[Secure-testing-commits] r11314 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Mon Mar 2 21:14:18 UTC 2009
Author: joeyh
Date: 2009-03-02 21:14:17 +0000 (Mon, 02 Mar 2009)
New Revision: 11314
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-02 21:10:13 UTC (rev 11313)
+++ data/CVE/list 2009-03-02 21:14:17 UTC (rev 11314)
@@ -1,3 +1,131 @@
+CVE-2009-0748 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...)
+ TODO: check
+CVE-2009-0747 (The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 ...)
+ TODO: check
+CVE-2009-0746 (The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel ...)
+ TODO: check
+CVE-2009-0745 (The ext4_group_add function in fs/ext4/resize.c in the Linux kernel ...)
+ TODO: check
+CVE-2009-0744 (Apple Safari 4 Beta build 528.16 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2009-0743 (Cross-site scripting (XSS) vulnerability in the edit account page in ...)
+ TODO: check
+CVE-2009-0742 (The username command in Cisco ACE Application Control Engine Module ...)
+ TODO: check
+CVE-2008-6346 (Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) ...)
+ TODO: check
+CVE-2008-6345 (SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and 1.0 ...)
+ TODO: check
+CVE-2008-6344 (SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) ...)
+ TODO: check
+CVE-2008-6343 (Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN ...)
+ TODO: check
+CVE-2008-6342 (Unspecified vulnerability in the TYPO3 Simple File Browser ...)
+ TODO: check
+CVE-2008-6341 (Cross-site scripting (XSS) vulnerability in the SB Universal Plugin ...)
+ TODO: check
+CVE-2008-6340 (Cross-site scripting (XSS) vulnerability in the Vox populi ...)
+ TODO: check
+CVE-2008-6338 (SQL injection vulnerability in the WEBERkommunal Facilities ...)
+ TODO: check
+CVE-2008-6337 (SQL injection vulnerability in the Volunteer Management System ...)
+ TODO: check
+CVE-2008-6336 (Directory traversal vulnerability in download.php in Text Lines ...)
+ TODO: check
+CVE-2008-6335 (Directory traversal vulnerability in download.php in eMetrix Online ...)
+ TODO: check
+CVE-2008-6334 (Directory traversal vulnerability in download.php in eMetrix Extract ...)
+ TODO: check
+CVE-2008-6333 (SQL injection vulnerability in news.php in RSS Simple News (RSSSN), ...)
+ TODO: check
+CVE-2008-6332 (SQL injection vulnerability in login.php in Simple Customer 1.2 allows ...)
+ TODO: check
+CVE-2008-6331 (Multiple cross-site request forgery (CSRF) vulnerabilities in Streber ...)
+ TODO: check
+CVE-2008-6330 (SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier ...)
+ TODO: check
+CVE-2008-6329 (SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board ...)
+ TODO: check
+CVE-2008-6328 (SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 ...)
+ TODO: check
+CVE-2008-6327 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote ...)
+ TODO: check
+CVE-2008-6326 (SQL injection vulnerability in login.php in Simple Customer as ...)
+ TODO: check
+CVE-2008-6325 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz ...)
+ TODO: check
+CVE-2008-6324 (SQL injection vulnerability in forummessages.cfm in CF_Forum allows ...)
+ TODO: check
+CVE-2008-6323 (SQL injection vulnerability in forummessages.cfm in CFMSource ...)
+ TODO: check
+CVE-2008-6322 (SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows ...)
+ TODO: check
+CVE-2008-6321 (CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with ...)
+ TODO: check
+CVE-2008-6320 (SQL injection vulnerability in index.cfm in CF Shopkart 5.2.2 allows ...)
+ TODO: check
+CVE-2008-6319 (SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows ...)
+ TODO: check
+CVE-2008-6318 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-6317 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2008-6316 (Directory traversal vulnerability in _conf/core/common-tpl-vars.php in ...)
+ TODO: check
+CVE-2008-6315 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-6314 (SQL injection vulnerability in tag_board.php in the Tag Board module ...)
+ TODO: check
+CVE-2008-6313 (Directory traversal vulnerability in addedit-render.php in phpAddEdit ...)
+ TODO: check
+CVE-2008-6312 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote ...)
+ TODO: check
+CVE-2008-6311 (SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 ...)
+ TODO: check
+CVE-2008-6310 (SQL injection vulnerability in index.php in W3matter RevSense 1.0 ...)
+ TODO: check
+CVE-2008-6309 (SQL injection vulnerability in index.php in W3matter AskPert allows ...)
+ TODO: check
+CVE-2008-6308 (Multiple directory traversal vulnerabilities in Private Messaging ...)
+ TODO: check
+CVE-2008-6307 (E-topbiz Link Back Checker 1 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-6306 (Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz ...)
+ TODO: check
+CVE-2008-6305 (PHP remote file inclusion vulnerability in init.php in Free Directory ...)
+ TODO: check
+CVE-2008-6304 (SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when ...)
+ TODO: check
+CVE-2008-6303 (SQL injection vulnerability in tourview.php in ToursManager allows ...)
+ TODO: check
+CVE-2008-6302 (TurnkeyForms Local Classifieds allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-6301 (SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox ...)
+ TODO: check
+CVE-2008-6300 (Galatolo WebManager 1.3a allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-6299 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 ...)
+ TODO: check
+CVE-2008-6298 (Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows ...)
+ TODO: check
+CVE-2008-6297 (Cross-site scripting (XSS) vulnerability in order.php in DHCart allows ...)
+ TODO: check
+CVE-2008-6296 (admin.php in Maran PHP Shop allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-6295 (Multiple cross-site scripting (XSS) vulnerabilities in Camera Life ...)
+ TODO: check
+CVE-2008-6294 (admin/Index.php in Acc Statistics 1.1 allows remote attackers to ...)
+ TODO: check
+CVE-2008-6293 (admin/Index.php in Acc Real Estate 4.0 allows remote attackers to ...)
+ TODO: check
+CVE-2008-6292 (Acc Autos 4.0 allows remote attackers to bypass authentication and ...)
+ TODO: check
+CVE-2008-6291 (Acc PHP eMail 1.1 allows remote attackers to bypass authentication and ...)
+ TODO: check
+CVE-2008-6290 (Directory traversal vulnerability in includefile.php in nicLOR Sito, ...)
+ TODO: check
+CVE-2008-6289 (SQL injection vulnerability in cityview.php in Tours Manager 1.0 ...)
+ TODO: check
CVE-2009-XXXX [avahi-daemon: denial of service]
- avahi <unfixed> (bug #517683)
NOTE: CVE id requested
@@ -180,7 +308,7 @@
RESERVED
CVE-2009-0659 (Stack-based buffer overflow in the GetStatsFromLine function in TPTEST ...)
NOT-FOR-US: TPTEST
-CVE-2009-0658 (Buffer overflow in Adobe Reader 9.0 and earlier and Acrobat 9.0 and ...)
+CVE-2009-0658 (Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and ...)
NOT-FOR-US: Adobe Reader
CVE-2009-0657 (Toshiba Face Recognition 2.0.2.32 allows physically proximate ...)
NOT-FOR-US: Toshiba Face Recognition
@@ -524,30 +652,30 @@
RESERVED
CVE-2009-0626
RESERVED
-CVE-2009-0625
- RESERVED
-CVE-2009-0624
- RESERVED
-CVE-2009-0623
- RESERVED
-CVE-2009-0622
- RESERVED
-CVE-2009-0621
- RESERVED
-CVE-2009-0620
- RESERVED
+CVE-2009-0625 (Unspecified vulnerability in Cisco ACE Application Control Engine ...)
+ TODO: check
+CVE-2009-0624 (Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE ...)
+ TODO: check
+CVE-2009-0623 (Unspecified vulnerability in Cisco ACE Application Control Engine ...)
+ TODO: check
+CVE-2009-0622 (Unspecified vulnerability in Cisco ACE Application Control Engine ...)
+ TODO: check
+CVE-2009-0621 (Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses ...)
+ TODO: check
+CVE-2009-0620 (Cisco ACE Application Control Engine Module for Catalyst 6500 Switches ...)
+ TODO: check
CVE-2009-0619
RESERVED
-CVE-2009-0618
- RESERVED
-CVE-2009-0617
- RESERVED
-CVE-2009-0616
- RESERVED
-CVE-2009-0615
- RESERVED
-CVE-2009-0614
- RESERVED
+CVE-2009-0618 (Unspecified vulnerability in the Java agent in Cisco Application ...)
+ TODO: check
+CVE-2009-0617 (Cisco Application Networking Manager (ANM) before 2.0 uses a default ...)
+ TODO: check
+CVE-2009-0616 (Cisco Application Networking Manager (ANM) before 2.0 uses default ...)
+ TODO: check
+CVE-2009-0615 (Directory traversal vulnerability in Cisco Application Networking ...)
+ TODO: check
+CVE-2009-0614 (Unspecified vulnerability in the Web Server in Cisco Unified ...)
+ TODO: check
CVE-2009-0613 (Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 ...)
NOT-FOR-US: Trend Micro
CVE-2009-0612 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and ...)
@@ -731,11 +859,11 @@
{DSA-1726-1}
- python-crypto <unfixed> (bug #516660)
CVE-2009-0543 (ProFTPD Server 1.3.1, with NLS support enabled, allows remote ...)
- {DSA-1727-1}
+ {DSA-1730-1 DSA-1727-1}
- proftpd 1.3.2-1 (medium; bug #516388)
- proftpd-basic 1.3.2-1 (medium; bug #516388)
CVE-2009-0542 (SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 ...)
- {DSA-1727-1}
+ {DSA-1730-1 DSA-1727-1}
- proftpd 1.3.2-1 (medium; bug #516388)
- proftpd-basic 1.3.2-1 (medium; bug #516388)
CVE-2009-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 ...)
@@ -844,18 +972,18 @@
CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...)
- mediawiki <unfixed> (low; bug #514547)
[lenny] - mediawiki 1:1.12.0-2lenny3
-CVE-2009-0524
- RESERVED
-CVE-2009-0523
- RESERVED
-CVE-2009-0522
- RESERVED
-CVE-2009-0521
- RESERVED
-CVE-2009-0520
- RESERVED
-CVE-2009-0519
- RESERVED
+CVE-2009-0524 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, ...)
+ TODO: check
+CVE-2009-0523 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 ...)
+ TODO: check
+CVE-2009-0522 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on ...)
+ TODO: check
+CVE-2009-0521 (Untrusted search path vulnerability in Adobe Flash Player 9.x before ...)
+ TODO: check
+CVE-2009-0520 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 ...)
+ TODO: check
+CVE-2009-0519 (Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 ...)
+ TODO: check
CVE-2009-0518
RESERVED
CVE-2009-0517 (Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and ...)
@@ -878,8 +1006,8 @@
RESERVED
CVE-2009-0508
RESERVED
-CVE-2009-0507
- RESERVED
+CVE-2009-0507 (IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before ...)
+ TODO: check
CVE-2009-0506 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0505 (The CICS listener in IBM TXSeries for Multiplatforms 6.2 GA waits for ...)
@@ -1260,6 +1388,7 @@
- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
- gst-plugins-bad0.10 <not-affected> (Vulnerable code not present)
CVE-2009-0397 (Heap-based buffer overflow in the qtdemux_parse_samples function in ...)
+ {DSA-1729-1}
- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
@@ -1283,11 +1412,13 @@
CVE-2009-0388 (Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and ...)
- tightvnc <not-affected> (only the windows version is affected)
CVE-2009-0387 (Array index error in the qtdemux_parse_samples function in ...)
+ {DSA-1729-1}
- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
- gst-plugins-bad0.10 0.10.4-1
CVE-2009-0386 (Heap-based buffer overflow in the qtdemux_parse_samples function in ...)
+ {DSA-1729-1}
- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
@@ -1993,8 +2124,8 @@
NOT-FOR-US: AREVA e-terrahabitat
CVE-2009-0209
RESERVED
-CVE-2009-0208
- RESERVED
+CVE-2009-0208 (Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, ...)
+ TODO: check
CVE-2009-0207
RESERVED
CVE-2009-0206 (Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier ...)
@@ -2035,8 +2166,8 @@
RESERVED
CVE-2009-0188
RESERVED
-CVE-2009-0187
- RESERVED
+CVE-2009-0187 (Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and ...)
+ TODO: check
CVE-2009-0186
RESERVED
CVE-2009-0185
@@ -2288,8 +2419,8 @@
NOTE: different vector than described in CVE-2008-5282, see 507587#15
CVE-2009-XXXX [openslp: insecure cert validation through openssl api misuse]
- openslp-dfsg <not-affected> (Debian's openslp doesn't build with SSL support)
-CVE-2009-0114
- RESERVED
+CVE-2009-0114 (Unspecified vulnerability in the Settings Manager in Adobe Flash ...)
+ TODO: check
CVE-2009-0113 (Directory traversal vulnerability in attachmentlibrary.php in the ...)
NOT-FOR-US: Joomla! component
CVE-2009-0112 (Cross-site request forgery (CSRF) vulnerability in ...)
@@ -3095,8 +3226,8 @@
CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, ...)
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed>
-CVE-2009-0028
- RESERVED
+CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier allows ...)
+ TODO: check
CVE-2009-0027
RESERVED
CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache ...)
@@ -4024,8 +4155,8 @@
NOT-FOR-US: TNT Forum
CVE-2008-5264 (Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado ...)
NOT-FOR-US: Tornado Knowledge Retrieval System
-CVE-2008-5263
- RESERVED
+CVE-2008-5263 (Multiple stack-based buffer overflows in the mt_codec::getHdrHead ...)
+ TODO: check
CVE-2008-5262 (Multiple stack-based buffer overflows in the iGetHdrHeader function in ...)
{DSA-1717-1 DTSA-184-1}
- devil 1.7.5-4 (low; bug #511844; bug #512122)
@@ -6084,6 +6215,7 @@
- scilab 4.1.2-6 (low; bug #496414)
[etch] - scilab <no-dsa> (Non-free not supported)
CVE-2008-4395 (Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux ...)
+ {DSA-1731-1}
- ndiswrapper 1.53-2 (medium; bug #504696)
CVE-2008-4394 (Multiple untrusted search path vulnerabilities in Portage before ...)
NOT-FOR-US: Gentoo package manager Portage
@@ -6302,8 +6434,8 @@
CVE-2008-4309 (Integer overflow in the netsnmp_create_subtree_cache function in ...)
{DSA-1663-1}
- net-snmp 5.4.1~dfsg-11 (bug #504150)
-CVE-2008-4308
- RESERVED
+CVE-2008-4308 (The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 ...)
+ TODO: check
CVE-2008-4307 (Race condition in the do_setlk function in fs/nfs/file.c in the Linux ...)
- linux-2.6 2.6.26-1
- linux-2.6.24 <removed>
More information about the Secure-testing-commits
mailing list