[Secure-testing-commits] r11108 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Thu Jan 29 21:14:19 UTC 2009 

Author: joeyh
Date: 2009-01-29 21:14:18 +0000 (Thu, 29 Jan 2009)
New Revision: 11108

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-01-29 20:52:34 UTC (rev 11107)
+++ data/CVE/list	2009-01-29 21:14:18 UTC (rev 11108)
@@ -1,3 +1,45 @@
+CVE-2009-0322 (drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and ...)
+	TODO: check
+CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote ...)
+	TODO: check
+CVE-2009-0320 (Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O ...)
+	TODO: check
+CVE-2009-0319 (Unspecified vulnerability in the autofs module in the kernel in Sun ...)
+	TODO: check
+CVE-2008-6004 (Cross-site scripting (XSS) vulnerability in search.php in AJ Auction ...)
+	TODO: check
+CVE-2008-6003 (SQL injection vulnerability in sellers_othersitem.php in AJ Auction ...)
+	TODO: check
+CVE-2008-6002 (Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, ...)
+	TODO: check
+CVE-2008-6001 (index.php in ADN Forum 1.0b and earlier allows remote attackers to ...)
+	TODO: check
+CVE-2008-6000 (The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity ...)
+	TODO: check
+CVE-2008-5999 (Cross-site scripting (XSS) vulnerability in the Ajax Checklist module ...)
+	TODO: check
+CVE-2008-5998 (Multiple SQL injection vulnerabilities in the ajax_checklist_save ...)
+	TODO: check
+CVE-2008-5997 (Absolute path traversal vulnerability in ...)
+	TODO: check
+CVE-2008-5996 (Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x ...)
+	TODO: check
+CVE-2008-5995 (Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA ...)
+	TODO: check
+CVE-2008-5994 (Cross-site scripting (XSS) vulnerability in index.php in Check Point ...)
+	TODO: check
+CVE-2008-5993 (Directory traversal vulnerability in image.php in Barcode Generator 1D ...)
+	TODO: check
+CVE-2008-5992 (Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) ...)
+	TODO: check
+CVE-2008-5991 (Directory traversal vulnerability in docs.php in MailWatch for ...)
+	TODO: check
+CVE-2008-5990 (Directory traversal vulnerability in connect/init.inc in emergecolab ...)
+	TODO: check
+CVE-2008-5989 (Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and ...)
+	TODO: check
+CVE-2008-5988 (SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS ...)
+	TODO: check
 CVE-2008-XXXX [minor cyrus sasl DoS]
 	- cyrus-sasl2 2.1.22.dfsg1-18 (bug #465561)
 	[etch] - cyrus-sasl2 <no-dsa> (Minor issue)
@@ -111,7 +153,7 @@
 	TODO: check
 CVE-2008-5982 (Format string vulnerability in BMC PATROL Agent before 3.7.30 allows ...)
 	NOT-FOR-US: BMC PATROL Agent
-CVE-2009-0323 [multiple buffer overflows in amaya]
+CVE-2009-0323 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 ...)
 	- amaya <unfixed> (medium; bug #507587)
 	NOTE: http://www.coresecurity.com/content/amaya-buffer-overflows
 CVE-2009-0282 (Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 ...)
@@ -684,7 +726,7 @@
 	- xrdp 0.4.0~dfsg-9 (bug #511641)
 CVE-2008-5902 (Buffer overflow in the xrdp_bitmap_invalidate function in ...)
 	- xrdp 0.4.0~dfsg-9 (bug #511641)
-CVE-2008-6005 [amaya: stack based buffer overflow]
+CVE-2008-6005 (Multiple buffer overflows in the CheckUniqueName function in W3C Amaya ...)
 	- amaya <unfixed> (medium; bug #507587)
 	NOTE: different vector than described in CVE-2008-5282, see 507587#15
 CVE-2009-XXXX [openslp: insecure cert validation through openssl api misuse]
@@ -7092,8 +7134,8 @@
 	- owl-dms 0.95-1.1 (bug #493372)
 	NOTE: Hardly maintained and very few users, long standing sec issues in Etch,
 	NOTE: Emailed release team to ask for removal from lenny
-CVE-2008-3358
-	RESERVED
+CVE-2008-3358 (Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP ...)
+	TODO: check
 CVE-2008-3357 (Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, ...)
 	NOT-FOR-US: Ingres
 CVE-2008-3356 (verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres ...)

More information about the Secure-testing-commits mailing list