[Secure-testing-commits] r13482 - data/CVE

Joey Hess Mon, 07 Dec 2009 13:14:32 -0800

Author: joeyh
Date: 2009-12-07 21:14:22 +0000 (Mon, 07 Dec 2009)
New Revision: 13482


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-12-07 16:12:29 UTC (rev 13481)
+++ data/CVE/list       2009-12-07 21:14:22 UTC (rev 13482)
@@ -1,3 +1,35 @@
+CVE-2009-4213
+       RESERVED
+CVE-2009-4212
+       RESERVED
+CVE-2009-4211 (The U.S. Defense Information Systems Agency (DISA) Security 
Readiness ...)
+       TODO: check
+CVE-2009-4210
+       RESERVED
+CVE-2009-4209 (Multiple cross-site scripting (XSS) vulnerabilities in 
admin/index.php ...)
+       TODO: check
+CVE-2009-4208 (SQL injection vulnerability in the os_news module in 
Open-school (OS) ...)
+       TODO: check
+CVE-2009-4207 (Cross-site scripting (XSS) vulnerability in the Webform module 
5.x ...)
+       TODO: check
+CVE-2009-4206 (SQL injection vulnerability in admin.link.modify.php in Million 
Dollar ...)
+       TODO: check
+CVE-2009-4205 (Directory traversal vulnerability in admin.php in Flashlight 
Free ...)
+       TODO: check
+CVE-2009-4204 (SQL injection vulnerability in read.php in Flashlight Free 
Edition ...)
+       TODO: check
+CVE-2009-4203 (Multiple SQL injection vulnerabilities in 
admin/aclass/admin_func.php ...)
+       TODO: check
+CVE-2009-4202 (Directory traversal vulnerability in the Omilen Photo Gallery 
...)
+       TODO: check
+CVE-2009-4201 (Multiple stack-based buffer overflows in Mp3 Tag Assistant ...)
+       TODO: check
+CVE-2009-4200 (SQL injection vulnerability in the Seminar (com_seminar) 
component ...)
+       TODO: check
+CVE-2009-4199 (Multiple SQL injection vulnerabilities in the Mambo Resident 
(aka Mos ...)
+       TODO: check
+CVE-2009-4198 (SQL injection vulnerability in my_orders.php in MyMiniBill 
allows ...)
+       TODO: check
 CVE-2009-4197 (rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running 
firmware ...)
        NOT-FOR-US: Huawei MT882 V100R002B020
 CVE-2009-4196 (Multiple cross-site scripting (XSS) vulnerabilities in multiple 
...)
@@ -94,8 +126,8 @@
        NOT-FOR-US: IBM DB2
 CVE-2009-4149
        RESERVED
-CVE-2009-4148
-       RESERVED
+CVE-2009-4148 (DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote 
attackers ...)
+       TODO: check
 CVE-2009-4147 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
        TODO: check
 CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
@@ -191,7 +223,7 @@
        - firefox-sage <unfixed> (low; bug #559267)
 CVE-2009-4101 (infoRSS 1.1.4.2 and earlier extension for Firefox performs 
certain ...)
        NOT-FOR-US: infoRSS extension for Firefox
-CVE-2009-4100 (Yoono extension 6.1.1 for Firefox performs certain operations 
with ...)
+CVE-2009-4100 (Yoono extension before 6.1.1 for Firefox performs certain 
operations ...)
        NOT-FOR-US: Yoono extension for Firefox
 CVE-2009-4099 (SQL injection vulnerability in the Google Calendar GCalendar 
...)
        NOT-FOR-US: Joomla! Component
@@ -396,8 +428,7 @@
        NOTE: <https://www.isc.org/node/504>
        NOTE: Only affects installations with trust anchors, but then the
        NOTE: consequences are quite severe.
-CVE-2009-4020 [linux-2.6: hfs buffer overflow]
-       RESERVED
+CVE-2009-4020 (Stack-based buffer overflow in the hfs subsystem in the Linux 
kernel ...)
        - linux-2.6 <unfixed> (medium)
        - linux-2.6.24 <removed> (medium)
 CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 
does not ...)
@@ -1661,8 +1692,8 @@
        NOT-FOR-US: Xerver HTTP Server
 CVE-2009-3561 (Directory traversal vulnerability in Xerver HTTP Server 4.32 
allows ...)
        NOT-FOR-US: Xerver HTTP Server
-CVE-2009-3560
-       RESERVED
+CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 
2.0.1, ...)
+       TODO: check
 CVE-2009-3559 (** DISPUTED ** ...)
        - php5 <unfixed> (unimportant)
        NOTE: safe_mode regression
@@ -2293,8 +2324,7 @@
        NOT-FOR-US: ClearSite
 CVE-2009-3305
        RESERVED
-CVE-2009-3304 [gforge: symlink attack]
-       RESERVED
+CVE-2009-3304 (GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to 
overwrite ...)
        {DSA-1945-1}
        - gforge  4.8.2-1
 CVE-2009-3303 (Cross-site scripting (XSS) vulnerability in 
www/help/tracker.php in ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r13482 - data/CVE

Reply via email to