[Secure-testing-commits] r12581 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Aug 12 21:14:15 UTC 2009
Author: joeyh
Date: 2009-08-12 21:14:15 +0000 (Wed, 12 Aug 2009)
New Revision: 12581
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-12 19:59:56 UTC (rev 12580)
+++ data/CVE/list 2009-08-12 21:14:15 UTC (rev 12581)
@@ -1,4 +1,117 @@
+CVE-2009-2760
+ RESERVED
+CVE-2009-2759
+ RESERVED
+CVE-2009-2758
+ RESERVED
+CVE-2009-2757
+ RESERVED
+CVE-2009-2756
+ RESERVED
+CVE-2009-2755
+ RESERVED
+CVE-2009-2754
+ RESERVED
+CVE-2009-2753
+ RESERVED
+CVE-2009-2752
+ RESERVED
+CVE-2009-2751
+ RESERVED
+CVE-2009-2750
+ RESERVED
+CVE-2009-2749
+ RESERVED
+CVE-2009-2748
+ RESERVED
+CVE-2009-2747
+ RESERVED
+CVE-2009-2746
+ RESERVED
+CVE-2009-2745
+ RESERVED
+CVE-2009-2744
+ RESERVED
+CVE-2009-2743
+ RESERVED
+CVE-2009-2742
+ RESERVED
+CVE-2009-2741
+ RESERVED
+CVE-2009-2740
+ RESERVED
+CVE-2009-2739 (Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 ...)
+ TODO: check
+CVE-2009-2738 (Cross-site request forgery (CSRF) vulnerability in the WebGUI in ...)
+ TODO: check
+CVE-2008-6960 (download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 ...)
+ TODO: check
+CVE-2008-6959 (Insecure method vulnerability in the Chilkat Socket ActiveX control ...)
+ TODO: check
+CVE-2008-6958 (wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote ...)
+ TODO: check
+CVE-2008-6957 (member.php in Crossday Discuz! Board allows remote attackers to reset ...)
+ TODO: check
+CVE-2008-6956 (Static code injection vulnerability in admin/admin.php in mxCamArchive ...)
+ TODO: check
+CVE-2008-6955 (mxCamArchive 2.2 stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2008-6954 (The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote ...)
+ TODO: check
+CVE-2008-6953 (Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other ...)
+ TODO: check
+CVE-2008-6952 (SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier ...)
+ TODO: check
+CVE-2008-6951 (MauryCMS 0.53.2 and earlier does not require administrative ...)
+ TODO: check
+CVE-2008-6950 (Multiple SQL injection vulnerabilities in login.asp in Bankoi ...)
+ TODO: check
+CVE-2008-6949 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2008-6948 (Unrestricted file upload vulnerability in Collabtive 0.4.8 allows ...)
+ TODO: check
+CVE-2008-6947 (Collabtive 0.4.8 allows remote attackers to bypass authentication and ...)
+ TODO: check
+CVE-2008-6946 (Cross-site scripting (XSS) vulnerability in manageproject.php in ...)
+ TODO: check
+CVE-2008-6945 (Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 ...)
+ TODO: check
+CVE-2008-6944 (Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds ...)
+ TODO: check
+CVE-2008-6943 (Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing ...)
+ TODO: check
+CVE-2008-6942 (Unrestricted file upload vulnerability in ScriptsFeed Realtor ...)
+ TODO: check
+CVE-2008-6941 (SQL injection vulnerability in the login functionality in TurnkeyForms ...)
+ TODO: check
+CVE-2008-6940 (TurnkeyForms Web Hosting Directory stores sensitive information under ...)
+ TODO: check
+CVE-2008-6939 (TurnkeyForms Web Hosting Directory allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-6938 (Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop ...)
+ TODO: check
+CVE-2008-6937 (Argument injection vulnerability in Exodus 0.10 allows remote ...)
+ TODO: check
+CVE-2008-6936 (Argument injection vulnerability in Exodus 0.10 allows remote ...)
+ TODO: check
+CVE-2008-6935 (Argument injection vulnerability in Exodus 0.10 allows remote ...)
+ TODO: check
+CVE-2008-6934 (Static code injection vulnerability in Sanus|artificium (aka Sanusart) ...)
+ TODO: check
+CVE-2008-6933 (Directory traversal vulnerability in index.php in MiniGal b13 (aka ...)
+ TODO: check
+CVE-2008-6932 (Unrestricted file upload vulnerability in submit_file.php in ...)
+ TODO: check
+CVE-2008-6931 (Unrestricted file upload vulnerability in PHPStore Job Search (aka ...)
+ TODO: check
+CVE-2008-6930 (Unrestricted file upload vulnerability in PHPStore Real Estate allows ...)
+ TODO: check
+CVE-2008-6929 (Unrestricted file upload vulnerability in PHPStore Auto Classifieds ...)
+ TODO: check
+CVE-2008-6928 (Unrestricted file upload vulnerability in PHPStore Complete ...)
+ TODO: check
CVE-2009-2737 (The EditCSVAction function in cgi/actions.py in Roundup 1.2 before ...)
+ {DSA-1754-1}
- roundup 1.4.4-4+lenny1 (bug #518768)
CVE-2009-2736 (Static code injection vulnerability in admin.php in sun-jester ...)
NOT-FOR-US: OpenNews
@@ -12,16 +125,16 @@
RESERVED
CVE-2009-2731
RESERVED
-CVE-2009-2730
- RESERVED
+CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' ...)
+ TODO: check
CVE-2009-2729
RESERVED
CVE-2009-2728
RESERVED
CVE-2009-2727 (Stack-based buffer overflow in the _tt_internal_realpath function in ...)
NOT-FOR-US: IBM AIX
-CVE-2009-2726
- RESERVED
+CVE-2009-2726 (The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, ...)
+ TODO: check
CVE-2009-2725
RESERVED
CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0 before ...)
@@ -799,12 +912,12 @@
RESERVED
CVE-2009-2497
RESERVED
-CVE-2009-2496
- RESERVED
+CVE-2009-2496 (Heap-based buffer overflow in the Office Web Components ActiveX ...)
+ TODO: check
CVE-2009-2495 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...)
NOT-FOR-US: Microsoft Visual Studio .NET
-CVE-2009-2494
- RESERVED
+CVE-2009-2494 (The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP ...)
+ TODO: check
CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...)
NOT-FOR-US: Microsoft Visual Studio .NET
CVE-2009-2492 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart ...)
@@ -866,7 +979,7 @@
- xulrunner 1.9.0.12-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-37.html
-CVE-2009-2468 (Integer overflow in CoreGraphics in Apple Mac OS X, as used in Mozilla ...)
+CVE-2009-2468 (Integer overflow in Apple CoreGraphics, as used in Safari before ...)
NOT-FOR-US: CoreGraphics in Apple Mac OS X
NOTE: related issue to CVE-2009-1194
CVE-2009-2467 (Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote ...)
@@ -1062,8 +1175,7 @@
RESERVED
CVE-2009-2417
RESERVED
-CVE-2009-2416 [libxml2 pointer-user-after-free]
- RESERVED
+CVE-2009-2416 (Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, ...)
{DSA-1859-1}
- libxml2 <unfixed> (low; bug #540865)
- libxml <removed>
@@ -1074,8 +1186,7 @@
NOTE: the impact varies, on etch this runs as root and is not bound
NOTE: to the loopback interface by default, memcached is even distributed
NOTE: but fortunately not in a stable release.
-CVE-2009-2414 [libxml2 stack recursion]
- RESERVED
+CVE-2009-2414 (Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, ...)
{DSA-1859-1}
- libxml2 <unfixed> (medium; bug #540865)
- libxml <removed>
@@ -1660,18 +1771,18 @@
RESERVED
CVE-2009-2201
RESERVED
-CVE-2009-2200
- RESERVED
-CVE-2009-2199
- RESERVED
+CVE-2009-2200 (WebKit in Apple Safari before 4.0.3 does not properly restrict the URL ...)
+ TODO: check
+CVE-2009-2199 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...)
+ TODO: check
CVE-2009-2198 (Apple GarageBand before 5.1 reconfigures Safari to accept all cookies ...)
NOT-FOR-US: Apple GarageBand
CVE-2009-2197
RESERVED
-CVE-2009-2196
- RESERVED
-CVE-2009-2195
- RESERVED
+CVE-2009-2196 (Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote ...)
+ TODO: check
+CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote ...)
+ TODO: check
CVE-2009-2194 (Apple Mac OS X 10.5 before 10.5.8 does not properly share file ...)
NOT-FOR-US: Apple Mac OS X
CVE-2009-2193 (Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 ...)
@@ -1684,7 +1795,7 @@
NOT-FOR-US: launchd in Apple Mac OS X
CVE-2009-2189
RESERVED
-CVE-2009-2188 (Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8 allows ...)
+CVE-2009-2188 (Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and ...)
NOT-FOR-US: ImageIO in Apple Mac OS X
CVE-2009-2187 (Multiple memory leaks in the (1) IP and (2) IPv6 multicast ...)
NOT-FOR-US: Sun Solaris
@@ -2305,10 +2416,10 @@
- gst-plugins-good0.10 0.10.15-2 (medium; bug #531631; bug #532352)
CVE-2009-1931
RESERVED
-CVE-2009-1930
- RESERVED
-CVE-2009-1929
- RESERVED
+CVE-2009-1930 (The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...)
+ TODO: check
+CVE-2009-1929 (Heap-based buffer overflow in the Microsoft Terminal Services Client ...)
+ TODO: check
CVE-2009-1928
RESERVED
CVE-2009-1927
@@ -2317,12 +2428,12 @@
RESERVED
CVE-2009-1925
RESERVED
-CVE-2009-1924
- RESERVED
-CVE-2009-1923
- RESERVED
-CVE-2009-1922
- RESERVED
+CVE-2009-1924 (Integer overflow in the Windows Internet Name Service (WINS) component ...)
+ TODO: check
+CVE-2009-1923 (Heap-based buffer overflow in the Windows Internet Name Service (WINS) ...)
+ TODO: check
+CVE-2009-1922 (The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, ...)
+ TODO: check
CVE-2009-1921
RESERVED
CVE-2009-1920
@@ -2369,6 +2480,7 @@
CVE-2009-1905 (The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 ...)
NOT-FOR-US: IBM DB2
CVE-2009-1904 (The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 ...)
+ {DSA-1860-1}
- ruby1.8 1.8.7.173-1 (low; bug #532689)
- ruby1.9 <unfixed>
NOTE: http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
@@ -2440,8 +2552,8 @@
- samba 2:3.3.6-1
[etch] - samba <not-affected> (Vulnerable code not present)
NOTE: Only the 3.2.x branch was affected, so marking 3.3 as affected
-CVE-2009-1885
- RESERVED
+CVE-2009-1885 (Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in ...)
+ TODO: check
CVE-2009-1884
RESERVED
CVE-2009-1883
@@ -3371,12 +3483,12 @@
NOTE: FEDORA-2009-3639 (http://lwn.net/Articles/331605)
CVE-2009-1547
RESERVED
-CVE-2009-1546
- RESERVED
-CVE-2009-1545
- RESERVED
-CVE-2009-1544
- RESERVED
+CVE-2009-1546 (Integer overflow in the Windows Media file handling functionality in ...)
+ TODO: check
+CVE-2009-1545 (Unspecified vulnerability in the Windows Media file handling ...)
+ TODO: check
+CVE-2009-1544 (Double free vulnerability in the Workstation service in Microsoft ...)
+ TODO: check
CVE-2009-1543
RESERVED
CVE-2009-1542 (The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, ...)
@@ -3391,12 +3503,12 @@
NOT-FOR-US: Microsoft DirectX
CVE-2009-1537 (Unspecified vulnerability in the QuickTime Movie Parser Filter in ...)
NOT-FOR-US: Microsoft DirectX
-CVE-2009-1536
- RESERVED
+CVE-2009-1536 (ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and ...)
+ TODO: check
CVE-2009-1535 (The WebDAV extension in Microsoft Internet Information Services (IIS) ...)
NOT-FOR-US: IIS
-CVE-2009-1534
- RESERVED
+CVE-2009-1534 (Buffer overflow in the Office Web Components ActiveX Control in ...)
+ TODO: check
CVE-2009-1533 (Buffer overflow in the Works for Windows document converters in ...)
NOT-FOR-US: Microsoft
CVE-2009-1532 (Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server ...)
@@ -3730,8 +3842,8 @@
NOT-FOR-US: Symantec
CVE-2009-1428 (Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in ...)
NOT-FOR-US: Symantec
-CVE-2009-1427
- RESERVED
+CVE-2009-1427 (Unspecified vulnerability in HP-UX B.11.31 allows local users to cause ...)
+ TODO: check
CVE-2009-1426 (Unspecified vulnerability on HP ProLiant DL and ML 100 Series G5, G5p, ...)
NOT-FOR-US: HP ProLiant
CVE-2009-1425 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...)
@@ -4982,8 +5094,8 @@
NOT-FOR-US: Microsoft Internet Security and Acceleration (ISA) Server
CVE-2009-1134 (Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office ...)
NOT-FOR-US: Microsoft
-CVE-2009-1133
- RESERVED
+CVE-2009-1133 (Heap-based buffer overflow in Microsoft Remote Desktop Connection ...)
+ TODO: check
CVE-2009-1132
RESERVED
CVE-2009-1131 (Multiple stack-based buffer overflows in Microsoft Office PowerPoint ...)
@@ -7062,6 +7174,7 @@
CVE-2009-0643 (Static code injection vulnerability in post.php in Simple PHP News 1.0 ...)
NOT-FOR-US: Simple PHP News
CVE-2009-0642 (ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check ...)
+ {DSA-1860-1}
- ruby1.9 1.9.0.2-9.1 (bug #513528)
- ruby1.8 1.8.7.72-3.1 (medium; bug #517639; bug #522939)
CVE-2009-0641 (sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions ...)
@@ -7305,8 +7418,8 @@
RESERVED
CVE-2009-0563 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 ...)
NOT-FOR-US: Microsoft
-CVE-2009-0562
- RESERVED
+CVE-2009-0562 (The Office Web Components ActiveX Control in Microsoft Office XP SP3, ...)
+ TODO: check
CVE-2009-0561 (Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, ...)
NOT-FOR-US: Microsoft
CVE-2009-0560 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, ...)
@@ -9326,7 +9439,7 @@
NOT-FOR-US: Dictionary (rtgdictionary) extension for TYPO3
CVE-2008-5800 (SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) ...)
NOT-FOR-US: fsmi_people extension for TYPO3
-CVE-2008-5799 (Cross-site scripting (XSS) vulnerability in the Wir ber uns [sic] ...)
+CVE-2008-5799 (Cross-site scripting (XSS) vulnerability in the Wir ber uns ...)
NOT-FOR-US: fsmi_people extension for TYPO3
CVE-2008-5798 (SQL injection vulnerability in the CMS Poll system (cms_poll) ...)
NOT-FOR-US: CMS Poll system for TYPO3
@@ -11182,7 +11295,7 @@
NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5117 (Open redirect vulnerability in Sun Java System Identity Manager 6.0 ...)
NOT-FOR-US: Sun Java System Identity Manager
-CVE-2008-5116 (Unspecified vulnerability in Sun Java System Identity Manager 6.0 ...)
+CVE-2008-5116 (Directory traversal vulnerability in idm/includes/helpServer.jsp in ...)
NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5115 (Cross-site request forgery (CSRF) vulnerability in Sun Java System ...)
NOT-FOR-US: Sun Java System Identity Manager
@@ -24126,7 +24239,7 @@
RESERVED
CVE-2008-0021
RESERVED
-CVE-2008-0020 (Unspecified vulnerability in the Microsoft Video ActiveX control in ...)
+CVE-2008-0020 (Unspecified vulnerability in the Load method in the IPersistStreamInit ...)
NOT-FOR-US: Microsoft
CVE-2008-0019
RESERVED
@@ -24144,7 +24257,7 @@
- iceweasel 3.0
- iceape 1.1.12-1
- icedove 2.0.0.17-1
-CVE-2008-0015 (Stack-based buffer overflow in the MPEG2TuneRequest ActiveX control in ...)
+CVE-2008-0015 (Stack-based buffer overflow in the CComVariant::ReadFromStream ...)
NOT-FOR-US: Microsoft
CVE-2008-0014 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
NOT-FOR-US: Trend Micro
More information about the Secure-testing-commits
mailing list