joeyh at alioth.debian.org
2008-Sep-02 21:14 UTC
[Secure-testing-commits] r9728 - data/CVE
Author: joeyh
Date: 2008-09-02 21:14:29 +0000 (Tue, 02 Sep 2008)
New Revision: 9728
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-09-02 17:26:13 UTC (rev 9727)
+++ data/CVE/list 2008-09-02 21:14:29 UTC (rev 9728)
@@ -1,6 +1,97 @@
+CVE-2008-3888 (SQL injection vulnerability in members.asp in Mini-NUKE Freehost
2.3 ...)
+ TODO: check
+CVE-2008-3887 (Multiple SQL injection vulnerabilities in index.php in
dotProject ...)
+ TODO: check
+CVE-2008-3886 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+ TODO: check
+CVE-2008-3885 (Cross-site request forgery (CSRF) vulnerability in Blogn (BURO
GUN) ...)
+ TODO: check
+CVE-2008-3884 (Cross-site scripting (XSS) vulnerability in Blogn (BURO GUN)
1.9.7 and ...)
+ TODO: check
+CVE-2008-3883 (configvar in Caudium 1.4.12 allows local users to overwrite
arbitrary ...)
+ TODO: check
+CVE-2008-3882 (ZoneMinder 1.23.3 and earlier allows remote attackers to execute
...)
+ TODO: check
+CVE-2008-3881 (Multiple cross-site scripting (XSS) vulnerabilities in
ZoneMinder ...)
+ TODO: check
+CVE-2008-3880 (SQL injection vulnerability in zm_html_view_event.php in
ZoneMinder ...)
+ TODO: check
+CVE-2008-3879 (The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx
2.0.2008.801 ...)
+ TODO: check
+CVE-2008-3878 (Stack-based buffer overflow in the Ultra.OfficeControl ActiveX
control ...)
+ TODO: check
+CVE-2008-3877 (Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96
and 4.2 ...)
+ TODO: check
+CVE-2008-3876 (Apple iPhone 2.0.2, in some configurations, allows physically
...)
+ TODO: check
+CVE-2008-3875 (The kernel in Sun Solaris 8 through 10 and OpenSolaris before
snv_90 ...)
+ TODO: check
+CVE-2008-3874 (Cross-site scripting (XSS) vulnerability in account.php in
Lussumo ...)
+ TODO: check
+CVE-2008-3873 (The System.setClipboard method in Adobe Flash Player allows
remote ...)
+ TODO: check
+CVE-2008-3872
+ RESERVED
+CVE-2008-3871
+ RESERVED
+CVE-2008-3870
+ RESERVED
+CVE-2008-3869
+ RESERVED
+CVE-2008-3868
+ RESERVED
+CVE-2008-3867
+ RESERVED
+CVE-2008-3866
+ RESERVED
+CVE-2008-3865
+ RESERVED
+CVE-2008-3864
+ RESERVED
+CVE-2008-3863
+ RESERVED
+CVE-2008-3862
+ RESERVED
+CVE-2008-3861 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR)
1.0.9 and ...)
+ TODO: check
+CVE-2008-3860 (Multiple cross-site scripting (XSS) vulnerabilities (1) in the
WYSIWYG ...)
+ TODO: check
+CVE-2008-3859 (Davlin Thickbox Gallery 2 allows remote attackers to obtain the
...)
+ TODO: check
+CVE-2008-3858 (The Downlevel DB2RA Support component in IBM DB2 9.1 before
Fixpak 4a ...)
+ TODO: check
+CVE-2008-3857 (The Base Service Utilities component in IBM DB2 9.1 before
Fixpak 5 ...)
+ TODO: check
+CVE-2008-3856 (The routine infrastructure component in IBM DB2 9.1 before
Fixpak 5 on ...)
+ TODO: check
+CVE-2008-3855 (Unspecified vulnerability in the DB2 Administration Server (DAS)
in ...)
+ TODO: check
+CVE-2008-3854 (Multiple stack-based buffer overflows in IBM DB2 9.1 before
Fixpak 5 ...)
+ TODO: check
+CVE-2008-3853 (Buffer overflow in the DAS server program in the Core DAS
function ...)
+ TODO: check
+CVE-2008-3852 (Unspecified vulnerability in the CLR stored procedure deployment
from ...)
+ TODO: check
+CVE-2008-3851 (Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2
on ...)
+ TODO: check
+CVE-2008-3850 (Cross-site scripting (XSS) vulnerability in Accellion File
Transfer ...)
+ TODO: check
+CVE-2008-3849 (Cross-site scripting (XSS) vulnerability in the calendar
controller in ...)
+ TODO: check
+CVE-2008-3848 (SQL injection vulnerability in single.php in Z-Breaknews 2.0
allows ...)
+ TODO: check
+CVE-2008-3847 (Multiple cross-site scripting (XSS) vulnerabilities in AN
Guestbook ...)
+ TODO: check
+CVE-2008-3846 (Cross-site scripting (XSS) vulnerability in mysql-lists 1.2 and
...)
+ TODO: check
+CVE-2008-3845 (Multiple SQL injection vulnerabilities in Crafty Syntax Live
Help ...)
+ TODO: check
+CVE-2003-1564 (libxml2, possibly before 2.5.0, does not properly detect
recursion ...)
+ TODO: check
CVE-2008-XXXX [nfdump vulnerable to symlink attacks]
- nfdump <unfixed> (bug #497452)
CVE-2008-3889 [postfix local DoS]
+ RESERVED
- postfix <unfixed> (low)
[etch] - postfix <not-affected> (Vulnerable code not present)
NOTE: http://www.postfix.org/announcements/20080902.html
@@ -9,7 +100,6 @@
[lenny] - wordnet 3.0-11+lenny1
[etch] - wordnet 1:2.1-4+etch1
CVE-2008-XXXX [code execution in newsbeuter via crafted url when opened in
external browser]
- {DTSA-164-1}
[lenny] - newsbeuter 0.9.1-1+lenny2
- newsbeuter 1.2-1 (medium)
NOTE: medium as versions < 1.0-1 didn''t include a patch to wrap
long article URLs so the
@@ -415,7 +505,7 @@
NOT-FOR-US: ZEEJOBSITE
CVE-2008-3705 (Stack-based buffer overflow in the CLogger::WriteFormated
function in ...)
NOT-FOR-US: EchoVNC Linux
-CVE-2008-3704 (Stack-based buffer overflow in the MaskedEdit ActiveX control in
...)
+CVE-2008-3704 (Heap-based buffer overflow in the MaskedEdit ActiveX control in
...)
NOT-FOR-US: Msmask32.ocx
CVE-2008-3703 (The management console in the Volume Manager Scheduler Service
(aka ...)
NOT-FOR-US: Symantec Veritas Storage Foundation
@@ -801,8 +891,8 @@
RESERVED
CVE-2008-3539
RESERVED
-CVE-2008-3538
- RESERVED
+CVE-2008-3538 (libxml2, possibly before 2.5.0, does not properly detect
recursion ...)
+ TODO: check
CVE-2008-3537
RESERVED
CVE-2008-3536
@@ -933,8 +1023,8 @@
NOT-FOR-US: Panasonic Network Camera
CVE-2008-3481 (themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18
and ...)
NOT-FOR-US: Coppermine Photo Gallery
-CVE-2008-3480
- RESERVED
+CVE-2008-3480 (Stack-based buffer overflow in the Anzio Web Print Object (WePO)
...)
+ TODO: check
CVE-2008-3479
RESERVED
CVE-2008-3478
@@ -1348,10 +1438,10 @@
NOT-FOR-US: Filesys::SmbClientParser
CVE-2008-3284
RESERVED
-CVE-2008-3283
- RESERVED
-CVE-2008-3282
- RESERVED
+CVE-2008-3283 (Multiple memory leaks in Red Hat Directory Server 7.1 before
SP7, Red ...)
+ TODO: check
+CVE-2008-3282 (Integer overflow in the rtl_allocateMemory function in ...)
+ TODO: check
CVE-2008-3281 (libxml2 2.6.32 and earlier does not properly detect recursion
during ...)
{DSA-1631-1 DTSA-158-1}
- libxml2 2.6.32.dfsg-3 (medium)
@@ -1662,8 +1752,8 @@
NOT-FOR-US: OllyDBG/ImpREC
CVE-2008-3147 (WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP,
(2) ...)
NOT-FOR-US: WeFi
-CVE-2008-3146
- RESERVED
+CVE-2008-3146 (Unspecified vulnerability in Wireshark and Ethereal on SUSE
Linux ...)
+ TODO: check
CVE-2008-3144 (Multiple integer overflows in the PyOS_vsnprintf function in
...)
{DTSA-157-1}
- python2.4 2.4.5-5
@@ -2143,12 +2233,12 @@
{DSA-1630-1}
- linux-2.6 2.6.22
NOTE: ee6f958291e2a768fd727e7a67badfff0b67711a
-CVE-2008-2930
- RESERVED
-CVE-2008-2929
- RESERVED
-CVE-2008-2928
- RESERVED
+CVE-2008-2930 (Red Hat Directory Server 7.1 before SP7, Red Hat Directory
Server 8, ...)
+ TODO: check
+CVE-2008-2929 (Multiple cross-site scripting (XSS) vulnerabilities in the
adminutil ...)
+ TODO: check
+CVE-2008-2928 (Multiple buffer overflows in the adminutil library in CGI
applications ...)
+ TODO: check
CVE-2008-2926 (The kmxfw.sys driver in CA Host-Based Intrusion Prevention
System ...)
NOT-FOR-US: r8 (Host-Based Intrusion Prevention System)
CVE-2008-2925 (SQL injection vulnerability in Webmatic before 2.8 allows remote
...)
@@ -2681,10 +2771,10 @@
{DSA-1630-1}
- linux-2.6 2.6.19-1
NOTE: 3022d734a54cbd2b65eea9a024564821101b4a9a
-CVE-2008-2728
- RESERVED
-CVE-2008-2727
- RESERVED
+CVE-2008-2728 (Integer overflow in the rb_ary_splice function in Ruby 1.6.x
allows ...)
+ TODO: check
+CVE-2008-2727 (Integer overflow in the rb_ary_splice function in Ruby 1.6.x
allows ...)
+ TODO: check
CVE-2008-2726 (Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and
...)
{DSA-1618-1 DSA-1612-1}
- ruby1.9 1.9.0.2-1
@@ -4355,7 +4445,7 @@
NOT-FOR-US: Cezanne
CVE-2008-1967 (Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp
in ...)
NOT-FOR-US: Cezanne
-CVE-2008-1966 (IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on
Windows ...)
+CVE-2008-1966 (Multiple buffer overflows in the JAR file administration
routines in ...)
NOT-FOR-US: Windows specific
CVE-2008-1965 (Argument injection vulnerability in the cai: URI handler in ...)
NOT-FOR-US: Lotus Expeditor