thr3ads.net - Secure testing commits - [Secure-testing-commits] r10666

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Dec-09 21:14 UTC
[Secure-testing-commits] r10666 - data/CVE

Author: joeyh
Date: 2008-12-09 21:14:13 +0000 (Tue, 09 Dec 2008)
New Revision: 10666

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-12-09 20:51:56 UTC (rev 10665)
+++ data/CVE/list	2008-12-09 21:14:13 UTC (rev 10666)
@@ -1,3 +1,101 @@
+CVE-2008-5409 (Unspecified vulnerability in the pdf.xmd module in (1)
BitDefender ...)
+	TODO: check
+CVE-2008-5408 (Buffer overflow in the data management protocol in Symantec
Backup ...)
+	TODO: check
+CVE-2008-5407 (Multiple unspecified vulnerabilities in the Backup Exec
remote-agent ...)
+	TODO: check
+CVE-2008-5406 (Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and
iTunes ...)
+	TODO: check
+CVE-2008-5405 (Stack-based buffer overflow in the RDP protocol password decoder
in ...)
+	TODO: check
+CVE-2008-5404 (Insecure method vulnerability in the FlexCell.Grid ActiveX
control in ...)
+	TODO: check
+CVE-2008-5403 (Heap-based buffer overflow in the XML parser in the AIM plugin
in ...)
+	TODO: check
+CVE-2008-5402 (Double free vulnerability in the XML parser in Trillian before
...)
+	TODO: check
+CVE-2008-5401 (Stack-based buffer overflow in the image tooltip implementation
in ...)
+	TODO: check
+CVE-2008-5400 (Multiple cross-site request forgery (CSRF) vulnerabilities in
mvnForum ...)
+	TODO: check
+CVE-2008-5399 (Cross-site scripting (XSS) vulnerability in the listonlineusers
(aka ...)
+	TODO: check
+CVE-2008-5398 (Tor before 0.2.0.32 does not properly process the ...)
+	TODO: check
+CVE-2008-5397 (Tor before 0.2.0.32 does not properly process the (1) User and
(2) ...)
+	TODO: check
+CVE-2008-5396 (Array index error in the (1) torisa.c and (2) dahdi/tor2.c
drivers in ...)
+	TODO: check
+CVE-2008-5395 (The parisc_show_stack function in arch/parisc/kernel/traps.c in
the ...)
+	TODO: check
+CVE-2008-5394 (/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably
other ...)
+	TODO: check
+CVE-2008-5393 (UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes
...)
+	TODO: check
+CVE-2008-5392
+	RESERVED
+CVE-2008-5391
+	RESERVED
+CVE-2008-5390
+	RESERVED
+CVE-2008-5389
+	RESERVED
+CVE-2008-5388
+	RESERVED
+CVE-2008-5387 (Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2,
when ...)
+	TODO: check
+CVE-2008-5386 (Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the
netcd ...)
+	TODO: check
+CVE-2008-5385 (enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a
print ...)
+	TODO: check
+CVE-2008-5384 (crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows
local ...)
+	TODO: check
+CVE-2008-5383 (Stack-based buffer overflow in National Instruments Electronics
...)
+	TODO: check
+CVE-2008-5382 (Cross-site request forgery (CSRF) vulnerability in I-O DATA
DEVICE ...)
+	TODO: check
+CVE-2008-5381 (Buffer overflow in the URL processing in ffdshow (aka
ffdshow-tryout) ...)
+	TODO: check
+CVE-2008-5380 (gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to
overwrite ...)
+	TODO: check
+CVE-2008-5379 (netdisco-mibs-installer 1.0 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-5378 (arb-kill in arb 0.0.20071207.1 allows local users to overwrite
...)
+	TODO: check
+CVE-2008-5377 (pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary
files ...)
+	TODO: check
+CVE-2008-5376 (editcomment in crip 3.7 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-5375 (cmus-status-display in cmus 2.2.0 allows local users to
overwrite ...)
+	TODO: check
+CVE-2008-5374 (bash-doc 3.2 allows local users to overwrite arbitrary files via
a ...)
+	TODO: check
+CVE-2008-5373 (mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local
users ...)
+	TODO: check
+CVE-2008-5372 (sdm-login in sdm-terminal 0.4.0b allows local users to overwrite
...)
+	TODO: check
+CVE-2008-5371 (screenie in screenie 1.30.0 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-5370 (pvpgn-support-installer in pvpgn 1.8.1 allows local users to
overwrite ...)
+	TODO: check
+CVE-2008-5369 (noip2 in noip2 2.1.7 allows local users to overwrite arbitrary
files ...)
+	TODO: check
+CVE-2008-5368 (muttprint in muttprint 0.72d allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-5367 (ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local
users to ...)
+	TODO: check
+CVE-2008-5366 (The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows
local ...)
+	TODO: check
+CVE-2008-5365 (SQL injection vulnerability in VoteHistory.asp in
ActiveWebSoftwares ...)
+	TODO: check
+CVE-2008-5364 (Stack-based buffer overflow in the getPlus ActiveX control in
gp.ocx ...)
+	TODO: check
+CVE-2008-5363 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x
before ...)
+	TODO: check
+CVE-2008-5362 (The DefineConstantPool action in the ActionScript 2 virtual
machine in ...)
+	TODO: check
+CVE-2008-5361 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x
before ...)
+	TODO: check
 CVE-2008-XXXX [phpMyAdmin PMASA-2008-10 SQL injection]
 	- phpmyadmin 4:2.11.8.1-5
 CVE-2008-XXXX [RSyslog "AllowedSender" Security Bypass Vulnerability]
@@ -13,7 +111,7 @@
 	TODO: check php4
 CVE-2008-XXXX [Format string vulnerability in vinagre]
 	- vinagre 0.5.1-2
-CVE-2008-5360 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK
and JRE ...)
+CVE-2008-5360 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10
and ...)
 	TODO: check
 CVE-2008-5359 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK
and JRE ...)
 	TODO: check
@@ -176,8 +274,7 @@
 	NOT-FOR-US: Zilab Chat and Instant Messaging
 CVE-2008-5279 (The Local ZIM Server (zcs.exe) in Zilab Chat and Instant
Messaging ...)
 	NOT-FOR-US: Zilab Chat and Instant Messaging
-CVE-2008-5277 [PowerDNS minor DoS through CH/HINFO queries]
-	RESERVED
+CVE-2008-5277 (PowerDNS before 2.9.21.2 allows remote attackers to cause a
denial of ...)
 	- pdns 2.9.21.2-1 (low)
 	[etch] - pdns <not-affected> (old version of HINFO parser)
 CVE-2008-5275 (Multiple directory traversal vulnerabilities in the (a)
&quot;Unzip ...)
@@ -648,8 +745,7 @@
 CVE-2008-5080 (awstats.pl in AWStats 6.8 and earlier does not properly remove
quote ...)
 	{DSA-1679-1}
 	- awstats <unfixed> (bug #495432; low)
-CVE-2008-5079 [kernel ATM DoS]
-	RESERVED
+CVE-2008-5079 (net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8
and ...)
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <unfixed>
 	NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2
@@ -970,8 +1066,8 @@
 CVE-2008-5028 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in
(1) ...)
 	- nagios3 3.0.6-1 (low; bug #504894)
 	[etch] - nagios2 <no-dsa> (CSRF can only cause DoS and needs
admin''s browser)
-CVE-2008-4917
-	RESERVED
+CVE-2008-4917 (Unspecified vulnerability in VMware Workstation 5.5.8 and
earlier, and ...)
+	TODO: check
 CVE-2008-4916
 	RESERVED
 CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and
earlier and ...)
@@ -2233,10 +2329,10 @@
 	NOT-FOR-US: VeriSign Kontiki
 CVE-2008-4392
 	RESERVED
-CVE-2008-4391
-	RESERVED
-CVE-2008-4390
-	RESERVED
+CVE-2008-4391 (Stack-based buffer overflow in the SetSource method in the ...)
+	TODO: check
+CVE-2008-4390 (The Cisco Linksys WVC54GC wireless video camera before firmware
1.25 ...)
+	TODO: check
 CVE-2008-4389
 	RESERVED
 CVE-2008-4388
@@ -2437,8 +2533,8 @@
 	RESERVED
 CVE-2008-4311
 	RESERVED
-CVE-2008-4310
-	RESERVED
+CVE-2008-4310 (httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5 allows remote
...)
+	TODO: check
 CVE-2008-4309 (Integer overflow in the netsnmp_create_subtree_cache function in
...)
 	{DSA-1663-1}
 	- net-snmp 5.4.1~dfsg-11 (bug #504150)
@@ -2446,7 +2542,7 @@
 	RESERVED
 CVE-2008-4307
 	RESERVED
-CVE-2008-4306 (Unspecified vulnerability in enscript before 1.6.4 has unknown
impact ...)
+CVE-2008-4306 (Buffer overflow in enscript before 1.6.4 has unknown impact and
attack ...)
 	{DSA-1670-1}
 	- enscript 1.6.4-13 (bug #506261)
 CVE-2008-4305
@@ -59610,7 +59706,7 @@
 CVE-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9
does ...)
 	{DSA-718-1}
 	- ethereal 0.10.10-1
-CVE-2005-0738 (Stack overflow in Microsoft Exchange Server 2003 SP1 allows
users to ...)
+CVE-2005-0738 (Stack consumption vulnerability in Microsoft Exchange Server
2003 SP1 ...)
 	NOT-FOR-US: Microsoft
 CVE-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to
execute ...)
 	NOT-FOR-US: Yahoo Messenger
Secure testing commits - Dec 2008 - r10666 - data/CVE

[Secure-testing-commits] r10666 - data/CVE
