[Secure-testing-commits] r12627 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Aug 17 21:14:16 UTC 2009 

Author: joeyh
Date: 2009-08-17 21:14:15 +0000 (Mon, 17 Aug 2009)
New Revision: 12627

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-17 18:46:29 UTC (rev 12626)
+++ data/CVE/list	2009-08-17 21:14:15 UTC (rev 12627)
@@ -1,3 +1,37 @@
+CVE-2009-2778 (Cross-site scripting (XSS) vulnerability in visitor/view.php in ...)
+	TODO: check
+CVE-2009-2777 (SQL injection vulnerability in visitor/view.php in GarageSales Script ...)
+	TODO: check
+CVE-2009-2776 (SQL injection vulnerability in showresult.asp in Smart ASP Survey ...)
+	TODO: check
+CVE-2009-2775 (SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP ...)
+	TODO: check
+CVE-2009-2774 (SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail ...)
+	TODO: check
+CVE-2009-2773 (PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail ...)
+	TODO: check
+CVE-2009-2772 (Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate ...)
+	TODO: check
+CVE-2009-2771 (Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 ...)
+	TODO: check
+CVE-2009-2770 (PowerUpload 2.4 allows remote attackers to bypass authentication and ...)
+	TODO: check
+CVE-2009-2769 (PHP remote file inclusion vulnerability in include/timesheet.php in ...)
+	TODO: check
+CVE-2009-2768 (The load_flat_shared_library function in fs/binfmt_flat.c in the flat ...)
+	TODO: check
+CVE-2009-2767 (The init_posix_timers function in kernel/posix-timers.c in the Linux ...)
+	TODO: check
+CVE-2009-2766 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not ...)
+	TODO: check
+CVE-2009-2765 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other ...)
+	TODO: check
+CVE-2009-2764 (Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 ...)
+	TODO: check
+CVE-2008-6975 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
+CVE-2008-6974 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
 CVE-2009-XXXX [Sql injection in OCS Inventory NG Server]
 	- ocsinventory-server <unfixed> (low; bug #541995)
 	NOTE: http://seclists.org/fulldisclosure/2009/Aug/0143.html
@@ -367,13 +401,11 @@
 	RESERVED
 CVE-2009-2693
 	RESERVED
-CVE-2009-2692 [linux-2.6: NULL pointer dereference due to incorrect proto_ops initializations]
-	RESERVED
+CVE-2009-2692 (The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, ...)
 	{DSA-1864-1 DSA-1865-1 DSA-1862-1}
 	- linux-2.6 2.6.30-6 (high; bug #541403)
 	- linux-2.6.24 <removed>
-CVE-2009-2691 [linux-2.6: /proc/$pid/maps exposed during initial setuid ELF loading]
-	RESERVED
+CVE-2009-2691 (The mm_for_maps function in fs/proc/base.c in the Linux kernel ...)
 	- linux-2.6 <unfixed> (low)
 	- linux-2.6.24 <removed>
 CVE-2009-2690 (The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants ...)
@@ -409,8 +441,8 @@
 	RESERVED
 CVE-2009-2678
 	RESERVED
-CVE-2009-2677
-	RESERVED
+CVE-2009-2677 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...)
+	TODO: check
 CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE ...)
 	- sun-java5 1.5.0-20-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
@@ -1222,8 +1254,7 @@
 	- webkit 1.1.10-1
 CVE-2009-2418
 	RESERVED
-CVE-2009-2417 [cURL OpenSSL NULL Character Spoofing Vulnerability]
-	RESERVED
+CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is ...)
 	- curl <unfixed> (medium; bug #541991)
 CVE-2009-2416 (Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, ...)
 	{DSA-1861-1 DSA-1859-1}
@@ -5500,8 +5531,8 @@
 	NOT-FOR-US: Andy's PHP Knowledgebase
 CVE-2008-6512 (Cross-domain vulnerability in the WorkerPool API in Google Gears ...)
 	NOT-FOR-US: Google Gears
-CVE-2009-1048
-	RESERVED
+CVE-2009-1048 (The web interface on the snom VoIP phones snom 300, snom 320, snom ...)
+	TODO: check
 CVE-2009-1047 (Cross-site scripting (XSS) vulnerability in the Send by e-mail module ...)
 	NOT-FOR-US: Send by e-mail module for Drupal
 CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before ...)

More information about the Secure-testing-commits mailing list