[Secure-testing-commits] r12889 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Sat Sep 26 09:37:59 UTC 2009
Author: derevko-guest
Date: 2009-09-26 09:37:46 +0000 (Sat, 26 Sep 2009)
New Revision: 12889
Modified:
data/CVE/list
Log:
- NFUs
- backuppc got a CVE id
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-09-26 07:36:34 UTC (rev 12888)
+++ data/CVE/list 2009-09-26 09:37:46 UTC (rev 12889)
@@ -1,7 +1,7 @@
CVE-2009-3391
RESERVED
CVE-2009-3390 (Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) ...)
- TODO: check
+ NOT-FOR-US: iscsiadm and iscsitadm programs in Sun Solaris 10
CVE-2009-3389
RESERVED
CVE-2009-3388
@@ -42,76 +42,74 @@
RESERVED
CVE-2009-3370
RESERVED
-CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in ...)
- TODO: check
CVE-2009-3368 (Cross-site scripting (XSS) vulnerability in the Hotel Booking ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2009-3367 (Multiple cross-site scripting (XSS) vulnerabilities in An image ...)
- TODO: check
+ NOT-FOR-US: An image gallery 1.0
CVE-2009-3366 (Directory traversal vulnerability in navigation.php in An image ...)
- TODO: check
+ NOT-FOR-US: An image gallery 1.0
CVE-2009-3365 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Aurora CMS
CVE-2009-3364 (Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote ...)
- TODO: check
+ NOT-FOR-US: FTPShell Client
CVE-2009-3363 (Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x ...)
- TODO: check
+ NOT-FOR-US: a module for Drupal
CVE-2009-3362 (PHP remote file inclusion vulnerability in printnews.php3 in SZNews ...)
- TODO: check
+ NOT-FOR-US: SZNews
CVE-2009-3361 (SQL injection vulnerability in index.php in PHP-IPNMonitor allows ...)
- TODO: check
+ NOT-FOR-US: PHP-IPNMonitor
CVE-2009-3360 (Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 ...)
- TODO: check
+ NOT-FOR-US: Datemill
CVE-2009-3359 (Multiple cross-site scripting (XSS) vulnerabilities in Match Agency ...)
- TODO: check
+ NOT-FOR-US: Match Agency BiZ
CVE-2009-3358 (SQL injection vulnerability in profile.php in Tourism Scripts Adult ...)
- TODO: check
+ NOT-FOR-US: Tourism Scripts Adult
CVE-2009-3357 (Multiple SQL injection vulnerabilities in the Hotel Booking ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2009-3356 (SQL injection vulnerability in index.php in Image voting 1.0 allows ...)
- TODO: check
+ NOT-FOR-US: Image voting
CVE-2009-3355 (Cross-site scripting (XSS) vulnerability in profile.php in Datetopia ...)
- TODO: check
+ NOT-FOR-US: Datetopia Buy Dating Site
CVE-2009-3354 (Multiple unspecified vulnerabilities in the Rest API module for Drupal ...)
- TODO: check
+ NOT-FOR-US: Rest API module for Drupal
CVE-2009-3353 (Multiple unspecified vulnerabilities in the Node2Node module for ...)
- TODO: check
+ NOT-FOR-US: Node2Node module for Drupal
CVE-2009-3352 (Multiple unspecified vulnerabilities in the quota_by_role (Quota by ...)
- TODO: check
+ NOT-FOR-US: quota_by_role (Quota by role) module for Drupal
CVE-2009-3351 (Multiple unspecified vulnerabilities in the Node Browser module for ...)
- TODO: check
+ NOT-FOR-US: Node Browser module for Drupal
CVE-2009-3350 (Multiple unspecified vulnerabilities in the Subdomain Manager module ...)
- TODO: check
+ NOT-FOR-US: Subdomain Manager module for Drupal
CVE-2009-3349 (SQL injection vulnerability in Datavore Gyro 5.0 allows remote ...)
TODO: check
CVE-2009-3348 (Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows ...)
- TODO: check
+ NOT-FOR-US: Datavore Gyro
CVE-2009-3347 (Buffer overflow on the D-Link DIR-400 wireless router allows remote ...)
- TODO: check
+ NOT-FOR-US: D-Link DIR-400 wireless router
CVE-2009-3346 (Unspecified vulnerability in SAP Crystal Reports Server 2008 allows ...)
- TODO: check
+ NOT-FOR-US: SAP Crystal Reports Server
CVE-2009-3345 (Heap-based buffer overflow in SAP Crystal Reports Server 2008 has ...)
- TODO: check
+ NOT-FOR-US: SAP Crystal Reports Server
CVE-2009-3344 (Unspecified vulnerability in SAP Crystal Reports Server 2008 on ...)
- TODO: check
+ NOT-FOR-US: SAP Crystal Reports Server
CVE-2009-3343 (SQL injection vulnerability in details.asp in HotWeb Rentals allows ...)
- TODO: check
+ NOT-FOR-US: HotWeb Rentals
CVE-2009-3342 (SQL injection vulnerability in frontend/assets/ajax/checkusername.php ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2009-3341 (Buffer overflow on the Linksys WRT54GL wireless router allows remote ...)
- TODO: check
+ NOT-FOR-US: Linksys WRT54GL wireless router
CVE-2009-3340 (Unspecified vulnerability in FreeSSHD 1.2.4 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: FreeSSHD
CVE-2009-3339 (Unspecified vulnerability in McAfee Email and Web Security Appliance ...)
- TODO: check
+ NOT-FOR-US: McAfee Email and Web Security Appliance
CVE-2009-3338 (Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b ...)
- TODO: check
+ NOT-FOR-US: Magic Morph
CVE-2009-3337 (SQL injection vulnerability in the Freetag (serendipity_event_freetag) ...)
- TODO: check
+ NOT-FOR-US: plugin for Serendipity
CVE-2009-3336 (SQL injection vulnerability in auction_details.php in PHP Pro Bid ...)
- TODO: check
+ NOT-FOR-US: PHP Pro Bid
CVE-2009-3335 (SQL injection vulnerability in the TurtuShout component 0.11 for ...)
- TODO: check
+ NOT-FOR-US: TurtuShout component 0.11 for Joomla!
CVE-2009-3334 (SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! ...)
NOT-FOR-US: Lhacky! Extensions Cave Joomla!
CVE-2009-3333 (PHP remote file inclusion vulnerability in koesubmit.php in the ...)
@@ -1650,11 +1648,10 @@
NOT-FOR-US: PG MatchMaking
CVE-2009-2881 (Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote ...)
NOT-FOR-US: Basilic
-CVE-2009-XXXX [BackupPC ClientNameAlias ssh rsync backup security bypass]
+CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in ...)
- backuppc 3.1.0-7 (low; bug #542218)
[etch] - backuppc <no-dsa> (Requires access)
[lenny] - backuppc <no-dsa> (Requires access)
- TODO: request CVE id
CVE-2009-XXXX [burn: Insecure escaping of file names]
- burn 0.4.5-1 (low; bug #542329)
[lenny] - burn 0.4.3-2.1+lenny1
@@ -1829,7 +1826,7 @@
CVE-2009-2818
RESERVED
CVE-2009-2817 (Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes
CVE-2009-2816
RESERVED
CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not ...)
@@ -2443,11 +2440,11 @@
CVE-2009-2683
RESERVED
CVE-2009-2682 (Unspecified vulnerability in Role-Based Access Control (RBAC) in HP ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2009-2681
RESERVED
CVE-2009-2680 (Unspecified vulnerability in the Remote Management Interface (RMI) for ...)
- TODO: check
+ NOT-FOR-US: HP StorageWorks
CVE-2009-2679
RESERVED
CVE-2009-2678
More information about the Secure-testing-commits
mailing list