Next Page >>
tracking system
Abstract:
=========
The Vulnerability-Lab Team discovered multiple Web Vulnerabilities on
the gps tracking system of (EES) European Security Services.
Report-Timeline:
================
2011-03-02: Vendor Notification
Kawanishi and Martin Havlat.
. 2009-11-10:
Martin Havlat replies acknowledging reception of the advisory draft,
and tells Core that internal issue #2947 has been created in their bug
tracking system to fix these bugs. He mentions these issues shall be
fixed on release 1.8.5 of TestLink.
. 2009-11-12:
Core replies asking for more information regarding the release date of
TestLink 1.8.5. An account is created by Core in TestLink's internal
Exposure Level Classification:
Indirect Deterministic Denial of Service
Updated Versions:
gnutls=conary.rpath.com@rpl:2/2.2.5-1-0.1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2552
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949
for Quicktime.
01/06/2009 : Ask for an update and if the DoS condition has been fixed
02/06/2009 : Apple states that
"According to our bug tracking system the null-dereference crasher
issue is not yet addressed in QuickTime. We are investigating
now to see if for some reason the latest version has picked up
changes that address this issue and will send you feedback
today about it."
Exposure Level Classification:
Local User Deterministic Unauthorized Access
Updated Versions:
perl=conary.rpath.com@rpl:2/5.8.8-16.1-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-3236
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1447
Remote Deterministic Privilege Escalation
Updated Versions:
postgresql=conary.rpath.com@rpl:1/8.1.11-0.1-1
postgresql-server=conary.rpath.com@rpl:1/8.1.11-0.1-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-1768
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772
net-snmp=conary.rpath.com@rpl:2/5.4.1-5.1-1
net-snmp-client=conary.rpath.com@rpl:2/5.4.1-5.1-1
net-snmp-server=conary.rpath.com@rpl:2/5.4.1-5.1-1
net-snmp-utils=conary.rpath.com@rpl:1/5.2.1.2-4.8-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2876
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309
Remote User Deterministic Denial of Service
Updated Versions:
openssl=conary.rpath.com@rpl:2/0.9.8g-7.3-1
openssl-scripts=conary.rpath.com@rpl:2/0.9.8g-7.3-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-3157
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355
sendmail=conary.rpath.com@rpl:1/8.13.7-0.5-1
sendmail=conary.rpath.com@rpl:2/8.14.2-1.1-1
sendmail-cf=conary.rpath.com@rpl:1/8.13.7-0.5-1
sendmail-cf=conary.rpath.com@rpl:2/8.14.2-1.1-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-3167
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4565
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
gd=conary.rpath.com@rpl:1/2.0.33-4.6-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2218
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484
Exposure Level Classification:
Indirect Root Unauthorized Access
Updated Versions:
e2fsprogs=conary.rpath.com@rpl:1/1.37-3.3-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2011
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5497
idle=conary.rpath.com@rpl:1/2.4.1-20.18-1
idle=conary.rpath.com@rpl:2/2.4.4-41.3-1
python=conary.rpath.com@rpl:1/2.4.1-20.18-1
python=conary.rpath.com@rpl:2/2.4.4-41.3-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-3111
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887
Remote User Deterministic Unauthorized Access
Updated Versions:
ruby=conary.rpath.com@rpl:1/1.8.6_p230-3-0.1
ruby=conary.rpath.com@rpl:2/1.8.6_p230-3-0.1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2639
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376
Exposure Level Classification:
Local Root Non-deterministic Information Exposure
Updated Versions:
kernel=/conary.rpath.com@rpl:devel//1/2.6.22.9-0.1-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-1761
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4571
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
Updated Versions:
kernel=conary.rpath.com@rpl:1-vmware/2.6.22.15-0.1-1
kernel=conary.rpath.com@rpl:1/2.6.22.15-0.1-1
kernel=rap.rpath.com@rpath:linux-1/2.6.22.15-1-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2038
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966
Updated Versions:
php=conary.rpath.com@rpl:1/4.3.11-15.15-1
php-mysql=conary.rpath.com@rpl:1/4.3.11-15.15-1
php-pgsql=conary.rpath.com@rpl:1/4.3.11-15.15-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-1693
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872
Local Root Deterministic Denial of Service
Updated Versions:
initscripts=conary.rpath.com@rpl:1/8.12-8.22-1
initscripts=conary.rpath.com@rpl:2/8.56.15-0.2-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2857
https://issues.rpath.com/browse/RPL-2877
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3524
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
thunderbird=conary.rpath.com@rpl:1/2.0.0.12-0.1-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-1995
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5960
Exposure Level Classification:
Indirect Deterministic Vulnerability
Updated Versions:
poppler=conary.rpath.com@rpl:2/0.6.2-2.1-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-3013
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
Updated Versions:
php=conary.rpath.com@rpl:1/4.3.11-15.17-1
php-mysql=conary.rpath.com@rpl:1/4.3.11-15.17-1
php-pgsql=conary.rpath.com@rpl:1/4.3.11-15.17-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2559
https://issues.rpath.com/browse/RPL-2568
https://issues.rpath.com/browse/RPL-2570
References:
Indirect User Deterministic Unauthorized Access
Updated Versions:
bzip2=conary.rpath.com@rpl:2/1.0.6-0.1-1
bzip2-extras=conary.rpath.com@rpl:2/1.0.6-0.1-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-3241
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
Remote Root Deterministic Unauthorized Access
Updated Versions:
cups=conary.rpath.com@rpl:1/1.1.23-14.9-1
cups=conary.rpath.com@rpl:2/1.3.9-1-0.1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2905
https://issues.rpath.com/browse/RPL-2923
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1722
Local User Deterministic Privilege Escalation
Updated Versions:
kernel=conary.rpath.com@rpl:1-vmware/2.6.22.17-0.1-1
kernel=conary.rpath.com@rpl:1/2.6.22.17-0.1-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2052
https://issues.rpath.com/browse/RPL-2182
https://issues.rpath.com/browse/RPL-2183
https://issues.rpath.com/browse/RPL-2230
kernel=conary.rpath.com@rpl:1/2.6.24.7-0.5-1
kernel=conary.rpath.com@rpl:2/2.6.24.7-5-0.1
kernel=rap.rpath.com@rpath:linux-1/2.6.24.7-5-1
kernel=rap.rpath.com@rpath:linux-2/2.6.24.7-5-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2588
https://issues.rpath.com/browse/RPL-2629
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2372
Exposure Level Classification:
Indirect User Deterministic Information Exposure
Updated Versions:
elinks=/conary.rpath.com@rpl:devel//1/0.10.5-3.4-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-1745
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5034
JFreeChart Project
http://sourceforge.net/projects/jfreechart/
The JFreeChart project was notified of this vulnerability on
November 28th, 2007 via their online bug tracking system. The
vulnerability was fixed on December 6th 2007 with a commit
to their SVN repository.
4. Solution
Remote User Deterministic Information Exposure
Updated Versions:
mod_dav_svn=conary.rpath.com@rpl:1/1.2.3-8.1-1
subversion=conary.rpath.com@rpl:1/1.2.3-8.1-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-1896
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2448
Indirect Non-deterministic Denial of Service
Updated Versions:
git=conary.rpath.com@rpl:2/1.5.6.4-1-0.1
gitweb=conary.rpath.com@rpl:2/1.5.6.4-1-0.1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2707
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3546
php5-pear=conary.rpath.com@rpl:1/5.2.5-1-1
php5-pgsql=conary.rpath.com@rpl:1/5.2.5-1-1
php5-soap=conary.rpath.com@rpl:1/5.2.5-1-1
php5-xsl=conary.rpath.com@rpl:1/5.2.5-1-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-1943
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4783
xorg-x11=conary.rpath.com@rpl:1/6.8.2-30.14-1
xorg-x11-fonts=conary.rpath.com@rpl:1/6.8.2-30.14-1
xorg-x11-tools=conary.rpath.com@rpl:1/6.8.2-30.14-1
xorg-x11-xfs=conary.rpath.com@rpl:1/6.8.2-30.14-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2619
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361
Next Page>>
|
