[Secure-testing-commits] r13007 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Oct 13 21:14:24 UTC 2009
Author: joeyh
Date: 2009-10-13 21:14:23 +0000 (Tue, 13 Oct 2009)
New Revision: 13007
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-13 15:27:38 UTC (rev 13006)
+++ data/CVE/list 2009-10-13 21:14:23 UTC (rev 13007)
@@ -1,45 +1,266 @@
-CVE-2009-3692 [VBoxNetAdpCtl privilege escalation]
+CVE-2009-3695 (Algorithmic complexity vulnerability in the forms library in Django ...)
+ TODO: check
+CVE-2009-3694 (Directory traversal vulnerability in config/config.php in ezRecipe-Zee ...)
+ TODO: check
+CVE-2009-3693 (Directory traversal vulnerability in the Persits.XUpload.2 ActiveX ...)
+ TODO: check
+CVE-2009-3691 (Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM ...)
+ TODO: check
+CVE-2009-3690
+ RESERVED
+CVE-2009-3689
+ RESERVED
+CVE-2009-3688
+ RESERVED
+CVE-2009-3687
+ RESERVED
+CVE-2009-3686
+ RESERVED
+CVE-2009-3685
+ RESERVED
+CVE-2009-3684
+ RESERVED
+CVE-2009-3683
+ RESERVED
+CVE-2009-3682
+ RESERVED
+CVE-2009-3681
+ RESERVED
+CVE-2009-3680
+ RESERVED
+CVE-2009-3679
+ RESERVED
+CVE-2009-3678
+ RESERVED
+CVE-2009-3677
+ RESERVED
+CVE-2009-3676
+ RESERVED
+CVE-2009-3675
+ RESERVED
+CVE-2009-3674
+ RESERVED
+CVE-2009-3673
+ RESERVED
+CVE-2009-3672
+ RESERVED
+CVE-2009-3671
+ RESERVED
+CVE-2009-3670 (Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 ...)
+ TODO: check
+CVE-2009-3669 (SQL injection vulnerability in the foobla Suggestions ...)
+ TODO: check
+CVE-2009-3668 (Cross-site scripting (XSS) vulnerability in ardguest.php in Ardguest ...)
+ TODO: check
+CVE-2009-3667 (SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows ...)
+ TODO: check
+CVE-2009-3666 (Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog ...)
+ TODO: check
+CVE-2009-3665 (Multiple SQL injection vulnerabilities in index.php in Nullam Blog ...)
+ TODO: check
+CVE-2009-3664 (Multiple directory traversal vulnerabilities in index.php in Nullam ...)
+ TODO: check
+CVE-2009-3663 (Format string vulnerability in the h_readrequest function in http.c in ...)
+ TODO: check
+CVE-2009-3662 (FileCopa FTP Server 5.01 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2009-3661 (Multiple SQL injection vulnerabilities in the DJ-Catalog ...)
+ TODO: check
+CVE-2009-3660 (PHP remote file inclusion vulnerability in libraries/database.php in ...)
+ TODO: check
+CVE-2009-3659 (SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 ...)
+ TODO: check
+CVE-2009-3658 (Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control ...)
+ TODO: check
+CVE-2009-3657 (Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module ...)
+ TODO: check
+CVE-2009-3656 (Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x ...)
+ TODO: check
+CVE-2009-3655 (Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers ...)
+ TODO: check
+CVE-2009-3654 (Unspecified vulnerability in Boost before 6.x-1.03, a module for ...)
+ TODO: check
+CVE-2009-3653 (Cross-site scripting (XSS) vulnerability in the additional links ...)
+ TODO: check
+CVE-2009-3652 (Cross-site scripting (XSS) vulnerability in Organic Groups (OG) ...)
+ TODO: check
+CVE-2009-3651 (Cross-site scripting (XSS) vulnerability in the "Monitor browsers' ...)
+ TODO: check
+CVE-2009-3650 (Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier ...)
+ TODO: check
+CVE-2009-3649 (Cross-site scripting (XSS) vulnerability in forums/index.php in Power ...)
+ TODO: check
+CVE-2009-3648 (Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a ...)
+ TODO: check
+CVE-2009-3647 (Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft ...)
+ TODO: check
+CVE-2009-3646 (InterVations NaviCOPA Web Server 3.01 allows remote attackers to ...)
+ TODO: check
+CVE-2009-3645 (SQL injection vulnerability in the JoomlaCache CB Resume Builder ...)
+ TODO: check
+CVE-2009-3644 (SQL injection vulnerability in the Soundset (com_soundset) component ...)
+ TODO: check
+CVE-2009-3643 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to ...)
+ TODO: check
+CVE-2009-3642 (Multiple SQL injection vulnerabilities in the Call Logging feature in ...)
+ TODO: check
+CVE-2009-3641
+ RESERVED
+CVE-2009-3640
+ RESERVED
+CVE-2009-3639
+ RESERVED
+CVE-2009-3638
+ RESERVED
+CVE-2009-3637
+ RESERVED
+CVE-2009-3636
+ RESERVED
+CVE-2009-3635
+ RESERVED
+CVE-2009-3634
+ RESERVED
+CVE-2009-3633
+ RESERVED
+CVE-2009-3632
+ RESERVED
+CVE-2009-3631
+ RESERVED
+CVE-2009-3630
+ RESERVED
+CVE-2009-3629
+ RESERVED
+CVE-2009-3628
+ RESERVED
+CVE-2009-3627
+ RESERVED
+CVE-2009-3626
+ RESERVED
+CVE-2009-3625
+ RESERVED
+CVE-2009-3624
+ RESERVED
+CVE-2009-3623
+ RESERVED
+CVE-2009-3622
+ RESERVED
+CVE-2009-3621
+ RESERVED
+CVE-2009-3620
+ RESERVED
+CVE-2009-3619
+ RESERVED
+CVE-2009-3618
+ RESERVED
+CVE-2009-3617
+ RESERVED
+CVE-2009-3616
+ RESERVED
+CVE-2009-3615
+ RESERVED
+CVE-2009-3614
+ RESERVED
+CVE-2009-3613
+ RESERVED
+CVE-2009-3612
+ RESERVED
+CVE-2009-3611
+ RESERVED
+CVE-2009-3609
+ RESERVED
+CVE-2009-3608
+ RESERVED
+CVE-2009-3607
+ RESERVED
+CVE-2009-3606
+ RESERVED
+CVE-2009-3605
+ RESERVED
+CVE-2009-3604
+ RESERVED
+CVE-2009-3603
+ RESERVED
+CVE-2009-3591 (Dopewars 1.5.12 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2009-3589 (incron 0.5.5 does not initialize supplementary groups when running a ...)
+ TODO: check
+CVE-2009-3588 (Unspecified vulnerability in the arclib component in the Anti-Virus ...)
+ TODO: check
+CVE-2009-3587 (Unspecified vulnerability in the arclib component in the Anti-Virus ...)
+ TODO: check
+CVE-2009-3586
+ RESERVED
+CVE-2009-3585
+ RESERVED
+CVE-2009-3584
+ RESERVED
+CVE-2009-3583
+ RESERVED
+CVE-2009-3582
+ RESERVED
+CVE-2009-3581
+ RESERVED
+CVE-2009-3580
+ RESERVED
+CVE-2009-3578
+ RESERVED
+CVE-2009-3577
+ RESERVED
+CVE-2009-3576
+ RESERVED
+CVE-2009-3575 (Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, ...)
+ TODO: check
+CVE-2009-3571 (Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact ...)
+ TODO: check
+CVE-2009-3570 (Unspecified vulnerability in OpenOffice.org (OOo) has unspecified ...)
+ TODO: check
+CVE-2009-3569 (Stack-based buffer overflow in OpenOffice.org (OOo) allows remote ...)
+ TODO: check
+CVE-2009-3568 (Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for ...)
+ TODO: check
+CVE-2009-3692 (Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in ...)
- virtualbox-ose <unfixed>
[lenny] - virtualbox-ose <not-affected> (vulnerable code not present)
-CVE-2009-3602 [NSEC3 validation bypass in Unbound]
+CVE-2009-3602 (Unbound before 1.3.4 does not properly verify signatures for NSEC3 ...)
- unbound <unfixed> (low)
NOTE: http://unbound.net/pipermail/unbound-users/2009-October/000852.html
CVE-2009-3610 [possible DoS in django caused by regex starving resources]
+ RESERVED
{DSA-1905-1}
- python-django 1.1.1-1 (medium; bug #550457)
[etch] - python-django <not-affected> (introduced in 1.0)
[lenny] - python-django 1.0.2-1+lenny2
-CVE-2009-3601
+CVE-2009-3601 (Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez ...)
NOT-FOR-US: Scriptsez Ultimate Poll
-CVE-2009-3600
+CVE-2009-3600 (HUBScript 1.0 allows remote attackers to obtain configuration ...)
NOT-FOR-US: HUBScript
-CVE-2009-3599
+CVE-2009-3599 (Cross-site scripting (XSS) vulnerability in single_winner1.php in ...)
NOT-FOR-US: HUBScript
-CVE-2009-3598
+CVE-2009-3598 (Cross-site scripting (XSS) vulnerability in survey_result.php in ...)
NOT-FOR-US: eCardMAX FormXP
-CVE-2009-3597
+CVE-2009-3597 (Digitaldesign CMS 0.1 stores sensitive information under the web root ...)
NOT-FOR-US: Digitaldesign CMS
-CVE-2009-3596
+CVE-2009-3596 (JoxTechnology Ajox Poll does not properly restrict access to ...)
NOT-FOR-US: JoxTechnology Ajox Poll
-CVE-2009-3595
+CVE-2009-3595 (SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows ...)
NOT-FOR-US: VS PANEL
-CVE-2009-3594
+CVE-2009-3594 (Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog ...)
NOT-FOR-US: BLOB Blog System
-CVE-2009-3593
+CVE-2009-3593 (Multiple cross-site scripting (XSS) vulnerabilities in Freelancers 1.0 ...)
NOT-FOR-US: Freelancers
-CVE-2009-3592
+CVE-2009-3592 (Cross-site scripting (XSS) vulnerability in customer/home.php in ...)
NOT-FOR-US: Qualiteam X-Cart
-CVE-2009-3590
+CVE-2009-3590 (SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows ...)
NOT-FOR-US: VS PANEL
-CVE-2009-3574
+CVE-2009-3574 (Tuniac 090517c allows remote attackers to cause a denial of service ...)
NOT-FOR-US: Tuniac
-CVE-2009-3573
+CVE-2009-3573 (Multiple insecure method vulnerabilities in the PDIControl.PDI.1 ...)
NOT-FOR-US: ActiveX
-CVE-2009-3572
+CVE-2009-3572 (OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not ...)
NOT-FOR-US: OpenBSD
-CVE-2009-3567
+CVE-2009-3567 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Kayako SupportSuite and eSupport
-CVE-2009-3579 [jetty persistent XSS in sample cookies]
+CVE-2009-3579 (Cross-site scripting (XSS) vulnerability in the CookieDump.java sample ...)
- jetty <unfixed> (unimportant)
NOTE: http://www.coresecurity.com/content/jetty-persistent-xss
NOTE: only an example application
@@ -51,8 +272,8 @@
RESERVED
CVE-2009-3565
RESERVED
-CVE-2009-3564
- RESERVED
+CVE-2009-3564 (puppetmasterd in puppet 0.24.6 does not reset supplementary groups ...)
+ TODO: check
CVE-2009-3563
RESERVED
CVE-2009-3562 (Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 ...)
@@ -93,8 +314,8 @@
NOT-FOR-US: DataWizard Technologies FtpXQ FTP Server
CVE-2009-3544 (Xerver HTTP Server 4.32 allows remote attackers to obtain the source ...)
NOT-FOR-US: Xerver HTTP Server
-CVE-2009-3527
- RESERVED
+CVE-2009-3527 (Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 ...)
+ TODO: check
CVE-2009-3526
RESERVED
CVE-2009-XXXX [php5's pear is vulnerable to symlink attacks]
@@ -300,8 +521,8 @@
RESERVED
CVE-2009-3460
RESERVED
-CVE-2009-3459
- RESERVED
+CVE-2009-3459 (Unspecified vulnerability in Adobe Reader and Acrobat 9.1.3 and ...)
+ TODO: check
CVE-2009-3458
RESERVED
CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) ...)
@@ -1904,8 +2125,7 @@
RESERVED
CVE-2009-2949
RESERVED
-CVE-2009-2948 [samba: local password disclosure]
- RESERVED
+CVE-2009-2948 (mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before ...)
- samba 2:3.4.2-1 (medium; bug #550423)
CVE-2009-2947 (Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 ...)
{DSA-1882-1}
@@ -2086,14 +2306,12 @@
RESERVED
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed> (medium)
-CVE-2009-2908 [linux-2.6: ecryptfs null ptr dereference]
- RESERVED
+CVE-2009-2908 (The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux ...)
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed> (medium)
CVE-2009-2907
RESERVED
-CVE-2009-2906 [samba: remote dos]
- RESERVED
+CVE-2009-2906 (smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, ...)
- samba 2:3.4.2-1 (low; bug #550423)
CVE-2009-2905 (Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and ...)
{DSA-1894-1}
@@ -2111,10 +2329,10 @@
RESERVED
CVE-2009-2899
RESERVED
-CVE-2009-2898
- RESERVED
-CVE-2009-2897
- RESERVED
+CVE-2009-2898 (Cross-site scripting (XSS) vulnerability in the Alerts list feature in ...)
+ TODO: check
+CVE-2009-2897 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2009-2896 (Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote ...)
NOT-FOR-US: KMPlayer: http://www.kmplayer.com
CVE-2009-2895 (SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate ...)
@@ -2333,7 +2551,7 @@
NOT-FOR-US: Apple iPhone OS
CVE-2009-2814 (Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple ...)
NOT-FOR-US: Apple Mac OS X
-CVE-2009-2813 (The SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when Windows ...)
+CVE-2009-2813 (Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and ...)
- samba 2:3.4.2-1 (unimportant; bug #550422)
NOTE: requires an administrator to manually configure a user account without
NOTE: a home dir, otherwise, this is ineffective
@@ -2888,8 +3106,7 @@
CVE-2009-2700 (src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not ...)
- qt4-x11 4:4.5.3-1 (medium; bug #545793)
[etch] - qt4-x11 <not-affected> (QSsl* classes were introduced in Qt 4.3)
-CVE-2009-2699 [apr DoS on Solaris]
- RESERVED
+CVE-2009-2699 (The Solaris pollset feature in the Event Port backend in ...)
- apr <not-affected> (does not affect Linux or kFreeBSD)
CVE-2009-2698 (The udp_sendmsg function in the UDP implementation in (1) ...)
{DSA-1872-1}
@@ -2933,8 +3150,8 @@
RESERVED
CVE-2009-2685
RESERVED
-CVE-2009-2684
- RESERVED
+CVE-2009-2684 (Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and ...)
+ TODO: check
CVE-2009-2683 (Unspecified vulnerability in the Sender module in HP Remote Graphics ...)
NOT-FOR-US: HP Remote Graphics
CVE-2009-2682 (Unspecified vulnerability in Role-Based Access Control (RBAC) in HP ...)
@@ -38228,7 +38445,7 @@
NOT-FOR-US: Oracle
CVE-2007-2109 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have ...)
NOT-FOR-US: Oracle
-CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component Oracle Database ...)
+CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
NOT-FOR-US: Oracle
CVE-2006-7196 (Cross-site scripting (XSS) vulnerability in the calendar application ...)
- tomcat5.5 5.5.16-1 (unimportant)
@@ -39806,7 +40023,7 @@
NOT-FOR-US: IBM Rational ClearQuest
CVE-2007-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
NOT-FOR-US: Cisco
-CVE-2007-1466 (Integer overflow in the the WP6GeneralTextPacket::_readContents ...)
+CVE-2007-1466 (Integer overflow in the WP6GeneralTextPacket::_readContents function ...)
- libwpd 0.8.9-1 (medium)
[etch] - libwpd 0.8.7-6
CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 ...)
@@ -69452,7 +69669,7 @@
NOT-FOR-US: Liberum
CVE-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in ...)
NOT-FOR-US: Liberum
-CVE-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded uername ...)
+CVE-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded username ...)
NOT-FOR-US: Fortinet firewall
CVE-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ...)
NOT-FOR-US: NEXTWEB
@@ -70042,7 +70259,7 @@
NOT-FOR-US: Woppoware
CVE-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) ...)
NOT-FOR-US: Woppoware
-CVE-2005-1649 (The IpV6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, ...)
+CVE-2005-1649 (The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, ...)
NOT-FOR-US: Windows
CVE-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database ...)
NOT-FOR-US: GASoft
@@ -72423,7 +72640,7 @@
NOT-FOR-US: AIX
CVE-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite ...)
- sharutils 1:4.2.1-13
-CVE-2005-0989 (The find_replen function in jsstr.c in the the Javascript engine for ...)
+CVE-2005-0989 (The find_replen function in jsstr.c in the Javascript engine for ...)
{DSA-781-1}
- mozilla 2:1.7.7-1 (bug #306001)
- mozilla-firefox 1.0.2-3
@@ -72865,7 +73082,7 @@
NOT-FOR-US: SurgeMail
CVE-2005-0845 (Directory traversal vulnerability in the Webmail interface in ...)
NOT-FOR-US: SurgeMail
-CVE-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory or ...)
+CVE-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory of ...)
NOT-FOR-US: Nortel Contivity
CVE-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows ...)
NOT-FOR-US: Phorum
More information about the Secure-testing-commits
mailing list