joeyh at alioth.debian.org
2009-Apr-01 21:14 UTC
[Secure-testing-commits] r11529 - data/CVE
Author: joeyh
Date: 2009-04-01 21:14:11 +0000 (Wed, 01 Apr 2009)
New Revision: 11529
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-04-01 20:55:56 UTC (rev 11528)
+++ data/CVE/list 2009-04-01 21:14:11 UTC (rev 11529)
@@ -1,3 +1,123 @@
+CVE-2009-1215 (Race condition in GNU screen 4.0.3 allows local users to create
or ...)
+ TODO: check
+CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file
with ...)
+ TODO: check
+CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in
attachment.cgi in ...)
+ TODO: check
+CVE-2009-1212 (Multiple insecure method vulnerabilities in PRECIS~2.DLL in the
...)
+ TODO: check
+CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is
enabled, uses ...)
+ TODO: check
+CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP)
dissector ...)
+ TODO: check
+CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows
...)
+ TODO: check
+CVE-2009-1208 (SQL injection vulnerability in auth2db 0.2.5, and possibly other
...)
+ TODO: check
+CVE-2009-1207 (Race condition in the dircmp script in Sun Solaris 8 through 10,
and ...)
+ TODO: check
+CVE-2009-1206 (Unspecified vulnerability in futomi''s CGI Cafe Access
Analyzer CGI ...)
+ TODO: check
+CVE-2009-1205 (Stack-based buffer overflow in EAI WebViewer3D ActiveX control
...)
+ TODO: check
+CVE-2009-1204 (Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) ...)
+ TODO: check
+CVE-2009-1203
+ RESERVED
+CVE-2009-1202
+ RESERVED
+CVE-2009-1201
+ RESERVED
+CVE-2009-1200
+ RESERVED
+CVE-2009-1199
+ RESERVED
+CVE-2009-1198
+ RESERVED
+CVE-2009-1197
+ RESERVED
+CVE-2009-1196
+ RESERVED
+CVE-2009-1195
+ RESERVED
+CVE-2009-1194
+ RESERVED
+CVE-2009-1193
+ RESERVED
+CVE-2009-1192
+ RESERVED
+CVE-2009-1191
+ RESERVED
+CVE-2009-1190
+ RESERVED
+CVE-2009-1189
+ RESERVED
+CVE-2009-1188
+ RESERVED
+CVE-2009-1187
+ RESERVED
+CVE-2009-1186
+ RESERVED
+CVE-2009-1185
+ RESERVED
+CVE-2009-1184
+ RESERVED
+CVE-2009-1183
+ RESERVED
+CVE-2009-1182
+ RESERVED
+CVE-2009-1181
+ RESERVED
+CVE-2009-1180
+ RESERVED
+CVE-2009-1179
+ RESERVED
+CVE-2009-1178 (Unspecified vulnerability in the server in IBM Tivoli Storage
Manager ...)
+ TODO: check
+CVE-2009-1177 (Multiple stack-based buffer overflows in maptemplate.c in
mapserv in ...)
+ TODO: check
+CVE-2009-1176 (mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x
before ...)
+ TODO: check
+CVE-2008-6572 (SQL injection vulnerability in search_results.php in ABK-Soft
...)
+ TODO: check
+CVE-2008-6571 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA
before ...)
+ TODO: check
+CVE-2008-6570 (Cross-site scripting (XSS) vulnerability in the RSS reader in
Cybozu ...)
+ TODO: check
+CVE-2008-6569 (Session fixation vulnerability in Cybozu Garoon 2.0.0 through
2.1.3 ...)
+ TODO: check
+CVE-2008-6568 (Unrestricted file upload vulnerability in Yehe 2.0 allows remote
...)
+ TODO: check
+CVE-2008-6567 (Multiple cross-site scripting (XSS) vulnerabilities in
Gallarific Free ...)
+ TODO: check
+CVE-2008-6566 (Unspecified vulnerability in Octopussy before 0.9.5.8 has
unknown ...)
+ TODO: check
+CVE-2008-6565 (Cross-site scripting (XSS) vulnerability in Invision Power Board
2.3.1 ...)
+ TODO: check
+CVE-2008-6564 (Nortel UNIStim protocol, as used in Communication Server 1000
and ...)
+ TODO: check
+CVE-2008-6563 (Buffer overflow in the XML parser in Trillian 3.1.9.0, and
possibly ...)
+ TODO: check
+CVE-2008-6562 (Cross-site scripting (XSS) vulnerability in jax_linklists.php in
Jack ...)
+ TODO: check
+CVE-2008-6561 (Citrix Presentation Server Client for Windows before 10.200 does
not ...)
+ TODO: check
+CVE-2007-6724 (Vidalia bundle before 0.1.2.18, when running on Windows and Mac
OS X, ...)
+ TODO: check
+CVE-2007-6723 (TorK before 0.22, when running on Windows and Mac OS X, installs
...)
+ TODO: check
+CVE-2007-6722 (Vidalia bundle before 0.1.2.18, when running on Windows and Mac
OS X, ...)
+ TODO: check
+CVE-2006-7237 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2005-4880 (Jax Guestbook 3.1 and 3.31 stores sensitive information under
the web ...)
+ TODO: check
+CVE-2005-4879 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2004-2762 (The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS,
5.1.9.x ...)
+ TODO: check
+CVE-2003-1570 (The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x
before ...)
+ TODO: check
CVE-2009-1175 (Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi
in ...)
- banshee <unfixed> (unimportant)
NOTE: banshee is intented as a desktop music player with no serious
@@ -331,8 +451,7 @@
NOT-FOR-US: NewsHOWLER
CVE-2008-6516 (Multiple directory traversal vulnerabilities in phpKF-Portal
1.10 ...)
NOT-FOR-US: phpKF-Portal
-CVE-2009-1073
- RESERVED
+CVE-2009-1073 (nss-ldapd before 0.6.8 uses world-readable permissions for the
...)
{DSA-1758-1}
- nss-ldapd 0.6.8
CVE-2009-1072 (nfsd in the Linux kernel before 2.6.28.9 does not drop the
CAP_MKNOD ...)
@@ -359,7 +478,7 @@
NOT-FOR-US: Orbit Downloader
CVE-2009-1063 (Buffer overflow in eXeScope 6.50 allows user-assisted remote
attackers ...)
NOT-FOR-US: eXeScope
-CVE-2009-1062 (Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1,
8 ...)
+CVE-2009-1062 (Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before
7.1.1 ...)
NOT-FOR-US: Acrobat Reader
CVE-2009-1061 (Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1,
8 ...)
NOT-FOR-US: Acrobat Reader
@@ -738,7 +857,7 @@
NOT-FOR-US: perl-MDK-Common
CVE-2009-0911
RESERVED
-CVE-2008-6480 (Cross-site request forgery (CSRF) vulnerability in Datalife
Engine 6.7 ...)
+CVE-2008-6480 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: Datalife Engine
CVE-2008-6479 (Cross-site request forgery (CSRF) vulnerability in the
"change ...)
NOT-FOR-US: swsoft
@@ -939,16 +1058,16 @@
TODO: check
CVE-2009-0844
RESERVED
-CVE-2009-0843
- RESERVED
-CVE-2009-0842
- RESERVED
-CVE-2009-0841
- RESERVED
-CVE-2009-0840
- RESERVED
-CVE-2009-0839
- RESERVED
+CVE-2009-0843 (The msLoadQuery function in mapserv in MapServer 4.x before
4.10.4 and ...)
+ TODO: check
+CVE-2009-0842 (mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2
allows ...)
+ TODO: check
+CVE-2009-0841 (Directory traversal vulnerability in mapserv.c in mapserv in
MapServer ...)
+ TODO: check
+CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in
cgiutil.c ...)
+ TODO: check
+CVE-2009-0839 (Stack-based buffer overflow in mapserv.c in mapserv in MapServer
4.x ...)
+ TODO: check
CVE-2009-0838 (The crypto pseudo device driver in Sun Solaris 10, and
OpenSolaris ...)
NOT-FOR-US: Solaris
CVE-2009-0837 (Stack-based buffer overflow in Foxit Reader 3.0 before Build
1506, ...)
@@ -1157,8 +1276,7 @@
RESERVED
CVE-2009-0791
RESERVED
-CVE-2009-0790 [strongswan/openswan: denial of service via malicious packet can
crash the Pluto daemon]
- RESERVED
+CVE-2009-0790 (The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before
...)
{DSA-1760-1 DSA-1759-1}
- openswan <unfixed> (medium; bug #521949)
- strongswan <unfixed> (medium; bug #521950)
@@ -1177,7 +1295,7 @@
CVE-2009-0784 (Race condition in the SystemTap stap tool 0.0.20080705 and ...)
{DSA-1755-1}
- systemtap 0.0.20090314-2
- [etch] - systemtap <not-affected> (vulnerable code not present)
+ [etch] - systemtap <not-affected> (vulnerable code not present)
CVE-2009-0783
RESERVED
CVE-2009-0782
@@ -1648,8 +1766,8 @@
RESERVED
CVE-2009-0687
RESERVED
-CVE-2009-0686
- RESERVED
+CVE-2009-0686 (The TrendMicro Activity Monitor Module (tmactmon.sys)
2.52.0.1002 in ...)
+ TODO: check
CVE-2009-0685
RESERVED
CVE-2009-0684
@@ -4435,7 +4553,7 @@
- wordpress 2.3.2 (low; bug #510786)
NOTE: only the admin has manage_options capabilities by default and only
editors
NOTE: have upload_files capabilities
- NOTE: Only versions prior to 2.3.2 are affected according to the Debian
maintainer
+ NOTE: Only versions prior to 2.3.2 are affected according to the Debian
maintainer
CVE-2008-5694 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Sandbox
CVE-2008-5693 (Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly
other ...)
@@ -6913,7 +7031,7 @@
CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google
Chrome ...)
{CVE-2008-4723}
- webkit <unfixed> (low; bug #520052)
- [lenny] - webkit <no-dsa> (Minor issue)
+ [lenny] - webkit <no-dsa> (Minor issue)
NOTE: webkit properly handles this issue with respect to extensions such as
jpg and txt, but not in general; for example, the attack works for odp, xls, etc
extensions (only tested with midori 0.1.4)
NOTE: not reproducible using iceweasel 3.0.1
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla
Firefox ...)
@@ -12486,7 +12604,7 @@
CVE-2008-2421 (Cross-site scripting (XSS) vulnerability in the Web GUI in SAP
Web ...)
NOT-FOR-US: Web GUI in SAP Web Application Server (WAS)
CVE-2008-2419 (Mozilla Firefox 2.0.0.14 allows remote attackers to cause a
denial of ...)
- NOTE: Mozilla bug 435130, not reproducible by upstream
+ NOTE: Mozilla bug 435130, not reproducible by upstream
CVE-2008-2418 (Race condition in the STREAMS Administrative Driver (sad) in Sun
...)
NOT-FOR-US: STREAMS Administrative Driver SUN
CVE-2008-2417 (SQL injection vulnerability in showQAnswer.asp in How2ASP.net
Webboard ...)
@@ -17394,8 +17512,8 @@
NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0367 (Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions,
when ...)
- iceweasel 3.0 (low)
- [etch] - iceweasel <no-dsa> (Minor issue)
- NOTE: Mozilla #244273
+ [etch] - iceweasel <no-dsa> (Minor issue)
+ NOTE: Mozilla #244273
CVE-2008-0366 (CORE FORCE before 0.95.172 does not properly validate arguments
to ...)
NOT-FOR-US: CORE FORCE
CVE-2008-0365 (Multiple buffer overflows in CORE FORCE before 0.95.172 allow
local ...)