[Secure-testing-commits] r13482 - data/CVE

Mon Dec 7 21:14:23 UTC 2009

Author: joeyh
Date: 2009-12-07 21:14:22 +0000 (Mon, 07 Dec 2009)
New Revision: 13482

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-12-07 16:12:29 UTC (rev 13481)
+++ data/CVE/list	2009-12-07 21:14:22 UTC (rev 13482)
@@ -1,3 +1,35 @@
+CVE-2009-4213
+	RESERVED
+CVE-2009-4212
+	RESERVED
+CVE-2009-4211 (The U.S. Defense Information Systems Agency (DISA) Security Readiness ...)
+	TODO: check
+CVE-2009-4210
+	RESERVED
+CVE-2009-4209 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
+	TODO: check
+CVE-2009-4208 (SQL injection vulnerability in the os_news module in Open-school (OS) ...)
+	TODO: check
+CVE-2009-4207 (Cross-site scripting (XSS) vulnerability in the Webform module 5.x ...)
+	TODO: check
+CVE-2009-4206 (SQL injection vulnerability in admin.link.modify.php in Million Dollar ...)
+	TODO: check
+CVE-2009-4205 (Directory traversal vulnerability in admin.php in Flashlight Free ...)
+	TODO: check
+CVE-2009-4204 (SQL injection vulnerability in read.php in Flashlight Free Edition ...)
+	TODO: check
+CVE-2009-4203 (Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php ...)
+	TODO: check
+CVE-2009-4202 (Directory traversal vulnerability in the Omilen Photo Gallery ...)
+	TODO: check
+CVE-2009-4201 (Multiple stack-based buffer overflows in Mp3 Tag Assistant ...)
+	TODO: check
+CVE-2009-4200 (SQL injection vulnerability in the Seminar (com_seminar) component ...)
+	TODO: check
+CVE-2009-4199 (Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos ...)
+	TODO: check
+CVE-2009-4198 (SQL injection vulnerability in my_orders.php in MyMiniBill allows ...)
+	TODO: check
 CVE-2009-4197 (rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware ...)
 	NOT-FOR-US: Huawei MT882 V100R002B020
 CVE-2009-4196 (Multiple cross-site scripting (XSS) vulnerabilities in multiple ...)
@@ -94,8 +126,8 @@
 	NOT-FOR-US: IBM DB2
 CVE-2009-4149
 	RESERVED
-CVE-2009-4148
-	RESERVED
+CVE-2009-4148 (DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers ...)
+	TODO: check
 CVE-2009-4147 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
 	TODO: check
 CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
@@ -191,7 +223,7 @@
 	- firefox-sage <unfixed> (low; bug #559267)
 CVE-2009-4101 (infoRSS 1.1.4.2 and earlier extension for Firefox performs certain ...)
 	NOT-FOR-US: infoRSS extension for Firefox
-CVE-2009-4100 (Yoono extension 6.1.1 for Firefox performs certain operations with ...)
+CVE-2009-4100 (Yoono extension before 6.1.1 for Firefox performs certain operations ...)
 	NOT-FOR-US: Yoono extension for Firefox
 CVE-2009-4099 (SQL injection vulnerability in the Google Calendar GCalendar ...)
 	NOT-FOR-US: Joomla! Component
@@ -396,8 +428,7 @@
 	NOTE: <https://www.isc.org/node/504>
 	NOTE: Only affects installations with trust anchors, but then the
 	NOTE: consequences are quite severe.
-CVE-2009-4020 [linux-2.6: hfs buffer overflow]
-	RESERVED
+CVE-2009-4020 (Stack-based buffer overflow in the hfs subsystem in the Linux kernel ...)
 	- linux-2.6 <unfixed> (medium)
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not ...)
@@ -1661,8 +1692,8 @@
 	NOT-FOR-US: Xerver HTTP Server
 CVE-2009-3561 (Directory traversal vulnerability in Xerver HTTP Server 4.32 allows ...)
 	NOT-FOR-US: Xerver HTTP Server
-CVE-2009-3560
-	RESERVED
+CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...)
+	TODO: check
 CVE-2009-3559 (** DISPUTED ** ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: safe_mode regression
@@ -2293,8 +2324,7 @@
 	NOT-FOR-US: ClearSite
 CVE-2009-3305
 	RESERVED
-CVE-2009-3304 [gforge: symlink attack]
-	RESERVED
+CVE-2009-3304 (GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite ...)
 	{DSA-1945-1}
 	- gforge  4.8.2-1
 CVE-2009-3303 (Cross-site scripting (XSS) vulnerability in www/help/tracker.php in ...)


