Author: joeyh
Date: 2009-03-05 21:14:13 +0000 (Thu, 05 Mar 2009)
New Revision: 11327
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-05 09:25:21 UTC (rev 11326)
+++ data/CVE/list 2009-03-05 21:14:13 UTC (rev 11327)
@@ -1,3 +1,153 @@
+CVE-2009-0821 (Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to
cause ...)
+ TODO: check
+CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before
1.2.11 ...)
+ TODO: check
+CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL before 5.1.32 allows remote
authenticated ...)
+ TODO: check
+CVE-2009-0818 (Cross-site scripting (XSS) vulnerability in the ...)
+ TODO: check
+CVE-2009-0817 (Cross-site scripting (XSS) vulnerability in the Protected Node
module ...)
+ TODO: check
+CVE-2009-0816 (Cross-site scripting (XSS) vulnerability in the backend user
interface ...)
+ TODO: check
+CVE-2009-0815 (The jumpUrl mechanism in class.tslib_fe.php in TYPO3 4.0 before
...)
+ TODO: check
+CVE-2009-0814 (Cross-site scripting (XSS) vulnerability in Widgets.aspx in
Blogsa 1.0 ...)
+ TODO: check
+CVE-2009-0813 (Insecure method vulnerability in the ImeraIEPlugin ActiveX
control ...)
+ TODO: check
+CVE-2009-0812 (Stack-based buffer overflow in BreakPoint Software Hex Workshop
4.23, ...)
+ TODO: check
+CVE-2009-0811 (Insecure method vulnerability in the SopCast SopCore ActiveX
control ...)
+ TODO: check
+CVE-2009-0810 (SQL injection vulnerability in login.php in xGuestbook 2.0
allows ...)
+ TODO: check
+CVE-2009-0809 (The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before
Release ...)
+ TODO: check
+CVE-2009-0808 (Multiple SQL injection vulnerabilities in SimpleCMMS before
0.1.0 ...)
+ TODO: check
+CVE-2009-0807 (zFeeder 1.6 allows remote attackers to gain administrative
access via ...)
+ TODO: check
+CVE-2009-0806 (Unspecified vulnerability in OpenGoo before 1.2.1 allows remote
...)
+ TODO: check
+CVE-2009-0805 (Cross-site scripting (XSS) vulnerability in piCal 0.91h and
earlier, a ...)
+ TODO: check
+CVE-2009-0804 (Ziproxy 2.6.0, when transparent interception mode is enabled,
uses the ...)
+ TODO: check
+CVE-2009-0803 (SmoothWall SmoothGuardian, as used in SmoothWall Firewall, ...)
+ TODO: check
+CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled,
uses the ...)
+ TODO: check
+CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the
HTTP ...)
+ TODO: check
+CVE-2009-0800
+ RESERVED
+CVE-2009-0799
+ RESERVED
+CVE-2009-0798
+ RESERVED
+CVE-2009-0797
+ RESERVED
+CVE-2009-0796
+ RESERVED
+CVE-2009-0795
+ RESERVED
+CVE-2009-0794
+ RESERVED
+CVE-2009-0793
+ RESERVED
+CVE-2009-0792
+ RESERVED
+CVE-2009-0791
+ RESERVED
+CVE-2009-0790
+ RESERVED
+CVE-2009-0789
+ RESERVED
+CVE-2009-0788
+ RESERVED
+CVE-2009-0787
+ RESERVED
+CVE-2009-0786
+ RESERVED
+CVE-2009-0785
+ RESERVED
+CVE-2009-0784
+ RESERVED
+CVE-2009-0783
+ RESERVED
+CVE-2009-0782
+ RESERVED
+CVE-2009-0781
+ RESERVED
+CVE-2009-0780 (The aspath_prepend function in rde_attr.c in bgpd in OpenBSD
4.3 and ...)
+ TODO: check
+CVE-2009-0779 (Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local
users ...)
+ TODO: check
+CVE-2009-0778
+ RESERVED
+CVE-2009-0777 (Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and
...)
+ TODO: check
+CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird
before ...)
+ TODO: check
+CVE-2009-0775 (Double free vulnerability in Mozilla Firefox before 3.0.7,
Thunderbird ...)
+ TODO: check
+CVE-2009-0774 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7,
Thunderbird ...)
+ TODO: check
+CVE-2009-0773 (The JavaScript engine in Mozilla Firefox before 3.0.7,
Thunderbird ...)
+ TODO: check
+CVE-2009-0772 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7,
Thunderbird ...)
+ TODO: check
+CVE-2009-0771 (The layout engine in Mozilla Firefox before 3.0.7, Thunderbird
before ...)
+ TODO: check
+CVE-2009-0770 (dkim-milter 2.6.0 through 2.8.0 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2009-0769 (QIP 2005 build 8082 allows remote attackers to cause a denial
of ...)
+ TODO: check
+CVE-2009-0768 (SQL injection vulnerability in forumhop.php in YapBB 1.2 and
earlier ...)
+ TODO: check
+CVE-2009-0767 (Kipper 2.01 stores sensitive information under the web root
with ...)
+ TODO: check
+CVE-2009-0766 (Directory traversal vulnerability in default.php in Kipper 2.01
allows ...)
+ TODO: check
+CVE-2009-0765 (Directory traversal vulnerability in index.php in Kipper 2.01
allows ...)
+ TODO: check
+CVE-2009-0764 (Multiple cross-site scripting (XSS) vulnerabilities in Kipper
2.01 ...)
+ TODO: check
+CVE-2009-0763 (Cross-site scripting (XSS) vulnerability in default.php in
Kipper 2.01 ...)
+ TODO: check
+CVE-2009-0762 (Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP
Comment ...)
+ TODO: check
+CVE-2009-0761 (Cross-site scripting (XSS) vulnerability in online.asp in Team
Board ...)
+ TODO: check
+CVE-2009-0760 (Team Board 1.x and 2.x stores sensitive information under the
web root ...)
+ TODO: check
+CVE-2009-0759 (Multiple CRLF injection vulnerabilities in webadmin in ZNC
before ...)
+ TODO: check
+CVE-2009-0758 (The originates_from_local_legacy_unicast_socket function in ...)
+ TODO: check
+CVE-2009-0757 (Multiple buffer overflows in GNU MPFR 2.4.0 allow
context-dependent ...)
+ TODO: check
+CVE-2009-0756 (The JBIG2Stream::readSymbolDictSeg function in Poppler before
0.10.4 ...)
+ TODO: check
+CVE-2009-0755 (The FormWidgetChoice::loadDefaults function in Poppler before
0.10.4 ...)
+ TODO: check
+CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache,
allows ...)
+ TODO: check
+CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through
2.9.7 ...)
+ TODO: check
+CVE-2008-6398 (sng_regress in SNG 1.0.2 allows local users to overwrite
arbitrary ...)
+ TODO: check
+CVE-2008-6397 (rlatex in AlcoveBook sgml2x 1.0.0 allows local users to
overwrite ...)
+ TODO: check
+CVE-2008-6396 (Cross-site scripting (XSS) vulnerability in account.php in
Celerondude ...)
+ TODO: check
+CVE-2008-6395 (The web management interface in 3Com Wireless 8760 Dual Radio
11a/b/g ...)
+ TODO: check
+CVE-2008-6394 (SQL injection vulnerability in core/user.php in CS-Cart 1.3.5
and ...)
+ TODO: check
+CVE-2008-6393 (PSI Jabber client before 0.12.1 allows remote attackers to
cause a ...)
+ TODO: check
CVE-2009-0752 (Unspecified vulnerability in Movable Type Pro and Community
Solution ...)
TODO: check
CVE-2009-0751 (Yaws before 1.80 allows remote attackers to cause a denial of
service ...)
@@ -778,8 +928,8 @@
NOT-FOR-US: Cisco
CVE-2009-0620 (Cisco ACE Application Control Engine Module for Catalyst 6500
Switches ...)
NOT-FOR-US: Cisco
-CVE-2009-0619
- RESERVED
+CVE-2009-0619 (Unspecified vulnerability in the Session Border Controller
(SBC) ...)
+ TODO: check
CVE-2009-0618 (Unspecified vulnerability in the Java agent in Cisco
Application ...)
NOT-FOR-US: Cisco
CVE-2009-0617 (Cisco Application Networking Manager (ANM) before 2.0 uses a
default ...)
@@ -901,8 +1051,8 @@
RESERVED
CVE-2009-0579
RESERVED
-CVE-2009-0578
- RESERVED
+CVE-2009-0578 (network-manager-applet in Ubuntu 8.10 does not properly verify
...)
+ TODO: check
CVE-2009-0577 (Integer overflow in the WriteProlog function in texttops in
CUPS ...)
NOT-FOR-US: RedHat specific, because they had a problem applying the
fix for CVE-2008-3640
CVE-2009-0576 (Unspecified vulnerability in Sun Java System Directory Server
5.2 p6 ...)
@@ -1671,16 +1821,16 @@
NOTE: CVE id requested
[lenny] - audacity 1.3.5-2+lenny1
CVE-2009-0368 (OpenSC before 0.11.7 allows physically proximate attackers to
bypass ...)
+ {DSA-1734-1}
- opensc <unfixed>
[etch] - opensc <not-affected> (vulnerable code not present)
-CVE-2009-0367 [wesnoth python sandbox escape]
- RESERVED
+CVE-2009-0367 (The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11
allows ...)
- wesnoth 1:1.4.7-4
CVE-2009-0366 [wesnoth server memory exhaustion]
RESERVED
- wesnoth 1:1.4.7-4
-CVE-2009-0365
- RESERVED
+CVE-2009-0365 (The dbus request handler in (1) network-manager-applet and (2)
...)
+ TODO: check
CVE-2009-0364
RESERVED
CVE-2009-0363 (Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b)
owl ...)
@@ -2284,8 +2434,8 @@
RESERVED
CVE-2009-0187 (Stack-based buffer overflow in Orbit Downloader 2.8.2 and
2.8.3, and ...)
NOT-FOR-US: Orbit Downloader
-CVE-2009-0186
- RESERVED
+CVE-2009-0186 (Integer overflow in libsndfile 1.0.18, as used in Winamp and
other ...)
+ TODO: check
CVE-2009-0185
RESERVED
CVE-2009-0184 (Multiple buffer overflows in the torrent parsing implementation
in ...)
@@ -3322,8 +3472,8 @@
RESERVED
CVE-2009-0038
RESERVED
-CVE-2009-0037
- RESERVED
+CVE-2009-0037 (The redirect implementation in curl and libcurl 5.11 through
7.19.3, ...)
+ TODO: check
CVE-2009-0036 (Buffer overflow in the proxyReadClientSocket function in ...)
- libvirt 0.5.1-7 (unimportant)
NOTE: not building libvirt proxy from libvirt source package
@@ -62467,7 +62617,7 @@
NOT-FOR-US: Commercial SSH
CVE-2001-1474 (SSH before 2.0 disables host key checking when connecting to
the ...)
NOT-FOR-US: Commercial SSH
-CVE-2001-1473 (The SSH-1 protocol allows remote servers conduct
man-in-the-middle ...)
+CVE-2001-1473 (The SSH-1 protocol allows remote servers to conduct
man-in-the-middle ...)
NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2
protocol.
CVE-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and
1.4.1 ...)
- phpbb2 2.0.6c-1
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
