Author: joeyh
Date: 2009-04-02 21:14:10 +0000 (Thu, 02 Apr 2009)
New Revision: 11542
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-02 14:15:20 UTC (rev 11541)
+++ data/CVE/list 2009-04-02 21:14:10 UTC (rev 11542)
@@ -1,3 +1,29 @@
+CVE-2009-1221
+ RESERVED
+CVE-2009-1220 (Cross-site scripting (XSS) vulnerability in +webvpn+/index.html
in ...)
+ TODO: check
+CVE-2009-1219 (Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0
and Sun ...)
+ TODO: check
+CVE-2009-1218 (Multiple cross-site scripting (XSS) vulnerabilities in Sun
Calendar ...)
+ TODO: check
+CVE-2009-1217 (Off-by-one error in the GpFont::SetData function in gdiplus.dll
in ...)
+ TODO: check
+CVE-2009-1216 (Multiple unspecified vulnerabilities in (1) unlzh.c and (2)
unpack.c ...)
+ TODO: check
+CVE-2008-6579 (Nortel Communication Server 1000 4.50.x allows remote attackers
to ...)
+ TODO: check
+CVE-2008-6578 (Multiple unspecified vulnerabilities in Nortel Communication
Server ...)
+ TODO: check
+CVE-2008-6577 (Nortel MG1000S, Signaling Server, and Call Server on the ...)
+ TODO: check
+CVE-2008-6576 (Unspecified vulnerability in the "session limitation
technique" in the ...)
+ TODO: check
+CVE-2008-6575 (Unspecified vulnerability in the SIP server in SIP Enablement
Services ...)
+ TODO: check
+CVE-2008-6574 (Unspecified vulnerability in SIP Enablement Services (SES) in
Avaya ...)
+ TODO: check
+CVE-2008-6573 (Multiple SQL injection vulnerabilities in Avaya SIP Enablement
...)
+ TODO: check
CVE-2009-1215 (Race condition in GNU screen 4.0.3 allows local users to create
or ...)
- screen <unfixed> (bug #521123)
[etch] - screen <not-affected> (etch version predates #433338)
@@ -14,7 +40,7 @@
NOT-FOR-US: PrecisionID Datamatrix ActiveX control
CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is
enabled, uses ...)
NOT-FOR-US: Blue Coat ProxySG
-CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP)
dissector ...)
+CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP)
dissector in ...)
- wireshark <unfixed>
TODO: File bug
CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1
allows ...)
@@ -26,7 +52,8 @@
NOT-FOR-US: Solaris
CVE-2009-1206 (Unspecified vulnerability in futomi's CGI Cafe Access Analyzer
CGI ...)
NOT-FOR-US: Cafe Access Analyzer CGI Professional
-CVE-2009-1205 (Stack-based buffer overflow in EAI WebViewer3D ActiveX control
...)
+CVE-2009-1205
+ REJECTED
NOT-FOR-US: EAI WebViewer3D ActiveX control
CVE-2009-1204 (Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) ...)
NOT-FOR-US: TikiWiki
@@ -6785,8 +6812,8 @@
NOT-FOR-US: ComponentOne SizerOne
CVE-2008-4826
RESERVED
-CVE-2008-4825
- RESERVED
+CVE-2008-4825 (Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly
other ...)
+ TODO: check
CVE-2008-4824 (Multiple unspecified vulnerabilities in Adobe Flash Player 10.x
before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2008-4823 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player
...)
@@ -9085,8 +9112,8 @@
- flashplugin-nonfree 1:1.4
[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
NOTE: automatically downloads latest update from adobe which is
9.0.124.0 currently
-CVE-2008-3871
- RESERVED
+CVE-2008-3871 (Multiple format string vulnerabilities in UltraISO 9.3.1.2633,
and ...)
+ TODO: check
CVE-2008-3870
RESERVED
CVE-2008-3869
@@ -15954,6 +15981,7 @@
CVE-2008-1037 (Cross-site scripting (XSS) vulnerability in the file listing
function ...)
NOT-FOR-US: Packeteer PacketShaper
CVE-2008-1036 (The International Components for Unicode (ICU) library in Apple
Mac OS ...)
+ {DSA-1762-1}
- icu 4.0.1-1
CVE-2008-1035 (Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X
allows ...)
NOT-FOR-US: Apple iCal
@@ -21802,7 +21830,7 @@
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2280 (syslogd on OpenBSD 2.9 through 3.2 does not change the source
IP ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2002-2279 (Unspecified vulnerability in the bind function in config.inc of
aldap 0.09 ...)
+CVE-2002-2279 (Unspecified vulnerability in the bind function in config.inc of
aldap ...)
NOT-FOR-US: aldap
CVE-2002-2278 (Cross-site scripting (XSS) vulnerability in
mod_search/index.php in ...)
NOT-FOR-US: PortailPHP
@@ -24706,8 +24734,8 @@
{DSA-1566-1 DSA-1438-1}
- tar 1.18-1 (low; bug #441444)
- cpio 2.9-5 (low; bug #449222)
-CVE-2007-4475
- RESERVED
+CVE-2007-4475 (Stack-based buffer overflow in EAI WebViewer3D ActiveX control
...)
+ TODO: check
CVE-2007-4474 (Multiple stack-based buffer overflows in the IBM Lotus Domino
Web ...)
NOT-FOR-US: IBM Lotus Domino Web Access
CVE-2007-4473 (Gesytec Easylon OPC Server before 2.3.44 does not properly
validate ...)
@@ -59634,7 +59662,7 @@
NOT-FOR-US: AIX
CVE-2001-1528 (AmTote International homebet program returns different error
messages ...)
NOT-FOR-US: AmTote International homebet
-CVE-2001-1527 (easyNews 1.5 and earlier stores adminstration passwords in
cleartext ...)
+CVE-2001-1527 (easyNews 1.5 and earlier stores administration passwords in
cleartext ...)
NOT-FOR-US: easynews
CVE-2001-1526 (Cross-site scripting (XSS) vulnerability in the comments action
in ...)
NOT-FOR-US: easynews
@@ -60393,7 +60421,7 @@
NOT-FOR-US: Solaris
CVE-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier,
and ...)
NOT-FOR-US: Watchguard SOHO
-CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attckers to bypass
...)
+CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass
...)
NOT-FOR-US: IPFilter
CVE-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out
according to ...)
NOT-FOR-US: Proprietary PGP
@@ -63995,7 +64023,7 @@
NOT-FOR-US: SurfControl SuperScout
CVE-2001-1464 (Crystal Reports, when displaying data for a password protected
...)
NOT-FOR-US: Crystal Reports
-CVE-2001-1463 (The remote admimnistration client for RhinoSoft Serv-U 3.0
sends the ...)
+CVE-2001-1463 (The remote administration client for RhinoSoft Serv-U 3.0 sends
the ...)
NOT-FOR-US: RhinoSoft Serv-U
CVE-2001-1462 (WebID in RSA Security SecurID 5.0 as used by ACE/Agent for
Windows, ...)
NOT-FOR-US: RSA Security SecurID
@@ -65297,7 +65325,7 @@
- kernel-source-2.4.27 <not-affected> (There is no epoll in kernel 2.4)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.1)
[sarge] - kernel-source-2.6.8 2.6.8-14
-CVE-2005-0735 (newsscript.pl for NewsScript allows remote attachers to gain
...)
+CVE-2005-0735 (newsscript.pl for NewsScript allows remote attackers to gain
...)
NOT-FOR-US: newsscript
CVE-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
NOT-FOR-US: PY Software Active Webcam WebServer
@@ -68431,7 +68459,7 @@
NOT-FOR-US: Star Wars Battlefront
CVE-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier
allows ...)
NOT-FOR-US: Star Wars Battlefront
-CVE-2004-1193 (Prevx Home 1.0 allows local users with adminstrator privileges
to ...)
+CVE-2004-1193 (Prevx Home 1.0 allows local users with administrator privileges
to ...)
NOT-FOR-US: Prevex Home
CVE-2004-1192 (Format string vulnerability in the lprintf function in
Citadel/UX 6.27 ...)
NOT-FOR-US: Citadel/UX
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
