Author: joeyh
Date: 2009-01-21 21:14:15 +0000 (Wed, 21 Jan 2009)
New Revision: 11012
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-21 18:20:56 UTC (rev 11011)
+++ data/CVE/list 2009-01-21 21:14:15 UTC (rev 11012)
@@ -1,3 +1,163 @@
+CVE-2009-0242 (Ganglia 3.1.1 allows remote attackers to cause a denial of
service via ...)
+ TODO: check
+CVE-2009-0241 (Stack-based buffer overflow in the process_path function in ...)
+ TODO: check
+CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an
SVN ...)
+ TODO: check
+CVE-2009-0239
+ RESERVED
+CVE-2009-0238
+ RESERVED
+CVE-2009-0237
+ RESERVED
+CVE-2009-0236
+ RESERVED
+CVE-2009-0235
+ RESERVED
+CVE-2009-0234
+ RESERVED
+CVE-2009-0233
+ RESERVED
+CVE-2009-0232
+ RESERVED
+CVE-2009-0231
+ RESERVED
+CVE-2009-0230
+ RESERVED
+CVE-2009-0229
+ RESERVED
+CVE-2009-0228
+ RESERVED
+CVE-2009-0227
+ RESERVED
+CVE-2009-0226
+ RESERVED
+CVE-2009-0225
+ RESERVED
+CVE-2009-0224
+ RESERVED
+CVE-2009-0223
+ RESERVED
+CVE-2009-0222
+ RESERVED
+CVE-2009-0221
+ RESERVED
+CVE-2009-0220
+ RESERVED
+CVE-2009-0219 (The PDF distiller in the Attachment Service in Research in
Motion ...)
+ TODO: check
+CVE-2009-0218
+ RESERVED
+CVE-2009-0217
+ RESERVED
+CVE-2009-0216
+ RESERVED
+CVE-2009-0215
+ RESERVED
+CVE-2009-0214
+ RESERVED
+CVE-2009-0213
+ RESERVED
+CVE-2009-0212
+ RESERVED
+CVE-2009-0211
+ RESERVED
+CVE-2009-0210
+ RESERVED
+CVE-2009-0209
+ RESERVED
+CVE-2009-0208
+ RESERVED
+CVE-2009-0207
+ RESERVED
+CVE-2009-0206
+ RESERVED
+CVE-2009-0205
+ RESERVED
+CVE-2009-0204
+ RESERVED
+CVE-2009-0203
+ RESERVED
+CVE-2009-0202
+ RESERVED
+CVE-2009-0201
+ RESERVED
+CVE-2009-0200
+ RESERVED
+CVE-2009-0199
+ RESERVED
+CVE-2009-0198
+ RESERVED
+CVE-2009-0197
+ RESERVED
+CVE-2009-0196
+ RESERVED
+CVE-2009-0195
+ RESERVED
+CVE-2009-0194
+ RESERVED
+CVE-2009-0193
+ RESERVED
+CVE-2009-0192
+ RESERVED
+CVE-2009-0191
+ RESERVED
+CVE-2009-0190
+ RESERVED
+CVE-2009-0189
+ RESERVED
+CVE-2009-0188
+ RESERVED
+CVE-2009-0187
+ RESERVED
+CVE-2009-0186
+ RESERVED
+CVE-2009-0185
+ RESERVED
+CVE-2009-0184
+ RESERVED
+CVE-2009-0183
+ RESERVED
+CVE-2009-0182 (Buffer overflow in VUPlayer 2.49 and earlier allows
user-assisted ...)
+ TODO: check
+CVE-2009-0181 (Buffer overflow in VUPlayer allows user-assisted attackers to
have an ...)
+ TODO: check
+CVE-2009-0180 (Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9
on ...)
+ TODO: check
+CVE-2009-0179 (libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly
other ...)
+ TODO: check
+CVE-2009-0178 (Unspecified vulnerability in IBM Hardware Management Console
(HMC) 7 ...)
+ TODO: check
+CVE-2009-0177 (vmwarebase.dll, as used in the vmware-authd service (aka ...)
+ TODO: check
+CVE-2009-0176 (Multiple heap-based buffer overflows in the PDF distiller in
the ...)
+ TODO: check
+CVE-2009-0175 (Heap-based buffer overflow in Heathco Software MP3 TrackMaker
1.5 ...)
+ TODO: check
+CVE-2009-0174 (Stack-based buffer overflow in VUPlayer 2.49 allows remote
attackers ...)
+ TODO: check
+CVE-2008-5920 (The create_anchors function in utils.inc in WebSVN 1.x allows
remote ...)
+ TODO: check
+CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and
...)
+ TODO: check
+CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the ...)
+ TODO: check
+CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter ...)
+ TODO: check
+CVE-2008-5916 (gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6,
1.5.6.x ...)
+ TODO: check
+CVE-2008-5915 (An unspecified function in the JavaScript implementation in
Google ...)
+ TODO: check
+CVE-2008-5914 (An unspecified function in the JavaScript implementation in
Apple ...)
+ TODO: check
+CVE-2008-5913 (An unspecified function in the JavaScript implementation in
Mozilla ...)
+ TODO: check
+CVE-2008-5912 (An unspecified function in the JavaScript implementation in
Microsoft ...)
+ TODO: check
+CVE-2008-5911 (Multiple buffer overflows in RealNetworks Helix Server and
Helix ...)
+ TODO: check
+CVE-2007-6720 (libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer,
and ...)
+ TODO: check
CVE-2009-0173 (Unspecified vulnerability in the server in IBM DB2 9.1 before
FP6a and ...)
NOT-FOR-US: IBM DB2
CVE-2009-0172 (Unspecified vulnerability in IBM DB2 9.1 before FP6a and 9.5
before ...)
@@ -105,7 +265,7 @@
- m2crypto <unfixed> (bug #511515)
CVE-2009-0126 (The decrypt_public function in lib/crypt.cpp in the client in
Berkeley ...)
- boinc 6.2.14-3 (bug #511521)
-CVE-2009-0125 (nasl/nasl_crypto2.c in the Nessus Attack Scripting Language
library ...)
+CVE-2009-0125 (** DISPUTED ** ...)
- libnasl <unfixed> (bug #511517)
CVE-2009-0124 (The tqsl_verifyDataBlock function in openssl_cert.cpp in
American ...)
- tqsllib 2.0-8 (bug #511509)
@@ -286,7 +446,7 @@
NOT-FOR-US: Internet Explorer
CVE-2009-0071 (Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when
designMode is ...)
- iceweasel <unfixed> (unimportant)
- NOTE: Browser crashes not treated as security issues
+ NOTE: Browser crashes not treated as security issues
CVE-2009-0070 (Integer signedness error in Apple Safari allows remote
attackers to ...)
NOT-FOR-US: Apple Safari
CVE-2008-5880 (admin/auth.php in Gobbl CMS 1.0 allows remote attackers to
bypass ...)
@@ -691,7 +851,7 @@
NOT-FOR-US: Mayaa
CVE-2008-5719 (Cross-site scripting (XSS) vulnerability in Hitachi Groupmax
Web ...)
NOT-FOR-US: Hitachi
-CVE-2008-5718 (The papd daemon in Netatalk before 2.0.4-beta2 allows remote
attackers ...)
+CVE-2008-5718 (The papd daemon in Netatalk before 2.0.4-beta2, when using
certain ...)
{DSA-1705-1 DTSA-183-1}
- netatalk 2.0.4~beta2-1 (medium; bug #510585)
CVE-2008-5717 (Cross-site scripting (XSS) vulnerability in Hitachi
JP1/Integrated ...)
@@ -986,8 +1146,8 @@
RESERVED
CVE-2009-0032
RESERVED
-CVE-2009-0031
- RESERVED
+CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)
+ TODO: check
CVE-2009-0030
RESERVED
CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390,
powerpc, ...)
@@ -1197,11 +1357,10 @@
RESERVED
CVE-2008-5518
RESERVED
-CVE-2008-5517 (The web interface in git in SUSE openSUSE 10.3 allows remote
attackers ...)
+CVE-2008-5517 (The web interface in git (gitweb) 1.5.5 and other versions
allows ...)
{DSA-1708-1}
- git-core 1:1.5.6.5-2 (low; bug #512330)
-CVE-2008-5516 [gitweb shell command injection through snapshots and pickaxe
search]
- RESERVED
+CVE-2008-5516 (The web interface in git (gitweb) 1.5.6, and possibly other
versions, ...)
{DSA-1708-1}
- git-core 1:1.5.6-1
CVE-2008-5515
@@ -2109,6 +2268,7 @@
[lenny] - wireshark 1.0.2-3+lenny3
- wireshark 1.0.5-1 (low; bug #506741)
CVE-2008-5394 (/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably
other ...)
+ {DSA-1709-1}
- shadow 1:4.1.1-6 (bug #505271)
CVE-2008-5706 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger
...)
- verlihub <unfixed> (low; bug #506530)
@@ -2446,10 +2606,11 @@
CVE-2008-5053 (PHP remote file inclusion vulnerability in admin.rssreader.php
in the ...)
NOT-FOR-US: com_rssreader component for Joomla!
CVE-2008-5052 (The AppendAttributeValue function in the JavaScript engine in
Mozilla ...)
+ {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
- iceweasel 3.0.4-1
- - xulrunner 1.9.0.4-1
- - icedove 2.0.0.19-1
- - iceape 1.1.13-1
+ - xulrunner 1.9.0.4-1
+ - icedove 2.0.0.19-1
+ - iceape 1.1.13-1
CVE-2008-5051 (SQL injection vulnerability in the JooBlog (com_jb2) component
0.1.1 ...)
NOT-FOR-US: joomla
CVE-2008-5049 (Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft
Anti-Keylogger ...)
@@ -3988,8 +4149,8 @@
NOT-FOR-US: Cisco Linksys WVC54GC
CVE-2008-4389
RESERVED
-CVE-2008-4388
- RESERVED
+CVE-2008-4388 (The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll
in ...)
+ TODO: check
CVE-2008-4387 (Unspecified vulnerability in the Simba MDrmSap ActiveX control
in ...)
NOT-FOR-US: ActiveX
CVE-2008-4386
@@ -8851,8 +9012,8 @@
CVE-2008-2385
RESERVED
CVE-2008-2384 [mod-auth-mysq: SQL injection vulnerability]
+ RESERVED
- mod-auth-mysql 4.3.9-11 (medium)
- RESERVED
CVE-2008-2383 (CRLF injection vulnerability in xterm allows user-assisted
attackers ...)
{DSA-1694-1 DTSA-182-1}
- xterm 238-2 (medium; bug #510030)
@@ -8902,10 +9063,10 @@
- tomcat5.5 5.5.26-4 (bug #494504)
CVE-2008-2369 (manzier.pxt in Red Hat Network Satellite Server before 5.1.1
has a ...)
NOT-FOR-US: Red Hat Network Satellite Server
-CVE-2008-2368
- RESERVED
-CVE-2008-2367
- RESERVED
+CVE-2008-2368 (Red Hat Certificate System 7.2 stores passwords in cleartext in
the ...)
+ TODO: check
+CVE-2008-2367 (Red Hat Certificate System 7.2 uses world-readable permissions
for ...)
+ TODO: check
CVE-2008-2366 (Untrusted search path vulnerability in a certain Red Hat build
script ...)
- openoffice.org <not-affected> (RedHat-specific packaging flaw)
CVE-2008-2365 (Race condition in the ptrace and utrace support in the Linux
kernel ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
