[Secure-testing-commits] r12852 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri Sep 18 21:14:14 UTC 2009
Author: joeyh
Date: 2009-09-18 21:14:14 +0000 (Fri, 18 Sep 2009)
New Revision: 12852
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-09-18 15:50:26 UTC (rev 12851)
+++ data/CVE/list 2009-09-18 21:14:14 UTC (rev 12852)
@@ -1,72 +1,96 @@
-CVE-2009-3236 [horder arbirary file upload]
+CVE-2009-3245
+ RESERVED
+CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe ...)
+ TODO: check
+CVE-2009-3243 (Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and ...)
+ TODO: check
+CVE-2009-3242 (Unspecified vulnerability in packet.c in the GSM A RR dissector in ...)
+ TODO: check
+CVE-2009-3241 (Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark ...)
+ TODO: check
+CVE-2009-3240 (Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section ...)
+ TODO: check
+CVE-2009-3239 (Buffer overflow in the EMF parser implementation in OpenOffice.org ...)
+ TODO: check
+CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the Linux ...)
+ TODO: check
+CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
+ TODO: check
+CVE-2009-3235 (Multiple stack-based buffer overflows in the Sieve plugin in Dovecot ...)
+ TODO: check
+CVE-2009-3228
+ RESERVED
+CVE-2005-4881
+ RESERVED
+CVE-2009-3236 (Unspecified vulnerability in the form library in Horde Application ...)
- horde3 <unfixed> (medium; bug #547318)
-CVE-2008-7243
+CVE-2008-7243 (Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS ...)
NOT-FOR-US: MODx CMS
-CVE-2008-7242
+CVE-2008-7242 (Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS ...)
NOT-FOR-US: MODx CMS
-CVE-2008-7241
+CVE-2008-7241 (Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 ...)
NOT-FOR-US: PunBB
-CVE-2008-7240
+CVE-2008-7240 (Directory traversal vulnerability in include/unverified.inc.php in ...)
NOT-FOR-US: Linux Web Shop (LWS) php User Base
CVE-2009-XXXX [webkit: potential ssl certificate null character stripping vulnerability]
- webkit <unfixed> (medium; bug #547217)
TODO: asked maintainer to check; follow-up
-CVE-2009-3234 [Buffer overflow in performance counters]
+CVE-2009-3234 (Buffer overflow in the perf_copy_attr function in ...)
- linux-2.6 <not-affected> (Introduced in 2.6.31)
- linux-2.6.24 <removed>
[etch] - linux-2.6.24 <not-affected> (Introduced in 2.6.31)
TODO: check when 2.6.31 enters unstable; working exploit code exists [-linux-2.6 <unfixed> (high)]
-CVE-2009-3227
+CVE-2009-3227 (Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft ...)
NOT-FOR-US: AlmondSoft Almond Classifieds Ads Enterprise
-CVE-2009-3226
+CVE-2009-3226 (SQL injection vulnerability in index.php in AlmondSoft Almond ...)
NOT-FOR-US: AlmondSoft Almond Classifieds Ads Enterprise
-CVE-2009-3225
+CVE-2009-3225 (Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft ...)
NOT-FOR-US: AlmondSoft Almond Classifieds Wap and Pro
-CVE-2009-3224
+CVE-2009-3224 (SQL injection vulnerability in index.php in Super Mod System, when ...)
NOT-FOR-US: Super Mod System
-CVE-2009-3223
+CVE-2009-3223 (SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver ...)
NOT-FOR-US: Inout Adserver
-CVE-2009-3222
+CVE-2009-3222 (Cross-site scripting (XSS) vulnerability in index.php in ...)
NOT-FOR-US: FreeWebScriptz Honest Traffic
-CVE-2009-3221
+CVE-2009-3221 (Stack-based buffer overflow in Audio Lib Player (ALP) allows remote ...)
NOT-FOR-US: Audio Lib Player (ALP)
-CVE-2009-3220
+CVE-2009-3220 (PHP remote file inclusion vulnerability in cp_html2txt.php in All In ...)
NOT-FOR-US: All In One Control Panel
-CVE-2009-3219
+CVE-2009-3219 (Directory traversal vulnerability in a.php in AR Web Content Manager ...)
NOT-FOR-US: AR Web Content Manager
-CVE-2009-3218
+CVE-2009-3218 (SQL injection vulnerability in control/login.php in AR Web Content ...)
NOT-FOR-US: AR Web Content Manager
-CVE-2009-3217
+CVE-2009-3217 (SQL injection vulnerability in the admin module in iWiccle 1.01 allows ...)
NOT-FOR-US: iWiccle
-CVE-2009-3216
+CVE-2009-3216 (Multiple directory traversal vulnerabilities in iWiccle 1.01, when ...)
NOT-FOR-US: iWiccle
-CVE-2009-3215
+CVE-2009-3215 (SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, ...)
NOT-FOR-US: IXXO Cart Standalone
-CVE-2009-3214
+CVE-2009-3214 (Multiple stack-based buffer overflows in Photodex ProShow Gold ...)
NOT-FOR-US: Photodex ProShow Gold
-CVE-2009-3213
+CVE-2009-3213 (Stack-based buffer overflow in broid 1.0 Beta 3a allows remote ...)
NOT-FOR-US: broid
-CVE-2009-3212
+CVE-2009-3212 (SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, ...)
NOT-FOR-US: VivaPrograms Infinity Script
-CVE-2009-3211
+CVE-2009-3211 (Directory traversal vulnerability in VivaPrograms Infinity Script ...)
NOT-FOR-US: VivaPrograms Infinity Script
-CVE-2009-3210
+CVE-2009-3210 (Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka ...)
NOT-FOR-US: Print (aka Printer, e-mail and PDF versions) Drupal module (3rd party module)
-CVE-2009-3209
+CVE-2009-3209 (SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 ...)
NOT-FOR-US: PHP eMail Manager
-CVE-2009-3208
+CVE-2009-3208 (Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote ...)
NOT-FOR-US: phpfreeBB
-CVE-2009-3207
+CVE-2009-3207 (The ImageCache module 5.x before 5.x-2.5 and 6.x before ...)
NOT-FOR-US: ImageCache module for Drupal (3rd party module)
-CVE-2009-3206
+CVE-2009-3206 (Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache ...)
NOT-FOR-US: ImageCache module for Drupal (3rd party module)
-CVE-2009-3205
+CVE-2009-3205 (SQL injection vulnerability in main.php in CBAuthority allows remote ...)
NOT-FOR-US: CBAuthority
-CVE-2009-3204
+CVE-2009-3204 (Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 ...)
NOT-FOR-US: Stiva Forum
-CVE-2009-3203
+CVE-2009-3203 (SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x ...)
NOT-FOR-US: AJ Auction Pro OOPD
-CVE-2009-3202
+CVE-2009-3202 (Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP ...)
NOT-FOR-US: ULoKI PHP Forum
CVE-2009-3201 (Integer overflow in Media Player Classic 6.4.9 allows user-assisted ...)
NOT-FOR-US: Media Player Classic
@@ -104,7 +128,7 @@
NOT-FOR-US: Crazy Star plugin 2.0 for Discuz!
CVE-2009-3184 (Multiple SQL injection vulnerabilities in index.php in Pirates of The ...)
NOT-FOR-US: Pirates of The Caribbean
-CVE-2009-3233 [changetrack command injection]
+CVE-2009-3233 (changetrack 4.3 allows local users to execute arbitrary commands via ...)
- changetrack 4.5-2 (medium; bug #546791)
CVE-2008-7228 (Multiple format string vulnerabilities in White_Dune before ...)
- whitedune <not-affected> (bug #546903)
@@ -224,21 +248,21 @@
NOT-FOR-US: VirtueMart
CVE-2008-7203 (Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to ...)
NOT-FOR-US: Valve Software Half-Life Counter-Strike
-CVE-2009-3232 [pam-auth-update does not prohibit selecting an empty set of modules]
+CVE-2009-3232 (pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian ...)
- pam 1.0.1-10 (bug #519927)
[lenny] - pam <not-affected> (pam-auth-update not yet present)
[etch] - pam <not-affected> (pam-auth-update not yet present)
-CVE-2009-3229 [postgresql: Authenticated non-superusers can shut down the backend server by re-LOAD-ing libraries]
+CVE-2009-3229 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before ...)
- postgresql-8.4 8.4.1-1
- postgresql-8.3 8.3.8-1
- postgresql-8.1 <not-affected>
- postgresql-7.4 <not-affected>
-CVE-2009-3230 [postgresql: fix CVE-2007-6600 failed to include protection against misuse of RESET SESSION AUTHORIZATION]
+CVE-2009-3230 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before ...)
- postgresql-8.4 8.4.1-1
- postgresql-8.3 8.3.8-1
- postgresql-8.1 <removed>
- postgresql-7.4 <removed>
-CVE-2009-3231 [postgresql: LDAP authentication issue]
+CVE-2009-3231 (The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 ...)
- postgresql-8.4 8.4.1-1
- postgresql-8.3 8.3.8-1
- postgresql-8.1 <not-affected>
@@ -1089,8 +1113,8 @@
RESERVED
CVE-2009-2938
RESERVED
-CVE-2009-2937
- RESERVED
+CVE-2009-2937 (Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet ...)
+ TODO: check
CVE-2009-2936
RESERVED
CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows remote ...)
@@ -1990,8 +2014,8 @@
RESERVED
CVE-2009-2708
RESERVED
-CVE-2009-2707
- RESERVED
+CVE-2009-2707 (Unspecified vulnerability in ia32el (aka the IA 32 emulation ...)
+ TODO: check
CVE-2009-2706
RESERVED
CVE-2008-6911 (SQL injection vulnerability in the authenticateUser function in ...)
@@ -2294,7 +2318,7 @@
NOT-FOR-US: Joomla! component
CVE-2009-2633 (PHP remote file inclusion vulnerability in toolbar_ext.php in the ...)
NOT-FOR-US: Joomla! component
-CVE-2009-2632 (Buffer overflow in the SIEVE script component (sieve/script.c) in ...)
+CVE-2009-2632 (Buffer overflow in the SIEVE script component (sieve/script.c), as ...)
{DSA-1881-1}
- cyrus-imapd-2.2 2.2.13-15 (medium)
CVE-2009-2631
@@ -4308,8 +4332,7 @@
CVE-2009-1884 (Off-by-one error in the bzinflate function in Bzip2.xs in the ...)
- libcompress-raw-bzip2-perl 2.018-1 (medium; bug #542777)
[lenny] - libcompress-raw-bzip2-perl 2.011-2lenny1
-CVE-2009-1883 [linux-2.6: crypt missing cap check]
- RESERVED
+CVE-2009-1883 (The z90crypt_unlocked_ioctl function in the z90crypt driver in the ...)
- linux-2.6 2.6.19-1
- linux-2.6.24 <removed>
[etch] - linux-2.6.24 <not-affected> (problem was fixed before first upload)
@@ -10545,10 +10568,10 @@
RESERVED
CVE-2009-0202 (Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows ...)
NOT-FOR-US: Microsoft
-CVE-2009-0201 (Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 might ...)
+CVE-2009-0201 (Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and ...)
{DSA-1880-1}
- openoffice.org 1:3.1.1~ooo310m15-1
-CVE-2009-0200 (Integer underflow in OpenOffice.org (OOo) before 3.1.1 might allow ...)
+CVE-2009-0200 (Integer underflow in OpenOffice.org (OOo) before 3.1.1 and ...)
{DSA-1880-1}
- openoffice.org 1:3.1.1~ooo310m15-1
CVE-2009-0199 (Heap-based buffer overflow in the VMnc media codec in vmnc.dll in ...)
More information about the Secure-testing-commits
mailing list