[Secure-testing-commits] r12674 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Aug 24 21:14:25 UTC 2009
Author: joeyh
Date: 2009-08-24 21:14:25 +0000 (Mon, 24 Aug 2009)
New Revision: 12674
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-24 19:34:25 UTC (rev 12673)
+++ data/CVE/list 2009-08-24 21:14:25 UTC (rev 12674)
@@ -1,3 +1,129 @@
+CVE-2009-2950
+ RESERVED
+CVE-2009-2949
+ RESERVED
+CVE-2009-2948
+ RESERVED
+CVE-2009-2947
+ RESERVED
+CVE-2009-2946
+ RESERVED
+CVE-2009-2945
+ RESERVED
+CVE-2009-2944
+ RESERVED
+CVE-2009-2943
+ RESERVED
+CVE-2009-2942
+ RESERVED
+CVE-2009-2941
+ RESERVED
+CVE-2009-2940
+ RESERVED
+CVE-2009-2939
+ RESERVED
+CVE-2009-2938
+ RESERVED
+CVE-2009-2937
+ RESERVED
+CVE-2009-2936
+ RESERVED
+CVE-2009-2935
+ RESERVED
+CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in Programmed ...)
+ TODO: check
+CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before 2.0.3 ...)
+ TODO: check
+CVE-2009-2932 (Cross-site scripting (XSS) vulnerability in uddiclient/process in the ...)
+ TODO: check
+CVE-2009-2931 (Directory traversal vulnerability in p.php in SlideShowPro Director ...)
+ TODO: check
+CVE-2009-2930 (Cross-site scripting (XSS) vulnerability in the Search feature in elka ...)
+ TODO: check
+CVE-2009-2929 (Multiple SQL injection vulnerabilities in TGS Content Management 0.x ...)
+ TODO: check
+CVE-2009-2928 (Cross-site scripting (XSS) vulnerability in login.php in TGS Content ...)
+ TODO: check
+CVE-2009-2927 (SQL injection vulnerability in DetailFile.php in DigitalSpinners DS ...)
+ TODO: check
+CVE-2009-2926 (Multiple SQL injection vulnerabilities in PHP Competition System BETA ...)
+ TODO: check
+CVE-2008-7052 (Unrestricted file upload vulnerability in profile.php in Pre Projects ...)
+ TODO: check
+CVE-2008-7051 (AJ Square AJ Article allows remote attackers to bypass authentication ...)
+ TODO: check
+CVE-2008-7050 (The password_check function in auth/auth_phpbb3.php in WoW Raid ...)
+ TODO: check
+CVE-2008-7049 (Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 ...)
+ TODO: check
+CVE-2008-7048 (Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 ...)
+ TODO: check
+CVE-2008-7047 (NatterChat 1.1 allows remote attackers to bypass authentication and ...)
+ TODO: check
+CVE-2008-7046 (AJ Square Free Polling Script (AJPoll) allows remote attackers to ...)
+ TODO: check
+CVE-2008-7045 (AJ Square Free Polling Script (AJPoll) Database version allows remote ...)
+ TODO: check
+CVE-2008-7044 (SQL injection vulnerability in admin/include/newpoll.php in AJ Square ...)
+ TODO: check
+CVE-2008-7043 (Cross-site scripting (XSS) vulnerability in register.php in ...)
+ TODO: check
+CVE-2008-7042 (PHP remote file inclusion vulnerability in url.php in FreshScripts ...)
+ TODO: check
+CVE-2008-7041 (AJ Classifieds allows remote attackers to bypass authentication and ...)
+ TODO: check
+CVE-2008-7040 (SQL injection vulnerability in ahah/sf-profile.php in the Yellow ...)
+ TODO: check
+CVE-2008-7039 (Cross-site scripting (XSS) vulnerability in admin/comments.php in ...)
+ TODO: check
+CVE-2008-7038 (SQL injection vulnerability in the My_eGallery module for PHP-Nuke ...)
+ TODO: check
+CVE-2008-7037 (The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for ...)
+ TODO: check
+CVE-2008-7036 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2008-7035 (Cross-site scripting (XSS) vulnerability in an unspecified component ...)
+ TODO: check
+CVE-2008-7034 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-7033 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...)
+ TODO: check
+CVE-2008-7032 (Web Management Console Cross-site request forgery (CSRF) vulnerability ...)
+ TODO: check
+CVE-2008-7031 (Heap-based buffer overflow in Foxit Remote Access Server (aka WAC ...)
+ TODO: check
+CVE-2008-7030 (Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web ...)
+ TODO: check
+CVE-2008-7029 (Unrestricted file upload vulnerability in usercp.php in AlilG ...)
+ TODO: check
+CVE-2008-7028 (RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-7027 (Libra File Manager 1.18 and earlier allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-7026 (Unrestricted file upload vulnerability in filesystem3.class.php in ...)
+ TODO: check
+CVE-2008-7025 (TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe ...)
+ TODO: check
+CVE-2008-7024 (admin.php in Arz Development The Gemini Portal 4.7 and earlier allows ...)
+ TODO: check
+CVE-2008-7023 (Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other ...)
+ TODO: check
+CVE-2008-7022 (Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat ...)
+ TODO: check
+CVE-2008-7021 (Unrestricted file upload vulnerability in editlogo.php in AvailScript ...)
+ TODO: check
+CVE-2008-7020 (McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores ...)
+ TODO: check
+CVE-2008-7019 (Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-7018 (Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar ...)
+ TODO: check
+CVE-2008-7017 (Cross-site scripting (XSS) vulnerability in analyse.php in CAcert ...)
+ TODO: check
+CVE-2008-7016 (tnftpd before 20080929 splits large command strings into multiple ...)
+ TODO: check
+CVE-2003-1574 (TikiWiki 1.6.1 allows remote attackers to bypass authentication by ...)
+ TODO: check
CVE-2009-XXXX [pidgin does not honour SSL/TLS]
- pidgin 2.6.1-1 (low; bug #542891)
[lenny] - pidgin <no-dsa> (Minor issue)
@@ -199,15 +325,19 @@
CVE-2008-7004 (Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown ...)
NOT-FOR-US: Electronic Logbook
CVE-2009-2849 (The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 ...)
+ {DSA-1872-1}
- linux-2.6 2.6.30-4 (medium)
- linux-2.6.24 <removed>
CVE-2009-2848 (The execve function in the Linux kernel, possibly 2.6.30-rc6 and ...)
+ {DSA-1872-1}
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed>
CVE-2009-2847 (The do_sigaltstack function in kernel/signal.c in Linux kernel 2.6 ...)
+ {DSA-1872-1}
- linux-2.6 2.6.30-6 (low)
- linux-2.6.24 <removed>
CVE-2009-2846 (The eisa_eeprom_read function in the parisc isa-eeprom component ...)
+ {DSA-1872-1}
- linux-2.6 2.6.30-6 (low)
- linux-2.6.24 <removed>
CVE-2009-2844 (cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and ...)
@@ -789,6 +919,7 @@
RESERVED
CVE-2009-2698
RESERVED
+ {DSA-1872-1}
CVE-2009-2697
RESERVED
CVE-2009-2696
@@ -1418,13 +1549,11 @@
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- openjdk-6 <unfixed> (medium; bug #542210)
-CVE-2009-2474 [neon: Improper verification of x590v3 certificate with NUL (zero) byte in certain fields]
- RESERVED
+CVE-2009-2474 (neon before 0.28.6, when OpenSSL is used, does not properly handle a ...)
- neon27 0.28.6-1 (medium; bug #542926)
- neon26 <unfixed> (medium; bug #542926)
- neon <removed> (medium; bug #542926)
-CVE-2009-2473 [neon: billion laughs DoS attack]
- RESERVED
+CVE-2009-2473 (neon before 0.28.6, when expat is used, does not properly detect ...)
- neon27 <not-affected> (neon27 is compiled to use libxml2 instead of expat)
- neon26 <not-affected> (neon26 is compiled to use libxml2 instead of expat)
- neon <removed>
@@ -2583,8 +2712,8 @@
NOT-FOR-US: Apple Safari
CVE-2009-2057 (Microsoft Internet Explorer before 8 uses the HTTP Host header to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2009-2056
- RESERVED
+CVE-2009-2056 (Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to ...)
+ TODO: check
CVE-2009-2055 (Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a ...)
NOT-FOR-US: Cisco IOS
CVE-2009-2054
@@ -3048,8 +3177,8 @@
NOTE: can be exploited only if magic_quotes is off
CVE-2009-3870
REJECTED
-CVE-2009-1879
- RESERVED
+CVE-2009-1879 (Cross-site scripting (XSS) vulnerability in index.template.html in the ...)
+ TODO: check
CVE-2009-1878 (Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier ...)
NOT-FOR-US: Adobe ColdFusion
CVE-2009-1877 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and ...)
@@ -5509,8 +5638,8 @@
NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1155 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security ...)
NOT-FOR-US: Cisco Adaptive Security Appliances
-CVE-2009-1154
- RESERVED
+CVE-2009-1154 (Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a ...)
+ TODO: check
CVE-2009-1153
RESERVED
CVE-2009-1152 (Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and possibly ...)
@@ -50144,7 +50273,7 @@
NOT-FOR-US: Tradingeye Shop
CVE-2006-3140 (SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and ...)
NOT-FOR-US: openCI
-CVE-2006-3139 (Multiple SQL injection vulnerabilities in war.php in Virtual War 1.5.0 ...)
+CVE-2006-3139 (Multiple SQL injection vulnerabilities in war.php in Virtual War ...)
NOT-FOR-US: Virtual War
CVE-2006-3138 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory ...)
NOT-FOR-US: phpMyDirectory
More information about the Secure-testing-commits
mailing list