Author: joeyh
Date: 2009-03-02 21:14:17 +0000 (Mon, 02 Mar 2009)
New Revision: 11314
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-02 21:10:13 UTC (rev 11313)
+++ data/CVE/list 2009-03-02 21:14:17 UTC (rev 11314)
@@ -1,3 +1,131 @@
+CVE-2009-0748 (The ext4_fill_super function in fs/ext4/super.c in the Linux
kernel ...)
+ TODO: check
+CVE-2009-0747 (The ext4_isize function in fs/ext4/ext4.h in the Linux kernel
2.6.27 ...)
+ TODO: check
+CVE-2009-0746 (The make_indexed_dir function in fs/ext4/namei.c in the Linux
kernel ...)
+ TODO: check
+CVE-2009-0745 (The ext4_group_add function in fs/ext4/resize.c in the Linux
kernel ...)
+ TODO: check
+CVE-2009-0744 (Apple Safari 4 Beta build 528.16 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2009-0743 (Cross-site scripting (XSS) vulnerability in the edit account
page in ...)
+ TODO: check
+CVE-2009-0742 (The username command in Cisco ACE Application Control Engine
Module ...)
+ TODO: check
+CVE-2008-6346 (Cross-site scripting (XSS) vulnerability in the DR Wiki
(dr_wiki) ...)
+ TODO: check
+CVE-2008-6345 (SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and
1.0 ...)
+ TODO: check
+CVE-2008-6344 (SQL injection vulnerability in the TU-Clausthal Staff
(tuc_staff) ...)
+ TODO: check
+CVE-2008-6343 (Cross-site scripting (XSS) vulnerability in the TU-Clausthal
ODIN ...)
+ TODO: check
+CVE-2008-6342 (Unspecified vulnerability in the TYPO3 Simple File Browser ...)
+ TODO: check
+CVE-2008-6341 (Cross-site scripting (XSS) vulnerability in the SB Universal
Plugin ...)
+ TODO: check
+CVE-2008-6340 (Cross-site scripting (XSS) vulnerability in the Vox populi ...)
+ TODO: check
+CVE-2008-6338 (SQL injection vulnerability in the WEBERkommunal Facilities ...)
+ TODO: check
+CVE-2008-6337 (SQL injection vulnerability in the Volunteer Management System
...)
+ TODO: check
+CVE-2008-6336 (Directory traversal vulnerability in download.php in Text Lines
...)
+ TODO: check
+CVE-2008-6335 (Directory traversal vulnerability in download.php in eMetrix
Online ...)
+ TODO: check
+CVE-2008-6334 (Directory traversal vulnerability in download.php in eMetrix
Extract ...)
+ TODO: check
+CVE-2008-6333 (SQL injection vulnerability in news.php in RSS Simple News
(RSSSN), ...)
+ TODO: check
+CVE-2008-6332 (SQL injection vulnerability in login.php in Simple Customer 1.2
allows ...)
+ TODO: check
+CVE-2008-6331 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Streber ...)
+ TODO: check
+CVE-2008-6330 (SQL injection vulnerability in index.php in MyTopix 1.3.0 and
earlier ...)
+ TODO: check
+CVE-2008-6329 (SQL injection vulnerability in Employee/login.asp in Pre ASP
Job Board ...)
+ TODO: check
+CVE-2008-6328 (SQL injection vulnerability in view.php in Butterfly Organizer
2.0.0 ...)
+ TODO: check
+CVE-2008-6327 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows
remote ...)
+ TODO: check
+CVE-2008-6326 (SQL injection vulnerability in login.php in Simple Customer as
...)
+ TODO: check
+CVE-2008-6325 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz
...)
+ TODO: check
+CVE-2008-6324 (SQL injection vulnerability in forummessages.cfm in CF_Forum
allows ...)
+ TODO: check
+CVE-2008-6323 (SQL injection vulnerability in forummessages.cfm in CFMSource
...)
+ TODO: check
+CVE-2008-6322 (SQL injection vulnerability in index.cfm in CFMSource CFMBlog
allows ...)
+ TODO: check
+CVE-2008-6321 (CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root
with ...)
+ TODO: check
+CVE-2008-6320 (SQL injection vulnerability in index.cfm in CF Shopkart 5.2.2
allows ...)
+ TODO: check
+CVE-2008-6319 (SQL injection vulnerability in calendarevent.cfm in CF_Calendar
allows ...)
+ TODO: check
+CVE-2008-6318 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-6317 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2008-6316 (Directory traversal vulnerability in
_conf/core/common-tpl-vars.php in ...)
+ TODO: check
+CVE-2008-6315 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2008-6314 (SQL injection vulnerability in tag_board.php in the Tag Board
module ...)
+ TODO: check
+CVE-2008-6313 (Directory traversal vulnerability in addedit-render.php in
phpAddEdit ...)
+ TODO: check
+CVE-2008-6312 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows
remote ...)
+ TODO: check
+CVE-2008-6311 (SQL injection vulnerability in view.php in Butterfly Organizer
2.0.1 ...)
+ TODO: check
+CVE-2008-6310 (SQL injection vulnerability in index.php in W3matter RevSense
1.0 ...)
+ TODO: check
+CVE-2008-6309 (SQL injection vulnerability in index.php in W3matter AskPert
allows ...)
+ TODO: check
+CVE-2008-6308 (Multiple directory traversal vulnerabilities in Private
Messaging ...)
+ TODO: check
+CVE-2008-6307 (E-topbiz Link Back Checker 1 allows remote attackers to bypass
...)
+ TODO: check
+CVE-2008-6306 (Cross-site scripting (XSS) vulnerability in signinform.php in
Softbiz ...)
+ TODO: check
+CVE-2008-6305 (PHP remote file inclusion vulnerability in init.php in Free
Directory ...)
+ TODO: check
+CVE-2008-6304 (SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1,
when ...)
+ TODO: check
+CVE-2008-6303 (SQL injection vulnerability in tourview.php in ToursManager
allows ...)
+ TODO: check
+CVE-2008-6302 (TurnkeyForms Local Classifieds allows remote attackers to
bypass ...)
+ TODO: check
+CVE-2008-6301 (SQL injection vulnerability in shoutbox_view.php in the Small
ShoutBox ...)
+ TODO: check
+CVE-2008-6300 (Galatolo WebManager 1.3a allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-6299 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
1.5.7 ...)
+ TODO: check
+CVE-2008-6298 (Unspecified vulnerability in sISAPILocation before 1.0.2.2
allows ...)
+ TODO: check
+CVE-2008-6297 (Cross-site scripting (XSS) vulnerability in order.php in DHCart
allows ...)
+ TODO: check
+CVE-2008-6296 (admin.php in Maran PHP Shop allows remote attackers to bypass
...)
+ TODO: check
+CVE-2008-6295 (Multiple cross-site scripting (XSS) vulnerabilities in Camera
Life ...)
+ TODO: check
+CVE-2008-6294 (admin/Index.php in Acc Statistics 1.1 allows remote attackers
to ...)
+ TODO: check
+CVE-2008-6293 (admin/Index.php in Acc Real Estate 4.0 allows remote attackers
to ...)
+ TODO: check
+CVE-2008-6292 (Acc Autos 4.0 allows remote attackers to bypass authentication
and ...)
+ TODO: check
+CVE-2008-6291 (Acc PHP eMail 1.1 allows remote attackers to bypass
authentication and ...)
+ TODO: check
+CVE-2008-6290 (Directory traversal vulnerability in includefile.php in nicLOR
Sito, ...)
+ TODO: check
+CVE-2008-6289 (SQL injection vulnerability in cityview.php in Tours Manager
1.0 ...)
+ TODO: check
CVE-2009-XXXX [avahi-daemon: denial of service]
- avahi <unfixed> (bug #517683)
NOTE: CVE id requested
@@ -180,7 +308,7 @@
RESERVED
CVE-2009-0659 (Stack-based buffer overflow in the GetStatsFromLine function in
TPTEST ...)
NOT-FOR-US: TPTEST
-CVE-2009-0658 (Buffer overflow in Adobe Reader 9.0 and earlier and Acrobat 9.0
and ...)
+CVE-2009-0658 (Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat
9.0 and ...)
NOT-FOR-US: Adobe Reader
CVE-2009-0657 (Toshiba Face Recognition 2.0.2.32 allows physically proximate
...)
NOT-FOR-US: Toshiba Face Recognition
@@ -524,30 +652,30 @@
RESERVED
CVE-2009-0626
RESERVED
-CVE-2009-0625
- RESERVED
-CVE-2009-0624
- RESERVED
-CVE-2009-0623
- RESERVED
-CVE-2009-0622
- RESERVED
-CVE-2009-0621
- RESERVED
-CVE-2009-0620
- RESERVED
+CVE-2009-0625 (Unspecified vulnerability in Cisco ACE Application Control
Engine ...)
+ TODO: check
+CVE-2009-0624 (Unspecified vulnerability in the SNMPv2c implementation in
Cisco ACE ...)
+ TODO: check
+CVE-2009-0623 (Unspecified vulnerability in Cisco ACE Application Control
Engine ...)
+ TODO: check
+CVE-2009-0622 (Unspecified vulnerability in Cisco ACE Application Control
Engine ...)
+ TODO: check
+CVE-2009-0621 (Cisco ACE 4710 Application Control Engine Appliance before
A1(8a) uses ...)
+ TODO: check
+CVE-2009-0620 (Cisco ACE Application Control Engine Module for Catalyst 6500
Switches ...)
+ TODO: check
CVE-2009-0619
RESERVED
-CVE-2009-0618
- RESERVED
-CVE-2009-0617
- RESERVED
-CVE-2009-0616
- RESERVED
-CVE-2009-0615
- RESERVED
-CVE-2009-0614
- RESERVED
+CVE-2009-0618 (Unspecified vulnerability in the Java agent in Cisco
Application ...)
+ TODO: check
+CVE-2009-0617 (Cisco Application Networking Manager (ANM) before 2.0 uses a
default ...)
+ TODO: check
+CVE-2009-0616 (Cisco Application Networking Manager (ANM) before 2.0 uses
default ...)
+ TODO: check
+CVE-2009-0615 (Directory traversal vulnerability in Cisco Application
Networking ...)
+ TODO: check
+CVE-2009-0614 (Unspecified vulnerability in the Web Server in Cisco Unified
...)
+ TODO: check
CVE-2009-0613 (Trend Micro InterScan Web Security Suite (IWSS) 3.1 before
build 1237 ...)
NOT-FOR-US: Trend Micro
CVE-2009-0612 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA)
3.x and ...)
@@ -731,11 +859,11 @@
{DSA-1726-1}
- python-crypto <unfixed> (bug #516660)
CVE-2009-0543 (ProFTPD Server 1.3.1, with NLS support enabled, allows remote
...)
- {DSA-1727-1}
+ {DSA-1730-1 DSA-1727-1}
- proftpd 1.3.2-1 (medium; bug #516388)
- proftpd-basic 1.3.2-1 (medium; bug #516388)
CVE-2009-0542 (SQL injection vulnerability in ProFTPD Server 1.3.1 through
1.3.2rc2 ...)
- {DSA-1727-1}
+ {DSA-1730-1 DSA-1727-1}
- proftpd 1.3.2-1 (medium; bug #516388)
- proftpd-basic 1.3.2-1 (medium; bug #516388)
CVE-2009-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Magento
1.2.0 ...)
@@ -844,18 +972,18 @@
CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the
web-based ...)
- mediawiki <unfixed> (low; bug #514547)
[lenny] - mediawiki 1:1.12.0-2lenny3
-CVE-2009-0524
- RESERVED
-CVE-2009-0523
- RESERVED
-CVE-2009-0522
- RESERVED
-CVE-2009-0521
- RESERVED
-CVE-2009-0520
- RESERVED
-CVE-2009-0519
- RESERVED
+CVE-2009-0524 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6
and 7, ...)
+ TODO: check
+CVE-2009-0523 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp
Server 6 ...)
+ TODO: check
+CVE-2009-0522 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before
10.0.22.87 on ...)
+ TODO: check
+CVE-2009-0521 (Untrusted search path vulnerability in Adobe Flash Player 9.x
before ...)
+ TODO: check
+CVE-2009-0520 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before
10.0.22.87 ...)
+ TODO: check
+CVE-2009-0519 (Unspecified vulnerability in Adobe Flash Player 9.x before
9.0.159.0 ...)
+ TODO: check
CVE-2009-0518
RESERVED
CVE-2009-0517 (Eval injection vulnerability in index.php in phpSlash 0.8.1.1
and ...)
@@ -878,8 +1006,8 @@
RESERVED
CVE-2009-0508
RESERVED
-CVE-2009-0507
- RESERVED
+CVE-2009-0507 (IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2
before ...)
+ TODO: check
CVE-2009-0506 (Unspecified vulnerability in IBM WebSphere Application Server
(WAS) ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0505 (The CICS listener in IBM TXSeries for Multiplatforms 6.2 GA
waits for ...)
@@ -1260,6 +1388,7 @@
- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
- gst-plugins-bad0.10 <not-affected> (Vulnerable code not present)
CVE-2009-0397 (Heap-based buffer overflow in the qtdemux_parse_samples
function in ...)
+ {DSA-1729-1}
- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
@@ -1283,11 +1412,13 @@
CVE-2009-0388 (Multiple integer signedness errors in (1) UltraVNC 1.0.2 and
1.0.5 and ...)
- tightvnc <not-affected> (only the windows version is affected)
CVE-2009-0387 (Array index error in the qtdemux_parse_samples function in ...)
+ {DSA-1729-1}
- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
- gst-plugins-bad0.10 0.10.4-1
CVE-2009-0386 (Heap-based buffer overflow in the qtdemux_parse_samples
function in ...)
+ {DSA-1729-1}
- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
@@ -1993,8 +2124,8 @@
NOT-FOR-US: AREVA e-terrahabitat
CVE-2009-0209
RESERVED
-CVE-2009-0208
- RESERVED
+CVE-2009-0208 (Unspecified vulnerability in HP Virtual Rooms Client before
7.0.1, ...)
+ TODO: check
CVE-2009-0207
RESERVED
CVE-2009-0206 (Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and
earlier ...)
@@ -2035,8 +2166,8 @@
RESERVED
CVE-2009-0188
RESERVED
-CVE-2009-0187
- RESERVED
+CVE-2009-0187 (Stack-based buffer overflow in Orbit Downloader 2.8.2 and
2.8.3, and ...)
+ TODO: check
CVE-2009-0186
RESERVED
CVE-2009-0185
@@ -2288,8 +2419,8 @@
NOTE: different vector than described in CVE-2008-5282, see 507587#15
CVE-2009-XXXX [openslp: insecure cert validation through openssl api misuse]
- openslp-dfsg <not-affected> (Debian's openslp doesn't build with SSL
support)
-CVE-2009-0114
- RESERVED
+CVE-2009-0114 (Unspecified vulnerability in the Settings Manager in Adobe
Flash ...)
+ TODO: check
CVE-2009-0113 (Directory traversal vulnerability in attachmentlibrary.php in
the ...)
NOT-FOR-US: Joomla! component
CVE-2009-0112 (Cross-site request forgery (CSRF) vulnerability in ...)
@@ -3095,8 +3226,8 @@
CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390,
powerpc, ...)
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed>
-CVE-2009-0028
- RESERVED
+CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier
allows ...)
+ TODO: check
CVE-2009-0027
RESERVED
CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache
...)
@@ -4024,8 +4155,8 @@
NOT-FOR-US: TNT Forum
CVE-2008-5264 (Cross-site scripting (XSS) vulnerability in searcher.exe in
Tornado ...)
NOT-FOR-US: Tornado Knowledge Retrieval System
-CVE-2008-5263
- RESERVED
+CVE-2008-5263 (Multiple stack-based buffer overflows in the
mt_codec::getHdrHead ...)
+ TODO: check
CVE-2008-5262 (Multiple stack-based buffer overflows in the iGetHdrHeader
function in ...)
{DSA-1717-1 DTSA-184-1}
- devil 1.7.5-4 (low; bug #511844; bug #512122)
@@ -6084,6 +6215,7 @@
- scilab 4.1.2-6 (low; bug #496414)
[etch] - scilab <no-dsa> (Non-free not supported)
CVE-2008-4395 (Multiple buffer overflows in the ndiswrapper module 1.53 for
the Linux ...)
+ {DSA-1731-1}
- ndiswrapper 1.53-2 (medium; bug #504696)
CVE-2008-4394 (Multiple untrusted search path vulnerabilities in Portage
before ...)
NOT-FOR-US: Gentoo package manager Portage
@@ -6302,8 +6434,8 @@
CVE-2008-4309 (Integer overflow in the netsnmp_create_subtree_cache function
in ...)
{DSA-1663-1}
- net-snmp 5.4.1~dfsg-11 (bug #504150)
-CVE-2008-4308
- RESERVED
+CVE-2008-4308 (The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and
5.5.10 ...)
+ TODO: check
CVE-2008-4307 (Race condition in the do_setlk function in fs/nfs/file.c in the
Linux ...)
- linux-2.6 2.6.26-1
- linux-2.6.24 <removed>
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
