[Secure-testing-commits] r12300 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Jul 6 21:14:31 UTC 2009
Author: joeyh
Date: 2009-07-06 21:14:29 +0000 (Mon, 06 Jul 2009)
New Revision: 12300
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-07-06 21:01:40 UTC (rev 12299)
+++ data/CVE/list 2009-07-06 21:14:29 UTC (rev 12300)
@@ -1,3 +1,53 @@
+CVE-2009-2336
+ RESERVED
+CVE-2009-2335
+ RESERVED
+CVE-2009-2334
+ RESERVED
+CVE-2009-2333 (Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and ...)
+ TODO: check
+CVE-2009-2332 (CMS Chainuk 1.2 and earlier allows remote attackers to obtain ...)
+ TODO: check
+CVE-2009-2331 (Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and ...)
+ TODO: check
+CVE-2009-2330 (Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in ...)
+ TODO: check
+CVE-2009-2329 (KerviNet Forum 1.1 and earlier allows remote attackers to obtain ...)
+ TODO: check
+CVE-2009-2328 (admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require ...)
+ TODO: check
+CVE-2009-2327 (Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet ...)
+ TODO: check
+CVE-2009-2326 (Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and ...)
+ TODO: check
+CVE-2009-2325 (Directory traversal vulnerability in index.php in Clicknet CMS 2.1 ...)
+ TODO: check
+CVE-2009-2324 (Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor ...)
+ TODO: check
+CVE-2009-2323 (The web interface on the Axesstel MV 410R redirects users back to the ...)
+ TODO: check
+CVE-2009-2322 (Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the ...)
+ TODO: check
+CVE-2009-2321 (cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to ...)
+ TODO: check
+CVE-2009-2320 (The web interface on the Axesstel MV 410R relies on client-side ...)
+ TODO: check
+CVE-2009-2319 (The default configuration of the Wi-Fi component on the Axesstel MV ...)
+ TODO: check
+CVE-2009-2318 (The Axesstel MV 410R allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2009-2317 (The Axesstel MV 410R has a certain default administrator password, and ...)
+ TODO: check
+CVE-2009-2316 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
+ TODO: check
+CVE-2009-2315 (Unspecified vulnerability in Apple iPhone OS allows remote attackers ...)
+ TODO: check
+CVE-2009-2314 (Race condition in the Sun Lightweight Availability Collection Tool 3.0 ...)
+ TODO: check
+CVE-2007-6728 (Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote ...)
+ TODO: check
+CVE-2007-6727 (SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows ...)
+ TODO: check
CVE-2009-XXXX [rails: password bypass]
- rails <not-affected> (high; bug #535896)
TODO: check after 2.3.x upload
@@ -8,7 +58,6 @@
- php4 <unfixed> (low; bug #535897)
TODO: check 5.3.0-1, fix may already be applied
CVE-2009-XXXX [apache2: htaccess override]
- {DSA-1816-1}
- apache2 2.2.9-1 (low; bug #535886)
CVE-2009-XXXX [openvpn: possible symlink attack via client-connect script]
- openvpn <unfixed> (low; bug #534908)
@@ -63,11 +112,9 @@
NOT-FOR-US: kernel in Sun Solaris
CVE-2009-2296 (The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris ...)
NOT-FOR-US: kernel module in Sun Solaris
-CVE-2009-2295 [camlimages: several integer overflows]
- RESERVED
+CVE-2009-2295 (Multiple integer overflows in CamlImages 2.2 and earlier might allow ...)
- camlimages 1:3.0.1-2 (medium; bug #535909)
-CVE-2009-2294 [dillo: integer overflow]
- RESERVED
+CVE-2009-2294 (Integer overflow in the Png_datainfo_callback function in Dillo 2.1 ...)
- dillo 2.2.1 (medium; bug #535788)
CVE-2009-2293 (Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote ...)
NOT-FOR-US: Optimum Web Design Tutorial Share
@@ -162,8 +209,8 @@
RESERVED
- mapserver <unfixed> (medium; bug #535340)
NOTE: http://www.openwall.com/lists/oss-security/2009/06/22/2
-CVE-2009-2265
- RESERVED
+CVE-2009-2265 (Multiple directory traversal vulnerabilities in FCKeditor before ...)
+ TODO: check
CVE-2009-2264
RESERVED
CVE-2009-2263 (Directory traversal vulnerability in index.php in Awesome PHP Mega ...)
@@ -1060,8 +1107,7 @@
CVE-2009-1891 [apache2 mod_deflate DoS]
RESERVED
- apache2 <unfixed> (medium; bug #534712)
-CVE-2009-1890 [apache2 mod_proxy DoS]
- RESERVED
+CVE-2009-1890 (The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy ...)
- apache2 <unfixed>
CVE-2009-1889 (The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets ...)
- pidgin 2.5.8-1 (low; bug #535790)
@@ -1462,6 +1508,7 @@
- ipplan <unfixed> (unimportant; bug #530271)
NOTE: Only exploitable with admin rights
CVE-2009-1732 (Cross-site scripting (XSS) vulnerability in admin/usermanager in ...)
+ {DSA-1827-1}
- ipplan 4.91a-1.1 (low; bug #530271)
CVE-2009-1731 (SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows ...)
NOT-FOR-US: MLFFAT
@@ -1690,8 +1737,8 @@
NOT-FOR-US: Shutter
CVE-2009-1649 (Directory traversal vulnerability in arch.php in beLive 0.2.3 allows ...)
NOT-FOR-US: beLive
-CVE-2009-1648
- RESERVED
+CVE-2009-1648 (The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise ...)
+ TODO: check
CVE-2009-1647 (Heap-based buffer overflow in popcorn.exe in Ultrafunk Popcorn 1.87 ...)
NOT-FOR-US: Ultrafunk Popcorn
CVE-2009-1646 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 ...)
@@ -2370,7 +2417,7 @@
RESERVED
CVE-2009-1422
RESERVED
-CVE-2009-1421 (Unspecified vulnerability in NFS / ONCplus on HP HP-UX B.11.31 allows ...)
+CVE-2009-1421 (Unspecified vulnerability in NFS / ONCplus B.11.31_06 and B.11.31_07 ...)
NOT-FOR-US: ONCplus on HP HP-UX
CVE-2009-1420 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
NOT-FOR-US: HP OpenView Network Node Manager
@@ -2449,8 +2496,7 @@
- linux-2.6 2.6.26-16 (high; bug #532376)
- linux-2.6.24 <removed>
NOTE: potential for kernel memory corruption by remote attacker
-CVE-2009-1388 [linux-2.6: deadlock between ptrace and coredump]
- RESERVED
+CVE-2009-1388 (The ptrace_start function in kernel/ptrace.c in the Linux kernel ...)
- linux-2.6 <not-affected> (problem in redhat-specific kernel patches)
- linux-2.6.24 <removed>
NOTE: i can't find the ptrace_start() code in any of the debian kernels,
@@ -4357,8 +4403,8 @@
RESERVED
CVE-2009-0905
RESERVED
-CVE-2009-0904
- RESERVED
+CVE-2009-0904 (The IBM Stax XMLStreamWriter in the Web Services component in IBM ...)
+ TODO: check
CVE-2009-0903 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the ...)
NOT-FOR-US: WebSphere
CVE-2009-0902
More information about the Secure-testing-commits
mailing list