[Secure-testing-commits] r13401 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Sun Nov 29 12:04:17 UTC 2009
Author: derevko-guest
Date: 2009-11-29 12:04:15 +0000 (Sun, 29 Nov 2009)
New Revision: 13401
Modified:
data/CVE/list
Log:
- NFUs
- CVE-2009-4070 fixed in gforge 4.7.3-2
- CVE-2009-4069 fixed in gforge 4.7.3-2
- CVE-2009-3896 fixed in nginx 0.7.62-1
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-11-29 11:20:23 UTC (rev 13400)
+++ data/CVE/list 2009-11-29 12:04:15 UTC (rev 13401)
@@ -7,59 +7,59 @@
TODO: check
NOTE: http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8 allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer 8
CVE-2009-4072 (Unspecified vulnerability in Opera before 10.10 has unknown impact and ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2009-4071 (Opera before 10.10, when exception stacktraces are enabled, places ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2009-4070 (SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly ...)
- TODO: check
+ - gforge 4.7.3-2
CVE-2009-4069 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, ...)
- TODO: check
+ - gforge 4.7.3-2
CVE-2009-4068
RESERVED
CVE-2009-4067
RESERVED
CVE-2009-4066 (Multiple cross-site request forgery (CSRF) vulnerabilities in the "My ...)
- TODO: check
+ NOT-FOR-US: module for Drupal
CVE-2009-4065 (Cross-site scripting (XSS) vulnerability in the settings page in the ...)
- TODO: check
+ NOT-FOR-US: module for Drupal
CVE-2009-4064 (Cross-site scripting (XSS) vulnerability in the Gallery Assist module ...)
- TODO: check
+ NOT-FOR-US: module for Drupal
CVE-2009-4063 (Cross-site scripting (XSS) vulnerability in the Subgroups for Organic ...)
- TODO: check
+ NOT-FOR-US: module for Drupal
CVE-2009-4062 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: module for Drupal
CVE-2009-4061 (Multiple cross-site scripting (XSS) vulnerabilities in the Agreement ...)
- TODO: check
+ NOT-FOR-US: module for Drupal
CVE-2009-4060 (SQL injection vulnerability in includes/content/viewProd.inc.php in ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2009-4059 (SQL injection vulnerability in the JoomClip (com_joomclip) component ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2009-4058 (SQL injection vulnerability in allauctions.php in Telebid Auction ...)
- TODO: check
+ NOT-FOR-US: Telebid Auction Script
CVE-2009-4057 (SQL injection vulnerability in the inertialFATE iF Portfolio Nexus ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2009-4056 (Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 ...)
- TODO: check
+ NOT-FOR-US: Betsy CMS
CVE-2009-4055
RESERVED
CVE-2009-4054 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-4053 (Multiple directory traversal vulnerabilities in Home FTP Server ...)
- TODO: check
+ NOT-FOR-US: Home FTP Server
CVE-2009-4052 (Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget ...)
- TODO: check
+ NOT-FOR-US: IBM Rational Application Developer for WebSphere
CVE-2009-4051 (Home FTP Server 1.10.1.139 allows remote attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: Home FTP Server
CVE-2009-4050 (Directory traversal vulnerability in get_file.php in phpMyBackupPro ...)
- TODO: check
+ NOT-FOR-US: phpMyBackupPro
CVE-2009-4049 (Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in ...)
- TODO: check
+ NOT-FOR-US: avast
CVE-2009-4048 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated ...)
- TODO: check
+ NOT-FOR-US: Dxmsoft XM Easy Personal FTP Server
CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk ...)
- TODO: check
+ NOT-FOR-US: PHD Help Desk
CVE-2009-XXXX [Cacti priviledge scalation]
- cacti <unfixed> (low)
TODO: check
@@ -77,11 +77,11 @@
CVE-2009-4045 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...)
NOT-FOR-US: FrontAccounting
CVE-2009-4044 (The Web Services module 6.x for Drupal does not perform the expected ...)
- TODO: check
+ NOT-FOR-US: Web Services module for Drupal
CVE-2009-4043 (Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x ...)
- TODO: check
+ NOT-FOR-US: module for Drupal
CVE-2009-4042 (Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x ...)
- TODO: check
+ NOT-FOR-US: theme for Drupal
CVE-2009-4041 (UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a denial of ...)
NOT-FOR-US: UseBB
CVE-2009-4040 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and ...)
@@ -89,7 +89,7 @@
CVE-2009-4039 (Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows ...)
NOT-FOR-US: Piwigo
CVE-2009-4038 (Multiple cross-site scripting (XSS) vulnerabilities in NCH Software ...)
- TODO: check
+ NOT-FOR-US: NCH Software Axon Virtual PBX
CVE-2009-4037 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...)
NOT-FOR-US: FrontAccounting
CVE-2009-4036
@@ -441,7 +441,7 @@
NOT-FOR-US: Sun Solaris
CVE-2009-3896 (src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through ...)
{DSA-1920-1}
- TODO: check
+ - nginx 0.7.62-1
CVE-2009-3895 (Heap-based buffer overflow in the exif_entry_fix function (aka the tag ...)
- libexif 0.6.19-1 (medium; bug #557137)
[lenny] - libexif <not-affected> (Only 0.6.18 is affected)
More information about the Secure-testing-commits
mailing list