[Secure-testing-commits] r13658 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Sat Dec 26 18:24:10 UTC 2009
Author: derevko-guest
Date: 2009-12-26 18:24:10 +0000 (Sat, 26 Dec 2009)
New Revision: 13658
Modified:
data/CVE/list
Log:
- NFUs
- CVE-2009-4422: Multiple cross-site scripting (XSS) vulnerabilities in libphp-jpgraph
- CVE-2009-4412: Unrestricted file upload vulnerability in Serendipity
- CVE-2009-4405: fixed in trac 0.11.6-1
- CVE-2009-4404: fixed in t-prot 2.8-1
- sql-ledger issues
- wireshark issues fixed in 1.2.5-1
- CVE-2009-4270: Stack-based buffer overflow in ghostscript)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-26 15:56:47 UTC (rev 13657)
+++ data/CVE/list 2009-12-26 18:24:10 UTC (rev 13658)
@@ -1,13 +1,13 @@
CVE-2009-4423 (SQL injection vulnerability in index.php in weenCompany 4.0.0 allows ...)
- TODO: check
+ NOT-FOR-US: weenCompany
CVE-2009-4422 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ - libphp-jpgraph <unfixed> (low; bug #562633)
CVE-2009-4421 (Directory traversal vulnerability in languages_cgi.php in Simple PHP ...)
- TODO: check
+ NOT-FOR-US: Simple PHP Blog
CVE-2009-4420 (Buffer overflow in the bd daemon in F5 Networks BIG-IP Application ...)
TODO: check
CVE-2009-4419 (Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the ...)
- TODO: check
+ NOT-FOR-US: Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets
CVE-2009-4418 (The unserialize function in PHP 5.3.0 and earlier allows ...)
- php5 <unfixed> (low)
CVE-2009-4417 (The shutdown function in the Zend_Log_Writer_Mail class in Zend ...)
@@ -21,29 +21,26 @@
CVE-2009-4414 (SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in ...)
- phpgroupware 1:0.9.16.012+dfsg-9
CVE-2009-4412 (Unrestricted file upload vulnerability in Serendipity before 1.5 ...)
- - serendipity <unfixed>
- TODO: check
+ - serendipity <unfixed> (low; bug #562634)
CVE-2009-4411 (The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when ...)
- - acl <unfixed> (bug #499076)
+ - acl <unfixed> (low; bug #499076)
[etch] - acl <not-affected> (Vulnerable code not present)
- TODO: check
CVE-2009-4409 (The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP ...)
- TODO: check
+ NOT-FOR-US: Internet Initiative Japan SEIL/B1 firmware
CVE-2009-4408 (Multiple cross-site scripting (XSS) vulnerabilities in models.parser ...)
- TODO: check
+ NOT-FOR-US: PyForum
CVE-2009-4407 (Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum ...)
- TODO: check
+ NOT-FOR-US: PyForum
CVE-2009-4406 (Cross-site scripting (XSS) vulnerability in Forms/login1 in American ...)
- TODO: check
+ NOT-FOR-US: APC Switched Rack PDU AP7932 B2
CVE-2009-4405 (Multiple unspecified vulnerabilities in Trac before 0.11.6 have ...)
- - trac <unfixed>
- TODO: check
+ - trac 0.11.6-1
CVE-2009-4404 (Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 ...)
- TODO: check
+ - t-prot 2.8-1
CVE-2009-4403 (Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 ...)
- TODO: check
+ NOT-FOR-US: Rumba XML
CVE-2009-4402 (The default configuration of SQL-Ledger 2.8.24 allows remote attackers ...)
- TODO: check
+ - sql-ledger <unfixed> (bug #562639)
CVE-2009-4410 (The fuse_ioctl_copy_user function in the ioctl handler in ...)
- linux-2.6 2.6.32-1 (low)
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
@@ -156,11 +153,11 @@
CVE-2010-0066
RESERVED
CVE-2009-4378 (The IPMI dissector in Wireshark 1.2.0 through 1.2.4, when running on ...)
- TODO: check
+ - wireshark 1.2.5-1
CVE-2009-4377 (The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 ...)
- TODO: check
+ - wireshark 1.2.5-1
CVE-2009-4376 (Buffer overflow in the daintree_sna_read function in the Daintree SNA ...)
- TODO: check
+ - wireshark 1.2.5-1
CVE-2009-4375 (SQL injection vulnerability in repository/repository_attachment.php in ...)
NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2009-4374 (Directory traversal vulnerability in ...)
@@ -523,7 +520,7 @@
CVE-2009-4271
RESERVED
CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in base/gsmisc.c ...)
- TODO: check
+ - ghostscript <unfixed> (medium; bug #562643)
CVE-2009-4269
RESERVED
CVE-2009-4268
@@ -879,7 +876,7 @@
[etch] - linux-2.6 <not-affected> (ohci introduced in 2.6.22)
- linux-2.6.24 <removed> (medium)
CVE-2009-4137 (The loadContentFromCookie function in core/Cookie.php in Piwik before ...)
- TODO: check
+ NOT-FOR-US: Piwik
CVE-2009-4136 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before ...)
- postgresql-7.4 <removed>
- postgresql-8.1 <removed>
@@ -2481,15 +2478,15 @@
- request-tracker3.4 <removed>
- request-tracker3.6 3.6.9-2 (low)
CVE-2009-3584 (SQL-Ledger 2.8.24 does not set the secure flag for the session cookie ...)
- TODO: check
+ - sql-ledger <unfixed> (bug #562639)
CVE-2009-3583 (Directory traversal vulnerability in the Preferences menu item in ...)
- TODO: check
+ - sql-ledger <unfixed> (bug #562639)
CVE-2009-3582 (Multiple SQL injection vulnerabilities in the delete subroutine in ...)
- TODO: check
+ - sql-ledger <unfixed> (bug #562639)
CVE-2009-3581 (Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger ...)
- TODO: check
+ - sql-ledger <unfixed> (bug #562639)
CVE-2009-3580 (Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger ...)
- TODO: check
+ - sql-ledger <unfixed> (bug #562639)
CVE-2009-3578 (Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya ...)
NOT-FOR-US: Autodesk Maya
CVE-2009-3577 (Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 ...)
More information about the Secure-testing-commits
mailing list