[Secure-testing-commits] r12351 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Jul 15 21:14:46 UTC 2009
Author: joeyh
Date: 2009-07-15 21:14:36 +0000 (Wed, 15 Jul 2009)
New Revision: 12351
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-07-15 19:21:01 UTC (rev 12350)
+++ data/CVE/list 2009-07-15 21:14:36 UTC (rev 12351)
@@ -1,3 +1,53 @@
+CVE-2009-2461 (mathtex.cgi in mathTeX, when downloaded before 20090713, does not ...)
+ TODO: check
+CVE-2009-2460 (Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when ...)
+ TODO: check
+CVE-2009-2459 (Multiple unspecified vulnerabilities in mimeTeX, when downloaded ...)
+ TODO: check
+CVE-2009-2458 (Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100 ...)
+ TODO: check
+CVE-2009-2457 (The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows ...)
+ TODO: check
+CVE-2009-2456 (The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows ...)
+ TODO: check
+CVE-2009-2455 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2009-2454 (Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6, ...)
+ TODO: check
+CVE-2009-2453 (Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 ...)
+ TODO: check
+CVE-2009-2452 (Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have ...)
+ TODO: check
+CVE-2009-2451 (Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX ...)
+ TODO: check
+CVE-2008-6867 (SQL injection vulnerability in content.php in Scripts For Sites (SFS) ...)
+ TODO: check
+CVE-2008-6866 (SQL injection vulnerability in modules.php in the Current_Issue module ...)
+ TODO: check
+CVE-2008-6865 (SQL injection vulnerability in modules.php in the Sectionsnew module ...)
+ TODO: check
+CVE-2008-6864 (Xigla Software Absolute Live Support .NET 5.1 allows remote attackers ...)
+ TODO: check
+CVE-2008-6863 (Xigla Software Absolute Form Processor .NET 4.0 allows remote ...)
+ TODO: check
+CVE-2008-6862 (Absolute Content Rotator 6.0 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-6861 (Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers ...)
+ TODO: check
+CVE-2008-6860 (Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to ...)
+ TODO: check
+CVE-2008-6859 (Xigla Software Absolute Control Panel XE 1.5 allows remote attackers ...)
+ TODO: check
+CVE-2008-6858 (Absolute Banner Manager .NET 4.0 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-6857 (Absolute Podcast .NET 1.0 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-6856 (Xigla Software Absolute News Manager.NET 5.1 allows remote attackers ...)
+ TODO: check
+CVE-2008-6855 (Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote ...)
+ TODO: check
+CVE-2008-6854 (Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to ...)
+ TODO: check
CVE-2009-XXXX [iceweasel: 0-day remote shellcode injection]
- iceweasel <unfixed> (high; bug #537104)
CVE-2009-2450 (The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online ...)
@@ -205,8 +255,8 @@
RESERVED
CVE-2009-2348
RESERVED
-CVE-2009-2347 [libtiff issues]
- RESERVED
+CVE-2009-2347 (Multiple integer overflows in inter-color spaces conversion tools in ...)
+ {DSA-1835-1}
- tiff 3.8.2-13
CVE-2009-2346
RESERVED
@@ -383,6 +433,7 @@
NOTE: upstream 2.6.30 does not contain the patch for this issue
TODO: check 2.6.31 when it is released
CVE-2009-2285 (Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 ...)
+ {DSA-1835-1}
- tiff 3.8.2-12 (low; bug #534137)
NOTE: this doesn't allow code execution, only a crash.
CVE-2009-2283 (Multiple cross-site scripting (XSS) vulnerabilities in the help jsp ...)
@@ -1108,60 +1159,60 @@
RESERVED
CVE-2009-1990
RESERVED
-CVE-2009-1989
- RESERVED
-CVE-2009-1988
- RESERVED
-CVE-2009-1987
- RESERVED
-CVE-2009-1986
- RESERVED
+CVE-2009-1989 (Unspecified vulnerability in the PeopleSoft Enterprise FMS component ...)
+ TODO: check
+CVE-2009-1988 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS eProfile ...)
+ TODO: check
+CVE-2009-1987 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools - ...)
+ TODO: check
+CVE-2009-1986 (Unspecified vulnerability in the Oracle Applications Manager component ...)
+ TODO: check
CVE-2009-1985
RESERVED
-CVE-2009-1984
- RESERVED
-CVE-2009-1983
- RESERVED
-CVE-2009-1982
- RESERVED
-CVE-2009-1981
- RESERVED
-CVE-2009-1980
- RESERVED
+CVE-2009-1984 (Unspecified vulnerability in the Application Install component in ...)
+ TODO: check
+CVE-2009-1983 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
+ TODO: check
+CVE-2009-1982 (Unspecified vulnerability in the Oracle Applications Framework ...)
+ TODO: check
+CVE-2009-1981 (Unspecified vulnerability in the Highly Interactive Client component ...)
+ TODO: check
+CVE-2009-1980 (Unspecified vulnerability in the Oracle Application Object Library ...)
+ TODO: check
CVE-2009-1979
RESERVED
-CVE-2009-1978
- RESERVED
-CVE-2009-1977
- RESERVED
-CVE-2009-1976
- RESERVED
-CVE-2009-1975
- RESERVED
-CVE-2009-1974
- RESERVED
-CVE-2009-1973
- RESERVED
+CVE-2009-1978 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
+ TODO: check
+CVE-2009-1977 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
+ TODO: check
+CVE-2009-1976 (Unspecified vulnerability in the HTTP Server component in Oracle ...)
+ TODO: check
+CVE-2009-1975 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
+ TODO: check
+CVE-2009-1974 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
+ TODO: check
+CVE-2009-1973 (Unspecified vulnerability in the Virtual Private Database component in ...)
+ TODO: check
CVE-2009-1972
RESERVED
CVE-2009-1971
RESERVED
-CVE-2009-1970
- RESERVED
-CVE-2009-1969
- RESERVED
-CVE-2009-1968
- RESERVED
-CVE-2009-1967
- RESERVED
-CVE-2009-1966
- RESERVED
+CVE-2009-1970 (Unspecified vulnerability in the Listener component in Oracle Database ...)
+ TODO: check
+CVE-2009-1969 (Unspecified vulnerability in the Auditing component in Oracle Database ...)
+ TODO: check
+CVE-2009-1968 (Unspecified vulnerability in the Secure Enterprise Search component in ...)
+ TODO: check
+CVE-2009-1967 (Unspecified vulnerability in the Config Management component in (1) ...)
+ TODO: check
+CVE-2009-1966 (Unspecified vulnerability in the Config Management component in (1) ...)
+ TODO: check
CVE-2009-1965
RESERVED
CVE-2009-1964
RESERVED
-CVE-2009-1963
- RESERVED
+CVE-2009-1963 (Unspecified vulnerability in the Network Foundation component in ...)
+ TODO: check
CVE-2008-6832 (Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA ...)
NOT-FOR-US: Atlassian JIRA Enterprise Edition
CVE-2008-6831 (Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA ...)
@@ -1373,6 +1424,7 @@
- dhcp3 <unfixed> (low)
[etch] - dhcp3 <not-affected> (problematic assert is not present)
CVE-2009-1891 (The mod_deflate module in Apache httpd 2.2.11 and earlier compresses ...)
+ {DSA-1834-1}
- apache2 2.2.11-7 (medium; bug #534712)
CVE-2009-1890 (The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy ...)
- apache2 2.2.11-7 (medium; bug #536718)
@@ -1380,7 +1432,6 @@
[lenny] - apache2-mpm-itk 2.2.6-02-1+lenny2
[lenny] - apache2 2.2.9-10+lenny4
CVE-2009-1889 (The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets ...)
- {DSA-1834-1}
- pidgin 2.5.8-1 (low; bug #535790)
NOTE: http://developer.pidgin.im/ticket/9483
NOTE: http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
@@ -2681,14 +2732,14 @@
RESERVED
CVE-2009-1426
RESERVED
-CVE-2009-1425
- RESERVED
-CVE-2009-1424
- RESERVED
-CVE-2009-1423
- RESERVED
-CVE-2009-1422
- RESERVED
+CVE-2009-1425 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...)
+ TODO: check
+CVE-2009-1424 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...)
+ TODO: check
+CVE-2009-1423 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...)
+ TODO: check
+CVE-2009-1422 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...)
+ TODO: check
CVE-2009-1421 (Unspecified vulnerability in NFS / ONCplus B.11.31_06 and B.11.31_07 ...)
NOT-FOR-US: ONCplus on HP HP-UX
CVE-2009-1420 (Stack-based buffer overflow in rping in HP OpenView Network Node ...)
@@ -2785,10 +2836,10 @@
- linux-2.6.24 <removed>
CVE-2009-1384 (pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux ...)
NOT-FOR-US: Different code base than Debian's libpam-krb5
-CVE-2009-1383
- RESERVED
-CVE-2009-1382
- RESERVED
+CVE-2009-1383 (The getdirective function in mathtex.cgi in mathTeX, when downloaded ...)
+ TODO: check
+CVE-2009-1382 (Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when ...)
+ TODO: check
CVE-2009-1381 (The map_yp_alias function in functions/imap_general.php in ...)
{DSA-1802-2}
- squirrelmail 2:1.4.19-1
@@ -4359,20 +4410,20 @@
NOT-FOR-US: phpComasy
CVE-2009-1022 (Heap-based buffer overflow in the Preview/ Set Segment function in ...)
NOT-FOR-US: Gretech GOMlab GOM Encoder
-CVE-2009-1021
- RESERVED
-CVE-2009-1020
- RESERVED
-CVE-2009-1019
- RESERVED
+CVE-2009-1021 (Unspecified vulnerability in the Advanced Replication component in ...)
+ TODO: check
+CVE-2009-1020 (Unspecified vulnerability in the Network Foundation component in ...)
+ TODO: check
+CVE-2009-1019 (Unspecified vulnerability in the Network Authentication component in ...)
+ TODO: check
CVE-2009-1018
RESERVED
CVE-2009-1017 (Unspecified vulnerability in the BI Publisher component in Oracle ...)
NOT-FOR-US: Oracle Application Server
CVE-2009-1016 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
NOT-FOR-US: BEA Product Suite
-CVE-2009-1015
- RESERVED
+CVE-2009-1015 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
+ TODO: check
CVE-2009-1014 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1013 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
@@ -4427,8 +4478,8 @@
NOT-FOR-US: Oracle Application Server
CVE-2009-0988 (Unspecified vulnerability in the Password Policy component in Oracle ...)
NOT-FOR-US: Oracle Database
-CVE-2009-0987
- RESERVED
+CVE-2009-0987 (Unspecified vulnerability in the Upgrade component in Oracle Database ...)
+ TODO: check
CVE-2009-0986 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
NOT-FOR-US: Oracle Database
CVE-2009-0985 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
@@ -5607,8 +5658,7 @@
RESERVED
CVE-2009-0693
RESERVED
-CVE-2009-0692
- RESERVED
+CVE-2009-0692 (Stack-based buffer overflow in the script_write_params method in ...)
{DSA-1833-1}
- dhcp3 <unfixed> (medium)
NOTE: dhcp in etch is not affected.
@@ -7568,8 +7618,8 @@
NOT-FOR-US: BlackBerry
CVE-2009-0218 (Insecure method vulnerability in Particle Software IntraLaunch ...)
NOT-FOR-US: IntraLaunch Application Launcher ActiveX control
-CVE-2009-0217
- RESERVED
+CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing (XMLDsig) ...)
+ TODO: check
CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side authentication ...)
NOT-FOR-US: GE Fanuc iFIX
CVE-2009-0215 (Stack-based buffer overflow in the GetXMLValue method in the IBM ...)
@@ -7622,8 +7672,8 @@
NOT-FOR-US: Garmin Communicator Plug-In
CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 ...)
NOT-FOR-US: Adobe Acrobat Reader
-CVE-2009-0192
- RESERVED
+CVE-2009-0192 (Off-by-one error in the iMonitor component in Novell eDirectory 8.8 ...)
+ TODO: check
CVE-2009-0191 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, ...)
NOT-FOR-US: Foxit Reader
CVE-2009-0190
More information about the Secure-testing-commits
mailing list