joeyh at alioth.debian.org
2008-Nov-17 21:14 UTC
[Secure-testing-commits] r10404 - data/CVE
Author: joeyh Date: 2008-11-17 21:14:11 +0000 (Mon, 17 Nov 2008) New Revision: 10404 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-17 18:43:38 UTC (rev 10403) +++ data/CVE/list 2008-11-17 21:14:11 UTC (rev 10404) @@ -1,3 +1,59 @@ +CVE-2008-5097 (SQL injection vulnerability in index.php in MyFWB 1.0 allows remote ...) + TODO: check +CVE-2008-5096 (Unspecified vulnerability in the TYPO3 File List (file_list) extension ...) + TODO: check +CVE-2008-5095 (Cross-site scripting (XSS) vulnerability in the Novell User ...) + TODO: check +CVE-2008-5094 (Heap-based buffer overflow in the NDS Service in Novell eDirectory ...) + TODO: check +CVE-2008-5093 (Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack ...) + TODO: check +CVE-2008-5092 (Heap-based buffer overflows in Novell eDirectory HTTP protocol stack ...) + TODO: check +CVE-2008-5091 (Buffer overflow in the LDAP Service in Novell eDirectory before 8.8 ...) + TODO: check +CVE-2008-5090 (Electron Inc. Advanced Electron Forum before 1.0.7 allows remote ...) + TODO: check +CVE-2008-5089 (Multiple insecure method vulnerabilities in the ...) + TODO: check +CVE-2008-5088 (Multiple SQL injection vulnerabilities in PHPKB Knowledge Base ...) + TODO: check +CVE-2008-5087 (SQL injection vulnerability in TYPO3 Another Backend Login ...) + TODO: check +CVE-2008-5086 + RESERVED +CVE-2008-5085 + RESERVED +CVE-2008-5084 + RESERVED +CVE-2008-5083 + RESERVED +CVE-2008-5082 + RESERVED +CVE-2008-5081 + RESERVED +CVE-2008-5080 + RESERVED +CVE-2008-5079 + RESERVED +CVE-2008-5078 + RESERVED +CVE-2008-5077 + RESERVED +CVE-2008-5075 (Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka ...) + TODO: check +CVE-2008-5074 (SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 ...) + TODO: check +CVE-2008-5073 (Heap-based buffer overflow in an ActiveX control in Novell ZENworks ...) + TODO: check +CVE-2008-5072 (vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers ...) + TODO: check +CVE-2008-5071 (Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel ...) + TODO: check +CVE-2008-5070 (SQL injection vulnerability in Pro Chat Rooms 3.0.3, when ...) + TODO: check +CVE-2008-5069 (SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, ...) + TODO: check CVE-2008-5068 (Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery ...) NOT-FOR-US: Kmita Gallery CVE-2008-5067 (Cross-site scripting (XSS) vulnerability in search.php in Kmita ...) @@ -532,7 +588,7 @@ CVE-2008-XXXX [eog: Python scripts load modules from current directory] - eog 2.22.3-2 (bug #504352; low) [etch] - eog <not-affected> (Vulnerable code not present) -CVE-2008-5076 [htop display corruption] +CVE-2008-5076 (htop 0.7 writes process names to a terminal without sanitizing ...) - htop <unfixed> (unimportant; bug #504144) NOTE: That scenario is too constructed to call it a security issue, especially NOTE: given that the standard top will display the maliciously hidden processes @@ -20085,8 +20141,8 @@ - linux-2.6 <not-affected> (There''s a separate ID for 2.6, see CVE-2007-3719) CVE-2007-3719 (The process scheduler in the Linux kernel 2.6.16 gives preference to ...) - linux-2.6 <unfixed> (unimportant) - NOTE: This is the existing default behaviour of the scheduler, can be tuned - NOTE: to suit individual needs + NOTE: This is the existing default behaviour of the scheduler, can be tuned + NOTE: to suit individual needs CVE-2007-3718 (Multiple unspecified vulnerabilities in the SVG parsing engine in ...) NOT-FOR-US: Apple Safari CVE-2007-3717 (rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call ...)