[Secure-testing-commits] r13412 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Tue Dec 1 06:02:06 UTC 2009
Author: geissert
Date: 2009-12-01 06:01:58 +0000 (Tue, 01 Dec 2009)
New Revision: 13412
Modified:
data/CVE/list
Log:
NFUs, new dstat, roundcube and libtool issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-01 03:26:34 UTC (rev 13411)
+++ data/CVE/list 2009-12-01 06:01:58 UTC (rev 13412)
@@ -1,17 +1,17 @@
CVE-2009-4110 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
- TODO: check
+ NOT-FOR-US: DotNetNuke
CVE-2009-4109 (The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent ...)
- TODO: check
+ NOT-FOR-US: DotNetNuke
CVE-2009-4108 (XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to ...)
- TODO: check
+ NOT-FOR-US: XM Easy Personal FTP Server
CVE-2009-4107 (Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted ...)
- TODO: check
+ NOT-FOR-US: Invisible Browsing
CVE-2009-4106 (Unrestricted file upload vulnerability in admintools/editpage-2.php in ...)
- TODO: check
+ NOT-FOR-US: Agoko CMS
CVE-2009-4105 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...)
TODO: check
CVE-2009-4104 (SQL injection vulnerability in Lyften Designs LyftenBloggie ...)
- TODO: check
+ NOT-FOR-US: Joomla! component
CVE-2009-4103 (Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, ...)
TODO: check
CVE-2009-4102 (Sage 1.4.3 and earlier extension for Firefox performs certain ...)
@@ -21,9 +21,9 @@
CVE-2009-4100 (Yoono extension 6.1.1 for Firefox performs certain operations with ...)
TODO: check
CVE-2009-4099 (SQL injection vulnerability in the Google Calendar GCalendar ...)
- TODO: check
+ NOT-FOR-US: Joomla! Component
CVE-2009-4098 (Unrestricted file upload vulnerability in banner-edit.php in OpenX ...)
- TODO: check
+ NOT-FOR-US: OpenX adserver
CVE-2009-4097 (Stack-based buffer overflow in the MplayInputFile function in Serenity ...)
TODO: check
CVE-2009-4096 (RADIO istek scripti 2.5 stores sensitive information under the web ...)
@@ -31,7 +31,7 @@
CVE-2009-4095 (myPhile 1.2.1 allows remote attackers to bypass authentication via an ...)
TODO: check
CVE-2009-4094 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Joomla! component
CVE-2009-4093 (Multiple cross-site scripting (XSS) vulnerabilities in comments.php in ...)
TODO: check
CVE-2009-4092 (Cross-site request forgery (CSRF) vulnerability in user.php in Simplog ...)
@@ -57,6 +57,7 @@
CVE-2009-4082 (PHP remote file inclusion vulnerability in ...)
TODO: check
CVE-2009-4081 (Untrusted search path vulnerability in dstat before r3199 allows local ...)
+ - dstat <unfixed>
TODO: check
CVE-2009-4080 (Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP ...)
TODO: check
@@ -65,13 +66,15 @@
CVE-2009-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 ...)
TODO: check
CVE-2009-4077 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...)
+ - roundcube <unfixed>
TODO: check
CVE-2009-4076 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...)
+ - roundcube <unfixed>
TODO: check
CVE-2009-4075 (Unspecified vulnerability in the timeout mechanism in sshd in Sun ...)
TODO: check
CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer 8
CVE-2008-7247
RESERVED
CVE-2009-XXXX [rails insufficient escaping XSS]
@@ -191,7 +194,7 @@
CVE-2009-4026
RESERVED
CVE-2009-4025 (Argument injection vulnerability in the traceroute function in ...)
- TODO: check
+ NOT-FOR-US: Net_Traceroute PEAR module
CVE-2009-4024 (Argument injection in the ping function in Ping.php in the Net_Ping ...)
- php-net-ping <unfixed>
TODO: check
@@ -658,7 +661,7 @@
CVE-2009-3844
RESERVED
CVE-2009-3843 (HP Operations Manager 8.10 on Windows contains a "hidden account" in ...)
- TODO: check
+ NOT-FOR-US: HP Operations Manager
CVE-2009-3842 (Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction ...)
NOT-FOR-US: HP Color LaserJet
CVE-2009-3841 (Unspecified vulnerability in HP Discovery & Dependency Mapping ...)
@@ -900,6 +903,7 @@
CVE-2009-3737
RESERVED
CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, ...)
+ - libtool <unfixed>
TODO: check
CVE-2009-3735
RESERVED
@@ -1409,7 +1413,7 @@
CVE-2009-3566 (McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 ...)
NOT-FOR-US: McAfee IntruShield Network Security Manager
CVE-2009-3565 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: McAfee IntruShield Network Security Manager
CVE-2009-3564 (puppetmasterd in puppet 0.24.6 does not reset supplementary groups ...)
- puppet <unfixed> (low; bug #551073)
[etch] - puppet <no-dsa> (minor issue)
@@ -6582,7 +6586,7 @@
CVE-2009-1929 (Heap-based buffer overflow in the Microsoft Terminal Services Client ...)
NOT-FOR-US: ActiveX
CVE-2009-1928 (Stack consumption vulnerability in the LDAP service in Active ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2009-1927
RESERVED
CVE-2009-1926 (Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista ...)
More information about the Secure-testing-commits
mailing list