[Secure-testing-commits] r11529 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Apr 1 21:14:11 UTC 2009
Author: joeyh
Date: 2009-04-01 21:14:11 +0000 (Wed, 01 Apr 2009)
New Revision: 11529
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-01 20:55:56 UTC (rev 11528)
+++ data/CVE/list 2009-04-01 21:14:11 UTC (rev 11529)
@@ -1,3 +1,123 @@
+CVE-2009-1215 (Race condition in GNU screen 4.0.3 allows local users to create or ...)
+ TODO: check
+CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with ...)
+ TODO: check
+CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in ...)
+ TODO: check
+CVE-2009-1212 (Multiple insecure method vulnerabilities in PRECIS~2.DLL in the ...)
+ TODO: check
+CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is enabled, uses ...)
+ TODO: check
+CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector ...)
+ TODO: check
+CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows ...)
+ TODO: check
+CVE-2009-1208 (SQL injection vulnerability in auth2db 0.2.5, and possibly other ...)
+ TODO: check
+CVE-2009-1207 (Race condition in the dircmp script in Sun Solaris 8 through 10, and ...)
+ TODO: check
+CVE-2009-1206 (Unspecified vulnerability in futomi's CGI Cafe Access Analyzer CGI ...)
+ TODO: check
+CVE-2009-1205 (Stack-based buffer overflow in EAI WebViewer3D ActiveX control ...)
+ TODO: check
+CVE-2009-1204 (Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) ...)
+ TODO: check
+CVE-2009-1203
+ RESERVED
+CVE-2009-1202
+ RESERVED
+CVE-2009-1201
+ RESERVED
+CVE-2009-1200
+ RESERVED
+CVE-2009-1199
+ RESERVED
+CVE-2009-1198
+ RESERVED
+CVE-2009-1197
+ RESERVED
+CVE-2009-1196
+ RESERVED
+CVE-2009-1195
+ RESERVED
+CVE-2009-1194
+ RESERVED
+CVE-2009-1193
+ RESERVED
+CVE-2009-1192
+ RESERVED
+CVE-2009-1191
+ RESERVED
+CVE-2009-1190
+ RESERVED
+CVE-2009-1189
+ RESERVED
+CVE-2009-1188
+ RESERVED
+CVE-2009-1187
+ RESERVED
+CVE-2009-1186
+ RESERVED
+CVE-2009-1185
+ RESERVED
+CVE-2009-1184
+ RESERVED
+CVE-2009-1183
+ RESERVED
+CVE-2009-1182
+ RESERVED
+CVE-2009-1181
+ RESERVED
+CVE-2009-1180
+ RESERVED
+CVE-2009-1179
+ RESERVED
+CVE-2009-1178 (Unspecified vulnerability in the server in IBM Tivoli Storage Manager ...)
+ TODO: check
+CVE-2009-1177 (Multiple stack-based buffer overflows in maptemplate.c in mapserv in ...)
+ TODO: check
+CVE-2009-1176 (mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before ...)
+ TODO: check
+CVE-2008-6572 (SQL injection vulnerability in search_results.php in ABK-Soft ...)
+ TODO: check
+CVE-2008-6571 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...)
+ TODO: check
+CVE-2008-6570 (Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu ...)
+ TODO: check
+CVE-2008-6569 (Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 ...)
+ TODO: check
+CVE-2008-6568 (Unrestricted file upload vulnerability in Yehe 2.0 allows remote ...)
+ TODO: check
+CVE-2008-6567 (Multiple cross-site scripting (XSS) vulnerabilities in Gallarific Free ...)
+ TODO: check
+CVE-2008-6566 (Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown ...)
+ TODO: check
+CVE-2008-6565 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 ...)
+ TODO: check
+CVE-2008-6564 (Nortel UNIStim protocol, as used in Communication Server 1000 and ...)
+ TODO: check
+CVE-2008-6563 (Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly ...)
+ TODO: check
+CVE-2008-6562 (Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack ...)
+ TODO: check
+CVE-2008-6561 (Citrix Presentation Server Client for Windows before 10.200 does not ...)
+ TODO: check
+CVE-2007-6724 (Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, ...)
+ TODO: check
+CVE-2007-6723 (TorK before 0.22, when running on Windows and Mac OS X, installs ...)
+ TODO: check
+CVE-2007-6722 (Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, ...)
+ TODO: check
+CVE-2006-7237 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2005-4880 (Jax Guestbook 3.1 and 3.31 stores sensitive information under the web ...)
+ TODO: check
+CVE-2005-4879 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2004-2762 (The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x ...)
+ TODO: check
+CVE-2003-1570 (The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before ...)
+ TODO: check
CVE-2009-1175 (Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in ...)
- banshee <unfixed> (unimportant)
NOTE: banshee is intented as a desktop music player with no serious
@@ -331,8 +451,7 @@
NOT-FOR-US: NewsHOWLER
CVE-2008-6516 (Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 ...)
NOT-FOR-US: phpKF-Portal
-CVE-2009-1073
- RESERVED
+CVE-2009-1073 (nss-ldapd before 0.6.8 uses world-readable permissions for the ...)
{DSA-1758-1}
- nss-ldapd 0.6.8
CVE-2009-1072 (nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD ...)
@@ -359,7 +478,7 @@
NOT-FOR-US: Orbit Downloader
CVE-2009-1063 (Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers ...)
NOT-FOR-US: eXeScope
-CVE-2009-1062 (Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 ...)
+CVE-2009-1062 (Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 ...)
NOT-FOR-US: Acrobat Reader
CVE-2009-1061 (Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 ...)
NOT-FOR-US: Acrobat Reader
@@ -738,7 +857,7 @@
NOT-FOR-US: perl-MDK-Common
CVE-2009-0911
RESERVED
-CVE-2008-6480 (Cross-site request forgery (CSRF) vulnerability in Datalife Engine 6.7 ...)
+CVE-2008-6480 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: Datalife Engine
CVE-2008-6479 (Cross-site request forgery (CSRF) vulnerability in the "change ...)
NOT-FOR-US: swsoft
@@ -939,16 +1058,16 @@
TODO: check
CVE-2009-0844
RESERVED
-CVE-2009-0843
- RESERVED
-CVE-2009-0842
- RESERVED
-CVE-2009-0841
- RESERVED
-CVE-2009-0840
- RESERVED
-CVE-2009-0839
- RESERVED
+CVE-2009-0843 (The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and ...)
+ TODO: check
+CVE-2009-0842 (mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows ...)
+ TODO: check
+CVE-2009-0841 (Directory traversal vulnerability in mapserv.c in mapserv in MapServer ...)
+ TODO: check
+CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in cgiutil.c ...)
+ TODO: check
+CVE-2009-0839 (Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x ...)
+ TODO: check
CVE-2009-0838 (The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris ...)
NOT-FOR-US: Solaris
CVE-2009-0837 (Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, ...)
@@ -1157,8 +1276,7 @@
RESERVED
CVE-2009-0791
RESERVED
-CVE-2009-0790 [strongswan/openswan: denial of service via malicious packet can crash the Pluto daemon]
- RESERVED
+CVE-2009-0790 (The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before ...)
{DSA-1760-1 DSA-1759-1}
- openswan <unfixed> (medium; bug #521949)
- strongswan <unfixed> (medium; bug #521950)
@@ -1177,7 +1295,7 @@
CVE-2009-0784 (Race condition in the SystemTap stap tool 0.0.20080705 and ...)
{DSA-1755-1}
- systemtap 0.0.20090314-2
- [etch] - systemtap <not-affected> (vulnerable code not present)
+ [etch] - systemtap <not-affected> (vulnerable code not present)
CVE-2009-0783
RESERVED
CVE-2009-0782
@@ -1648,8 +1766,8 @@
RESERVED
CVE-2009-0687
RESERVED
-CVE-2009-0686
- RESERVED
+CVE-2009-0686 (The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in ...)
+ TODO: check
CVE-2009-0685
RESERVED
CVE-2009-0684
@@ -4435,7 +4553,7 @@
- wordpress 2.3.2 (low; bug #510786)
NOTE: only the admin has manage_options capabilities by default and only editors
NOTE: have upload_files capabilities
- NOTE: Only versions prior to 2.3.2 are affected according to the Debian maintainer
+ NOTE: Only versions prior to 2.3.2 are affected according to the Debian maintainer
CVE-2008-5694 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Sandbox
CVE-2008-5693 (Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other ...)
@@ -6913,7 +7031,7 @@
CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...)
{CVE-2008-4723}
- webkit <unfixed> (low; bug #520052)
- [lenny] - webkit <no-dsa> (Minor issue)
+ [lenny] - webkit <no-dsa> (Minor issue)
NOTE: webkit properly handles this issue with respect to extensions such as jpg and txt, but not in general; for example, the attack works for odp, xls, etc extensions (only tested with midori 0.1.4)
NOTE: not reproducible using iceweasel 3.0.1
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
@@ -12486,7 +12604,7 @@
CVE-2008-2421 (Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web ...)
NOT-FOR-US: Web GUI in SAP Web Application Server (WAS)
CVE-2008-2419 (Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of ...)
- NOTE: Mozilla bug 435130, not reproducible by upstream
+ NOTE: Mozilla bug 435130, not reproducible by upstream
CVE-2008-2418 (Race condition in the STREAMS Administrative Driver (sad) in Sun ...)
NOT-FOR-US: STREAMS Administrative Driver SUN
CVE-2008-2417 (SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard ...)
@@ -17394,8 +17512,8 @@
NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0367 (Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when ...)
- iceweasel 3.0 (low)
- [etch] - iceweasel <no-dsa> (Minor issue)
- NOTE: Mozilla #244273
+ [etch] - iceweasel <no-dsa> (Minor issue)
+ NOTE: Mozilla #244273
CVE-2008-0366 (CORE FORCE before 0.95.172 does not properly validate arguments to ...)
NOT-FOR-US: CORE FORCE
CVE-2008-0365 (Multiple buffer overflows in CORE FORCE before 0.95.172 allow local ...)
More information about the Secure-testing-commits
mailing list