Author: joeyh
Date: 2009-01-28 21:14:15 +0000 (Wed, 28 Jan 2009)
New Revision: 11082
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-28 20:30:17 UTC (rev 11081)
+++ data/CVE/list 2009-01-28 21:14:15 UTC (rev 11082)
@@ -1,3 +1,92 @@
+CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python
interpreter ...)
+ TODO: check
+CVE-2009-0317 (Untrusted search path vulnerability in the Python language
bindings ...)
+ TODO: check
+CVE-2009-0316 (Untrusted search path vulnerability in the Python module in vim
allows ...)
+ TODO: check
+CVE-2009-0315 (Untrusted search path vulnerability in the Python module in
xchat ...)
+ TODO: check
+CVE-2009-0314 (Untrusted search path vulnerability in the Python module in
gedit ...)
+ TODO: check
+CVE-2009-0313 (winetricks before 20081223 allows local users to overwrite
arbitrary ...)
+ TODO: check
+CVE-2009-0311 (The Backbone service (ftbackbone.exe) in EMC AutoStart before
5.3 SP2 ...)
+ TODO: check
+CVE-2009-0310
+ RESERVED
+CVE-2009-0309
+ RESERVED
+CVE-2009-0308
+ RESERVED
+CVE-2009-0307
+ RESERVED
+CVE-2009-0306
+ RESERVED
+CVE-2009-0305
+ RESERVED
+CVE-2009-0304 (The kernel in Sun Solaris 10 and 11 snv_101b allows remote
attackers ...)
+ TODO: check
+CVE-2009-0303 (Cross-site scripting (XSS) vulnerability in Web Help Desk
before ...)
+ TODO: check
+CVE-2009-0302 (SQL injection vulnerability in the Downloads 8.0 module for
PHP-Nuke, ...)
+ TODO: check
+CVE-2009-0301 (Multiple insecure method vulnerabilities in the FlexCell.Grid
ActiveX ...)
+ TODO: check
+CVE-2009-0300
+ REJECTED
+ TODO: check
+CVE-2009-0299 (SQL injection vulnerability in index.php in Groone GLinks 2.1
allows ...)
+ TODO: check
+CVE-2009-0298 (Heap-based buffer overflow in MW6 Technologies Barcode ActiveX
control ...)
+ TODO: check
+CVE-2009-0297 (SQL injection vulnerability in login_check.asp in ClickAuction
allows ...)
+ TODO: check
+CVE-2009-0296 (SQL injection vulnerability in shop_display_products.php in
Script ...)
+ TODO: check
+CVE-2009-0295 (SQL injection vulnerability in index.php in Information
Technology ...)
+ TODO: check
+CVE-2009-0294 (Multiple PHP remote file inclusion vulnerabilities in WB News
2.0.1, ...)
+ TODO: check
+CVE-2009-0293 (SQL injection vulnerability in profile_view.php in Wazzum
Dating ...)
+ TODO: check
+CVE-2009-0292 (SQL injection vulnerability in show_cat2.php in SHOP-INET 4
allows ...)
+ TODO: check
+CVE-2009-0291 (Directory traversal vulnerability in fc.php in OpenX 2.6.3
allows ...)
+ TODO: check
+CVE-2009-0290 (Directory traversal vulnerability in common.php in SIR GNUBoard
...)
+ TODO: check
+CVE-2009-0289 (k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote
attackers to ...)
+ TODO: check
+CVE-2009-0288 (Directory traversal vulnerability in k23productions TFTPUtil
GUI 1.2.0 ...)
+ TODO: check
+CVE-2009-0287 (SQL injection vulnerability in lib/patUser.php in KEEP Toolkit
before ...)
+ TODO: check
+CVE-2009-0286 (Directory traversal vulnerability in upgrade/index.php in
OpenGoo 1.1, ...)
+ TODO: check
+CVE-2009-0285 (Cross-site scripting (XSS) vulnerability in error.asp in BBSXP
5.13 ...)
+ TODO: check
+CVE-2009-0284 (SQL injection vulnerability in category.php in Flax Article
Manager ...)
+ TODO: check
+CVE-2009-0283 (Cross-site scripting (XSS) vulnerability in err.asp in Oblog
allows ...)
+ TODO: check
+CVE-2009-0281 (SQL injection vulnerability in login.aspx in WarHound Walking
Club ...)
+ TODO: check
+CVE-2009-0280 (Asp Project Management 1.0 allows remote attackers to bypass
...)
+ TODO: check
+CVE-2009-0279 (SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0
and ...)
+ TODO: check
+CVE-2008-5987 (Untrusted search path vulnerability in the Python interface in
eog ...)
+ TODO: check
+CVE-2008-5986 (Untrusted search path vulnerability in the (1) "VST plugin
with Python ...)
+ TODO: check
+CVE-2008-5985 (Untrusted search path vulnerability in the Python interface in
...)
+ TODO: check
+CVE-2008-5984 (Untrusted search path vulnerability in the Python plugin in Dia
...)
+ TODO: check
+CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API
function ...)
+ TODO: check
+CVE-2008-5982 (Format string vulnerability in BMC PATROL Agent before 3.7.30
allows ...)
+ TODO: check
CVE-2009-0323 [multiple buffer overflows in amaya]
TODO: report bug
- amaya <unfixed> (medium)
@@ -2,8 +91,9 @@
NOTE: http://www.coresecurity.com/content/amaya-buffer-overflows
-CVE-2009-0282 [Integer overflow in Ralink SSID parsing]
+CVE-2009-0282 (Integer overflow in Ralink Technology USB wireless adapter
(RT73) 3.08 ...)
- rt2400 1.2.2+cvs20080623-3 (bug #512999)
- rt2500 1:1.1.0-b4+cvs20080623-3 (bug #513000)
- rt2570 1.1.0+cvs20080623-2 (bug #513001)
- rt73 1:1.0.3.6-cvs20080623-dfsg1-3 (bug #512995)
-CVE-2009-0312 [moin: XSS in antispam.py]
+CVE-2009-0312 (Cross-site scripting (XSS) vulnerability in the antispam
feature ...)
+ {DTSA-187-1}
- moin 1.8.1-1.1 (low)
@@ -84,6 +174,7 @@
CVE-2009-0261 (Stack-based buffer overflow in EffectMatrix Total Video Player
1.31 ...)
NOT-FOR-US: EffectMatrix Total Video Player
CVE-2009-0260 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ {DTSA-187-1}
- moin 1.8.1-1.1 (bug #513158; low)
CVE-2008-5964 (Session fixation vulnerability in Social ImpressCMS before
1.1.1 RC1 ...)
NOT-FOR-US: Social ImpressCMS
@@ -754,8 +845,8 @@
RESERVED
CVE-2009-0043 (The smmsnmpd service in CA Service Metric Analysis r11.0
through r11.1 ...)
NOT-FOR-US: CA Service Metric Analysis r11.0 through r11.1 SP1 and
Service
-CVE-2009-0042
- RESERVED
+CVE-2009-0042 (Multiple unspecified vulnerabilities in the Arclib library ...)
+ TODO: check
CVE-2009-0041 (IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before
...)
TODO: check
CVE-2008-5867 (Directory traversal vulnerability in Yerba SACphp 6.3 allows
remote ...)
@@ -1370,8 +1461,8 @@
RESERVED
CVE-2009-0033
RESERVED
-CVE-2009-0032
- RESERVED
+CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server
(CS) ...)
+ TODO: check
CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
@@ -1503,6 +1594,7 @@
CVE-2008-5558 (Asterisk Open Source 1.2.26 through 1.2.30.3 and Business
Edition ...)
- asterisk 1:1.4.0~dfsg-1 (bug #509686)
CVE-2008-5557 (Heap-based buffer overflow in ...)
+ {DTSA-188-1}
- php5 5.2.6.dfsg.1-1 (bug #511493)
CVE-2008-XXXX [phpBB3 Account Re-activation Security Bypass]
- phpbb3 <unfixed> (low; bug #508872)
@@ -1993,6 +2085,7 @@
CVE-2008-5617 (The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1
does ...)
- rsyslog 3.18.6-1 (bug #508027)
CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid
and ...)
+ {DTSA-188-1}
- php5 5.2.6.dfsg.1-1 (bug #508021)
TODO: check php4
CVE-2008-5660 (Format string vulnerability in the vinagre_utils_show_error
function ...)
@@ -2181,6 +2274,7 @@
CVE-2007-6719 (SQL injection vulnerability in Wiz-Ad 1.3 allows remote
attackers to ...)
NOT-FOR-US: Wiz-Ad
CVE-2008-5658 (Directory traversal vulnerability in the ZipArchive::extractTo
...)
+ {DTSA-188-1}
- php5 5.2.6.dfsg.1-3 (bug #507857)
- php4 <unfixed>
CVE-2008-5323 (Cross-site scripting (XSS) vulnerability in index.php in Wysi
Wiki Wyg ...)
@@ -7570,7 +7664,7 @@
- sun-java5 1.5.0-16-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 <not-affected> (Only for sun-java5)
-CVE-2008-3112 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE
6 ...)
+CVE-2008-3112 (Directory traversal vulnerability in Sun Java Web Start in JDK
and JRE ...)
- sun-java5 1.5.0-16-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
@@ -12098,7 +12192,7 @@
- sun-java6 6-05-1 (medium)
- sun-java5 1.5.0-15-1 (medium)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
-CVE-2008-1188 (Multiple buffer overflows in Java Web Start in Sun JDK and JRE
6 ...)
+CVE-2008-1188 (Multiple buffer overflows in the useEncodingDecl function in
Java Web ...)
- sun-java6 6-05-1 (medium)
- sun-java5 1.5.0-15-1 (medium)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
@@ -25338,8 +25432,8 @@
- xterm <not-affected> (Debian uses safe compile-time settings)
CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial
of ...)
NOT-FOR-US: Arris Cadant
-CVE-2007-2795
- RESERVED
+CVE-2007-2795 (Multiple buffer overflows in Ipswitch IMail before 2006.21
allow ...)
+ TODO: check
CVE-2007-2794
RESERVED
CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php
in ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
