diff options
author | Joey Hess <joeyh@debian.org> | 2008-02-14 09:14:18 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2008-02-14 09:14:18 +0000 |
commit | 4532b3524712cf2d52c01c419af3ecf09b0b40ac (patch) | |
tree | cce80aaefdeabcf732b0b924191fbbec07a9aa8e /data/CVE | |
parent | 02c731804313588950c02fdef5eee730bc75ba0e (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@8156 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2001.list | 4 | ||||
-rw-r--r-- | data/CVE/2003.list | 10 | ||||
-rw-r--r-- | data/CVE/2006.list | 2 | ||||
-rw-r--r-- | data/CVE/2007.list | 28 | ||||
-rw-r--r-- | data/CVE/2008.list | 104 |
5 files changed, 126 insertions, 22 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list index b5bf036383..15c49cfcf5 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -2883,9 +2883,9 @@ CVE-2001-0313 (Borderware Firewall Server 6.1.2 allows remote attackers to cause NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0312 (IBM WebSphere plugin for Netscape Enterprise server allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78 allows remote attackers to ...) +CVE-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2001-0307 (Bajie HTTP JServer 0.78 allows remote attackers to execute arbitrary ...) +CVE-2001-0307 (Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0306 (Directory traversal vulnerability in ITAfrica WEBactive HTTP Server ...) NOT-FOR-US: Data pre-dating the Security Tracker diff --git a/data/CVE/2003.list b/data/CVE/2003.list index 4f7a79b7cc..c6914b42c3 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -1,3 +1,13 @@ +CVE-2003-1544 (Unrestricted critical resource lock in Terminal Services for Windows ...) + TODO: check +CVE-2003-1543 (Cross-site scripting (XSS) vulnerability in Bajie Http Web Server ...) + TODO: check +CVE-2003-1542 (Directory traversal vulnerability in plugins/file.php in ...) + TODO: check +CVE-2003-1541 (PlanetMoon Guestbook tr3.a stores sensitive information under the web ...) + TODO: check +CVE-2003-1540 (WF-Chat 1.0 Beta stores sensitive information under the web root with ...) + TODO: check CVE-2003-1539 (Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File ...) NOT-FOR-US: ONEdotOH Simple File CVE-2003-1538 (susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and ...) diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 7a4a2aba93..2bd64d9b26 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -1,3 +1,5 @@ +CVE-2006-7231 (SQL injection vulnerability in display.asp in Civica Software Civica ...) + TODO: check CVE-2006-7230 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not ...) - pcre3 7.0-1 [sarge] - pcre3 4.5+7.4-1 diff --git a/data/CVE/2007.list b/data/CVE/2007.list index f2d407a9ab..a760216123 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -1,8 +1,10 @@ +CVE-2007-6701 (Multiple stack-based buffer overflows in the Spooler service ...) + TODO: check CVE-2007-6700 (Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web ...) NOT-FOR-US: web interface for the BGPD daemon CVE-2007-6699 (Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control ...) NOT-FOR-US: AIM PicEditor -CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36, allows remote ...) +CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote ...) - openldap2.3 2.3.38-1 - openldap2.2 <removed> - openldap2 <not-affected> (slapd not built) @@ -623,8 +625,8 @@ CVE-2007-6433 (The getRenderedEjbql method in the org.jboss.seam.framework.Query - jbosseam <itp> (bug #451956) CVE-2007-6432 RESERVED -CVE-2007-6431 - RESERVED +CVE-2007-6431 (Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, ...) + TODO: check CVE-2007-6430 (Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and ...) - asterisk 1:1.4.16.2~dfsg-1 (low; bug #457063) [etch] - asterisk <no-dsa> (Minor issue, eventually fix in a later DSA) @@ -1272,10 +1274,10 @@ CVE-2007-6152 CVE-2007-6151 (The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows ...) {DSA-1479-1} - linux-2.6 2.6.23-2 -CVE-2007-6149 - RESERVED -CVE-2007-6148 - RESERVED +CVE-2007-6149 (Multiple integer overflows in the Edge server in Adobe Flash Media ...) + TODO: check +CVE-2007-6148 (Use-after-free vulnerability in the Edge server in Adobe Flash Media ...) + TODO: check CVE-2007-6147 (Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE ...) NOT-FOR-US: IAPR COMMENCE CVE-2007-6146 (Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on ...) @@ -2129,7 +2131,7 @@ CVE-2007-5797 (SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw NOT-FOR-US: Apache Geronimo CVE-2007-5796 (Cross-site scripting (XSS) vulnerability in the management console in ...) NOT-FOR-US: Blue Coat ProxySG -CVE-2007-5794 (Race condition in nss_ldap, when used in applications that use pthread ...) +CVE-2007-5794 (Race condition in nss_ldap, when used in applications that are linked ...) {DSA-1430-1} - libnss-ldap 256-1 (bug #453868) CVE-2007-5839 (The e_hostname function in commands.c in BitchX 1.1a allows local ...) @@ -2203,7 +2205,7 @@ CVE-2007-5765 CVE-2007-5764 (Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, ...) NOT-FOR-US: IBM AIX CVE-2007-5763 - RESERVED + REJECTED CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, ...) NOT-FOR-US: Novell NetWare Client CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 ...) @@ -2215,8 +2217,8 @@ CVE-2007-5759 REJECTED CVE-2007-5758 RESERVED -CVE-2007-5757 - RESERVED +CVE-2007-5757 (Untrusted search path vulnerability in db2pd in IBM DB2 Universal ...) + TODO: check CVE-2007-5756 (Multiple array index errors in the bpf_filter_init function in NPF.SYS ...) NOT-FOR-US: WinPcap CVE-2007-5755 (Multiple stack-based buffer overflows in the AOL AmpX ActiveX control ...) @@ -7098,8 +7100,8 @@ CVE-2007-3678 (Stack-based buffer overflow in the MSWord text-import extension ( NOT-FOR-US: QuarkXPress CVE-2007-3677 (Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow ...) NOT-FOR-US: Maxsi eVisit Analyst -CVE-2007-3676 - RESERVED +CVE-2007-3676 (IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before ...) + TODO: check CVE-2007-3675 (Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ...) NOT-FOR-US: Kaspersky Online Scanner CVE-2007-3674 diff --git a/data/CVE/2008.list b/data/CVE/2008.list index 5d955f283e..47a2b19d83 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -1,3 +1,93 @@ +CVE-2008-0777 + RESERVED +CVE-2008-0776 (SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows ...) + TODO: check +CVE-2008-0775 (Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple ...) + TODO: check +CVE-2008-0774 (Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel ...) + TODO: check +CVE-2008-0773 (SQL injection vulnerability in Phil Taylor Comments (com_comments, aka ...) + TODO: check +CVE-2008-0772 (SQL injection vulnerability in index.php in the com_doc component for ...) + TODO: check +CVE-2008-0771 (Multiple SQL injection vulnerabilities in default.asp in Site2Nite ...) + TODO: check +CVE-2008-0770 (SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and ...) + TODO: check +CVE-2008-0769 (Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through ...) + TODO: check +CVE-2008-0768 (Multiple stack-based and heap-based buffer overflows in the Windows ...) + TODO: check +CVE-2008-0767 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and ...) + TODO: check +CVE-2008-0766 (Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print ...) + TODO: check +CVE-2008-0765 (Multiple cross-site scripting (XSS) vulnerabilities in artmedic ...) + TODO: check +CVE-2008-0764 (Format string vulnerability in the logging function in Larson Network ...) + TODO: check +CVE-2008-0763 (Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print ...) + TODO: check +CVE-2008-0762 (SQL injection vulnerability in index.php in the com_iomezun component ...) + TODO: check +CVE-2008-0761 (SQL injection vulnerability in index.php in the Prince Clan Chess Club ...) + TODO: check +CVE-2008-0760 (Directory traversal vulnerability in SafeNet Sentinel Protection ...) + TODO: check +CVE-2008-0759 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and ...) + TODO: check +CVE-2008-0758 (Multiple directory traversal vulnerabilities in the Zidget/HTTP ...) + TODO: check +CVE-2008-0757 (Cross-site scripting (XSS) vulnerability in index.php in MercuryBoard ...) + TODO: check +CVE-2008-0756 (The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; ...) + TODO: check +CVE-2008-0755 (Format string vulnerability in the ReportSysLogEvent function in the ...) + TODO: check +CVE-2008-0754 (Multiple SQL injection vulnerabilities in index.php in the Rapid ...) + TODO: check +CVE-2008-0753 (SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 ...) + TODO: check +CVE-2008-0752 (SQL injection vulnerability in index.php in the Neogallery ...) + TODO: check +CVE-2008-0751 (Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 ...) + TODO: check +CVE-2008-0750 (SQL injection vulnerability in philboard_forum.asp in Husrev ...) + TODO: check +CVE-2008-0749 (Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS ...) + TODO: check +CVE-2008-0748 (Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX ...) + TODO: check +CVE-2008-0747 (Stack-based buffer overflow in COWON America jetAudio 7.0.5 and ...) + TODO: check +CVE-2008-0746 (SQL injection vulnerability in index.php in the Gallery (com_gallery) ...) + TODO: check +CVE-2008-0745 (Directory traversal vulnerability in aides/index.php in DomPHP 0.82 ...) + TODO: check +CVE-2008-0744 (SQL injection vulnerability in user_login.asp in PreProjects.com Pre ...) + TODO: check +CVE-2008-0743 (PHP remote file inclusion vulnerability in members_help.php in Joovili ...) + TODO: check +CVE-2008-0742 (Multiple directory traversal vulnerabilities in PowerScripts PowerNews ...) + TODO: check +CVE-2008-0741 (Unspecified vulnerability in the PropFilePasswordEncoder utility in ...) + TODO: check +CVE-2008-0740 (IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 ...) + TODO: check +CVE-2008-0739 (SQL injection vulnerability in admin/SA_shipFedExMeter.asp in ...) + TODO: check +CVE-2008-0738 (Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, ...) + TODO: check +CVE-2008-0737 (SQL injection vulnerability in admin/utilities_ConfigHelp.asp in ...) + TODO: check +CVE-2008-0736 (admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly ...) + TODO: check +CVE-2008-0735 (SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in ...) + TODO: check +CVE-2008-0734 (SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, ...) + TODO: check +CVE-2008-0733 (SQL injection vulnerability in index.php in CS Team Counter Strike ...) + TODO: check CVE-2008-0732 (The init script for Apache Geronimo on SUSE Linux follows symlinks ...) NOT-FOR-US: Apache Geronimo CVE-2008-0731 (The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not ...) @@ -140,8 +230,8 @@ CVE-2008-0660 (Multiple stack-based buffer overflows in Aurigma Image Uploader . NOT-FOR-US: Aurigma Image Uploader CVE-2008-0659 (Stack-based buffer overflow in Aurigma Image Uploader ActiveX control ...) NOT-FOR-US: Aurigma Image Uploader -CVE-2008-0658 - RESERVED +CVE-2008-0658 (slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP ...) + TODO: check CVE-2008-0657 (Multiple unspecified vulnerabilities in the Java Runtime Environment ...) - sun-java6 6-02-1 - sun-java5 1.5.0-14-1 @@ -180,8 +270,8 @@ CVE-2008-0641 RESERVED CVE-2008-0640 (Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 ...) NOT-FOR-US: Symantec Ghost Solution Suite -CVE-2008-0639 - RESERVED +CVE-2008-0639 (Stack-based buffer overflow in the EnumPrinters function in the ...) + TODO: check CVE-2008-0638 RESERVED CVE-2008-0637 @@ -745,7 +835,7 @@ CVE-2008-0403 (The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 do NOT-FOR-US: Belkin Wireless firmware CVE-2008-0402 (Unspecified vulnerability in IBM WebSphere Business Modeler Basic and ...) NOT-FOR-US: IBM WebSphere Business Modeler -CVE-2008-0401 (Unspecified vulnerability in the HTTP server in IBM Tivoli ...) +CVE-2008-0401 (Buffer overflow in the logging functionality of the HTTP server in IBM ...) NOT-FOR-US: IBM Tivoli Provisioning Manager for OS Deployment before CVE-2008-0400 (Cross-site scripting (XSS) vulnerability in header.tpl.php in the ...) NOT-FOR-US: Singapore @@ -1395,7 +1485,7 @@ CVE-2008-0111 RESERVED CVE-2008-0110 RESERVED -CVE-2008-0109 (Unspecified vulnerability in Word in Microsoft Office 2000 SP3, XP ...) +CVE-2008-0109 (Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office ...) NOT-FOR-US: Microsoft Office CVE-2008-0108 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, ...) NOT-FOR-US: Microsoft Office @@ -1463,7 +1553,7 @@ CVE-2008-0079 RESERVED CVE-2008-0078 (Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2008-0077 (Unspecified vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, ...) +CVE-2008-0077 (Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-0076 (Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 ...) NOT-FOR-US: Microsoft Internet Explorer |