joeyh at alioth.debian.org
2008-Oct-09 21:14 UTC
[Secure-testing-commits] r10051 - data/CVE
Author: joeyh
Date: 2008-10-09 21:14:13 +0000 (Thu, 09 Oct 2008)
New Revision: 10051
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-10-09 19:22:17 UTC (rev 10050)
+++ data/CVE/list 2008-10-09 21:14:13 UTC (rev 10051)
@@ -1,48 +1,58 @@
-CVE-2008-4502
+CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows
context-dependent ...)
+ TODO: check
+CVE-2008-4480
+ RESERVED
+CVE-2008-4479
+ RESERVED
+CVE-2008-4478
+ RESERVED
+CVE-2008-4473
+ RESERVED
+CVE-2008-4502 (Multiple PHP remote file inclusion vulnerabilities in
DataFeedFile ...)
NOT-FOR-US: DataFeedFile PHP Framework API
-CVE-2008-4501
+CVE-2008-4501 (Directory traversal vulnerability in the FTP server in Serv-U
7.3, and ...)
NOT-FOR-US: Serv-U
-CVE-2008-4500
+CVE-2008-4500 (Serv-U 7.3, and 7.2.0.1 and earlier, allows remote authenticated
users ...)
NOT-FOR-US: Serv-U
-CVE-2008-4499
+CVE-2008-4499 (Multiple directory traversal vulnerabilities in PHP Web Explorer
0.99b ...)
NOT-FOR-US: PHP Web Explorer
-CVE-2008-4498
+CVE-2008-4498 (SQL injection vulnerability in searchresults.php in PHP Autos
2.9.1 ...)
NOT-FOR-US: PHP Autos
-CVE-2008-4497
+CVE-2008-4497 (SQL injection vulnerability in event_detail.php in Built2Go Real
...)
NOT-FOR-US: Built2Go Real Estate Listings
-CVE-2008-4496
+CVE-2008-4496 (SQL injection vulnerability in view_cat.php in PHP Realtor 1.5
allows ...)
NOT-FOR-US: PHP Realtor
-CVE-2008-4495
+CVE-2008-4495 (SQL injection vulnerability in view_cat.php in PHP Auto Dealer
2.7 ...)
NOT-FOR-US: PHP Auto Dealer
-CVE-2008-4494
+CVE-2008-4494 (SQL injection vulnerability in completed-advance.php in
TorrentTrader ...)
NOT-FOR-US: TorrentTrader Classic
-CVE-2008-4493
+CVE-2008-4493 (Microsoft PicturePusher ActiveX control (PipPPush.DLL
7.00.0709), as ...)
NOT-FOR-US: PicturePusher ActiveX
-CVE-2008-4492
+CVE-2008-4492 (SQL injection vulnerability in referrals.php in YourOwnBux 4.0
allows ...)
NOT-FOR-US: YourOwnBux
-CVE-2008-4491
+CVE-2008-4491 (Apple Mail.app 3.5 on Mac OS X, when "Store draft
messages on the ...)
NOT-FOR-US: Mac OS
-CVE-2008-4490
+CVE-2008-4490 (Directory traversal vulnerability in config.inc.php in phpAbook
0.8.8b ...)
NOT-FOR-US: phpAbook
-CVE-2008-4489
+CVE-2008-4489 (Directory traversal vulnerability in ap-save.php in Atarone CMS
1.2.0 ...)
NOT-FOR-US: Atarone CMS
-CVE-2008-4488
+CVE-2008-4488 (Cross-site scripting (XSS) vulnerability in ap-pages.php in
Atarone ...)
NOT-FOR-US: Atarone CMS
-CVE-2008-4487
+CVE-2008-4487 (SQL injection vulnerability in ap-save.php in Atarone CMS 1.2.0
allows ...)
NOT-FOR-US: Atarone CMS
-CVE-2008-4486
+CVE-2008-4486 (Directory traversal vulnerability in index.php in SAC.php
(SACphp), as ...)
NOT-FOR-US: SACphp
-CVE-2008-4485
+CVE-2008-4485 (Cross-site scripting (XSS) vulnerability in the ICAP patience
page in ...)
NOT-FOR-US: Blue Coat Security Gateway OS
-CVE-2008-4484
+CVE-2008-4484 (main.php in Crux Gallery 1.32 and earlier assumes that the user
is an ...)
NOT-FOR-US: Crux Gallery
-CVE-2008-4483
+CVE-2008-4483 (Directory traversal vulnerability in index.php in Crux Gallery
1.32 ...)
NOT-FOR-US: Crux Gallery
-CVE-2008-4481
+CVE-2008-4481 (Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and
earlier ...)
NOT-FOR-US: Redmine
-CVE-2008-4472
+CVE-2008-4472 (The UpdateEngine class in the LiveUpdate ActiveX control ...)
NOT-FOR-US: LiveUpdate ActiveX
-CVE-2008-4471
+CVE-2008-4471 (Directory traversal vulnerability in the CExpressViewerControl
class ...)
NOT-FOR-US: DWF Viewer ActiveX
CVE-2008-4470 (Stack-based buffer overflow in Numark CUE 5.0 rev2 allows ...)
NOT-FOR-US: Numark
@@ -122,7 +132,8 @@
NOT-FOR-US: RMSOFT MiniShop (xoops)
CVE-2008-4431 (SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and
...)
NOT-FOR-US: IceBB
-CVE-2008-4430 (The MagnatuneBrowser::listDownloadComplete function in ...)
+CVE-2008-4430
+ REJECTED
NOTE: duplicate of CVE-2008-3699, will be rejected soon
CVE-2008-4429 (Unspecified vulnerability in SOURCENEXT Virus Security ZERO
9.5.0173 ...)
NOT-FOR-US: SOURCENEXT Virus Security ZERO
@@ -139,8 +150,9 @@
CVE-2008-4423 (SQL injection vulnerability in index.php in Ovidentia 6.6.5
allows ...)
NOT-FOR-US: Ovidentia
CVE-2008-4422
+ REJECTED
NOT-FOR-US: ** REJECT **
-CVE-2008-4421
+CVE-2008-4421 (Directory traversal vulnerability in MetaGauge 1.0.0.17, and
probably ...)
NOT-FOR-US: MetaGauge
CVE-2008-4420
RESERVED
@@ -180,7 +192,7 @@
NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-4408 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1,
1.12.0, ...)
- mediawiki <unfixed> (low; bug #501115)
-CVE-2008-4475 [ibackup: insecure temp files]
+CVE-2008-4475 (ibackup 2.27 allows local users to overwrite arbitrary files via
a ...)
- ibackup <removed> (low; bug #496432)
[etch] - ibackup <no-dsa> (Minor issues)
CVE-2008-XXXX [aegis-web: insecure temp file]
@@ -231,7 +243,7 @@
CVE-2008-XXXX [wims: insecure temp file]
- wims <unfixed> (low; bug #496387)
[etch] - wims <no-dsa> (Minor issue)
-CVE-2008-4474 [freeradius-dialupadmin: insecure temp file]
+CVE-2008-4474 (freeradius-dialupadmin in freeradius 2.0.4 allows local users to
...)
- freeradius 2.0.4+dfsg-6 (low; bug #496389)
CVE-2008-XXXX [bk2site: insecure temp file]
- bk2site <unfixed> (unimportant; bug #496430)
@@ -246,7 +258,7 @@
RESERVED
CVE-2008-4394
RESERVED
-CVE-2008-4393
+CVE-2008-4393 (Cross-site scripting (XSS) vulnerability in VeriSign Kontiki
Delivery ...)
NOT-FOR-US: VeriSign Kontiki
CVE-2008-4392
RESERVED
@@ -264,7 +276,7 @@
RESERVED
CVE-2008-4385
RESERVED
-CVE-2008-4384
+CVE-2008-4384 (Multiple stack-based buffer overflows in MGI Software LPViewer
ActiveX ...)
NOT-FOR-US: LPViewer ActiveX
CVE-2008-4383 (Stack-based buffer overflow in the Agranet-Emweb embedded
management ...)
NOT-FOR-US: Agranet-Emweb
@@ -513,7 +525,7 @@
RESERVED
CVE-2008-4280
RESERVED
-CVE-2008-4279 (Unspecified vulnerability in the CPU hardware emulation for
64-bit ...)
+CVE-2008-4279 (The CPU hardware emulation for 64-bit guest operating systems in
...)
TODO: check
CVE-2008-4278 (VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows
...)
NOT-FOR-US: VMWare VirtualCenter
@@ -1118,7 +1130,7 @@
RESERVED
CVE-2008-4019
RESERVED
-CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch,
and ...)
+CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch;
before ...)
{DSA-1638-1 CVE-2006-5051}
- openssh 1:4.6p1-1 (low)
NOTE: The patch backported for CVE-2006-5051 was incorrect and did not
@@ -1582,8 +1594,7 @@
- iceweasel 3.0
- iceape 1.1.12-1
- icedove <unfixed>
-CVE-2008-3834 [dbus DoS]
- RESERVED
+CVE-2008-3834 (The dbus_signature_validate function in the D-bus library
(libdbus) ...)
- dbus <unfixed> (bug #501443)
CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the
Linux ...)
TODO: check
@@ -1591,17 +1602,17 @@
- linux-2.6 <not-affected> (Fedora-specific patch)
CVE-2008-3831
RESERVED
-CVE-2008-3830
+CVE-2008-3830 (Condor before 7.0.5 does not properly handle when the
configuration ...)
- condor <itp> (bug #233482)
-CVE-2008-3829
+CVE-2008-3829 (Unspecified vulnerability in the condor_ schedd daemon in Condor
...)
- condor <itp> (bug #233482)
-CVE-2008-3828
+CVE-2008-3828 (Stack-based buffer overflow in the condor_ schedd daemon in
Condor ...)
- condor <itp> (bug #233482)
CVE-2008-3827 (Multiple integer underflows in MPlayer 1.0_rc2 and earlier allow
...)
{DSA-1644-1 DTSA-168-1}
- mplayer 1.0~rc2-18 (medium; bug #500683)
NOTE: http://www.ocert.org/advisories/ocert-2008-013.html
-CVE-2008-3826
+CVE-2008-3826 (Unspecified vulnerability in Condor before 7.0.5 allows
attackers to ...)
- condor <itp> (bug #233482)
CVE-2008-3825 (pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and
earlier, when ...)
NOT-FOR-US: Different code base than Debian''s libpam-krb5
@@ -1627,7 +1638,7 @@
RESERVED
CVE-2008-3815
RESERVED
-CVE-2008-3814
+CVE-2008-3814 (Unspecified vulnerability in Cisco Unity 4.x before 4.0ES161,
5.x ...)
NOT-FOR-US: Cisco
CVE-2008-3813 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the
L2TP ...)
NOT-FOR-US: Cisco IOS
@@ -1763,7 +1774,7 @@
CVE-2008-XXXX [xastir: insecure temp files]
- xastir 1.9.2-1.1 (low; bug #496383)
[etch] - xastir <no-dsa> (Minor issue)
-CVE-2008-4477 [mon: insecure temp files]
+CVE-2008-4477 (alert.d/test.alert in mon 0.99.2 allows local users to overwrite
...)
{DSA-1648-1}
- mon 0.99.2-13 (medium; bug #496398)
CVE-2008-3790 (The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through
...)
@@ -1817,7 +1828,7 @@
CVE-2008-XXXX [mgetty: insecure temp files]
- mgetty 1.1.36-1.3 (low; bug #496403)
[etch] - mgetty <no-dsa> (Minor issue)
-CVE-2008-4476 [sympa: multiple insecure temp files]
+CVE-2008-4476 (sympa.pl in sympa 5.3.4 allows local users to overwrite
arbitrary ...)
- sympa 5.3.4-5.1 (low; bug #496405; bug #494969)
[etch] - sympa <no-dsa> (Minor issues)
CVE-2008-XXXX [sng: insecure temp file]
@@ -2359,7 +2370,7 @@
RESERVED
CVE-2008-3544
RESERVED
-CVE-2008-3543
+CVE-2008-3543 (Unspecified vulnerability in NFS / ONCplus B.11.31_04 and
earlier on ...)
NOT-FOR-US: HP-UX
CVE-2008-3542 (Unspecified vulnerability in HP Insight Diagnostics before
7.9.1.2402 ...)
NOT-FOR-US: HP Insight Diagnostics
@@ -3475,13 +3486,13 @@
RESERVED
CVE-2008-3064 (Unspecified vulnerability in RealNetworks RealPlayer Enterprise,
...)
NOT-FOR-US: RealNetworks RealPlayer Enterprise
-CVE-2008-3063
+CVE-2008-3063 (SQL injection vulnerability in login.php in V-webmail 1.5.0
might ...)
NOT-FOR-US: V-webmail
CVE-2008-3062
RESERVED
-CVE-2008-3061
+CVE-2008-3061 (Open redirect vulnerability in redirect.php in V-webmail 1.5.0
allows ...)
NOT-FOR-US: V-webmail
-CVE-2008-3060
+CVE-2008-3060 (V-webmail 1.5.0 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: V-webmail
CVE-2008-3059
RESERVED