joeyh at alioth.debian.org
2008-Nov-10 21:14 UTC
[Secure-testing-commits] r10358 - data/CVE
Author: joeyh
Date: 2008-11-10 21:14:14 +0000 (Mon, 10 Nov 2008)
New Revision: 10358
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-11-10 18:54:12 UTC (rev 10357)
+++ data/CVE/list 2008-11-10 21:14:14 UTC (rev 10358)
@@ -1,3 +1,37 @@
+CVE-2008-5008 (Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC
or ...)
+ TODO: check
+CVE-2008-5007 (create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local
users to ...)
+ TODO: check
+CVE-2008-5006 (smtp.c in the c-client library in University of Washington IMAP
...)
+ TODO: check
+CVE-2008-5005 (Multiple stack-based buffer overflows in (1) University of
Washington ...)
+ TODO: check
+CVE-2008-5004 (SQL injection vulnerability in genscode.php in myWebland Bloggie
Lite ...)
+ TODO: check
+CVE-2008-5003 (SQL injection vulnerability in ndetail.php in Shahrood allows
remote ...)
+ TODO: check
+CVE-2008-5002 (Insecure method vulnerability in the
ChilkatCrypt2.ChilkatCrypt2.1 ...)
+ TODO: check
+CVE-2008-5001 (Multiple stack-based buffer overflows in multiple functions in
...)
+ TODO: check
+CVE-2008-5000 (SQL injection vulnerability in admin/includes/news.inc.php in
PHPX ...)
+ TODO: check
+CVE-2008-4999 (Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers
to ...)
+ TODO: check
+CVE-2008-4998 (** DISPUTED ** ...)
+ TODO: check
+CVE-2008-4997 (** DISPUTED ** ...)
+ TODO: check
+CVE-2008-4996 (** DISPUTED ** ...)
+ TODO: check
+CVE-2008-4995 (redirect.pl in bk2site 1.1.9 allows local users to overwrite
arbitrary ...)
+ TODO: check
+CVE-2008-4994 (The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows
local ...)
+ TODO: check
+CVE-2008-4993 (qemu-dm.debug in Xen 3.2.1 allows local users to overwrite
arbitrary ...)
+ TODO: check
+CVE-2008-4992 (The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5
and ...)
+ TODO: check
CVE-2008-XXXX [ClamAV get_unicode_name() off-by-one buffer overflow]
- clamav <unfixed> (bug #505134)
CVE-2008-4991 (SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and
...)
@@ -79,8 +113,8 @@
RESERVED
CVE-2008-4916
RESERVED
-CVE-2008-4915
- RESERVED
+CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and
earlier and ...)
+ TODO: check
CVE-2008-4914
RESERVED
CVE-2008-4913 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.3
and ...)
@@ -282,8 +316,8 @@
RESERVED
CVE-2008-4832
RESERVED
-CVE-2008-4831
- RESERVED
+CVE-2008-4831 (Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and
...)
+ TODO: check
CVE-2008-4830
RESERVED
CVE-2008-4829
@@ -298,18 +332,18 @@
RESERVED
CVE-2008-4824
RESERVED
-CVE-2008-4823
- RESERVED
-CVE-2008-4822
- RESERVED
-CVE-2008-4821
- RESERVED
-CVE-2008-4820
- RESERVED
-CVE-2008-4819
- RESERVED
-CVE-2008-4818
- RESERVED
+CVE-2008-4823 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player
...)
+ TODO: check
+CVE-2008-4822 (Adobe Flash Player 9.0.124.0 and earlier does not properly
interpret ...)
+ TODO: check
+CVE-2008-4821 (Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser
is ...)
+ TODO: check
+CVE-2008-4820 (Unspecified vulnerability in the Flash Player ActiveX control in
Adobe ...)
+ TODO: check
+CVE-2008-4819 (Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and
earlier ...)
+ TODO: check
+CVE-2008-4818 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player
...)
+ TODO: check
CVE-2008-4817 (The Download Manager in Adobe Acrobat Professional and Reader
8.1.2 ...)
TODO: check
CVE-2008-4816 (Unspecified vulnerability in the Download Manager in Adobe
Reader ...)
@@ -455,6 +489,7 @@
CVE-2008-4770
RESERVED
CVE-2008-4776 (libgadu before 1.8.2 allows remote servers to cause a denial of
...)
+ {DSA-1664-1}
- libgadu 1:1.8.0+r592-3 (low; bug #503916)
- kadu 0.6.0.2-3 (low; bug #504429)
- ekg 1:1.8~rc0-1 (low)
@@ -1217,8 +1252,8 @@
RESERVED
CVE-2008-4415
RESERVED
-CVE-2008-4414
- RESERVED
+CVE-2008-4414 (Unspecified vulnerability in the AdvFS showfile command in HP
Tru64 ...)
+ TODO: check
CVE-2008-4413 (Unspecified vulnerability in HP System Management Homepage (SMH)
2.2.6 ...)
NOT-FOR-US: HP System Management Homepage
CVE-2008-4412 (Unspecified vulnerability in HP Systems Insight Manager (SIM)
before ...)
@@ -1573,8 +1608,8 @@
RESERVED
CVE-2008-4282
RESERVED
-CVE-2008-4281
- RESERVED
+CVE-2008-4281 (Directory traversal vulnerability in VMWare ESXi 3.5 before ...)
+ TODO: check
CVE-2008-4280
RESERVED
CVE-2008-4279 (The CPU hardware emulation for 64-bit guest operating systems in
...)
@@ -11805,7 +11840,7 @@
NOT-FOR-US: SanyBee Gallery
CVE-2007-6647 (SQL injection vulnerability in index.php in w-Agora 4.2.1 and
earlier ...)
NOT-FOR-US: w-Agora
-CVE-2007-6646 (Multiple cross-site scripting (XSS) vulnerabilities in LiveCart
1.0.1 ...)
+CVE-2007-6646 (Multiple cross-site scripting (XSS) vulnerabilities in LiveCart
1.0.1, ...)
NOT-FOR-US: LiveCart
CVE-2007-6645 (Unspecified vulnerability in Joomla! before 1.5 RC4 allows
remote ...)
- joomla <itp> (bug #326398)
@@ -26502,7 +26537,7 @@
- dcc <removed> (medium; bug #439718)
CVE-2007-1046 (Dem_trac allows remote attackers to read log file contents via a
...)
NOT-FOR-US: Dem_trac
-CVE-2007-1045 (mAlbum 0.3 has default accunts (1)
"login"/"pass" for its ...)
+CVE-2007-1045 (mAlbum 0.3 has default accounts (1)
"login"/"pass" for its ...)
NOT-FOR-US: mAlbum
CVE-2007-1044 (Pearson Education PowerSchool 4.3.6 allows remote attackers to
list ...)
NOT-FOR-US: PowerSchool