[Secure-testing-commits] r12777 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Sep 9 21:14:14 UTC 2009
Author: joeyh
Date: 2009-09-09 21:14:14 +0000 (Wed, 09 Sep 2009)
New Revision: 12777
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-09-09 18:44:21 UTC (rev 12776)
+++ data/CVE/list 2009-09-09 21:14:14 UTC (rev 12777)
@@ -1,3 +1,65 @@
+CVE-2009-3110 (Race condition in the file transfer functionality in Symantec Altiris ...)
+ TODO: check
+CVE-2009-3109 (Unspecified vulnerability in the AClient agent in Symantec Altiris ...)
+ TODO: check
+CVE-2009-3108 (The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before ...)
+ TODO: check
+CVE-2009-3107 (Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 ...)
+ TODO: check
+CVE-2009-3106 (The Servlet Engine/Web Container component in IBM WebSphere ...)
+ TODO: check
+CVE-2009-3105 (Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka ...)
+ TODO: check
+CVE-2009-3104 (Unspecified vulnerability in Symantec Norton AntiVirus 2005 through ...)
+ TODO: check
+CVE-2009-3103 (Array index error in the SMB2 protocol implementation in srv2.sys in ...)
+ TODO: check
+CVE-2009-3102 (The doHotCopy subroutine in socket-server.pl in Zmanda Recovery ...)
+ TODO: check
+CVE-2009-3101 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and ...)
+ TODO: check
+CVE-2009-3100 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, ...)
+ TODO: check
+CVE-2009-3099 (Unspecified vulnerability in HP OpenView Operations Manager 8.1 on ...)
+ TODO: check
+CVE-2009-3098 (Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 ...)
+ TODO: check
+CVE-2009-3097 (Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on ...)
+ TODO: check
+CVE-2009-3096 (Multiple unspecified vulnerabilities in HP Performance Insight 5.3 ...)
+ TODO: check
+CVE-2009-3095 (The mod_proxy_ftp module in the Apache HTTP Server allows remote ...)
+ TODO: check
+CVE-2009-3094 (The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the ...)
+ TODO: check
+CVE-2009-3093 (Unspecified vulnerability on the ASUS WL-500W wireless router has ...)
+ TODO: check
+CVE-2009-3092 (Buffer overflow on the ASUS WL-500W wireless router has unknown impact ...)
+ TODO: check
+CVE-2009-3091 (Unspecified vulnerability on the ASUS WL-330gE has unknown impact and ...)
+ TODO: check
+CVE-2009-3090 (Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on ...)
+ TODO: check
+CVE-2009-3089 (IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause ...)
+ TODO: check
+CVE-2009-3088 (Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server ...)
+ TODO: check
+CVE-2009-3087 (Unspecified vulnerability in nserver.exe in the server in IBM Lotus ...)
+ TODO: check
+CVE-2009-3086 (A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x ...)
+ TODO: check
+CVE-2009-3085 (The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not ...)
+ TODO: check
+CVE-2009-3084 (The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c ...)
+ TODO: check
+CVE-2009-3083 (The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the ...)
+ TODO: check
+CVE-2008-7185 (GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2008-7184 (Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet ...)
+ TODO: check
+CVE-2008-7183 (PHP remote file inclusion vulnerability in eva/index.php in EVA CMS ...)
+ TODO: check
CVE-2009-XXXX [viewvc: XSS and illegal characters while printing name-value pairs]
- viewvc <unfixed> (low; bug #545779)
NOTE: CVE id has been requested
@@ -263,8 +325,8 @@
CVE-2009-3010 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...)
NOTE: This is a web site issue (open redirector), not a browser problem.
- iceweasel <unfixed> (unimportant)
-CVE-2009-3009
- RESERVED
+CVE-2009-3009 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before ...)
+ TODO: check
CVE-2009-3008 (K-Meleon 1.5.3 allows context-dependent attackers to spoof the address ...)
NOT-FOR-US: K-Meleon
CVE-2009-3007 (Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow ...)
@@ -1502,18 +1564,17 @@
NOT-FOR-US: SiteMinder
CVE-2009-2704 (CA SiteMinder allows remote attackers to bypass cross-site scripting ...)
NOT-FOR-US: SiteMinder
-CVE-2009-2703 [pidgin irc topic DoS]
- RESERVED
+CVE-2009-2703 (libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple ...)
- pidgin 2.6.2 (low)
[lenny] - pidgin <no-dsa> (Minor issue)
[etch] - pidgin <no-dsa> (Minor issue)
[lenny] - gaim <not-affected> (Only a transitional package)
- gaim <removed>
NOTE: this is only a null ptr dereference and can only be triggered by a rogue irc server
-CVE-2009-2702
- RESERVED
-CVE-2009-2701
- RESERVED
+CVE-2009-2702 (KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a ...)
+ TODO: check
+CVE-2009-2701 (Unspecified vulnerability in the Zope Enterprise Objects (ZEO) ...)
+ TODO: check
CVE-2009-2700 (src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not ...)
- qt4-x11 <unfixed> (medium; bug #545793)
[etch] - qt4-x11 <not-affected> (QSsl* classes were introduced in Qt 4.3)
@@ -1787,8 +1848,7 @@
NOT-FOR-US: Joomla! component
CVE-2009-2633 (PHP remote file inclusion vulnerability in toolbar_ext.php in the ...)
NOT-FOR-US: Joomla! component
-CVE-2009-2632 [buffer overflow in cyrus-imapd SIEVE support]
- RESERVED
+CVE-2009-2632 (Buffer overflow in the SIEVE script component (sieve/script.c) in ...)
{DSA-1881-1}
- cyrus-imapd-2.2 2.2.13-15 (medium)
CVE-2009-2631
@@ -1797,8 +1857,8 @@
RESERVED
CVE-2009-2629
RESERVED
-CVE-2009-2628
- RESERVED
+CVE-2009-2628 (The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 ...)
+ TODO: check
CVE-2009-2627 (Insecure method vulnerability in the Acer LunchApp (aka ...)
NOT-FOR-US: Acer LunchApp
CVE-2009-2626
@@ -2071,8 +2131,8 @@
NOT-FOR-US: Microsoft Internet Information Server
CVE-2009-2520
RESERVED
-CVE-2009-2519
- RESERVED
+CVE-2009-2519 (The DHTML Editing Component ActiveX control in Microsoft Windows 2000 ...)
+ TODO: check
CVE-2009-2518
RESERVED
CVE-2009-2517
@@ -2111,10 +2171,10 @@
RESERVED
CVE-2009-2500
RESERVED
-CVE-2009-2499
- RESERVED
-CVE-2009-2498
- RESERVED
+CVE-2009-2499 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft ...)
+ TODO: check
+CVE-2009-2498 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows ...)
+ TODO: check
CVE-2009-2497
RESERVED
CVE-2009-2496 (Heap-based buffer overflow in the Office Web Components ActiveX ...)
@@ -2547,8 +2607,7 @@
CVE-2009-2347 (Multiple integer overflows in inter-color spaces conversion tools in ...)
{DSA-1835-1}
- tiff 3.8.2-13
-CVE-2009-2346 [asterix: IAX2 call number exhaustion]
- RESERVED
+CVE-2009-2346 (The IAX2 protocol implementation in Asterisk Open Source 1.2.x before ...)
- asterisk 1:1.6.2.0~dfsg~beta3-1 (low)
CVE-2009-2345 (Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 ...)
NOT-FOR-US: ClanSphere
@@ -3131,8 +3190,7 @@
NOT-FOR-US: fuzzylime
CVE-2009-2140
RESERVED
-CVE-2009-2139
- RESERVED
+CVE-2009-2139 (Unspecified vulnerability in OpenOffice.org (OOo) OpenOffice/Go-oo 2.x ...)
{DSA-1880-1}
- openoffice.org 1:3.1.1~ooo310m15-1
CVE-2009-2138 (Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow ...)
@@ -3653,10 +3711,10 @@
RESERVED
CVE-2009-1927
RESERVED
-CVE-2009-1926
- RESERVED
-CVE-2009-1925
- RESERVED
+CVE-2009-1926 (Microsoft Windows 2000 SP4, Server 2003 SP2, Vista Gold, SP1, and SP2, ...)
+ TODO: check
+CVE-2009-1925 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...)
+ TODO: check
CVE-2009-1924 (Integer overflow in the Windows Internet Name Service (WINS) component ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-1923 (Heap-based buffer overflow in the Windows Internet Name Service (WINS) ...)
@@ -3665,8 +3723,8 @@
NOT-FOR-US: Microsoft Windows
CVE-2009-1921
RESERVED
-CVE-2009-1920
- RESERVED
+CVE-2009-1920 (The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in ...)
+ TODO: check
CVE-2009-1919 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1918 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 ...)
@@ -6321,8 +6379,8 @@
NOT-FOR-US: Microsoft
CVE-2009-1133 (Heap-based buffer overflow in Microsoft Remote Desktop Connection ...)
NOT-FOR-US: Microsoft
-CVE-2009-1132
- RESERVED
+CVE-2009-1132 (Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka ...)
+ TODO: check
CVE-2009-1131 (Multiple stack-based buffer overflows in Microsoft Office PowerPoint ...)
NOT-FOR-US: Microsoft
CVE-2009-1130 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and ...)
@@ -8447,8 +8505,8 @@
NOT-FOR-US: Cisco IOS
CVE-2009-0628 (Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 ...)
NOT-FOR-US: Cisco IOS
-CVE-2009-0627
- RESERVED
+CVE-2009-0627 (Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when ...)
+ TODO: check
CVE-2009-0626 (The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote ...)
NOT-FOR-US: Cisco IOS
CVE-2009-0625 (Unspecified vulnerability in Cisco ACE Application Control Engine ...)
@@ -10010,8 +10068,8 @@
CVE-2009-0200 (Integer underflow in OpenOffice.org (OOo) before 3.1.1 might allow ...)
{DSA-1880-1}
- openoffice.org 1:3.1.1~ooo310m15-1
-CVE-2009-0199
- RESERVED
+CVE-2009-0199 (Heap-based buffer overflow in the VMnc media codec in vmnc.dll in ...)
+ TODO: check
CVE-2009-0198 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...)
NOT-FOR-US: Adobe Reader
CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView ...)
More information about the Secure-testing-commits
mailing list