Author: joeyh
Date: 2008-12-29 21:14:11 + (Mon, 29 Dec 2008)
New Revision: 10824
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2008-12-29 09:14:13 UTC (rev 10823)
+++ data/CVE/list 2008-12-29 21:14:11 UTC (rev 10824)
@@ -1,3 +1,59 @@
+CVE-2008-5744 (Array index error in the dahdi/tor2.c driver in Zaptel (aka
DAHDI) ...)
+ TODO: check
+CVE-2008-5743 (pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files
with a ...)
+ TODO: check
+CVE-2008-5742 (Multiple open redirect vulnerabilities in AIST NetCat 3.12 and
earlier ...)
+ TODO: check
+CVE-2008-5741
+ RESERVED
+CVE-2008-5740
+ RESERVED
+CVE-2008-5739 (SQL injection vulnerability in evb/check_url.php in Pligg CMS
9.9.5 ...)
+ TODO: check
+CVE-2008-5738 (Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to
bypass ...)
+ TODO: check
+CVE-2008-5737 (SQL injection vulnerability in index.php in Nodstrum MySQL
Calendar ...)
+ TODO: check
+CVE-2008-5736 (Multiple unspecified vulnerabilities in FreeBSD 6 before
6.4-STABLE, ...)
+ TODO: check
+CVE-2008-5735 (Stack-based buffer overflow in skin.c in CoolPlayer 2.17
through 2.19 ...)
+ TODO: check
+CVE-2008-5734 (Cross-site scripting (XSS) vulnerability in WebMail Pro in
IceWarp ...)
+ TODO: check
+CVE-2008-5733 (SQL injection vulnerability in blog.php in the Team Impact TI
Blog ...)
+ TODO: check
+CVE-2008-5732 (Unrestricted file upload vulnerability in lib/image_upload.php
in ...)
+ TODO: check
+CVE-2008-5731 (The PGPwded device driver (aka PGPwded.sys) in PGP Corporation
PGP ...)
+ TODO: check
+CVE-2008-5730 (Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and
...)
+ TODO: check
+CVE-2008-5729 (Multiple cross-site scripting (XSS) vulnerabilities in AIST
NetCat ...)
+ TODO: check
+CVE-2008-5728 (Multiple directory traversal vulnerabilities in AIST NetCat
3.12 and ...)
+ TODO: check
+CVE-2008-5727 (SQL injection vulnerability in
modules/auth/password_recovery.php in ...)
+ TODO: check
+CVE-2008-5726 (SQL injection vulnerability in thread.php in stormBoards 1.0.1
allows ...)
+ TODO: check
+CVE-2008-5725 (The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier
in ...)
+ TODO: check
+CVE-2008-5724 (The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and
earlier in ...)
+ TODO: check
+CVE-2008-5723 (Directory traversal vulnerability in CGI RESCUE KanniBBS2000
(aka ...)
+ TODO: check
+CVE-2008-5722 (Buffer overflow in SAWStudio 3.9i allows user-assisted remote
...)
+ TODO: check
+CVE-2008-5721 (SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote
attackers ...)
+ TODO: check
+CVE-2008-5720 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23
allows ...)
+ TODO: check
+CVE-2008-5719 (Cross-site scripting (XSS) vulnerability in Hitachi Groupmax
Web ...)
+ TODO: check
+CVE-2008-5718 (The papd daemon in Netatalk before 2.0.4-beta2 allows remote
attackers ...)
+ TODO: check
+CVE-2008-5717 (Cross-site scripting (XSS) vulnerability in Hitachi
JP1/Integrated ...)
+ TODO: check
CVE-2008-5716 (xend in Xen 3.3.0 does not properly restrict a guest VM's write
access ...)
- xen-3 not-affected (Vulnerable code never entered Debian)
- xen-unstable not-affected (Vulnerable code never entered Debian)
@@ -55,7 +111,7 @@
NOT-FOR-US: Ipswitch WS_FTP Server Manager
CVE-2008-5691 (Heap-based buffer overflow in the Phoenician Casino FlashAX
ActiveX ...)
NOT-FOR-US: Phoenician Casino FlashAX ActiveX
-CVE-2008-5690 (The Kerberos credential renewal feature in Solaris 8, 9, and
10, and ...)
+CVE-2008-5690 (The Kerberos credential renewal feature in Sun Solaris 8, 9,
and 10, ...)
NOT-FOR-US: Solaris
CVE-2008-5689 (tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through
snv_76 ...)
NOT-FOR-US: Solaris
@@ -556,8 +612,7 @@
- xulrunner 1.9.0.5-1
CVE-2008-5499 (Unspecified vulnerability in Adobe Flash Player for Linux
10.0.12.36, ...)
NOT-FOR-US: Adobe Flash Player for Linux
-CVE-2008-5498 [segfault and potential security issue in php5's bundled libgd's
imagerotate]
- RESERVED
+CVE-2008-5498 (Array index error in the imageRotate function in PHP 5.2.8 and
earlier ...)
- php5 not-affected (php5 links to the shared lib)
- libgd2 not-affected (code is specific to php's libgd)
NOTE:
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360r2=1.2027.2.547.2.1361
@@ -908,7 +963,7 @@
TODO: check
CVE-2008-5344 (Unspecified vulnerability in Java Web Start (JWS) and Java
Plug-in ...)
TODO: check
-CVE-2008-5343 (Unspecified vulnerability in Java Web Start (JWS) and Java
Plug-in ...)
+CVE-2008-5343 (Java Web Start (JWS) and Java Plug-in with Sun JDK and