joeyh at alioth.debian.org
2008-Nov-14 21:14 UTC
[Secure-testing-commits] r10390 - data/CVE
Author: joeyh
Date: 2008-11-14 21:14:10 +0000 (Fri, 14 Nov 2008)
New Revision: 10390
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-11-14 20:07:02 UTC (rev 10389)
+++ data/CVE/list 2008-11-14 21:14:10 UTC (rev 10390)
@@ -1,3 +1,65 @@
+CVE-2008-5068 (Multiple cross-site scripting (XSS) vulnerabilities in Kmita
Gallery ...)
+ TODO: check
+CVE-2008-5067 (Cross-site scripting (XSS) vulnerability in search.php in Kmita
...)
+ TODO: check
+CVE-2008-5066 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-5065 (TlGuestBook 1.2 allows remote attackers to bypass authentication
and ...)
+ TODO: check
+CVE-2008-5064 (SQL injection vulnerability in liga.php in H&H WebSoccer
2.80 allows ...)
+ TODO: check
+CVE-2008-5063 (PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php
in ...)
+ TODO: check
+CVE-2008-5062 (Directory traversal vulnerability in php/cal_pdf.php in Mini Web
...)
+ TODO: check
+CVE-2008-5061 (Cross-site scripting (XSS) vulnerability in php/cal_default.php
in ...)
+ TODO: check
+CVE-2008-5060 (Multiple PHP remote file inclusion vulnerabilities in ModernBill
4.4 ...)
+ TODO: check
+CVE-2008-5059 (Cross-site scripting (XSS) vulnerability in index.php in
ModernBill ...)
+ TODO: check
+CVE-2008-5058 (SQL injection vulnerability in siteadmin/loginsucess.php in Pre
Simple ...)
+ TODO: check
+CVE-2008-5057 (SQL injection vulnerability in film.asp in Yigit Aybuga Dizi
Portali ...)
+ TODO: check
+CVE-2008-5056 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2008-5055 (SQL injection vulnerability in department_offline_context.php in
...)
+ TODO: check
+CVE-2008-5054 (Multiple SQL injection vulnerabilities in Develop It Easy
Membership ...)
+ TODO: check
+CVE-2008-5053 (PHP remote file inclusion vulnerability in admin.rssreader.php
in the ...)
+ TODO: check
+CVE-2008-5052 (The AppendAttributeValue function in the JavaScript engine in
Mozilla ...)
+ TODO: check
+CVE-2008-5051 (SQL injection vulnerability in the JooBlog (com_jb2) component
0.1.1 ...)
+ TODO: check
+CVE-2008-5049 (Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft
Anti-Keylogger ...)
+ TODO: check
+CVE-2008-5048 (Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite
4.2.1 and ...)
+ TODO: check
+CVE-2008-5047 (SQL injection vulnerability in admin/index.php in Mole Group
Rental ...)
+ TODO: check
+CVE-2008-5046 (SQL injection vulnerability in index.php in Mole Group Pizza
Script ...)
+ TODO: check
+CVE-2008-5045 (Heap-based buffer overflow in Network-Client FTP Now 2.6, and
possibly ...)
+ TODO: check
+CVE-2008-5044 (Race condition in Microsoft Windows Server 2003 and Vista allows
local ...)
+ TODO: check
+CVE-2008-5043 (Multiple cross-site scripting (XSS) vulnerabilities in the
web-based ...)
+ TODO: check
+CVE-2008-5042 (Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers
to ...)
+ TODO: check
+CVE-2008-5041 (Sweex RO002 Router with firmware Ts03-072 has
"rdc123" as its default ...)
+ TODO: check
+CVE-2008-5040 (Graphiks MyForum 1.3 allows remote attackers to bypass
authentication ...)
+ TODO: check
+CVE-2008-5039 (Cross-site scripting (XSS) vulnerability in the League module
for ...)
+ TODO: check
+CVE-2008-5038 (Use after free vulnerability in the NetWare Core Protocol (NCP)
...)
+ TODO: check
+CVE-2008-5037 (SQL injection vulnerability in view.php in ElkaGroup Image
Gallery 1.0 ...)
+ TODO: check
CVE-2008-XXXX [interchange Cross-Site Scripting Vulnerabilities]
- interchange 5.6.1-1 (bug #505732)
NOTE: this is SA32658
@@ -16,32 +78,32 @@
TODO: check
CVE-2008-5030 (Heap-based buffer overflow in the cddb_read_disc_data function
in ...)
- libcdaudio 0.99.12p2-7 (bug #505478)
-CVE-2008-5024
- RESERVED
-CVE-2008-5023
- RESERVED
-CVE-2008-5022
- RESERVED
-CVE-2008-5021
- RESERVED
+CVE-2008-5024 (Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18,
...)
+ TODO: check
+CVE-2008-5023 (Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and
SeaMonkey ...)
+ TODO: check
+CVE-2008-5022 (The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x
...)
+ TODO: check
+CVE-2008-5021 (nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before
...)
+ TODO: check
CVE-2008-5020
RESERVED
-CVE-2008-5019
- RESERVED
-CVE-2008-5018
- RESERVED
-CVE-2008-5017
- RESERVED
-CVE-2008-5016
- RESERVED
-CVE-2008-5015
- RESERVED
-CVE-2008-5014
- RESERVED
-CVE-2008-5013
- RESERVED
-CVE-2008-5012
- RESERVED
+CVE-2008-5019 (The session restore feature in Mozilla Firefox 3.x before 3.0.4
and ...)
+ TODO: check
+CVE-2008-5018 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.4,
Firefox 2.x ...)
+ TODO: check
+CVE-2008-5017 (Integer overflow in xpcom/io/nsEscape.cpp in the browser engine
in ...)
+ TODO: check
+CVE-2008-5016 (The layout engine in Mozilla Firefox 3.x before 3.0.4,
Thunderbird 2.x ...)
+ TODO: check
+CVE-2008-5015 (Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a
file: ...)
+ TODO: check
+CVE-2008-5014 (jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x
before ...)
+ TODO: check
+CVE-2008-5013 (Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before
1.1.13 do ...)
+ TODO: check
+CVE-2008-5012 (Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before
2.0.0.18, ...)
+ TODO: check
CVE-2008-5010 (in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10,
and ...)
TODO: check
CVE-2008-XXXX [OptiPNG BMP Reader Buffer Overflow]
@@ -94,7 +156,7 @@
- initramfs-tools <unfixed> (unimportant; bug #496386)
CVE-2008-4992 (The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5
and ...)
NOT-FOR-US: Sun System Firmware
-CVE-2008-5050 [ClamAV get_unicode_name() off-by-one buffer overflow]
+CVE-2008-5050 (Off-by-one error in the get_unicode_name function ...)
- clamav 0.94.dfsg.1-1 (bug #505134)
CVE-2008-4991 (SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and
...)
NOT-FOR-US: LOCKON CO.,LTD. EC-CUBE
@@ -104,8 +166,7 @@
- wordpress <unfixed> (bug #504771)
CVE-2008-4990
RESERVED
-CVE-2008-4989 [gnutls man in the middle attack for certificate validation]
- RESERVED
+CVE-2008-4989 (The _gnutls_x509_verify_certificate function in
lib/x509/verify.c in ...)
- gnutls26 2.4.2-2
CVE-2008-4963 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP)
...)
NOT-FOR-US: Cisco IOS and CatOS
@@ -973,7 +1034,7 @@
NOT-FOR-US: Chilkat Mail
CVE-2008-4583 (Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX
component ...)
NOT-FOR-US: Chilkat FTP
-CVE-2008-4582 (Mozilla Firefox 3.0.1 through 3.0.3 on Windows does not properly
...)
+CVE-2008-4582 (Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before
2.0.0.18, and ...)
- iceweasel <not-affected> (Windows-specific)
- iceape <not-affected> (Windows-specific)
CVE-2008-4581 (The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and
release ...)
@@ -2262,24 +2323,24 @@
NOT-FOR-US: Spice Classifieds
CVE-2008-4038 (Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3,
Server ...)
NOT-FOR-US: Microsoft Windows
-CVE-2008-4037
- RESERVED
+CVE-2008-4037 (Microsoft Windows 2000 Gold through SP4, XP Gold through SP3,
Server ...)
+ TODO: check
CVE-2008-4036 (Integer overflow in Memory Manager in Microsoft Windows XP SP2
and ...)
NOT-FOR-US: Microsoft Windows
CVE-2008-4035
RESERVED
CVE-2008-4034
RESERVED
-CVE-2008-4033
- RESERVED
+CVE-2008-4033 (Cross-domain vulnerability in Microsoft XML Core Services 3.0
through ...)
+ TODO: check
CVE-2008-4032
RESERVED
CVE-2008-4031
RESERVED
CVE-2008-4030
RESERVED
-CVE-2008-4029
- RESERVED
+CVE-2008-4029 (Cross-domain vulnerability in Microsoft XML Core Services 3.0
and 4.0, ...)
+ TODO: check
CVE-2008-4028
RESERVED
CVE-2008-4027
@@ -12591,8 +12652,8 @@
RESERVED
CVE-2008-0018
RESERVED
-CVE-2008-0017
- RESERVED
+CVE-2008-0017 (The http-index-format MIME type parser (nsDirIndexParser) in
Firefox ...)
+ TODO: check
CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in
...)
{DSA-1649-1}
NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
@@ -29265,7 +29326,7 @@
NOT-FOR-US: SPINE
CVE-2007-0100 (The Perforce client does not restrict the set of files that it
...)
NOT-FOR-US: Perforce
-CVE-2007-0099 (Race condition in the msxml3 module in Microsoft Internet
Explorer 6 ...)
+CVE-2007-0099 (Race condition in the msxml3 module in Microsoft XML Core
Services ...)
NOT-FOR-US: Microsoft
CVE-2007-0098 (Directory traversal vulnerability in language.php in VerliAdmin
0.3 ...)
NOT-FOR-US: VerliAdmin