiple SQL injection vulnerabilities in eLineStudio Site Composer ...) + TODO: check +CVE-2008-2861 (Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio ...) + TODO: check +CVE-2008-2860 (SQL injection vulnerability in category.php in AJSquare AJ Auction Pro ...) + TODO: check +CVE-2008-2859 (Unspecified vulnerability in the IMAP service in NetWin SurgeMail ...) + TODO: check +CVE-2008-2858 (SQL injection vulnerability in index.php in WebChamado 1.1 allows ...) + TODO: check +CVE-2008-2857 (AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in ...) + TODO: check +CVE-2008-2856 (SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows ...) + TODO: check +CVE-2008-2855 (Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 ...) + TODO: check +CVE-2008-2854 (Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 ...) + TODO: check +CVE-2008-2853 (SQL injection vulnerability in index.php in Easy Webstore 1.2 allows ...) + TODO: check +CVE-2008-2852 (Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when ...) + TODO: check +CVE-2008-2851 (Multiple buffer overflows in OFF System before 0.19.14 allow remote ...) + TODO: check +CVE-2008-2850 (SQL injection vulnerability in the TrailScout module 5.x before ...) + TODO: check +CVE-2008-2849 (Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x ...) + TODO: check +CVE-2008-2848 (Cross-site scripting (XSS) vulnerability in the search functionality ...) + TODO: check +CVE-2008-2847 (SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 ...) + TODO: check +CVE-2008-2846 (SQL injection vulnerability in index.php in BoatScripts Classifieds ...) + TODO: check +CVE-2008-2845 (SQL injection vulnerability in index.php in MyBizz-Classifieds allows ...) + TODO: check +CVE-2008-2844 (SQL injection vulnerability in index.php in Carscripts Classifieds ...) + TODO: check +CVE-2008-2843 (Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and ...) + TODO: check +CVE-2008-2842 (Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in ...) + TODO: check +CVE-2008-2950 (The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and ...) {DTSA-146-1} - poppler <unfixed> (medium; bug #489756) - xpdf <not-affected> (Page.cc is not allocating the widget and therefore not vulnerable in the destructor, attrs initialized) -CVE-2008-2927 [integer overflow in MSN protocol handler involing SLP messages] +CVE-2008-2927 (Multiple integer overflows in the msn_slplink_process_msg functions in ...) - pidgin 2.4.3-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=453764 CVE-2008-XXXX [wireshark has several potential DoS vulnerabilities] @@ -13,25 +445,25 @@ - dnsmasq 2.26-1 (medium) NOTE: CVE id requested by Ubuntu NOTE: http://freshmeat.net/projects/dnsmasq/?branch_id=1991&release_id=217681 -CVE-2008-2952 [remote DoS in openldap] +CVE-2008-2952 (liblber/io.c in OpenLDAP 2.3.41, 2.3.42, and possibly other versions ...) - openldap2.3 <unfixed> (medium; bug #488710) -CVE-2008-2955 [denial of service via crafted long file name] +CVE-2008-2955 (Pidgin 2.4.1 allows remote attackers to cause a denial of service ...) - pidgin <unfixed> (bug #488632) -CVE-2008-2956 [denial of service via malformed XML documents] +CVE-2008-2956 (Memory leak in Pidgin 2.0.0, and possibly other versions, allows ...) - pidgin <unfixed> (low; bug #488632) NOTE: jabber servers should not forward malformed XML -CVE-2008-2957 [arabitrary file download trigger in piding via UDP pakcet] +CVE-2008-2957 (The UPnP functionality in Pidgin 2.0.0, and possibly other versions, ...) - pidgin <unfixed> (low; bug #488632) NOTE: probably only a bandwidth issue -CVE-2008-2942 [missing input validation] +CVE-2008-2942 (Directory traversal vulnerability in patch.py in Mercurial 1.0.1 ...) - mercurial 1.0.1-2 (low; bug #488628) [etch] - mercurial <not-affected> (Vulnerable functionality not present) -CVE-2008-2953 [remote DoS via partial file list requests] +CVE-2008-2953 (Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a ...) - linuxdcpp 1.0.1-2 (low; bug #488630) [etch] - linuxdcpp <no-dsa> (Minor issue) -CVE-2008-2954 [remote DoS via empty private message] +CVE-2008-2954 (client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows ...) - linuxdcpp 1.0.1-2 (low; bug #488630) -CVE-2008-2958 [possible symlink attack in checkinstall] +CVE-2008-2958 (Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows ...) - checkinstall 1.6.1-7 (low; bug #488140) CVE-2008-XXXX [werkzeug hashes its secret instead of using hmac] - python-werkzeug 0.3.1-1 (unknown) @@ -68,8 +500,7 @@ - php5 5.2.6-2 (low) NOTE: the fix sent to t-s and unstable does not seem possible in etch due to NOTE: missing api features from the version of libc-client in etch. -CVE-2008-2826 [sctp overflow] - RESERVED +CVE-2008-2826 (Integer overflow in the sctp_getsockopt_local_addrs_old function in ...) - linux-2.6 <unfixed> - linux-2.6.24 <unfixed> NOTE: 735ce972fbc8a65fb17788debd7bbe7b4383cc62 @@ -101,34 +532,34 @@ NOT-FOR-US: WallCity-Server CVE-2008-2812 RESERVED -CVE-2008-2811 - RESERVED -CVE-2008-2810 - RESERVED +CVE-2008-2811 (The block reflow implementation in Mozilla Firefox before 2.0.0.15, ...) + TODO: check +CVE-2008-2810 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...) + TODO: check CVE-2008-2809 RESERVED -CVE-2008-2808 - RESERVED -CVE-2008-2807 - RESERVED -CVE-2008-2806 - RESERVED -CVE-2008-2805 - RESERVED +CVE-2008-2808 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...) + TODO: check +CVE-2008-2807 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...) + TODO: check +CVE-2008-2806 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS ...) + TODO: check +CVE-2008-2805 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow ...) + TODO: check CVE-2008-2804 RESERVED -CVE-2008-2803 - RESERVED -CVE-2008-2802 - RESERVED -CVE-2008-2801 - RESERVED -CVE-2008-2800 - RESERVED -CVE-2008-2799 - RESERVED -CVE-2008-2798 - RESERVED +CVE-2008-2803 (The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox ...) + TODO: check +CVE-2008-2802 (Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and ...) + TODO: check +CVE-2008-2801 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...) + TODO: check +CVE-2008-2800 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow ...) + TODO: check +CVE-2008-2799 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...) + TODO: check +CVE-2008-2798 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...) + TODO: check CVE-2008-2797 (Cross-site scripting (XSS) vulnerability in MainLayout.do in ...) NOT-FOR-US: ManageEngine OpUtils CVE-2008-2796 (SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote ...) @@ -151,7 +582,7 @@ NOT-FOR-US: OpenDocMan CVE-2008-2787 (Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan ...) NOT-FOR-US: OpenDocMan -CVE-2008-2960 [phpMyAdmin PMASA-2008-4 XSS] +CVE-2008-2960 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, ...) - phpmyadmin 4:2.11.7~rc2-1 (unimportant) NOTE: We haven''t supported installations with register_globals enabled since a long time CVE-2008-2827 (The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly ...) @@ -280,10 +711,9 @@ RESERVED CVE-2008-2731 RESERVED -CVE-2008-2730 - RESERVED -CVE-2008-2729 [overflow] - RESERVED +CVE-2008-2730 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...) + TODO: check +CVE-2008-2729 (arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some ...) - linux-2.6 2.6.19-1 [etch] - linux-2.6 <unfixed> [etch] - linux-2.6.24 <not-affected> (Fixed before initial release, upstream in 2.6.19) @@ -371,7 +801,7 @@ CVE-2008-2713 (libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to ...) {DTSA-138-1} - clamav 0.93.1.dfsg-1 (low) -CVE-2008-2711 (fetchmail 6.3.8 and earlier, when running in -v -v mode, allows remote ...) +CVE-2008-2711 (fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, ...) - fetchmail 6.3.9~rc2-1 (unimportant) NOTE: http://www.openwall.com/lists/oss-security/2008/06/13/1 NOTE: -vv is only used for debugging purposes so this does not @@ -484,8 +914,8 @@ NOT-FOR-US: com_biblestudy component for Joomla! CVE-2008-2642 (SQL injection vulnerability in login.php in OtomiGenX 2.2 allows ...) NOT-FOR-US: OtomiGenX -CVE-2008-2641 - RESERVED +CVE-2008-2641 (Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and ...) + TODO: check CVE-2008-2640 (Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 ...) NOT-FOR-US: Adobe Flex CVE-2008-2639 (Stack-based buffer overflow in the ODBC server service in Citect ...) @@ -648,8 +1078,7 @@ NOT-FOR-US: 427BB CVE-2008-2654 (Off-by-one error in the read_client function in webhttpd.c in Motion ...) - motion 3.2.9-3 (low; bug #484572) -CVE-2008-2667 [sql injection vulnerability in courier-authlib] - RESERVED +CVE-2008-2667 (SQL injection vulnerability in courier-authlib in SUSE openSUSE 10.3 ...) - courier-authlib 0.60.1-2.1 (bug #485424) CVE-2008-XXXX [missing sanity checks allow DoS via mis-formated timestamp] - evolution 2.22.2-1.1 (low; bug #484639) @@ -845,10 +1274,10 @@ RESERVED CVE-2008-2464 RESERVED -CVE-2008-2463 - RESERVED -CVE-2008-2462 - RESERVED +CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx, ...) + TODO: check +CVE-2008-2462 (Cross-site scripting (XSS) vulnerability in the viewfile documentation ...) + TODO: check CVE-2008-2461 (SQL injection vulnerability in index.php in Netious CMS 0.4 allows ...) NOT-FOR-US: Netious CVE-2008-2460 (SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows ...) @@ -911,8 +1340,7 @@ RESERVED CVE-2008-2431 RESERVED -CVE-2008-2430 [vlc heap overflow in wav decoding] - RESERVED +CVE-2008-2430 (Integer overflow in the Open function in modules/demux/wav.c in VLC ...) - vlc 0.8.6.h-1 (medium; bug #489004) CVE-2008-2429 RESERVED @@ -1040,21 +1468,18 @@ CVE-2008-2375 RESERVED - vsftpd <not-affected> (debian versions all include the fix) -CVE-2008-2374 [SDP payload processing vulnerability] - RESERVED +CVE-2008-2374 (src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before ...) - bluez-libs <unfixed> (low) - bluez-utils <unfixed> (low) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374 CVE-2008-2373 RESERVED -CVE-2008-2372 [vm resource starvation local DoS] - RESERVED +CVE-2008-2372 (The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users ...) - linux-2.6 <unfixed> [etch] - linux-2.6 <not-affected> (Introduced between 2.6.23 and 2.6.24) - linux-2.6.24 <unfixed> NOTE: 89f5b7da2a6bad2e84670422ab8192382a5aeb9f -CVE-2008-2371 [heap-based overflow in PCRE compiler for patterns with options and multiple branches] - RESERVED +CVE-2008-2371 (Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible ...) {DSA-1602-1 DTSA-145-1} - pcre3 <unfixed> (medium; bug #488919) CVE-2008-2370 @@ -1067,8 +1492,7 @@ RESERVED CVE-2008-2366 (Untrusted search path vulnerability in a certain Red Hat build script ...) - openoffice.org <not-affected> (RedHat-specific packaging flaw) -CVE-2008-2365 [local ptrace crash] - RESERVED +CVE-2008-2365 (Race condition in the ptrace and utrace support in the Linux kernel ...) - linux-2.6 <not-affected> [etch] - linux-2.6 <not-affected> (fixed before 2.6.18) [etch] - linux-2.6.24 <not-affected> @@ -1092,7 +1516,7 @@ - xorg-server 2:1.4.1~git20080517-2 CVE-2008-2359 (The default configuration of consolehelper in system-config-network ...) NOT-FOR-US: system-config-network Fedora -CVE-2008-2358 (The Datagram Congestion Control Protocol (DCCP) subsystem in the Linux ...) +CVE-2008-2358 (Integer overflow in the dccp_feat_change function in net/dccp/feat.c ...) {DSA-1592-1} - linux-2.6 2.6.20-1 NOTE: DCCP feature sanitising was introduced in 2.6.20 @@ -1184,21 +1608,21 @@ RESERVED CVE-2008-2315 RESERVED -CVE-2008-2314 - RESERVED -CVE-2008-2313 - RESERVED +CVE-2008-2314 (Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is ...) + TODO: check +CVE-2008-2313 (Apple Mac OS X before 10.5 uses weak permissions for the User Template ...) + TODO: check CVE-2008-2312 RESERVED -CVE-2008-2311 - RESERVED -CVE-2008-2310 - RESERVED -CVE-2008-2309 - RESERVED -CVE-2008-2308 - RESERVED -CVE-2008-2307 (Unspecified vulnerability in WebKit in Apple Safari before 3.1.2 on ...) +CVE-2008-2311 (Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is ...) + TODO: check +CVE-2008-2310 (Format string vulnerability in c++filt in Apple Mac OS X 10.5 before ...) + TODO: check +CVE-2008-2309 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X ...) + TODO: check +CVE-2008-2308 (Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 ...) + TODO: check +CVE-2008-2307 (Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as ...) NOT-FOR-US: Windows issue CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret the ...) NOT-FOR-US: Windows issue @@ -1743,10 +2167,10 @@ - phpgedview 4.1.e+4.1.5-1 CVE-2008-2063 (SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows ...) NOT-FOR-US: Joovili -CVE-2008-2062 - RESERVED -CVE-2008-2061 - RESERVED +CVE-2008-2062 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...) + TODO: check +CVE-2008-2061 (The Computer Telephony Integration (CTI) Manager service in Cisco ...) + TODO: check CVE-2008-2060 (Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) ...) NOT-FOR-US: Cisco CVE-2008-2059 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...) @@ -1994,8 +2418,8 @@ - xen-3 3.2.1-2 (medium; bug #487095) - xen-unstable <not-affected> (Vulnerable code not present, introduced in changeset 17630) TODO: check that next upload includes changes until changeset 17643 or higher -CVE-2008-1951 - RESERVED +CVE-2008-1951 (Untrusted search path vulnerability in a certain Red Hat build script ...) + TODO: check CVE-2008-1950 (Integer signedness error in the _gnutls_ciphertext2compressed function ...) {DSA-1581-1} - gnutls13 2.0.4-4 (low) @@ -2643,8 +3067,8 @@ NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=44975 CVE-2008-1677 (Buffer overflow in the regular expression handler in Red Hat Directory ...) NOT-FOR-US: Red Hat Directory Server -CVE-2008-1676 - RESERVED +CVE-2008-1676 (Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate ...) + TODO: check CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux ...) - linux-2.6 2.6.25-2 (low) [etch] - linux-2.6 <not-affected> (Tehuti driver not in 2.6.18) @@ -2693,7 +3117,7 @@ NOT-FOR-US: HP LDAP-UX CVE-2008-1658 (Format string vulnerability in the grant helper ...) - policykit 0.8-1 (medium; bug #476615; bug #476616) -CVE-2008-1657 (OpenSSH 4.4 and other versions before 4.9 allows remote authenticated ...) +CVE-2008-1657 (OpenSSH 4.4 up to versions before 4.9 allows remote authenticated ...) - openssh 1:4.7p1-8 (low; bug #475156) [etch] - openssh <not-affected> (Vulnerable functionality was introduced in 4.4) CVE-2008-1656 (Adobe ColdFusion 8 and 8.0.1 does not properly implement the public ...) @@ -5166,8 +5590,8 @@ - php5 5.2.6-1 [etch] - php5 <not-affected> (Vulnerable code not yet present) [etch] - php4 <not-affected> (Vulnerable code not yet present) -CVE-2008-0598 - RESERVED +CVE-2008-0598 (Unspecified vulnerability in the 32-bit and 64-bit emulation in the ...) + TODO: check CVE-2008-0597 (Use-after-free vulnerability in CUPS before 1.1.22, and possibly other ...) - cups 1.2 - cupsys 1.2 @@ -7849,7 +8273,7 @@ NOT-FOR-US: VU Case Manager CVE-2007-6167 (Untrusted search path vulnerability in yast2-core in SUSE Linux might ...) NOT-FOR-US: Yast2 -CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime before 7.3.1 allows ...) +CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used ...) NOT-FOR-US: Apple QuickTime CVE-2007-6165 (Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote ...) NOT-FOR-US: Apple Mac OS X @@ -22268,7 +22692,7 @@ - linux-2.6 2.6.12-1 CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows ...) - linux-2.6 2.6.18.dfsg.1-11 -CVE-2007-0771 (Unspecified vulnerability in the utrace support for Linux kernel ...) +CVE-2007-0771 (The utrace support in Linux kernel 2.6.18, and other versions, allows ...) - linux-2.6 <not-affected> (RHEL-specific backport, only present in -mm tree) CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted ...) {DSA-1260} @@ -27902,10 +28326,10 @@ RESERVED CVE-2006-5267 RESERVED -CVE-2006-5266 - RESERVED -CVE-2006-5265 - RESERVED +CVE-2006-5266 (Multiple buffer overflows in Microsoft Dynamics GP (formerly Great ...) + TODO: check +CVE-2006-5265 (Unspecified vulnerability in Microsoft Dynamics GP (formerly Great ...) + TODO: check CVE-2006-5264 (Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper ...) NOT-FOR-US: MysqlDumper CVE-2006-5263 (Directory traversal vulnerability in templates/header.php3 in ...) @@ -44532,7 +44956,7 @@ - mediawiki 1.4.11-1 (bug #332408; unknown) CVE-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki ...) - mediawiki 1.4.9 -CVE-2005-3164 (Hitachi Cosminexus Application Server does not properly handle when a ...) +CVE-2005-3164 (The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 ...) NOT-FOR-US: Hitachi Cosminexus Application Server CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...) - polipo 0.9.9-1 (bug #332411; low)