joeyh at alioth.debian.org
2008-Nov-26 21:14 UTC
[Secure-testing-commits] r10488 - data/CVE
Author: joeyh
Date: 2008-11-26 21:14:21 +0000 (Wed, 26 Nov 2008)
New Revision: 10488
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-11-26 20:22:58 UTC (rev 10487)
+++ data/CVE/list 2008-11-26 21:14:21 UTC (rev 10488)
@@ -1,3 +1,65 @@
+CVE-2008-5248 (xine-lib before 1.1.15 allows remote attackers to cause a denial
of ...)
+ TODO: check
+CVE-2008-5247 (The real_parse_audio_specific_data function in demux_real.c in
...)
+ TODO: check
+CVE-2008-5246 (Multiple heap-based buffer overflows in xine-lib before 1.1.15
allow ...)
+ TODO: check
+CVE-2008-5245 (xine-lib before 1.1.15 performs V4L video frame preallocation
before ...)
+ TODO: check
+CVE-2008-5244 (Unspecified vulnerability in xine-lib before 1.1.15 has unknown
impact ...)
+ TODO: check
+CVE-2008-5243 (The real_parse_headers function in demux_real.c in xine-lib
1.1.12, ...)
+ TODO: check
+CVE-2008-5242 (demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier
versions, ...)
+ TODO: check
+CVE-2008-5241 (Integer underflow in demux_qt.c in xine-lib 1.1.12, and other
1.1.15 ...)
+ TODO: check
+CVE-2008-5240 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies
on an ...)
+ TODO: check
+CVE-2008-5239 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not
...)
+ TODO: check
+CVE-2008-5238 (Integer overflow in the real_parse_mdpr function in demux_real.c
in ...)
+ TODO: check
+CVE-2008-5237 (Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15
and ...)
+ TODO: check
+CVE-2008-5236 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and
other ...)
+ TODO: check
+CVE-2008-5235 (Heap-based buffer overflow in the demux_real_send_chunk function
in ...)
+ TODO: check
+CVE-2008-5234 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and
other ...)
+ TODO: check
+CVE-2008-5233 (xine-lib 1.1.12, and other versions before 1.1.15, does not
check for ...)
+ TODO: check
+CVE-2008-5232 (Buffer overflow in the CallHTMLHelp method in the Microsoft
Windows ...)
+ TODO: check
+CVE-2008-5231 (Stack-based buffer overflow in the ExecuteRequest method in the
Novell ...)
+ TODO: check
+CVE-2008-5230 (The Temporal Key Integrity Protocol (TKIP) implementation in
...)
+ TODO: check
+CVE-2008-5229 (Stack-based buffer overflow in Microsoft Device IO Control in
...)
+ TODO: check
+CVE-2008-5228 (Cross-site scripting (XSS) vulnerability in IBM Workplace
Content ...)
+ TODO: check
+CVE-2008-5227 (Unspecified vulnerability in PHPCow allows remote attackers to
execute ...)
+ TODO: check
+CVE-2008-5226 (SQL injection vulnerability in the MambAds (com_mambads)
component 1.0 ...)
+ TODO: check
+CVE-2008-5225 (Multiple cross-site scripting (XSS) vulnerabilities in Xerox
DocuShare ...)
+ TODO: check
+CVE-2008-5224 (Cross-site scripting (XSS) vulnerability in Kent Web Mart 1.61
and ...)
+ TODO: check
+CVE-2008-5223 (SQL injection vulnerability in index.php in Airvae Commerce 3.0
allows ...)
+ TODO: check
+CVE-2008-5222 (SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows
remote ...)
+ TODO: check
+CVE-2008-5221 (The account_save action in admin/userinfo.php in wPortfolio 0.3
and ...)
+ TODO: check
+CVE-2008-5220 (Unrestricted file upload vulnerability in admin/upload_form.php
in ...)
+ TODO: check
+CVE-2008-5219 (The password change feature (admin/cp.php) in VideoScript
4.0.1.50 and ...)
+ TODO: check
+CVE-2008-5218 (ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root
with ...)
+ TODO: check
CVE-2008-5217 (Directory traversal vulnerability in index.php in txtCMS 0.3,
when ...)
NOT-FOR-US: textCMS
CVE-2008-5216 (SQL injection vulnerability in category_list.php in AJ Square
ZeusCart ...)
@@ -249,8 +311,8 @@
NOT-FOR-US: Microsoft
CVE-2008-5111 (Unspecified vulnerability in the socket function in Sun Solaris
10 and ...)
NOT-FOR-US: Solaris
-CVE-2008-5109
- RESERVED
+CVE-2008-5109 (The default configuration of Adobe Flash Media Server (FMS) 3.0
does ...)
+ TODO: check
CVE-2008-5108 (Unspecified vulnerability in Adobe AIR 1.1 and earlier allows
...)
NOT-FOR-US: Adobe AIR
CVE-2008-5107 (The installation process for Citrix Presentation Server 4.5 and
...)
@@ -843,8 +905,7 @@
NOT-FOR-US: Adobe ColdFusion
CVE-2008-4830
RESERVED
-CVE-2008-4829 [Streamripper Multiple Buffer Overflow Vulnerabilities]
- RESERVED
+CVE-2008-4829 (Multiple buffer overflows in lib/http.c in Streamripper 1.63.5
allow ...)
- streamripper 1.63.5-2 (bug #506377)
CVE-2008-4828
RESERVED
@@ -2228,26 +2289,24 @@
RESERVED
CVE-2008-4234
RESERVED
-CVE-2008-4233
- RESERVED
-CVE-2008-4232
- RESERVED
-CVE-2008-4231
- RESERVED
-CVE-2008-4230
- RESERVED
-CVE-2008-4229
- RESERVED
-CVE-2008-4228
- RESERVED
-CVE-2008-4227
- RESERVED
-CVE-2008-4226 [libxml integer overflow xmlSAX2Characters()]
- RESERVED
+CVE-2008-4233 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod
touch ...)
+ TODO: check
+CVE-2008-4232 (Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod
touch ...)
+ TODO: check
+CVE-2008-4231 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod
touch ...)
+ TODO: check
+CVE-2008-4230 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and
...)
+ TODO: check
+CVE-2008-4229 (Race condition in the Passcode Lock feature in Apple iPhone OS
2.0 ...)
+ TODO: check
+CVE-2008-4228 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and
...)
+ TODO: check
+CVE-2008-4227 (Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1
...)
+ TODO: check
+CVE-2008-4226 (Integer overflow in the xmlSAX2Characters function in libxml2
2.7.2 ...)
{DSA-1666-1}
- libxml2 2.6.32.dfsg-5
-CVE-2008-4225 [libxml input sanitising xmlBufferResize()]
- RESERVED
+CVE-2008-4225 (Integer overflow in the xmlBufferResize function in libxml2
2.7.2 ...)
{DSA-1666-1}
- libxml2 2.6.32.dfsg-5
CVE-2008-4224
@@ -2276,7 +2335,7 @@
RESERVED
CVE-2008-4212 (Unspecified vulnerability in rlogind in the rlogin component in
Mac OS ...)
NOT-FOR-US: MacOS-only issue
-CVE-2008-4211 (Integer signedness error in QuickLook in Mac OS X 10.5.5 allows
remote ...)
+CVE-2008-4211 (nteger signedness error in (1) QuickLook in Apple Mac OS X
10.5.5 and ...)
NOT-FOR-US: QuickLook Mac OS X
CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly
strip ...)
{DSA-1653-1}
@@ -4741,7 +4800,7 @@
- wordpress <not-affected> (Code was only present in svn versions)
CVE-2008-3232 (Unrestricted file upload vulnerability in ecrire/images.php in
...)
NOT-FOR-US: dotclear
-CVE-2008-3231 (xine before 1.1.5 allows user-assisted attackers to cause a
denial of ...)
+CVE-2008-3231 (xine-lib before 1.1.15 allows remote attackers to cause a denial
of ...)
- xine-lib 1.1.14-2 (bug #492870; low)
CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause
a ...)
- ffmpeg-debian <unfixed> (unimportant; bug #498764)
@@ -6607,15 +6666,15 @@
RESERVED
CVE-2008-2433 (The web management console in Trend Micro OfficeScan 7.0 through
8.0, ...)
NOT-FOR-US: Trend Micro OfficeScan
-CVE-2008-2432
- RESERVED
-CVE-2008-2431
- RESERVED
+CVE-2008-2432 (Insecure method vulnerability in the GetFileList method in an
...)
+ TODO: check
+CVE-2008-2431 (Multiple buffer overflows in Novell iPrint Client before 5.06
allow ...)
+ TODO: check
CVE-2008-2430 (Integer overflow in the Open function in modules/demux/wav.c in
VLC ...)
{DTSA-148-1}
- vlc 0.8.6.h-1 (medium; bug #489004)
-CVE-2008-2429
- RESERVED
+CVE-2008-2429 (Multiple SQL injection vulnerabilities in Calendarix Basic ...)
+ TODO: check
CVE-2008-2428 (Multiple SQL injection vulnerabilities in TorrentTrader 1.08
Classic ...)
NOT-FOR-US: TorrentTrader
CVE-2008-2427 (Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and
XnView ...)
@@ -8566,8 +8625,8 @@
NOT-FOR-US: iPhone
CVE-2008-1587
RESERVED
-CVE-2008-1586
- RESERVED
+CVE-2008-1586 (ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for
iPod ...)
+ TODO: check
CVE-2008-1585 (Apple QuickTime before 7.5 allows remote attackers to execute
...)
NOT-FOR-US: Apple QuickTime
CVE-2008-1584 (Stack-based buffer overflow in Apple QuickTime before 7.5 allows
...)