[Secure-testing-commits] r11141 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Feb 4 21:14:36 UTC 2009
Author: joeyh
Date: 2009-02-04 21:14:35 +0000 (Wed, 04 Feb 2009)
New Revision: 11141
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-02-04 19:01:22 UTC (rev 11140)
+++ data/CVE/list 2009-02-04 21:14:35 UTC (rev 11141)
@@ -1,3 +1,177 @@
+CVE-2009-0417
+ RESERVED
+CVE-2009-0416 (The SSL certificate setup program (genSslCert.sh) in Standards Based ...)
+ TODO: check
+CVE-2009-0415 (Untrusted search path vulnerability in trickle 1.07 allows local users ...)
+ TODO: check
+CVE-2009-0413 (Cross-site scripting (XSS) vulnerability in RoundCube Webmail ...)
+ TODO: check
+CVE-2009-0412 (The ProcessLogin function in class.auth.php in Interspire Shopping ...)
+ TODO: check
+CVE-2009-0411 (Google Chrome before 1.0.154.46 does not properly restrict access from ...)
+ TODO: check
+CVE-2009-0410 (Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) ...)
+ TODO: check
+CVE-2009-0409 (SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and ...)
+ TODO: check
+CVE-2009-0408 (Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC ...)
+ TODO: check
+CVE-2009-0407 (SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 ...)
+ TODO: check
+CVE-2009-0406 (SQL injection vulnerability in index.php in Community CMS 0.4 and ...)
+ TODO: check
+CVE-2009-0405 (SQL injection vulnerability in articles.php in smartSite CMS 1.0 ...)
+ TODO: check
+CVE-2009-0404 (Multiple cross-site scripting (XSS) vulnerabilities in Bioinformatics ...)
+ TODO: check
+CVE-2009-0403 (SQL injection vulnerability in admin/authenticate.php in Chipmunk ...)
+ TODO: check
+CVE-2009-0402 (SQL injection vulnerability in client/new_account.php in Domain ...)
+ TODO: check
+CVE-2009-0401 (SQL injection vulnerability in browsecats.php in E-Php CMS allows ...)
+ TODO: check
+CVE-2009-0400 (SQL injection vulnerability in blog.php in SocialEngine 3.06 trial ...)
+ TODO: check
+CVE-2009-0399 (Chipmunk Blogger Script allows remote attackers to gain administrator ...)
+ TODO: check
+CVE-2009-0398 (Array index error in the gst_qtp_trak_handler function in ...)
+ TODO: check
+CVE-2009-0397 (Heap-based buffer overflow in the qtdemux_parse_samples function in ...)
+ TODO: check
+CVE-2009-0396 (The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, ...)
+ TODO: check
+CVE-2009-0395 (SQL injection vulnerability in the login feature in NetArt Media Car ...)
+ TODO: check
+CVE-2009-0394 (SQL injection vulnerability in login.php in Pre Lecture Exercises ...)
+ TODO: check
+CVE-2009-0393 (Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola ...)
+ TODO: check
+CVE-2009-0392 (Directory traversal vulnerability in sysconf.cgi in Motorola Wimax ...)
+ TODO: check
+CVE-2009-0391 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
+ TODO: check
+CVE-2009-0390 (Argument injection vulnerability in Enomaly Elastic Computing Platform ...)
+ TODO: check
+CVE-2009-0389 (Multiple insecure method vulnerabilities in the Web On Windows (WOW) ...)
+ TODO: check
+CVE-2009-0388
+ RESERVED
+CVE-2009-0387 (Array index error in the qtdemux_parse_samples function in ...)
+ TODO: check
+CVE-2009-0386 (Heap-based buffer overflow in the qtdemux_parse_samples function in ...)
+ TODO: check
+CVE-2009-0384 (SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows ...)
+ TODO: check
+CVE-2009-0383 (delete.php in Max.Blog 1.0.6 does not properly restrict access, which ...)
+ TODO: check
+CVE-2009-0382 (Unspecified vulnerability in Internationalization (i18n) Translation ...)
+ TODO: check
+CVE-2009-0381 (SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping ...)
+ TODO: check
+CVE-2009-0380 (** DISPUTED ** ...)
+ TODO: check
+CVE-2009-0379 (SQL injection vulnerability in the Prince Clan Chess Club ...)
+ TODO: check
+CVE-2009-0378 (Cross-site scripting (XSS) vulnerability in index.php in the ...)
+ TODO: check
+CVE-2009-0377 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...)
+ TODO: check
+CVE-2009-0376
+ RESERVED
+CVE-2009-0375
+ RESERVED
+CVE-2009-0374 (** DISPUTED ** ...)
+ TODO: check
+CVE-2009-0373 (SQL injection vulnerability in the ElearningForce Flash Magazine ...)
+ TODO: check
+CVE-2009-0372 (Unrestricted file upload vulnerability in index.php in Miltenovik ...)
+ TODO: check
+CVE-2009-0371 (Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and ...)
+ TODO: check
+CVE-2009-0370 (Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 ...)
+ TODO: check
+CVE-2009-0369 (Microsoft Internet Explorer 7 allows remote attackers to trick a user ...)
+ TODO: check
+CVE-2008-6045 (Session fixation vulnerability in xt:Commerce 3.0.4 and earlier allows ...)
+ TODO: check
+CVE-2008-6044 (Cross-site scripting (XSS) vulnerability in advanced_search_result.php ...)
+ TODO: check
+CVE-2008-6043 (Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow ...)
+ TODO: check
+CVE-2008-6042 (SQL injection vulnerability in the re_search module in NetArtMedia ...)
+ TODO: check
+CVE-2008-6041 (Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in ...)
+ TODO: check
+CVE-2008-6040 (SQL injection vulnerability in index.php in Arcadem Pro 2.700 through ...)
+ TODO: check
+CVE-2008-6039 (Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows ...)
+ TODO: check
+CVE-2008-6038 (SQL injection vulnerability in index.php in MapCal 0.1 allows remote ...)
+ TODO: check
+CVE-2008-6037 (SQL injection vulnerability in view.php in AvailScript Article Script ...)
+ TODO: check
+CVE-2008-6036 (PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder ...)
+ TODO: check
+CVE-2008-6035 (Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo ...)
+ TODO: check
+CVE-2008-6034 (Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo ...)
+ TODO: check
+CVE-2008-6033 (SQL injection vulnerability in comments.php in WSN Links 2.20 allows ...)
+ TODO: check
+CVE-2008-6032 (SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P ...)
+ TODO: check
+CVE-2008-6031 (SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 ...)
+ TODO: check
+CVE-2008-6030 (Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3 ...)
+ TODO: check
+CVE-2008-6029 (SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and ...)
+ TODO: check
+CVE-2008-6028 (SQL injection vulnerability in list.php in University of Queensland ...)
+ TODO: check
+CVE-2008-6027 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2008-6026 (SQL injection vulnerability in tienda.php in BlueCUBE CMS allows ...)
+ TODO: check
+CVE-2008-6025 (Directory traversal vulnerability in scr/form.php in openElec 3.01 and ...)
+ TODO: check
+CVE-2008-6024 (Unspecified vulnerability in the NFSv4 client module in the kernel on ...)
+ TODO: check
+CVE-2008-6023 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-6022 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-6021 (Multiple unspecified vulnerabilities in Attachmate Reflection for ...)
+ TODO: check
+CVE-2008-6020 (SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for ...)
+ TODO: check
+CVE-2008-6019 (SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows ...)
+ TODO: check
+CVE-2008-6018 (Directory traversal vulnerability in index.php in MyPHPSite, when ...)
+ TODO: check
+CVE-2008-6017 (SQL injection vulnerability in messages.php in I-Rater Basic allows ...)
+ TODO: check
+CVE-2008-6016 (SQL injection vulnerability in questions.php in EsFaq 2.0 allows ...)
+ TODO: check
+CVE-2008-6015 (Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 ...)
+ TODO: check
+CVE-2008-6014 (SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS ...)
+ TODO: check
+CVE-2008-6013 (Multiple SQL injection vulnerabilities in Freeway before 1.4.3.210 ...)
+ TODO: check
+CVE-2008-6012 (Directory traversal vulnerability in index.php in Pritlog 0.4 and ...)
+ TODO: check
+CVE-2008-6011 (SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 ...)
+ TODO: check
+CVE-2008-6010 (Multiple directory traversal vulnerabilities in SG Real Estate Portal ...)
+ TODO: check
+CVE-2008-6009 (SG Real Estate Portal 2.0 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-6008 (hyBook Guestbook Script stores sensitive information under the web ...)
+ TODO: check
+CVE-2008-6007 (SQL injection vulnerability in view_group.php in QuidaScript BookMarks ...)
+ TODO: check
+CVE-2008-6006 (Multiple PHP remote file inclusion vulnerabilities in Micronation ...)
+ TODO: check
CVE-2009-XXXX [mahara: XSS in forum posts]
- mahara 1.0.9-1 (low)
[lenny] - mahara 1.0.4-4
@@ -3,7 +177,7 @@
NOTE: CVE id requested
CVE-2009-XXXX [squid: denial of server]
- - squid <unfixed> (bug #514142)
- NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_1.txt
- NOTE: CVE id requested
+ - squid <unfixed> (bug #514142)
+ NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_1.txt
+ NOTE: CVE id requested
CVE-2009-XXXX [bugzilla: Insufficiently Random Numbers]
- bugzilla <unfixed> (bug filed)
@@ -192,7 +366,7 @@
- trickle <unfixed> (bug #513456; low)
[etch] - trickle <no-dsa> (Minor issue)
NOTE: CVE id requested
-CVE-2009-0385 [ffmpeg 4x issue]
+CVE-2009-0385 (Integer signedness error in the fourxm_read_header function in ...)
- ffmpeg-debian 0.svn20080206-16
- ffmpeg <removed>
- mplayer 1.0~rc2-14
@@ -312,14 +486,14 @@
{DSA-1715-1 DTSA-187-1}
- moin 1.8.1-1.1 (low)
NOTE: http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad
-CVE-2009-0276
- RESERVED
-CVE-2009-0274
- RESERVED
-CVE-2009-0273
- RESERVED
-CVE-2009-0272
- RESERVED
+CVE-2009-0276 (Cross-domain vulnerability in the V8 JavaScript engine in Google ...)
+ TODO: check
+CVE-2009-0274 (Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, ...)
+ TODO: check
+CVE-2009-0273 (Multiple cross-site scripting (XSS) vulnerabilities in Novell ...)
+ TODO: check
+CVE-2009-0272 (Cross-site request forgery (CSRF) vulnerability in Novell GroupWise ...)
+ TODO: check
CVE-2009-0269 (fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel ...)
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
@@ -448,7 +622,7 @@
NOT-FOR-US: 53KF Web IM
CVE-2009-0246 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...)
NOT-FOR-US: easyHDR PRO
-CVE-2009-0414 [tor buffer overflow]
+CVE-2009-0414 (Unspecified vulnerability in Tor before 0.2.0.33 has unspecified ...)
- tor 0.2.0.33-1
CVE-2009-0245 (Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS ...)
NOT-FOR-US: Usagi Project MyNETS
@@ -519,10 +693,11 @@
CVE-2009-0257 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 ...)
{DSA-1711-1}
- typo3-src 4.2.4-1
-CVE-2009-0258 (Unspecified vulnerability in the Indexed Search Engine ...)
+CVE-2009-0258 (The Indexed Search Engine (indexed_search) system extension in TYPO3 ...)
{DSA-1711-1}
- typo3-src 4.2.4-1
-CVE-2009-0242 (Ganglia 3.1.1 allows remote attackers to cause a denial of service via ...)
+CVE-2009-0242
+ REJECTED
- ganglia-monitor-core <not-affected> (Only affects 3.1.1 branch, currently in experimental under different name)
- ganglia-monitor <unfixed> (low; bug #512637)
CVE-2009-0241 (Stack-based buffer overflow in the process_path function in ...)
@@ -601,8 +776,8 @@
RESERVED
CVE-2009-0205
RESERVED
-CVE-2009-0204
- RESERVED
+CVE-2009-0204 (Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and ...)
+ TODO: check
CVE-2009-0203
RESERVED
CVE-2009-0202
@@ -641,10 +816,10 @@
RESERVED
CVE-2009-0185
RESERVED
-CVE-2009-0184
- RESERVED
-CVE-2009-0183
- RESERVED
+CVE-2009-0184 (Multiple buffer overflows in the torrent parsing implementation in ...)
+ TODO: check
+CVE-2009-0183 (Stack-based buffer overflow in Remote Control Server in Free Download ...)
+ TODO: check
CVE-2009-0182 (Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted ...)
NOT-FOR-US: VUPlayer
CVE-2009-0181 (Buffer overflow in VUPlayer allows user-assisted attackers to have an ...)
@@ -1672,8 +1847,7 @@
RESERVED
CVE-2009-0035
RESERVED
-CVE-2009-0034 [sudo: privilege escalation]
- RESERVED
+CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret ...)
- sudo 1.6.9p17-2 (medium)
[etch] - sudo <not-affected> (Vulnerable code not present)
CVE-2009-0033
@@ -1894,7 +2068,7 @@
RESERVED
CVE-2008-5518
RESERVED
-CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote ...)
+CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote ...)
{DSA-1708-1}
- git-core 1:1.5.6.5-2 (low; bug #512330)
CVE-2008-5516 (The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote ...)
@@ -2855,10 +3029,10 @@
CVE-2008-5625 (PHP 5 before 5.2.7 does not enforce the error_log safe_mode ...)
- php5 <unfixed> (unimportant)
NOTE: http://securityreason.com/achievement_securityalert/57
-CVE-2008-5312 (mailscanner 4.55.10 might allow local users to overwrite arbitrary ...)
+CVE-2008-5312 (mailscanner 4.55.10 and other versions before 4.74.16-1 might allow ...)
- mailscanner 4.74.16-1 (bug #506353)
NOTE: there is no difference apart from the versions to CVE-2008-5313
-CVE-2008-5313 (mailscanner 4.68.8 might allow local users to overwrite arbitrary ...)
+CVE-2008-5313 (mailscanner 4.68.8 and other versions before 4.74.16-1 might allow ...)
- mailscanner 4.74.16-1 (bug #506353)
NOTE: there is no difference apart from the versions to CVE-2008-5312
CVE-2008-5175 (Directory traversal vulnerability in the FTP client in AceFTP Freeware ...)
@@ -2954,7 +3128,7 @@
CVE-2008-5141 (flamethrower in flamethrower 0.1.8 allows local users to overwrite ...)
{DSA-1676-1}
- flamethrower 0.1.8-2 (low; bug #506350)
-CVE-2008-5140 (trend-autoupdate.new in mailscanner 4.55.10 allows local users to ...)
+CVE-2008-5140 (trend-autoupdate.new in mailscanner 4.55.10 and other versions before ...)
- mailscanner 4.57.6-1 (unimportant)
NOTE: script should only be used when the private Trend Micro antivirus is installed
CVE-2008-5139 (updatejail in jailer 0.4 allows local users to overwrite arbitrary ...)
@@ -3085,8 +3259,8 @@
RESERVED
CVE-2008-5083
RESERVED
-CVE-2008-5082
- RESERVED
+CVE-2008-5082 (The verifyProof function in the Token Processing System (TPS) ...)
+ TODO: check
CVE-2008-5081 (The originates_from_local_legacy_unicast_socket function ...)
{DSA-1690-1 DTSA-189-1}
- avahi 0.6.23-3 (bug #508700; low)
@@ -3344,8 +3518,8 @@
- yzis 1.0~alpha1-2 (bug #504680)
CVE-2008-5113 (WordPress 2.6.3 relies on the REQUEST superglobal array in certain ...)
- wordpress 2.5.1-10 (bug #504771)
-CVE-2008-4990
- RESERVED
+CVE-2008-4990 (Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before ...)
+ TODO: check
CVE-2008-4989 (The _gnutls_x509_verify_certificate function in lib/x509/verify.c in ...)
- gnutls26 2.4.2-3
- gnutls13 <removed>
@@ -3425,8 +3599,8 @@
RESERVED
CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and ...)
NOT-FOR-US: VMware Workstation
-CVE-2008-4914
- RESERVED
+CVE-2008-4914 (Unspecified vulnerability in VMware ESXi 3.5 before ...)
+ TODO: check
CVE-2008-4913 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and ...)
NOT-FOR-US: LokiCMS
CVE-2008-4912 (SQL injection vulnerability in popup_img.php in the fotogalerie module ...)
@@ -52593,7 +52767,7 @@
NOT-FOR-US: Data ONTAP
CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) ...)
NOT-FOR-US: MyBB (aka MyBulletinBoard)
-CVE-2005-3325 (SQL injection vulnerability in base_qry_main.php in Analysis Console ...)
+CVE-2005-3325 (Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in ...)
{DSA-893-1}
- acidbase 1.2.1-1 (bug #335998; bug #336788; medium)
NOTE: the fix from 1.2-2 did not address the problem fully
More information about the Secure-testing-commits
mailing list