[Secure-testing-commits] r11645 - data/CVE

Joey Hess joeyh at alioth.debian.org
Fri Apr 17 21:14:13 UTC 2009 

Author: joeyh
Date: 2009-04-17 21:14:13 +0000 (Fri, 17 Apr 2009)
New Revision: 11645

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-17 18:22:45 UTC (rev 11644)
+++ data/CVE/list	2009-04-17 21:14:13 UTC (rev 11645)
@@ -1,3 +1,71 @@
+CVE-2009-1330 (Stack-based buffer overflow in Easy RM to MP3 Converter allows remote ...)
+	TODO: check
+CVE-2009-1329 (Stack-based buffer overflow in Mini-stream Shadow Stream Recorder ...)
+	TODO: check
+CVE-2009-1328 (Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 ...)
+	TODO: check
+CVE-2009-1327 (Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 ...)
+	TODO: check
+CVE-2009-1326 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 ...)
+	TODO: check
+CVE-2009-1325 (Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows ...)
+	TODO: check
+CVE-2009-1324 (Stack-based buffer overflow in Mini-stream ASX to MP3 Converter ...)
+	TODO: check
+CVE-2009-1323 (SQL injection vulnerability in body.asp in Web File Explorer 3.1 ...)
+	TODO: check
+CVE-2009-1322 (ASP Product Catalog 1.0 stores sensitive information under the web ...)
+	TODO: check
+CVE-2009-1321 (Cross-site scripting (XSS) vulnerability in search.asp in ASP Product ...)
+	TODO: check
+CVE-2009-1320 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2009-1319 (Directory traversal vulnerability in includes/ini.inc.php in GuestCal ...)
+	TODO: check
+CVE-2009-1318 (Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 ...)
+	TODO: check
+CVE-2009-1317 (Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when ...)
+	TODO: check
+CVE-2009-1316 (Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote ...)
+	TODO: check
+CVE-2009-1315 (Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 ...)
+	TODO: check
+CVE-2009-1314 (body.asp in Web File Explorer 3.1 allows remote attackers to create ...)
+	TODO: check
+CVE-2009-1313
+	RESERVED
+CVE-2009-1312
+	RESERVED
+CVE-2009-1311
+	RESERVED
+CVE-2009-1310
+	RESERVED
+CVE-2009-1309
+	RESERVED
+CVE-2009-1308
+	RESERVED
+CVE-2009-1307
+	RESERVED
+CVE-2009-1306
+	RESERVED
+CVE-2009-1305
+	RESERVED
+CVE-2009-1304
+	RESERVED
+CVE-2009-1303
+	RESERVED
+CVE-2009-1302
+	RESERVED
+CVE-2009-1301 (Integer signedness error in the store_id3_text function in the ID3v2 ...)
+	TODO: check
+CVE-2009-1300 (apt 0.7.20 does not check when the date command returns an "invalid ...)
+	TODO: check
+CVE-2008-6726 (Multiple directory traversal vulnerabilities in CMScout 2.06, when ...)
+	TODO: check
+CVE-2008-6725 (Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote ...)
+	TODO: check
+CVE-2008-6724 (Cross-site scripting (XSS) vulnerability in index.pl in Perl Nopaste ...)
+	TODO: check
 CVE-2009-1299
 	RESERVED
 CVE-2009-1298
@@ -8,9 +76,9 @@
 	RESERVED
 CVE-2009-1295
 	RESERVED
-CVE-2009-1294
+CVE-2009-1294 (Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home ...)
 	NOT-FOR-US: Novell Teaming
-CVE-2009-1293
+CVE-2009-1293 (The web login functionality (c/portal/login) in Novell Teaming 1.0 ...)
 	NOT-FOR-US: Novell Teaming
 CVE-2009-1292 (UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x ...)
 	NOT-FOR-US: ClearCase
@@ -52,8 +120,7 @@
 	NOT-FOR-US: Pre ADS Portal
 CVE-2008-6715 (Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS Portal ...)
 	NOT-FOR-US: Pre ADS Portal
-CVE-2009-1285 [phpMyAdmin PMASA-2009-4 insufficient escaping in setup script]
-	RESERVED
+CVE-2009-1285 (Static code injection vulnerability in the getConfigFile function in ...)
 	- phpmyadmin 4:3.1.3.2-1 (unimportant)
 	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
 	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -1338,8 +1405,8 @@
 	RESERVED
 CVE-2009-0947
 	RESERVED
-CVE-2009-0946
-	RESERVED
+CVE-2009-0946 (Multiple integer overflows in FreeType 2.3.9 and earlier allow remote ...)
+	TODO: check
 CVE-2009-0945
 	RESERVED
 CVE-2009-0944
@@ -2934,7 +3001,7 @@
 	- lcms 1.18.dfsg-1 (bug #522446)
 CVE-2009-0580
 	RESERVED
-CVE-2009-0579
+CVE-2009-0579 (Linux-PAM before 1.0.4 does not enforce the minimum password age ...)
 	- pam <unfixed> (bug #514437)
 CVE-2009-0578 (GNOME NetworkManager before 0.7.0.99 does not properly verify ...)
 	- network-manager-applet 0.7.0.99-1 (medium)
@@ -4317,8 +4384,7 @@
 	RESERVED
 CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView ...)
 	NOT-FOR-US: IrfanView
-CVE-2009-0196
-	RESERVED
+CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict function ...)
 	- ghostscript <unfixed>
 CVE-2009-0195
 	RESERVED
@@ -6357,7 +6423,7 @@
 	RESERVED
 CVE-2008-5260 (Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control ...)
 	NOT-FOR-US: ActiveX
-CVE-2008-5259
+CVE-2008-5259 (Integer signedness error in DivX Web Player 1.4.2.7, and possibly ...)
 	NOT-FOR-US: DivX Web Player
 CVE-2008-5258
 	RESERVED
@@ -7386,7 +7452,7 @@
 	NOT-FOR-US: rPath
 CVE-2008-4831 (Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ...)
 	NOT-FOR-US: Adobe ColdFusion
-CVE-2008-4830
+CVE-2008-4830 (Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI ...)
 	NOT-FOR-US: KWEdit ActiveX control
 CVE-2008-4829 (Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow ...)
 	{DSA-1683-1}
@@ -16399,8 +16465,8 @@
 	- evolution 2.22.2-1.1 (low; bug #484639)
 	[etch] - evolution <no-dsa> (Minor issue)
 	NOTE: Requires that the ITip Formatter plugin is disabled, which is enabled by default.
-CVE-2008-1107
-	RESERVED
+CVE-2008-1107 (Multiple stack-based buffer overflows in the Danske Bank e-Sec Control ...)
+	TODO: check
 CVE-2008-1106 (The management interface in Akamai Client (formerly Red Swoosh) 3322 ...)
 	NOT-FOR-US: Akamai Client
 CVE-2008-1105 (Heap-based buffer overflow in the receive_smb_raw function in ...)
@@ -30728,7 +30794,7 @@
 	NOT-FOR-US: IBM Lenovo Access Support acpRunner ActiveX control
 CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS Camera ...)
 	NOT-FOR-US: AXIS Camera Control
-CVE-2007-2238
+CVE-2007-2238 (Multiple stack-based buffer overflows in the Whale Client Components ...)
 	NOT-FOR-US: Whale Client Components ActiveX control
 CVE-2007-2237 (Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows ...)
 	NOT-FOR-US: Microsoft

More information about the Secure-testing-commits mailing list