[Secure-testing-commits] r13416 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Dec 1 21:14:23 UTC 2009 

Author: joeyh
Date: 2009-12-01 21:14:22 +0000 (Tue, 01 Dec 2009)
New Revision: 13416

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-01 15:00:40 UTC (rev 13415)
+++ data/CVE/list	2009-12-01 21:14:22 UTC (rev 13416)
@@ -1,3 +1,39 @@
+CVE-2009-4130
+	RESERVED
+CVE-2009-4129
+	RESERVED
+CVE-2009-4128
+	RESERVED
+CVE-2009-4127
+	RESERVED
+CVE-2009-4126
+	RESERVED
+CVE-2009-4125
+	RESERVED
+CVE-2009-4124
+	RESERVED
+CVE-2009-4123
+	RESERVED
+CVE-2009-4122
+	RESERVED
+CVE-2009-4121 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
+CVE-2009-4120 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
+CVE-2009-4119 (Cross-site scripting (XSS) vulnerability in Feed Element Mapper module ...)
+	TODO: check
+CVE-2009-4118 (The StartServiceCtrlDispatcher function in the cvpnd service ...)
+	TODO: check
+CVE-2009-4117 (Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before ...)
+	TODO: check
+CVE-2009-4116 (Multiple directory traversal vulnerabilities in CutePHP CuteNews ...)
+	TODO: check
+CVE-2009-4115 (Multiple static code injection vulnerabilities in the Categories ...)
+	TODO: check
+CVE-2009-4114 (kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other ...)
+	TODO: check
+CVE-2009-4113 (Static code injection vulnerability in the Categories module in ...)
+	TODO: check
 CVE-2009-4110 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
 	NOT-FOR-US: DotNetNuke
 CVE-2009-4109 (The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent ...)
@@ -75,8 +111,8 @@
 	TODO: check
 CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote ...)
 	NOT-FOR-US: Microsoft Internet Explorer 8
-CVE-2008-7247
-	RESERVED
+CVE-2008-7247 (sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, ...)
+	TODO: check
 CVE-2009-XXXX [rails insufficient escaping XSS]
 	- rails <unfixed> (low; bug #558685)
 	NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
@@ -139,7 +175,7 @@
 	NOT-FOR-US: Dxmsoft XM Easy Personal FTP Server
 CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk ...)
 	NOT-FOR-US: PHD Help Desk
-CVE-2009-4112 [Cacti priviledge scalation]
+CVE-2009-4112 (Cacti 0.8.7e and earlier allows remote authenticated administrators to ...)
 	- cacti <unfixed> (low)
 	TODO: check
 	NOTE: 4B0E1566.1070509 at moritz-naumann.com in bugtraq
@@ -183,12 +219,12 @@
 	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
 	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
 	- kvm <unfixed> (low)
-CVE-2009-4030
-	RESERVED
+CVE-2009-4030 (MySQL 5.1.x before 5.1.41 allows local users to bypass certain ...)
+	TODO: check
 CVE-2009-4029
 	RESERVED
-CVE-2009-4028
-	RESERVED
+CVE-2009-4028 (The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x ...)
+	TODO: check
 CVE-2009-4027
 	RESERVED
 CVE-2009-4026 [linux-2.6: remotely exploitable flaw in mac80211]
@@ -204,7 +240,7 @@
 	- linux-2.6.24 <not-affected> (introduced in 2.6.30)
 CVE-2009-4025 (Argument injection vulnerability in the traceroute function in ...)
 	NOT-FOR-US: Net_Traceroute PEAR module
-CVE-2009-4024 (Argument injection in the ping function in Ping.php in the Net_Ping ...)
+CVE-2009-4024 (Argument injection vulnerability in the ping function in Ping.php in ...)
 	- php-net-ping <unfixed>
 	TODO: check
 	NOTE: http://pear.php.net/advisory20091114-01.txt
@@ -227,8 +263,7 @@
 	NOTE: consequences are quite severe.
 CVE-2009-4020
 	RESERVED
-CVE-2009-4019 [mysql server crashers]
-	RESERVED
+CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not ...)
 	- mysql-dfsg-5.1 5.1.41-1
 	- mysql-dfsg-5.0 <removed>
 	TODO: check
@@ -4892,7 +4927,7 @@
 	NOT-FOR-US: TFM MMPlayer
 CVE-2009-2565 (Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. ...)
 	NOT-FOR-US: Perl CGI's By Mrs. Shiromuku shiromuku
-CVE-2009-2564 (NOS Microsystems getPlus Download Manager for Adobe 1.6.2.36, and ...)
+CVE-2009-2564 (NOS Microsystems getPlus Download Manager, as used in Adobe Reader ...)
 	NOT-FOR-US: Adobe
 CVE-2009-2563 (Unspecified vulnerability in the Infiniband dissector in Wireshark ...)
 	- wireshark 1.2.1-1 (bug #538237)

More information about the Secure-testing-commits mailing list