[Secure-testing-commits] r11759 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Fri May 1 17:23:52 UTC 2009
Author: jmm-guest
Date: 2009-05-01 17:23:52 +0000 (Fri, 01 May 2009)
New Revision: 11759
Modified:
data/CVE/list
Log:
- bugnums
- new twiki issue
- NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-05-01 15:36:46 UTC (rev 11758)
+++ data/CVE/list 2009-05-01 17:23:52 UTC (rev 11759)
@@ -5,43 +5,43 @@
CVE-2009-XXXX [Quagga bgpd crash related to 4-byte AS numbers]
- quagga <unfixed> (high; bug #526270)
CVE-2009-1489 (includes/user.php in Fungamez RC1 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Fungamez
CVE-2009-1488 (Directory traversal vulnerability in admin/load.php in FunGamez RC1 ...)
- TODO: check
+ NOT-FOR-US: Fungamez
CVE-2009-1487 (SQL injection vulnerability in pages/login.php in FunGamez RC1 allows ...)
- TODO: check
+ NOT-FOR-US: Fungamez
CVE-2009-1486 (Directory traversal vulnerability in pmscript.php in Flatchat 3.0 ...)
- TODO: check
+ NOT-FOR-US: Flatchat
CVE-2009-1485 (The logging feature in eMule Plus before 1.2e allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: eMule Plus
CVE-2009-1484 (Cross-site scripting (XSS) vulnerability in the web mail interface ...)
- TODO: check
+ NOT-FOR-US: AXIGEN Mail Server
CVE-2009-1483 (Unrestricted file upload vulnerability in upload-file.php in Adam ...)
- TODO: check
+ NOT-FOR-US: Adam Patterson Studio Lounge Address Book
CVE-2009-1482 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
TODO: check
CVE-2009-1481 (SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) ...)
- TODO: check
+ NOT-FOR-US: PuterJam's Blog
CVE-2009-1480 (SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows ...)
- TODO: check
+ NOT-FOR-US: Pragyan CMS
CVE-2009-1479
RESERVED
CVE-2009-1478 (Multiple unspecified vulnerabilities in the DTrace ioctl handlers in ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2008-6774 (internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end ...)
- TODO: check
+ NOT-FOR-US: YourPlace
CVE-2008-6773 (Static code injection vulnerability in user/internettoolbar/edit.php ...)
- TODO: check
+ NOT-FOR-US: YourPlace
CVE-2008-6772 (login/register_form.php in YourPlace 1.0.2 and earlier does not check ...)
- TODO: check
+ NOT-FOR-US: YourPlace
CVE-2008-6771 (YourPlace 1.0.2 and earlier allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: YourPlace
CVE-2008-6770 (YourPlace 1.0.2 and earlier stores sensitive information under the web ...)
- TODO: check
+ NOT-FOR-US: YourPlace
CVE-2008-6769 (Unrestricted file upload vulnerability in upload.php in YourPlace ...)
- TODO: check
+ NOT-FOR-US: YourPlace
CVE-2008-6768 (Unrestricted file upload vulnerability in admin/editor/images.php in ...)
- TODO: check
+ NOT-FOR-US: K&S Shopsoftware
CVE-2009-1477
RESERVED
CVE-2009-1476
@@ -71,55 +71,55 @@
CVE-2009-1464
RESERVED
CVE-2009-1463 (Static code injection vulnerability in razorCMS before 0.4 allows ...)
- TODO: check
+ NOT-FOR-US: razorCMS
CVE-2009-1462 (The Security Manager in razorCMS before 0.4 does not verify the ...)
- TODO: check
+ NOT-FOR-US: razorCMS
CVE-2009-1461 (Cross-site scripting (XSS) vulnerability in the Create New Page form ...)
- TODO: check
+ NOT-FOR-US: razorCMS
CVE-2009-1460 (razorCMS before 0.4 uses weak permissions for (1) ...)
- TODO: check
+ NOT-FOR-US: razorCMS
CVE-2009-1459 (Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 ...)
- TODO: check
+ NOT-FOR-US: razorCMS
CVE-2009-1458 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
- TODO: check
+ NOT-FOR-US: razorCMS
CVE-2009-1457 (Cross-site scripting (XSS) vulnerability in player.php in Nuke ...)
- TODO: check
+ NOT-FOR-US: Nuke Evolution Xtreme
CVE-2009-1456 (Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows ...)
- TODO: check
+ NOT-FOR-US: Malleo
CVE-2009-1455 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: WebCollab
CVE-2009-1454 (Cross-site scripting (XSS) vulnerability in tasks.php in WebCollab ...)
- TODO: check
+ NOT-FOR-US: WebCollab
CVE-2009-1453 (SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 ...)
- TODO: check
+ NOT-FOR-US: Tiny Blogr
CVE-2009-1452 (Multiple PHP remote file inclusion vulnerabilities in theme/format.php ...)
- TODO: check
+ NOT-FOR-US: SMA-DB
CVE-2009-1451 (Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB ...)
- TODO: check
+ NOT-FOR-US: SMA-DB
CVE-2009-1450 (PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 ...)
- TODO: check
+ NOT-FOR-US: SMA-DB
CVE-2008-6767 (wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote ...)
TODO: check
CVE-2008-6766 (cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote ...)
- TODO: check
+ NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6765 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access ...)
- TODO: check
+ NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6764 (Cross-site scripting (XSS) vulnerability in login.php in Silentum ...)
- TODO: check
+ NOT-FOR-US: Silentum LoginSys
CVE-2008-6763 (login2.php in Silentum LoginSys 1.0.0 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Silentum LoginSys
CVE-2008-6762 (Open redirect vulnerability in wp-admin/upgrade.php in WordPress, ...)
TODO: check
CVE-2008-6761 (Static code injection vulnerability in admin/install.php in ...)
- TODO: check
+ NOT-FOR-US: Flexcustomer
CVE-2008-6760 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6759 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6758 (Cross-site request forgery (CSRF) vulnerability in cart_save.php in ...)
- TODO: check
+ NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6757 (Cross-site scripting (XSS) vulnerability in manuals_search.php in ...)
- TODO: check
+ NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2009-1449 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka ...)
NOT-FOR-US: CoolPlayer
CVE-2009-1448 (Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net ...)
@@ -418,8 +418,10 @@
- libdbd-pg-perl 2.1.3-1
CVE-2009-1340
RESERVED
-CVE-2009-1339
+CVE-2009-1339 [twiki: CSRF Vulnerability with Image Tag]
RESERVED
+ - twiki <unfixed> (bug #526258)
+ NOTE: We should probably request removal from unstable, replaced by foswiki
CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux ...)
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
@@ -6223,7 +6225,7 @@
CVE-2008-5520 (AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer ...)
NOT-FOR-US: AhnLab V3
CVE-2008-5519 (The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat ...)
- - tomcat5.5 <unfixed>
+ - tomcat5.5 <unfixed> (bug #523054)
CVE-2008-5518 (Multiple directory traversal vulnerabilities in the web administration ...)
- geronimo <itp> (bug #481869)
CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote ...)
@@ -8851,7 +8853,7 @@
NOT-FOR-US: MemHT Portal
CVE-2008-4456 (Cross-site scripting (XSS) vulnerability in the command-line client in ...)
{DSA-1783-1}
- - mysql-dfsg-5.0 5.0.51-1 (low)
+ - mysql-dfsg-5.0 5.0.51-1 (low; bug #526254)
CVE-2008-4455 (Directory traversal vulnerability in index.php in EKINdesigns MySQL ...)
NOT-FOR-US: EKINdesigns MySQL Quick Admin
CVE-2008-4454 (Directory traversal vulnerability in EKINdesigns MySQL Quick Admin ...)
@@ -10098,6 +10100,7 @@
NOT-FOR-US: The Real Estate Script
CVE-2008-3950 (Off-by-one error in the ...)
- webkit <not-affected> (Vulnerable code not present)
+ NOTE: bug #500306
CVE-2008-3949 (Emacs 22.1 and 22.2 imports Python script from the current working ...)
- emacs22 22.2+2-4 (low; bug #499568)
- emacs21 <not-affected> (doesn't provide the python functionality)
@@ -13828,7 +13831,7 @@
CVE-2008-2421 (Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web ...)
NOT-FOR-US: Web GUI in SAP Web Application Server (WAS)
CVE-2008-2419 (Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of ...)
- NOTE: Mozilla bug 435130, not reproducible by upstream
+ NOTE: Mozilla bug 435130, not reproducible by upstream, Debian bug #484484
CVE-2008-2418 (Race condition in the STREAMS Administrative Driver (sad) in Sun ...)
NOT-FOR-US: STREAMS Administrative Driver SUN
CVE-2008-2417 (SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard ...)
@@ -16239,7 +16242,7 @@
NOTE: doesn't apply to v3
NOTE: more a security enhancement
CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a base64 ...)
- - plone3 <unfixed> (low; bug #473571)
+ - plone3 <unfixed> (low; bug #473571; bug #486333)
[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player ...)
- vmware-package <unfixed> (low; bug #486177)
@@ -32120,7 +32123,7 @@
{DSA-1283-1 DTSA-39-1}
- php5 5.2.0-11 (medium)
CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c ...)
- - sqlite 2.8.17-2.1 (unimportant; bug #441233)
+ - sqlite 2.8.17-2.1 (unimportant; bug #441233; bug #526328)
NOTE: this is really just an "unsafe" API, not really a security issue against sqlite itself.
NOTE: SQLite 3 no longer contains the affected function.
CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the bundled ...)
More information about the Secure-testing-commits
mailing list