stef-guest at alioth.debian.org
2008-Oct-15 19:13 UTC
[Secure-testing-commits] r10095 - data/CVE
Author: stef-guest Date: 2008-10-15 19:13:17 +0000 (Wed, 15 Oct 2008) New Revision: 10095 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-10-15 15:30:07 UTC (rev 10094) +++ data/CVE/list 2008-10-15 19:13:17 UTC (rev 10095) @@ -1,7 +1,7 @@ CVE-2008-4557 (plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 ...) - TODO: check + NOT-FOR-US: CuteNews.ru CVE-2008-4556 (Stack-based buffer overflow in the adm_build_path function in sadmind ...) - TODO: check + NOT-FOR-US: Sun Solstice AdminSuite CVE-2008-4555 (Stack-based buffer overflow in the push_subg function in parser.y ...) TODO: check CVE-2008-4554 @@ -15,11 +15,11 @@ CVE-2008-4550 RESERVED CVE-2008-4549 (The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ...) - TODO: check + NOT-FOR-US: ImageShack Toolbar ActiveX control CVE-2008-4548 (Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control ...) - TODO: check + NOT-FOR-US: PTZCamPanelCtrl ActiveX control CVE-2008-4547 (Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control ...) - TODO: check + NOT-FOR-US: DVRHOST Web CMS CVE-2008-4546 (Adobe Flash Player 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 ...) TODO: check CVE-2008-4558 (Array index error in VLC media player 0.9.2 allows remote attackers to ...) @@ -118,11 +118,11 @@ CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows context-dependent ...) - xerces-c2 <unfixed> (low; bug #502102) CVE-2008-4480 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x ...) - TODO: check + NOT-FOR-US: Novell eDirectory CVE-2008-4479 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 ...) - TODO: check + NOT-FOR-US: Novell eDirectory CVE-2008-4478 (Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 ...) - TODO: check + NOT-FOR-US: Novell eDirectory CVE-2008-4473 RESERVED CVE-2008-4502 (Multiple PHP remote file inclusion vulnerabilities in DataFeedFile ...) @@ -232,7 +232,7 @@ CVE-2008-4442 RESERVED CVE-2008-4441 (The Marvell driver for the Linksys WAP4400N Wi-Fi access point with ...) - TODO: check + NOT-FOR-US: Linksys CVE-2008-4439 (PHP remote file inclusion vulnerability in admin/bin/patch.php in ...) NOT-FOR-US: MartinWood Datafeed Studio CVE-2008-4438 (Cross-site scripting (XSS) vulnerability in search.php in Datafeed ...) @@ -329,13 +329,13 @@ CVE-2008-4401 RESERVED CVE-2008-4400 (Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup ...) - TODO: check + NOT-FOR-US: CA ARCserve Backup CVE-2008-4399 (Unspecified vulnerability in the database engine service in ...) - TODO: check + NOT-FOR-US: CA ARCserve Backup CVE-2008-4398 (Unspecified vulnerability in the tape engine service in asdbapi.dll in ...) - TODO: check + NOT-FOR-US: CA ARCserve Backup CVE-2008-4397 (Directory traversal vulnerability in the RPC interface (asdbapi.dll) ...) - TODO: check + NOT-FOR-US: CA ARCserve Backup CVE-2008-4396 (Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and ...) NOT-FOR-US: Safer Networking FileAlyzer CVE-2008-XXXX [ltp: insecure temp file] @@ -400,7 +400,7 @@ CVE-2008-4386 RESERVED CVE-2008-4385 (Husdawg, LLC Systems Requirements Lab 3 allows remote attackers to ...) - TODO: check + NOT-FOR-US: LLC Systems Requirements Lab CVE-2008-4384 (Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX ...) NOT-FOR-US: LPViewer ActiveX CVE-2008-4383 (Stack-based buffer overflow in the Agranet-Emweb embedded management ...) @@ -1219,11 +1219,11 @@ CVE-2008-4039 (SQL injection vulnerability in index.php in Spice Classifieds allows ...) NOT-FOR-US: Spice Classifieds CVE-2008-4038 (Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2008-4037 RESERVED CVE-2008-4036 (Integer overflow in Memory Manager in Microsoft Windows XP SP2 and ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2008-4035 RESERVED CVE-2008-4034 @@ -1249,15 +1249,15 @@ CVE-2008-4024 RESERVED CVE-2008-4023 (Active Directory in Microsoft Windows 2000 SP4 does not properly ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2008-4022 RESERVED CVE-2008-4021 RESERVED CVE-2008-4020 (Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2008-4019 (Integer overflow in the REPT function in Microsoft Excel 2000 SP3, ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before ...) {DSA-1638-1 CVE-2006-5051} - openssh 1:4.6p1-1 (low) @@ -1290,83 +1290,83 @@ CVE-2008-4014 RESERVED CVE-2008-4013 (Unspecified vulnerability in the WebLogic Server component in BEA ...) - TODO: check + NOT-FOR-US: BEA WebLogic CVE-2008-4012 (Unspecified vulnerability in the WebLogic Workshop component in BEA ...) - TODO: check + NOT-FOR-US: BEA WebLogic CVE-2008-4011 (Unspecified vulnerability in the WebLogic Server component in BEA ...) - TODO: check + NOT-FOR-US: BEA WebLogic CVE-2008-4010 (Unspecified vulnerability in the WebLogic Workshop component in BEA ...) - TODO: check + NOT-FOR-US: BEA WebLogic CVE-2008-4009 (Unspecified vulnerability in the WebLogic Server component in BEA ...) - TODO: check + NOT-FOR-US: BEA WebLogic CVE-2008-4008 (Unspecified vulnerability in the WebLogic Server Plugins for Apache ...) - TODO: check + NOT-FOR-US: BEA WebLogic CVE-2008-4007 RESERVED CVE-2008-4006 RESERVED CVE-2008-4005 (Unspecified vulnerability in the Oracle Application Express component ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-4004 (Unspecified vulnerability in the JDE EnterpriseOne Business Service ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-4003 (Unspecified vulnerability in the PeopleTools component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-4002 (Unspecified vulnerability in the PeopleTools component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-4001 (Unspecified vulnerability in the PeopleSoft Enterprise Portal ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-4000 (Unspecified vulnerability in the PeopleTools component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3999 RESERVED CVE-2008-3998 (Unspecified vulnerability in the Oracle iStore component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3997 RESERVED CVE-2008-3996 (Unspecified vulnerability in the Change Data Capture component in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3995 (Unspecified vulnerability in the Change Data Capture component in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3994 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3993 (Unspecified vulnerability in the Oracle Applications Framework ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3992 (Unspecified vulnerability in the Oracle Data Mining component in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3991 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3990 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3989 (Unspecified vulnerability in the Oracle Data Mining component in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3988 (Unspecified vulnerability in the iSupplier Portal component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3987 (Unspecified vulnerability in the Oracle Discoverer Desktop component ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3986 (Unspecified vulnerability in the Oracle Discoverer Administrator ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3985 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3984 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3983 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3982 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3981 RESERVED CVE-2008-3980 (Unspecified vulnerability in the Upgrade component in Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3979 RESERVED CVE-2008-3978 RESERVED CVE-2008-3977 (Unspecified vulnerability in the Oracle Portal component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3976 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3975 (Unspecified vulnerability in the Oracle Portal component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-3974 RESERVED CVE-2008-3973 @@ -2669,23 +2669,23 @@ CVE-2008-3480 (Stack-based buffer overflow in the Anzio Web Print Object (WePO) ...) NOT-FOR-US: Anzio Web Print Object CVE-2008-3479 (The Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2008-3478 RESERVED CVE-2008-3477 (Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not ...) - TODO: check + NOT-FOR-US: Microsoft Excel CVE-2008-3476 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-3475 (Microsoft Internet Explorer 6 does not properly handle errors ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-3474 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-3473 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-3472 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-3471 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-3470 RESERVED CVE-2008-3469 @@ -2695,11 +2695,11 @@ CVE-2008-3467 RESERVED CVE-2008-3466 (Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-3465 RESERVED CVE-2008-3464 (afd.sys in the Ancillary Function Driver (AFD) component in Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-3463 RESERVED CVE-2008-3462 @@ -4672,9 +4672,9 @@ CVE-2008-2626 (SQL injection vulnerability in comment.asp in Battle Blog 1.25 and ...) NOT-FOR-US: Battle Blog CVE-2008-2625 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-2624 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-2623 RESERVED CVE-2008-2622 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) @@ -4684,7 +4684,7 @@ CVE-2008-2620 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2008-2619 (Unspecified vulnerability in the Oracle Reports Developer component in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-2618 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2008-2617 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) @@ -4746,7 +4746,7 @@ CVE-2008-2589 (Unspecified vulnerability in the Oracle Portal component in Oracle ...) NOT-FOR-US: Oracle database CVE-2008-2588 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2008-2587 (Unspecified vulnerability in the Advanced Replication component in ...) NOT-FOR-US: Oracle database CVE-2008-2586 (Unspecified vulnerability in the Oracle Application Object Library ...) @@ -5465,11 +5465,11 @@ CVE-2008-2253 (Unspecified vulnerability in Microsoft Windows Media Player 11 allows ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2008-2252 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-2251 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-2250 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-2249 RESERVED CVE-2008-2248 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...) @@ -7362,7 +7362,7 @@ NOTE: already use source port randomization. NOTE: Marking non-caching stub resolvers as low since these really should be fixed, but are much less vulnerable than a caching server. CVE-2008-1446 (Integer overflow in the Internet Printing Protocol (IPP) ISAPI ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP Professional ...) NOT-FOR-US: Microsoft Windows CVE-2008-1444 (Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on ...)