Author: joeyh
Date: 2009-01-08 21:14:10 +0000 (Thu, 08 Jan 2009)
New Revision: 10899
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-08 20:41:23 UTC (rev 10898)
+++ data/CVE/list 2009-01-08 21:14:10 UTC (rev 10899)
@@ -1,3 +1,101 @@
+CVE-2009-0069 (Unspecified vulnerability in the nfs4rename_persistent_fh
function in ...)
+ TODO: check
+CVE-2009-0068 (Interaction error in xdg-open allows remote attackers to
execute ...)
+ TODO: check
+CVE-2009-0067
+ RESERVED
+CVE-2009-0066 (Multiple unspecified vulnerabilities in Intel system software
for ...)
+ TODO: check
+CVE-2009-0065 (Buffer overflow in net/sctp/sm_statefuns.c in the Stream
Control ...)
+ TODO: check
+CVE-2009-0064
+ RESERVED
+CVE-2009-0063
+ RESERVED
+CVE-2009-0062
+ RESERVED
+CVE-2009-0061
+ RESERVED
+CVE-2009-0060
+ RESERVED
+CVE-2009-0059
+ RESERVED
+CVE-2009-0058
+ RESERVED
+CVE-2009-0057
+ RESERVED
+CVE-2009-0056
+ RESERVED
+CVE-2009-0055
+ RESERVED
+CVE-2009-0054
+ RESERVED
+CVE-2009-0053
+ RESERVED
+CVE-2009-0052
+ RESERVED
+CVE-2009-0051 (ZXID 0.29 and earlier does not properly check the return value
from ...)
+ TODO: check
+CVE-2009-0050 (Lasso 2.2.1 and earlier does not properly check the return
value from ...)
+ TODO: check
+CVE-2009-0049 (Belgian eID middleware (eidlib) 2.6.0 and earlier does not
properly ...)
+ TODO: check
+CVE-2009-0048 (OpenEvidence 1.0.6 and earlier does not properly check the
return ...)
+ TODO: check
+CVE-2009-0047 (Gale 0.99 and earlier does not properly check the return value
from ...)
+ TODO: check
+CVE-2009-0046 (Sun GridEngine 5.3 and earlier does not properly check the
return ...)
+ TODO: check
+CVE-2009-0045
+ RESERVED
+CVE-2009-0044
+ RESERVED
+CVE-2009-0043
+ RESERVED
+CVE-2009-0042
+ RESERVED
+CVE-2009-0041
+ RESERVED
+CVE-2008-5867 (Directory traversal vulnerability in Yerba SACphp 6.3 allows
remote ...)
+ TODO: check
+CVE-2008-5866 (The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has
public ...)
+ TODO: check
+CVE-2008-5865 (SQL injection vulnerability in the com_hbssearch component 1.0
in the ...)
+ TODO: check
+CVE-2008-5864 (SQL injection vulnerability in the Top Hotel
(com_tophotelmodule) ...)
+ TODO: check
+CVE-2008-5863 (SQL injection vulnerability in locator.php in the Userlocator
module ...)
+ TODO: check
+CVE-2008-5862 (Directory traversal vulnerability in webcamXP 5.3.2.375 and
5.3.2.410 ...)
+ TODO: check
+CVE-2008-5861 (Directory traversal vulnerability in source.php in FreeLyrics
1.0 ...)
+ TODO: check
+CVE-2008-5860 (Directory traversal vulnerability in backend/template.php in
...)
+ TODO: check
+CVE-2008-5859 (SQL injection vulnerability in index.php in Constructr CMS
3.02.5 and ...)
+ TODO: check
+CVE-2008-5858 (Multiple cross-site scripting (XSS) vulnerabilities in
KnowledgeTree ...)
+ TODO: check
+CVE-2008-5857 (The DropDocuments plugin in KnowledgeTree before 3.5.4a allows
remote ...)
+ TODO: check
+CVE-2008-5856 (Directory traversal vulnerability in scripts/export.php in
ClaSS ...)
+ TODO: check
+CVE-2008-5855 (myPHPscripts Login Session 2.0 stores sensitive information
under the ...)
+ TODO: check
+CVE-2008-5854 (Multiple cross-site scripting (XSS) vulnerabilities in
login.php in ...)
+ TODO: check
+CVE-2008-5853 (Chilek Content Management System (aka ChiCoMaS) 2.0.4 and
earlier ...)
+ TODO: check
+CVE-2008-5852 (Emefa Guestbook 3.0 stores sensitive information under the web
root ...)
+ TODO: check
+CVE-2008-5851 (SQL injection vulnerability in index.php in My PHP Baseball
Stats ...)
+ TODO: check
+CVE-2008-5850 (Unspecified vulnerability in the SmartCenter server for Check
Point ...)
+ TODO: check
+CVE-2008-5849 (Check Point VPN-1 R55, R65, and other versions, when Port
Address ...)
+ TODO: check
+CVE-2008-5848 (The Advantech ADAM-6000 module has 00000000 as its default
password, ...)
+ TODO: check
CVE-2008-5847 (Constructr CMS 3.02.5 and earlier stores passwords in cleartext
in a ...)
NOT-FOR-US: Constructr CMS
CVE-2008-5846 (Six Apart Movable Type (MT) before 4.23 allows remote
authenticated ...)
@@ -342,10 +440,10 @@
NOT-FOR-US: Solaris
CVE-2008-5689 (tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through
snv_76 ...)
NOT-FOR-US: Solaris
-CVE-2008-5688 (MediaWiki 1.8.1 through 1.13.3, when the wgShowExceptionDetails
...)
+CVE-2008-5688 (MediaWiki 1.8.1, and other versions before 1.13.3, when the ...)
- mediawiki <unfixed> (unimportant)
NOTE: Installation path disclosure not treated as a security issue
-CVE-2008-5687 (MediaWiki 1.11 through 1.13.3 does not properly protect against
the ...)
+CVE-2008-5687 (MediaWiki 1.11, and other versions before 1.13.3, does not
properly ...)
- mediawiki 1:1.13.3-1 (low)
NOTE: the CVE id description is wrong, this is fixed in 1.13.3,
notified mitre
CVE-2008-5686 (IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006,
when its ...)
@@ -575,8 +673,7 @@
RESERVED
CVE-2009-0026
RESERVED
-CVE-2009-0025 [OpenSSL signature verification API misuse: bind9 incarnation]
- RESERVED
+CVE-2009-0025 (BIND 9.4.3 and earlier does not properly check the return value
from ...)
- bind9 <unfixed> (low)
NOTE: low severity because it is believed hard to trigger and only
NOTE: affects DNSSEC with DSA, which is supposedly rarely used.
@@ -587,8 +684,8 @@
CVE-2009-0022 (Samba 3.2.0 through 3.2.6, when registry shares are enabled,
allows ...)
- samba 2:3.2.5-3
[etch] - samba <not-affected> (Only 3.2.x affected)
-CVE-2009-0021
- RESERVED
+CVE-2009-0021 (NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not
properly ...)
+ TODO: check
CVE-2009-0020
RESERVED
CVE-2009-0019
@@ -1483,7 +1580,7 @@
- mediawiki 1:1.13.3-1 (bug #508869)
CVE-2008-5249 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0
through ...)
- mediawiki <not-affected> (vulnerable code was introduced in 1.13.0)
- NOTE: Fixed for the 1.13 branch in experimental: 1:1.13.3-1, bug
#508868
+ NOTE: Fixed for the 1.13 branch in experimental: 1:1.13.3-1, bug #508868
CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the
Real ...)
- vlc <not-affected> (vulnerable code not present)
NOTE: affected versions are >= 0.9.x (experimental)
@@ -1923,8 +2020,7 @@
NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2
CVE-2008-5078 (Multiple buffer overflows in the (1) recognize_eps_file
function ...)
TODO: check
-CVE-2008-5077 [OpenSSL signature verification misuse]
- RESERVED
+CVE-2008-5077 (OpenSSL 0.9.8i and earlier does not properly check the return
value ...)
- openssl 0.9.8g-15
CVE-2008-5075 (Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0
(aka ...)
NOT-FOR-US: E-Uploader Pro
@@ -2520,8 +2616,8 @@
CVE-2008-XXXX [ktorrent issues]
- ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
- ktorrent 3.1.4+dfsg.1-1
- [etch] - ktorrent <not-affected> (Doesn't include the web interface)
- NOTE: CVE requested
+ [etch] - ktorrent <not-affected> (Doesn't include the web interface)
+ NOTE: CVE requested
CVE-2008-XXXX [epiphany-browser: Python scripts load modules from current
directory]
- epiphany-browser 2.22.3-7 (bug #504363; low)
[etch] - epiphany-browser <no-dsa> (Minor issue, only vulnerable when
called from certain dir)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
