joeyh at alioth.debian.org
2008-Nov-07 21:14 UTC
[Secure-testing-commits] r10330 - data/CVE
Author: joeyh Date: 2008-11-07 21:14:10 +0000 (Fri, 07 Nov 2008) New Revision: 10330 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-07 20:16:59 UTC (rev 10329) +++ data/CVE/list 2008-11-07 21:14:10 UTC (rev 10330) @@ -1,3 +1,5 @@ +CVE-2008-4991 (SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and ...) + TODO: check CVE-2008-XXXX [Nagios "cmd.cgi" Cross-Site Request Forgery] - nagios3 <unfixed> (bug #504894) TODO: check nagios2 @@ -1491,7 +1493,7 @@ RESERVED CVE-2008-4310 RESERVED -CVE-2008-4309 (The getbulk code in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, ...) +CVE-2008-4309 (Integer overflow in the netsnmp_create_subtree_cache function in ...) - net-snmp 5.4.1~dfsg-11 (bug #504150) CVE-2008-4308 RESERVED @@ -1727,12 +1729,12 @@ - pdnsd 1.2.6-par-10 (bug #500910) CVE-2008-4193 (Stack-based buffer overflow in SecurityGateway.dll in Alt-N ...) NOT-FOR-US: Alt-N Technologies SecurityGateway -CVE-2008-4192 (The pserver_shutdown function in fence_egenera in cman 2.20080629 ...) +CVE-2008-4192 (The pserver_shutdown function in fence_egenera in cman 2.20080629 and ...) - redhat-cluster 2.20081102-1 (bug #496410; low) CVE-2008-4191 (extract-table.pl in Emacspeak 26 and 28 allows local users to ...) - emacspeak 28.0-2 (bug #496431; low) [etch] - emacspeak <no-dsa> (Minor issue) -CVE-2008-4190 (The IPSEC livetest tool in Openswan 2.4.4 and earlier allows local ...) +CVE-2008-4190 (The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x ...) - openswan 1:2.4.12+dfsg-1.3 (bug #496374; low) [etch] - openswan <no-dsa> (Vulnerable code only in example script) CVE-2008-XXXX [jumpnbump: insecure temp file] @@ -1987,7 +1989,7 @@ NOT-FOR-US: Acoustica Beatcraft CVE-2008-4086 (SQL injection vulnerability in index.php in Reciprocal Links Manager ...) NOT-FOR-US: Reciprocal Links Manager -CVE-2008-4085 (Plait before 1.6 allows local users to overwrite arbitrary files via a ...) +CVE-2008-4085 (plaiter in Plait before 1.6 allows local users to overwrite arbitrary ...) - plait 1.5.2-2 (low; bug #496381) CVE-2008-4084 (SQL injection vulnerability in staticpages/easyclassifields/index.php ...) NOT-FOR-US: MyioSoft EasyClassifields @@ -3248,7 +3250,7 @@ NOT-FOR-US: Mac OSX CVE-2008-3637 (The Hash-based Message Authentication Code (HMAC) provider in Java on ...) NOT-FOR-US: Mac OSX -CVE-2008-3636 (Integer overflow in an unspecified third-party driver bundled with ...) +CVE-2008-3636 (Integer overflow in the Microsoft Windows Kernel IopfCompleteRequest ...) NOT-FOR-US: Apple iTunes CVE-2008-3635 (Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an ...) NOT-FOR-US: Apple Quick Times @@ -8789,7 +8791,7 @@ NOT-FOR-US: Snom 320 SIP Phone CVE-2008-1247 (The web interface on the Linksys WRT54g router with firmware 1.00.9 ...) NOT-FOR-US: Linksys WRT54g router -CVE-2008-1246 (The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local ...) +CVE-2008-1246 (** DISPUTED ** ...) NOT-FOR-US: Cisco PIX/ASA Finesse Operation System CVE-2008-1245 (cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with ...) NOT-FOR-US: Belkin router