[Secure-testing-commits] r11155 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Thu Feb 5 21:14:15 UTC 2009
Author: joeyh
Date: 2009-02-05 21:14:14 +0000 (Thu, 05 Feb 2009)
New Revision: 11155
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-02-05 19:40:57 UTC (rev 11154)
+++ data/CVE/list 2009-02-05 21:14:14 UTC (rev 11155)
@@ -1,3 +1,75 @@
+CVE-2009-0431 (SQL injection vulnerability in Default.asp in LinksPro Standard ...)
+ TODO: check
+CVE-2009-0430 (Multiple cross-site scripting (XSS) vulnerabilities in Active Bids ...)
+ TODO: check
+CVE-2009-0429 (Multiple SQL injection vulnerabilities in Active Bids allow remote ...)
+ TODO: check
+CVE-2009-0428 (SQL injection vulnerability in ...)
+ TODO: check
+CVE-2009-0427 (SQL injection vulnerability in ...)
+ TODO: check
+CVE-2009-0426 (SQL injection vulnerability in ...)
+ TODO: check
+CVE-2009-0425 (SQL injection vulnerability in index.php in Blue Eye CMS 1.0.0 and ...)
+ TODO: check
+CVE-2009-0424 (Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook ...)
+ TODO: check
+CVE-2009-0423 (Directory traversal vulnerability in index.php in Php Photo Album ...)
+ TODO: check
+CVE-2009-0422 (Dynamic variable evaluation vulnerability in lists/admin.php in ...)
+ TODO: check
+CVE-2009-0421 (SQL injection vulnerability in the Eventing (com_eventing) 1.6.x ...)
+ TODO: check
+CVE-2009-0420 (SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable ...)
+ TODO: check
+CVE-2009-0419 (Microsoft XML Core Services, as used in Microsoft Expression Web, ...)
+ TODO: check
+CVE-2009-0418 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX ...)
+ TODO: check
+CVE-2008-6067 (SQL injection vulnerability in search_results.php in E-Shop Shopping ...)
+ TODO: check
+CVE-2008-6066 (Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 ...)
+ TODO: check
+CVE-2008-6065 (Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE ...)
+ TODO: check
+CVE-2008-6064 (Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote ...)
+ TODO: check
+CVE-2008-6063 (Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places ...)
+ TODO: check
+CVE-2008-6062 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...)
+ TODO: check
+CVE-2008-6061 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...)
+ TODO: check
+CVE-2008-6060 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...)
+ TODO: check
+CVE-2008-6059 (xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not ...)
+ TODO: check
+CVE-2008-6058 (Syslserve 1.058 and earlier, and probably 1.059, allows remote ...)
+ TODO: check
+CVE-2008-6057 (Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under ...)
+ TODO: check
+CVE-2008-6056 (Multiple cross-site scripting (XSS) vulnerabilities in World Recipe ...)
+ TODO: check
+CVE-2008-6055 (PreProjects Pre Classified Listings stores pclasp.mdb under the web ...)
+ TODO: check
+CVE-2008-6054 (PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under ...)
+ TODO: check
+CVE-2008-6053 (PreProjects Pre Resume Submitter stores onlineresume.mdb under the web ...)
+ TODO: check
+CVE-2008-6052 (PreProjects Pre E-Learning Portal stores db_elearning.mdb under the ...)
+ TODO: check
+CVE-2008-6051 (MetaCart Free stores metacart.mdb under the web root with insufficient ...)
+ TODO: check
+CVE-2008-6050 (SQL injection vulnerability in the Tech Articles (com_tech_article) ...)
+ TODO: check
+CVE-2008-6049 (SQL injection vulnerability in index.php in TinyMCE 2.0.1 allows ...)
+ TODO: check
+CVE-2008-6048 (Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS ...)
+ TODO: check
+CVE-2008-6047 (Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 ...)
+ TODO: check
+CVE-2008-6046 (SQL injection vulnerability in ADbNewsSender before 1.5.2 allows ...)
+ TODO: check
CVE-2009-0417
RESERVED
CVE-2009-0416 (The SSL certificate setup program (genSslCert.sh) in Standards Based ...)
@@ -61,8 +133,8 @@
NOT-FOR-US: Enomaly Elastic Computing Platform
CVE-2009-0389 (Multiple insecure method vulnerabilities in the Web On Windows (WOW) ...)
NOT-FOR-US: ActiveX
-CVE-2009-0388
- RESERVED
+CVE-2009-0388 (Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and ...)
+ TODO: check
CVE-2009-0387 (Array index error in the qtdemux_parse_samples function in ...)
- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
@@ -228,47 +300,40 @@
RESERVED
CVE-2009-0359
RESERVED
-CVE-2009-0358 [Mozilla: Directives to not cache pages ignored]
- RESERVED
+CVE-2009-0358 (Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) ...)
- iceweasel 3.0
[etch] - iceweasel <not-affected> (Only affects Firefox 3.x)
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.5-1
[etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9)
-CVE-2009-0357 [Mozilla: XMLHttpRequest allows reading HTTPOnly cookies]
- RESERVED
+CVE-2009-0357 (Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not ...)
- iceweasel 3.0
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.5-1
- iceape 1.1.14-1.1
NOTE: Iceape in Lenny only provides XPCOM libs
-CVE-2009-0356 [Mozilla: Information stealing via local shortcut files]
- RESERVED
+CVE-2009-0356 (Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the ...)
- iceweasel 3.0
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.5-1
- iceape 1.1.14-1.1
NOTE: Iceape in Lenny only provides XPCOM libs
-CVE-2009-0355 [Firefox: Local file stealing with SessionStore]
- RESERVED
+CVE-2009-0355 (components/sessionstore/src/nsSessionStore.js in Mozilla Firefox ...)
- iceweasel 3.0.6-1
-CVE-2009-0354
- RESERVED
+CVE-2009-0354 (Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x ...)
- iceweasel 3.0
[etch] - iceweasel <not-affected> (Only affects Firefox 3.x)
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.5-1
[etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9)
-CVE-2009-0353 [Mozilla: Layout engine crashes with evidence of memory corruption]
- RESERVED
+CVE-2009-0353 (Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, ...)
- iceweasel 3.0
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.5-1
- iceape 1.1.14-1.1
NOTE: Iceape in Lenny only provides XPCOM libs
- icedove <unfixed>
-CVE-2009-0352 [Mozilla: Javascript engine crashes with evidence of memory corruption]
- RESERVED
+CVE-2009-0352 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
- iceweasel 3.0
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.5-1
@@ -1204,16 +1269,16 @@
RESERVED
CVE-2009-0063
RESERVED
-CVE-2009-0062
- RESERVED
-CVE-2009-0061
- RESERVED
+CVE-2009-0062 (Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), ...)
+ TODO: check
+CVE-2009-0061 (Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC ...)
+ TODO: check
CVE-2009-0060
RESERVED
-CVE-2009-0059
- RESERVED
-CVE-2009-0058
- RESERVED
+CVE-2009-0059 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless ...)
+ TODO: check
+CVE-2009-0058 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless ...)
+ TODO: check
CVE-2009-0057 (The Certificate Authority Proxy Function (CAPF) service in Cisco ...)
NOT-FOR-US: Cisco
CVE-2009-0056 (Cross-site request forgery (CSRF) vulnerability in the administration ...)
@@ -4754,8 +4819,8 @@
NOT-FOR-US: MetaGauge
CVE-2008-4420
RESERVED
-CVE-2008-4419
- RESERVED
+CVE-2008-4419 (Directory traversal vulnerability in the HP JetDirect web ...)
+ TODO: check
CVE-2008-4418 (Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and ...)
NOT-FOR-US: HP-UX
CVE-2008-4417
@@ -5897,7 +5962,7 @@
NOT-FOR-US: Adobe Illustrator
CVE-2008-3960 (Unspecified vulnerability in the JDBC Applet Server Service (aka ...)
NOT-FOR-US: IBM DB2 UDB
-CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, and 8.2 before FixPak 9, allows ...)
+CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before ...)
NOT-FOR-US: IBM DB2 UDB
CVE-2008-3958 (IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a ...)
NOT-FOR-US: IBM DB2 UDB
More information about the Secure-testing-commits
mailing list