[Secure-testing-commits] r13626 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Dec 22 21:14:19 UTC 2009
Author: joeyh
Date: 2009-12-22 21:14:19 +0000 (Tue, 22 Dec 2009)
New Revision: 13626
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-22 20:26:39 UTC (rev 13625)
+++ data/CVE/list 2009-12-22 21:14:19 UTC (rev 13626)
@@ -1,3 +1,171 @@
+CVE-2010-0095
+ RESERVED
+CVE-2010-0094
+ RESERVED
+CVE-2010-0093
+ RESERVED
+CVE-2010-0092
+ RESERVED
+CVE-2010-0091
+ RESERVED
+CVE-2010-0090
+ RESERVED
+CVE-2010-0089
+ RESERVED
+CVE-2010-0088
+ RESERVED
+CVE-2010-0087
+ RESERVED
+CVE-2010-0086
+ RESERVED
+CVE-2010-0085
+ RESERVED
+CVE-2010-0084
+ RESERVED
+CVE-2010-0083
+ RESERVED
+CVE-2010-0082
+ RESERVED
+CVE-2010-0081
+ RESERVED
+CVE-2010-0080
+ RESERVED
+CVE-2010-0079
+ RESERVED
+CVE-2010-0078
+ RESERVED
+CVE-2010-0077
+ RESERVED
+CVE-2010-0076
+ RESERVED
+CVE-2010-0075
+ RESERVED
+CVE-2010-0074
+ RESERVED
+CVE-2010-0073
+ RESERVED
+CVE-2010-0072
+ RESERVED
+CVE-2010-0071
+ RESERVED
+CVE-2010-0070
+ RESERVED
+CVE-2010-0069
+ RESERVED
+CVE-2010-0068
+ RESERVED
+CVE-2010-0067
+ RESERVED
+CVE-2010-0066
+ RESERVED
+CVE-2009-4378 (The IPMI dissector in Wireshark 1.2.0 through 1.2.4, when running on ...)
+ TODO: check
+CVE-2009-4377 (The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 ...)
+ TODO: check
+CVE-2009-4376 (Buffer overflow in the daintree_sna_read function in the Daintree SNA ...)
+ TODO: check
+CVE-2009-4375 (SQL injection vulnerability in repository/repository_attachment.php in ...)
+ TODO: check
+CVE-2009-4374 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2009-4373 (Unrestricted file upload vulnerability in ...)
+ TODO: check
+CVE-2009-4372 (AlienVault Open Source Security Information Management (OSSIM) 2.1.5, ...)
+ TODO: check
+CVE-2009-4371 (Cross-site scripting (XSS) vulnerability in the Locale module ...)
+ TODO: check
+CVE-2009-4370 (Cross-site scripting (XSS) vulnerability in the Menu module ...)
+ TODO: check
+CVE-2009-4369 (Cross-site scripting (XSS) vulnerability in the Contact module ...)
+ TODO: check
+CVE-2009-4368 (Multiple unspecified vulnerabilities in Centreon before 2.1.4 have ...)
+ TODO: check
+CVE-2009-4367 (The Staging Webservice ("sitecore modules/staging/service/api.asmx") ...)
+ TODO: check
+CVE-2009-4366 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...)
+ TODO: check
+CVE-2009-4365 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2009-4364 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...)
+ TODO: check
+CVE-2009-4363 (Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application ...)
+ TODO: check
+CVE-2009-4362 (Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users ...)
+ TODO: check
+CVE-2009-4361 (Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users ...)
+ TODO: check
+CVE-2009-4360 (SQL injection vulnerability in modules/content/index.php in the ...)
+ TODO: check
+CVE-2009-4359 (Cross-site scripting (XSS) vulnerability in folder.php in the ...)
+ TODO: check
+CVE-2009-4358 (freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure ...)
+ TODO: check
+CVE-2009-4357 (CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 ...)
+ TODO: check
+CVE-2009-4356 (Multiple integer overflows in the jpeg.w5s and png.w5s filters in ...)
+ TODO: check
+CVE-2009-4355
+ RESERVED
+CVE-2009-4354 (TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not ...)
+ TODO: check
+CVE-2009-4353 (The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 ...)
+ TODO: check
+CVE-2009-4352 (Multiple cross-site scripting (XSS) vulnerabilities in TransWARE ...)
+ TODO: check
+CVE-2009-4351 (SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, ...)
+ TODO: check
+CVE-2009-4350 (SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 ...)
+ TODO: check
+CVE-2009-4349 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2009-4348 (Cross-site scripting (XSS) vulnerability in index.php in Harold ...)
+ TODO: check
+CVE-2009-4347 (Cross-site scripting (XSS) vulnerability in daloradius-users/login.php ...)
+ TODO: check
+CVE-2009-4346 (Cross-site scripting (XSS) vulnerability in the Frontend news ...)
+ TODO: check
+CVE-2009-4345 (Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) ...)
+ TODO: check
+CVE-2009-4344 (Cross-site scripting (XSS) vulnerability in the ZID Linkliste ...)
+ TODO: check
+CVE-2009-4343 (Cross-site scripting (XSS) vulnerability in the Training Company ...)
+ TODO: check
+CVE-2009-4342 (SQL injection vulnerability in the Job Exchange (jobexchange) ...)
+ TODO: check
+CVE-2009-4341 (SQL injection vulnerability in the No indexed Search ...)
+ TODO: check
+CVE-2009-4340 (Cross-site scripting (XSS) vulnerability in the No indexed Search ...)
+ TODO: check
+CVE-2009-4339 (SQL injection vulnerability in the Subscription (mf_subscription) ...)
+ TODO: check
+CVE-2009-4338 (SQL injection vulnerability in the Flash SlideShow (slideshow) ...)
+ TODO: check
+CVE-2009-4337 (SQL injection vulnerability in the Diocese of Portsmouth Calendar ...)
+ TODO: check
+CVE-2009-4336 (Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth ...)
+ TODO: check
+CVE-2009-4335 (Multiple unspecified vulnerabilities in bundled stored procedures in ...)
+ TODO: check
+CVE-2009-4334 (The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before ...)
+ TODO: check
+CVE-2009-4333 (The Relational Data Services component in IBM DB2 9.5 before FP5 ...)
+ TODO: check
+CVE-2009-4332 (db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 ...)
+ TODO: check
+CVE-2009-4331 (The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 ...)
+ TODO: check
+CVE-2009-4330 (Unspecified vulnerability in db2licm in the Engine Utilities component ...)
+ TODO: check
+CVE-2009-4329 (Unspecified vulnerability in the Engine Utilities component in IBM DB2 ...)
+ TODO: check
+CVE-2009-4328 (Unspecified vulnerability in the DRDA Services component in IBM DB2 ...)
+ TODO: check
+CVE-2009-4327 (The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and ...)
+ TODO: check
+CVE-2009-4326 (The RAND scalar function in the Common Code Infrastructure component ...)
+ TODO: check
+CVE-2009-4325 (The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before ...)
+ TODO: check
CVE-2009-XXXX [apache2: potential disclosure of private php files]
- apache2 <unfixed> (low; bug #562006)
CVE-2009-XXXX [Wireshark: Daintree SNA buffer overflow]
@@ -248,8 +416,8 @@
RESERVED
CVE-2009-4271
RESERVED
-CVE-2009-4270
- RESERVED
+CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in base/gsmisc.c ...)
+ TODO: check
CVE-2009-4269
RESERVED
CVE-2009-4268
@@ -312,7 +480,7 @@
NOT-FOR-US: AROUNDMe
CVE-2009-4263 (SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 ...)
NOT-FOR-US: PTCPay
-CVE-2009-4262 (Harold Bakker's Newscript HB-NS 1.3 allows remote attackers to obtain ...)
+CVE-2009-4262 (Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to ...)
NOT-FOR-US: Harold Bakker's Newscript HB-NS
CVE-2009-XXXX [php-net-ping argument injection]
- php-net-ping 2.4.2-1.1 (medium)
@@ -350,8 +518,7 @@
[etch] - python-docutils <not-affected> (vulnerable code introduced in 0.5)
[lenny] - python-docutils <no-dsa> (Minor issue)
NOTE: cve requested
-CVE-2009-4261 [ganeti command execution]
- RESERVED
+CVE-2009-4261 (Multiple directory traversal vulnerabilities in the iallocator ...)
{DSA-1959-1}
- ganeti 2.0.5-1 (low)
NOTE: http://www.ocert.org/advisories/ocert-2009-019.html
@@ -598,11 +765,9 @@
- network-manager-applet <unfixed>
TODO: check
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=546117
-CVE-2009-4143 [$_SESSION interruption memory corruption]
- RESERVED
+CVE-2009-4143 (PHP before 5.2.12 does not properly handle session data, which has ...)
- php5 <unfixed> (low)
-CVE-2009-4142 [insufficient string validation in htmlspecialchars()]
- RESERVED
+CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not properly ...)
- php5 <unfixed>
TODO: determine real impact
CVE-2009-4141
@@ -611,8 +776,7 @@
RESERVED
CVE-2009-4139
RESERVED
-CVE-2009-4138 [linux-2.6: firewire ohci issue]
- RESERVED
+CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when ...)
- linux-2.6 <unfixed> (medium)
[etch] - linux-2.6 <not-affected> (ohci introduced in 2.6.22)
- linux-2.6.24 <removed> (medium)
@@ -863,8 +1027,7 @@
NOT-FOR-US: FrontAccounting
CVE-2009-4036
RESERVED
-CVE-2009-4035 [FoFiType1::parse() integer underflow in xpdf/fofi/FoFiType1.cc]
- RESERVED
+CVE-2009-4035 (The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf ...)
- kdegraphics 4.0
- xpdf 3.01-1
- poppler 0.5.1-1
@@ -891,8 +1054,7 @@
- mysql-dfsg-5.1 5.1.41-1
- mysql-dfsg-5.0 <removed>
TODO: check
-CVE-2009-4029 [Automake security fix for 'make dist*']
- RESERVED
+CVE-2009-4029 (The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, ...)
- automake 1:1.11-1
TODO: check
NOTE: it also affects every Makefile.in generated by automake
@@ -989,12 +1151,12 @@
RESERVED
CVE-2009-3998
RESERVED
-CVE-2009-3997
- RESERVED
-CVE-2009-3996
- RESERVED
-CVE-2009-3995
- RESERVED
+CVE-2009-3997 (Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in ...)
+ TODO: check
+CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder ...)
+ TODO: check
+CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module ...)
+ TODO: check
CVE-2009-3994 (Stack-based buffer overflow in the GetUID function in ...)
- devil 1.7.8-6 (low; bug #560080)
[lenny] - devil <no-dsa> (Minor issue)
@@ -1010,40 +1172,31 @@
RESERVED
CVE-2009-3988
RESERVED
-CVE-2009-3987 [GeckoActiveXObject exception messages can be used to enumerate installed COM objects]
- RESERVED
+CVE-2009-3987 (The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and ...)
- xulrunner <not-affected> (Windows-specific vulnerability)
-CVE-2009-3986 [Privilege escalation via chrome window.opener]
- RESERVED
+CVE-2009-3986 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...)
{DSA-1956-1}
- xulrunner 1.9.1.6-1
-CVE-2009-3985 [URL spoofing via invalid document.location]
- RESERVED
+CVE-2009-3985 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...)
{DSA-1956-1}
- xulrunner 1.9.1.6-1
-CVE-2009-3984 [SSL spoofing with document.location]
- RESERVED
+CVE-2009-3984 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...)
{DSA-1956-1}
- xulrunner 1.9.1.6-1
-CVE-2009-3983 [NTLM reflection vulnerability]
- RESERVED
+CVE-2009-3983 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...)
{DSA-1956-1}
- xulrunner 1.9.1.6-1
-CVE-2009-3982 [Crashes with evidence of memory corruption]
- RESERVED
+CVE-2009-3982 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
- xulrunner 1.9.1.6-1
[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
-CVE-2009-3981 [Crashes with evidence of memory corruption]
- RESERVED
+CVE-2009-3981 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-1956-1}
- xulrunner 1.9.1
NOTE: Only affects Firefox 3
-CVE-2009-3980 [Crashes with evidence of memory corruption]
- RESERVED
+CVE-2009-3980 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- xulrunner 1.9.1.6-1
[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
-CVE-2009-3979 [Crashes with evidence of memory corruption]
- RESERVED
+CVE-2009-3979 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-1956-1}
- xulrunner 1.9.1.6-1
CVE-2009-3978 (The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp ...)
@@ -1085,7 +1238,7 @@
- dovecot 1:1.2.8-1 (medium; bug #557601)
[lenny] - dovecot <not-affected> (Only affects 1.2.x)
[etch] - dovecot <not-affected> (Only affects 1.2.x)
-CVE-2009-4017 (PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of ...)
+CVE-2009-4017 (PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number ...)
{DSA-1940-1}
- php5 5.2.11.dfsg.1-2 (medium)
- php4 <removed> (medium)
@@ -1524,10 +1677,10 @@
TODO: check
CVE-2009-3793
RESERVED
-CVE-2009-3792
- RESERVED
-CVE-2009-3791
- RESERVED
+CVE-2009-3792 (Directory traversal vulnerability in Adobe Flash Media Server (FMS) ...)
+ TODO: check
+CVE-2009-3791 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before ...)
+ TODO: check
CVE-2009-3790 (Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation ...)
NOT-FOR-US: FormMax
CVE-2009-3789 (Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan ...)
@@ -1743,8 +1896,8 @@
- vmware-package <removed>
CVE-2009-3732
RESERVED
-CVE-2009-3731
- RESERVED
+CVE-2009-3731 (Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help ...)
+ TODO: check
CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...)
NOT-FOR-US: ReqWeb
CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...)
@@ -1889,12 +2042,11 @@
NOT-FOR-US: Achievo
CVE-2009-3704 (ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, ...)
NOT-FOR-US: ZoIPer
-CVE-2009-3703
- RESERVED
+CVE-2009-3703 (Multiple SQL injection vulnerabilities in the WP-Forum plugin before ...)
+ TODO: check
CVE-2009-3702
RESERVED
-CVE-2009-3701 [horde XSS via PHP_SELF]
- RESERVED
+CVE-2009-3701 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- horde3 3.3.6+debian0-1 (low)
[lenny] - horde3 <no-dsa> (minor issue)
[etch] - horde3 <no-dsa> (minor issue)
@@ -2365,10 +2517,10 @@
CVE-2009-3559 (** DISPUTED ** ...)
- php5 <unfixed> (unimportant)
NOTE: safe_mode regression
-CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and ...)
+CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 ...)
- php5 <unfixed> (unimportant)
NOTE: open_basedir bypass
-CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP 5.2.11 and earlier, ...)
+CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP before 5.2.12 and ...)
- php5 <unfixed> (unimportant)
NOTE: safe_mode bypass
CVE-2009-3556
@@ -2789,13 +2941,11 @@
RESERVED
CVE-2009-3390 (Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) ...)
NOT-FOR-US: iscsiadm and iscsitadm programs in Sun Solaris 10
-CVE-2009-3389 [libtheora/Firefox]
- RESERVED
+CVE-2009-3389 (Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used ...)
- libtheora 1.1
- xulrunner 1.9.1.6-1
[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
-CVE-2009-3388 [liboggplay/Firefox]
- RESERVED
+CVE-2009-3388 (liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before ...)
- liboggplay <unfixed>
- xulrunner 1.9.1.6-1
[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
@@ -4643,18 +4793,18 @@
- burn 0.4.5-1 (low; bug #542329)
[lenny] - burn 0.4.3-2.1+lenny1
[etch] - burn <no-dsa> (Minor issue)
-CVE-2009-2880
- RESERVED
-CVE-2009-2879
- RESERVED
-CVE-2009-2878
- RESERVED
-CVE-2009-2877
- RESERVED
-CVE-2009-2876
- RESERVED
-CVE-2009-2875
- RESERVED
+CVE-2009-2880 (Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x ...)
+ TODO: check
+CVE-2009-2879 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
+ TODO: check
+CVE-2009-2878 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
+ TODO: check
+CVE-2009-2877 (Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF ...)
+ TODO: check
+CVE-2009-2876 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
+ TODO: check
+CVE-2009-2875 (Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x ...)
+ TODO: check
CVE-2009-2874 (The TimesTenD process in Cisco Unified Presence 1.x, 6.x before ...)
NOT-FOR-US: Cisco Unified Presence
CVE-2009-2873 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco ...)
@@ -5973,7 +6123,7 @@
NOT-FOR-US: Microsoft Active Directory Federation Services
CVE-2009-2507 (A certain ActiveX control in the Indexing Service in Microsoft Windows ...)
NOT-FOR-US: Microsoft Windows
-CVE-2009-2506 (The text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; ...)
+CVE-2009-2506 (Integer overflow in the text converters in Microsoft Office Word 2002 ...)
NOT-FOR-US: Microsoft Office
CVE-2009-2505 (The Internet Authentication Service (IAS) in Microsoft Windows Vista ...)
NOT-FOR-US: Microsoft Office
@@ -40507,10 +40657,10 @@
NOT-FOR-US: Fresh View
CVE-2007-2282 (Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before ...)
NOT-FOR-US: Cisco
-CVE-2007-2281
- RESERVED
-CVE-2007-2280
- RESERVED
+CVE-2007-2281 (Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe ...)
+ TODO: check
+CVE-2007-2280 (Stack-based buffer overflow in OmniInet.exe (aka the backup client ...)
+ TODO: check
CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage ...)
NOT-FOR-US: Symantec
CVE-2007-2278 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 ...)
More information about the Secure-testing-commits
mailing list