joeyh at alioth.debian.org
2008-Nov-18 21:14 UTC
[Secure-testing-commits] r10416 - data/CVE
Author: joeyh Date: 2008-11-18 21:14:20 +0000 (Tue, 18 Nov 2008) New Revision: 10416 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-18 18:41:13 UTC (rev 10415) +++ data/CVE/list 2008-11-18 21:14:20 UTC (rev 10416) @@ -1,4 +1,72 @@ -CVE-2008-5110 [syslog-ng not properly chrooting] +CVE-2008-5132 (SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT ...) + TODO: check +CVE-2008-5131 (Multiple SQL injection vulnerabilities in Develop It Easy News And ...) + TODO: check +CVE-2008-5130 (Ocean12 Calendar Manager Gold 2.04 stores sensitive information under ...) + TODO: check +CVE-2008-5129 (Ocean12 Poll Manager Pro 1.00 stores sensitive information under the ...) + TODO: check +CVE-2008-5128 (Ocean12 Membership Manager Pro stores sensitive information under the ...) + TODO: check +CVE-2008-5127 (Ocean12 Contact Manager Pro 1.02 stores sensitive information under ...) + TODO: check +CVE-2008-5126 (Cross-site scripting (XSS) vulnerability in search.php in BoutikOne ...) + TODO: check +CVE-2008-5125 (admin.php in CCleague Pro 1.2 allows remote attackers to bypass ...) + TODO: check +CVE-2008-5124 (JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to ...) + TODO: check +CVE-2008-5123 (SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows ...) + TODO: check +CVE-2008-5122 (SQL injection vulnerability in ContentRatingGraph.aspx in Ektron ...) + TODO: check +CVE-2008-5121 (dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 ...) + TODO: check +CVE-2008-5120 (Stack-based buffer overflow in the Process Software MultiNet finger ...) + TODO: check +CVE-2008-5119 (Cross-site scripting (XSS) vulnerability in search.php in ...) + TODO: check +CVE-2008-5118 (Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 ...) + TODO: check +CVE-2008-5117 (Open redirect vulnerability in Sun Java System Identity Manager 6.0 ...) + TODO: check +CVE-2008-5116 (Unspecified vulnerability in Sun Java System Identity Manager 6.0 ...) + TODO: check +CVE-2008-5115 (Cross-site request forgery (CSRF) vulnerability in Sun Java System ...) + TODO: check +CVE-2008-5114 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) + TODO: check +CVE-2008-5113 (WordPress 2.6.3 relies on the REQUEST superglobal array in certain ...) + TODO: check +CVE-2008-5112 (The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and ...) + TODO: check +CVE-2008-5111 (Unspecified vulnerability in the socket function in Sun Solaris 10 and ...) + TODO: check +CVE-2008-5109 + RESERVED +CVE-2008-5108 (Unspecified vulnerability in Adobe AIR 1.1 and earlier allows ...) + TODO: check +CVE-2008-5107 (The installation process for Citrix Presentation Server 4.5 and ...) + TODO: check +CVE-2008-5106 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote ...) + TODO: check +CVE-2008-5105 (KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a ...) + TODO: check +CVE-2008-5104 (Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual ...) + TODO: check +CVE-2008-5103 (The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in ...) + TODO: check +CVE-2008-5102 (PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other ...) + TODO: check +CVE-2008-5101 (Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows ...) + TODO: check +CVE-2008-5100 (The strong name (SN) implementation in Microsoft .NET Framework ...) + TODO: check +CVE-2008-5099 (Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through ...) + TODO: check +CVE-2008-5098 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging ...) + TODO: check +CVE-2008-5110 (syslog-ng does not call chdir when it calls chroot, which might allow ...) - syslog-ng <unfixed> (unimportant; bug #505791) NOTE: no security flaw by itself, still it should be fixed CVE-2008-XXXX [dovecot directory traversal] @@ -186,8 +254,7 @@ NOT-FOR-US: IBM Lotus Quickr CVE-2008-5009 (Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, ...) NOT-FOR-US: Sun Solstice X.25 -CVE-2008-5025 [kernel: one more hfsplus issue] - RESERVED +CVE-2008-5025 (Stack-based buffer overflow in the hfs_cat_find_brec function in ...) - linux-2.6 2.6.26-11 - linux-2.6.24 <unfixed> CVE-2008-5029 (The __scm_destroy function in net/core/scm.c in the Linux kernel ...) @@ -512,8 +579,8 @@ RESERVED CVE-2008-4833 RESERVED -CVE-2008-4832 - RESERVED +CVE-2008-4832 (rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows ...) + TODO: check CVE-2008-4831 (Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ...) NOT-FOR-US: Adobe ColdFusion CVE-2008-4830 @@ -528,8 +595,8 @@ RESERVED CVE-2008-4825 RESERVED -CVE-2008-4824 - RESERVED +CVE-2008-4824 (Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before ...) + TODO: check CVE-2008-4823 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player ...) TODO: check CVE-2008-4822 (Adobe Flash Player 9.0.124.0 and earlier does not properly interpret ...) @@ -1448,8 +1515,8 @@ RESERVED CVE-2008-4416 RESERVED -CVE-2008-4415 - RESERVED +CVE-2008-4415 (Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 ...) + TODO: check CVE-2008-4414 (Unspecified vulnerability in the AdvFS showfile command in HP Tru64 ...) NOT-FOR-US: HP Tru64 UNIX CVE-2008-4413 (Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 ...) @@ -1939,8 +2006,8 @@ RESERVED CVE-2008-4217 RESERVED -CVE-2008-4216 - RESERVED +CVE-2008-4216 (The plug-in interface in WebKit in Apple Safari before 3.2 does not ...) + TODO: check CVE-2008-4215 (Weblog in Mac OS X Server 10.4.11 does not properly check an error ...) NOT-FOR-US: Weblog Mac OS X CVE-2008-4214 (Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and ...) @@ -3491,8 +3558,8 @@ NOT-FOR-US: MacOS-only problem CVE-2008-3645 (Heap-based buffer overflow in the local IPC component in the ...) NOT-FOR-US: Mac OS -CVE-2008-3644 - RESERVED +CVE-2008-3644 (Apple Safari before 3.2 does not properly prevent caching of form data ...) + TODO: check CVE-2008-3643 (Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows ...) NOT-FOR-US: Mac OS CVE-2008-3642 (Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows ...) @@ -3540,8 +3607,8 @@ NOT-FOR-US: Apple QuickTime CVE-2008-3624 (Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows ...) NOT-FOR-US: Apple QuickTime -CVE-2008-3623 - RESERVED +CVE-2008-3623 (Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 ...) + TODO: check CVE-2008-3622 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...) NOT-FOR-US: Mac OS X CVE-2008-3621 (VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 ...) @@ -3770,7 +3837,7 @@ {DSA-1655-1 DSA-1653-1} - linux-2.6 2.6.26-7 - linux-2.6.24 <unfixed> -CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 in Fedora 9 allows local ...) +CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux ...) NOT-FOR-US: rc.sysinit on Fedora CVE-2008-3523 RESERVED @@ -12732,12 +12799,12 @@ - icedove 2.0.0.17-1 CVE-2008-0015 RESERVED -CVE-2008-0014 - RESERVED -CVE-2008-0013 - RESERVED -CVE-2008-0012 - RESERVED +CVE-2008-0014 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) + TODO: check +CVE-2008-0013 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) + TODO: check +CVE-2008-0012 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) + TODO: check CVE-2008-0011 (Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 ...) NOT-FOR-US: Microsoft DirectX CVE-2007-6387 (Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ...) @@ -29449,12 +29516,12 @@ NOT-FOR-US: Openforum CVE-2007-0075 (AspBB stores sensitive information under the web root with ...) NOT-FOR-US: AspBB -CVE-2007-0074 - RESERVED -CVE-2007-0073 - RESERVED -CVE-2007-0072 - RESERVED +CVE-2007-0074 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) + TODO: check +CVE-2007-0073 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) + TODO: check +CVE-2007-0072 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) + TODO: check CVE-2007-0071 (Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and ...) - flashplugin-nonfree 1:1.4 NOTE: Fix came from Adobe via new Adobe Flash Player, debian package didn''t change @@ -33327,10 +33394,10 @@ NOT-FOR-US: McAfee CVE-2006-5270 (Integer overflow in the Microsoft Malware Protection Engine ...) NOT-FOR-US: Microsoft -CVE-2006-5269 - RESERVED -CVE-2006-5268 - RESERVED +CVE-2006-5269 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) + TODO: check +CVE-2006-5268 (Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 ...) + TODO: check CVE-2006-5267 RESERVED CVE-2006-5266 (Multiple buffer overflows in Microsoft Dynamics GP (formerly Great ...)