Author: nion Date: 2008-07-16 11:43:27 +0000 (Wed, 16 Jul 2008) New Revision: 9345 Modified: data/CVE/list Log: NFUs cveified ffmpeg Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-07-16 09:33:55 UTC (rev 9344) +++ data/CVE/list 2008-07-16 11:43:27 UTC (rev 9345) @@ -1,23 +1,23 @@ CVE-2008-3186 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog ...) - TODO: check + NOT-FOR-US: Chipmunk Blog CVE-2008-3185 (SQL injection vulnerability in index.php in Relative Real Estate ...) - TODO: check + NOT-FOR-US: Relative Real Estate Systems CVE-2008-3184 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin ...) - TODO: check + NOT-FOR-US: vBulletin CVE-2008-3183 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: gapicms CVE-2008-3182 (Stack-based buffer overflow in DAP.exe in Download Accelerator Plus ...) - TODO: check + NOT-FOR-US: Download Accelerator Plus CVE-2008-3181 (Unrestricted file upload vulnerability in upload.php in ContentNow CMS ...) - TODO: check + NOT-FOR-US: ContentNow CMS CVE-2008-3180 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: ContentNow CMS CVE-2008-3179 (Directory traversal vulnerability in website.php in Web 2 Business ...) - TODO: check + NOT-FOR-US: phpDatingClub CVE-2008-3178 (Unrestricted file upload vulnerability in upload_pictures.php in ...) - TODO: check + NOT-FOR-US: WebXell Editor CVE-2008-3177 (Sophos virus detection engine 2.75 on Linux and Unix, as used in ...) - TODO: check + NOT-FOR-US: Sophos virus detection engine CVE-2008-3176 RESERVED CVE-2008-3175 @@ -25,57 +25,58 @@ CVE-2008-3174 RESERVED CVE-2008-3173 (Microsoft Internet Explorer allows web sites to set cookies for ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2008-3172 (Opera allows web sites to set cookies for country-specific top-level ...) - TODO: check + NOT-FOR-US: Opera CVE-2008-3171 (Apple Safari sends Referer headers containing https URLs to different ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2008-3170 (Apple Safari allows web sites to set cookies for country-specific ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2008-3169 (Multiple heap-based buffer overflows in Empire Server before 4.3.15 ...) - TODO: check + NOT-FOR-US: Empire Server CVE-2008-3168 (The files utility in Empire Server before 4.3.15 discloses the world ...) - TODO: check + NOT-FOR-US: Empire Server CVE-2008-3167 (Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin ...) - TODO: check + NOT-FOR-US: BoonEx Dolphin CVE-2008-3166 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: BoonEx Ray CVE-2008-3165 (Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a ...) - TODO: check + NOT-FOR-US: fuzzylime CVE-2008-3164 (Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, ...) - TODO: check + NOT-FOR-US: fuzzylime CVE-2008-3163 (Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 ...) - TODO: check + NOT-FOR-US: DodosMail CVE-2008-3162 (Stack-based buffer overflow in the str_read_packet function in ...) - TODO: check + - ffmpeg-debian 0.svn20080206-10 (bug #489965; low) + TODO: Check the various embedders in Etch, horray for librification in Lenny CVE-2008-3161 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: IBM Maximo CVE-2008-3160 (Multiple unspecified vulnerabilities in IBM Data ONTAP 7.1 before ...) - TODO: check + NOT-FOR-US: IBM Data ONTAP CVE-2008-3159 (Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory ...) - TODO: check + NOT-FOR-US: eDirectory CVE-2008-3158 (Unspecified vulnerability in NWFS.SYS in Novell Client for Windows ...) - TODO: check + NOT-FOR-US: Novell Client for Windows CVE-2008-3157 (Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit ...) - TODO: check + NOT-FOR-US: Nortel SIP Multimedia PC Client CVE-2008-3156 (The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan ...) - TODO: check + NOT-FOR-US: Panda ActiveScan CVE-2008-3155 (Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in ...) - TODO: check + NOT-FOR-US: Panda ActiveScan CVE-2008-3154 (SQL injection vulnerability in index.php in WebBlizzard CMS allows ...) - TODO: check + NOT-FOR-US: WebBlizzard CMS CVE-2008-3153 (SQL injection vulnerability in Triton CMS Pro allows remote attackers ...) - TODO: check + NOT-FOR-US: Triton CMS Pro CVE-2008-3152 (SQL injection vulnerability in directory.php in SmartPPC and SmartPPC ...) - TODO: check + NOT-FOR-US: SmartPPC CVE-2008-3151 (SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke ...) - TODO: check + NOT-FOR-US: PHP-NUke CVE-2008-3150 (Directory traversal vulnerability in index.php in Neutrino Atomic ...) - TODO: check + NOT-FOR-US: Neutrino Atomic Edition CVE-2008-3149 (The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote ...) - TODO: check + NOT-FOR-US: F5 FirePass CVE-2008-3148 (Stack-based buffer overflow in (1) OllyDBG 1.10 and (2) ImpREC 1.7f ...) - TODO: check + NOT-FOR-US: OllyDBG/ImpREC CVE-2008-3147 (WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) ...) TODO: check CVE-2008-3146 @@ -258,11 +259,6 @@ NOT-FOR-US: MyBB CVE-2008-3069 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB before ...) NOT-FOR-US: MyBB -CVE-2008-XXXX [ffmpeg STR demuxer buffer overflow] - - ffmpeg-debian 0.svn20080206-10 (bug #489965; low) - NOTE: http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=13993 - NOTE: CVE id requested - TODO: Check the various embedders in Etch, horray for librification in Lenny CVE-2008-3068 (Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, ...) NOT-FOR-US: Microsoft Crypto API CVE-2008-3067 (sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when ...)