[Secure-testing-commits] r12682 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Aug 25 21:14:28 UTC 2009 

Author: joeyh
Date: 2009-08-25 21:14:28 +0000 (Tue, 25 Aug 2009)
New Revision: 12682

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-25 20:23:44 UTC (rev 12681)
+++ data/CVE/list	2009-08-25 21:14:28 UTC (rev 12682)
@@ -1,3 +1,81 @@
+CVE-2009-2958
+	RESERVED
+CVE-2009-2957
+	RESERVED
+CVE-2009-2956 (The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere ...)
+	TODO: check
+CVE-2009-2955 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause ...)
+	TODO: check
+CVE-2009-2954 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote ...)
+	TODO: check
+CVE-2009-2953 (Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote ...)
+	TODO: check
+CVE-2009-2952 (Unspecified vulnerability in the pollwakeup function in Sun Solaris ...)
+	TODO: check
+CVE-2009-2951 (Phenotype CMS before 2.9 does not use a random salt value for password ...)
+	TODO: check
+CVE-2008-7083 (Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter ...)
+	TODO: check
+CVE-2008-7082 (MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key ...)
+	TODO: check
+CVE-2008-7081 (userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 ...)
+	TODO: check
+CVE-2008-7080 (Team PHP PHP Classifieds Script stores sensitive information under the ...)
+	TODO: check
+CVE-2008-7079 (Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to ...)
+	TODO: check
+CVE-2008-7078 (Multiple buffer overflows in Rumpus before 6.0.1 allow remote ...)
+	TODO: check
+CVE-2008-7077 (Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow ...)
+	TODO: check
+CVE-2008-7076 (Unrestricted file upload vulnerability in user.modify.profile.php in ...)
+	TODO: check
+CVE-2008-7075 (Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star ...)
+	TODO: check
+CVE-2008-7074 (Format string vulnerability in MemeCode Software i.Scribe 1.88 through ...)
+	TODO: check
+CVE-2008-7073 (PHP remote file inclusion vulnerability in lib/action/rss.php in RSS ...)
+	TODO: check
+CVE-2008-7072 (Cross-site scripting (XSS) vulnerability in index.php in Chipmunk ...)
+	TODO: check
+CVE-2008-7071 (SQL injection vulnerability in authenticate.php in Chipmunk Topsites ...)
+	TODO: check
+CVE-2008-7070 (Argument injection vulnerability in the URI handler in KVIrc 3.4.2 ...)
+	TODO: check
+CVE-2008-7069 (All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information ...)
+	TODO: check
+CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...)
+	TODO: check
+CVE-2008-7067 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-7066 (OpenForum 0.66 Beta allows remote attackers to bypass authentication ...)
+	TODO: check
+CVE-2008-7065 (Siemens C450 IP and C475 IP VoIP devices allow remote attackers to ...)
+	TODO: check
+CVE-2008-7064 (Directory traversal vulnerability in the get_lang function in ...)
+	TODO: check
+CVE-2008-7063 (Ocean12 FAQ Manager Pro stores sensitive data under the web root with ...)
+	TODO: check
+CVE-2008-7062 (Unrestricted file upload vulnerability in admin/index.php in Download ...)
+	TODO: check
+CVE-2008-7061 (The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome ...)
+	TODO: check
+CVE-2008-7060 (Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 ...)
+	TODO: check
+CVE-2008-7059 (SQL injection vulnerability in index.php in One-News Beta 2 allows ...)
+	TODO: check
+CVE-2008-7058 (Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 ...)
+	TODO: check
+CVE-2008-7057 (Cross-site scripting (XSS) vulnerability in merchandise.php in ...)
+	TODO: check
+CVE-2008-7056 (BandSite CMS 1.1.4 does not perform access control for ...)
+	TODO: check
+CVE-2008-7055 (module.php in ezContents 2.0.3 allows remote attackers to bypass the ...)
+	TODO: check
+CVE-2008-7054 (Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow ...)
+	TODO: check
+CVE-2008-7053 (LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows ...)
+	TODO: check
 CVE-2009-2950
 	RESERVED
 CVE-2009-2949
@@ -1115,7 +1193,7 @@
 	NOT-FOR-US: XOOPS
 CVE-2009-XXXX [poppler: buffer overflow in abiword backend]
 	- poppler <unfixed> (low; bug #534680)
-CVE-2009-2408 (Mozilla Firefox before 3.5 and NSS before 3.12.3 do not properly ...)
+CVE-2009-2408 (Mozilla Network Security Services (NSS) before 3.12.3, Firefox before ...)
 	- openssl <unfixed> (medium; bug #539449)
 	- openssl097 <removed>
 	- xulrunner <unfixed> (medium)
@@ -1196,7 +1274,7 @@
 	RESERVED
 CVE-2009-2628
 	RESERVED
-CVE-2009-2627 (The Acer LunchApp (aka AcerCtrls.APlunch) ActiveX control in ...)
+CVE-2009-2627 (Insecure method vulnerability in the Acer LunchApp (aka ...)
 	NOT-FOR-US: Acer LunchApp
 CVE-2009-2626
 	RESERVED
@@ -3133,7 +3211,7 @@
 CVE-2009-1893 (The configtest function in the Red Hat dhcpd init script for DHCP ...)
 	NOT-FOR-US: Red Hat dhcpd init script for DHCP
 CVE-2009-1892 (dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and ...)
-	{DSA-1833-1}
+	{DSA-1833-2 DSA-1833-1}
 	- dhcp3 <unfixed> (low; bug #539492)
 	[etch] - dhcp3 <not-affected> (problematic assert is not present)
 CVE-2009-1891 (The mod_deflate module in Apache httpd 2.2.11 and earlier compresses ...)
@@ -3560,7 +3638,7 @@
 	NOT-FOR-US: CoreTypes in Apple Mac OS X
 CVE-2009-1726 (Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and ...)
 	NOT-FOR-US: ColorSync in Apple Mac OS X
-CVE-2009-1725 (WebKit in Apple Safari before 4.0.2 does not properly handle numeric ...)
+CVE-2009-1725 (WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit ...)
 	- webkit <unfixed> (medium; bug #538346)
 	- qt4-x11 4:4.5.2-2 (medium; bug #538347)
 	- kdelibs <not-affected> (medium; bug #538350)
@@ -7361,7 +7439,7 @@
 CVE-2009-0693
 	RESERVED
 CVE-2009-0692 (Stack-based buffer overflow in the script_write_params method in ...)
-	{DSA-1833-1}
+	{DSA-1833-2 DSA-1833-1}
 	- dhcp3 3.1.2p1-1 (medium)
 	NOTE: dhcp in etch is not affected.
 CVE-2009-0691 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit ...)

More information about the Secure-testing-commits mailing list