Author: joeyh
Date: 2009-07-02 21:14:20 +0000 (Thu, 02 Jul 2009)
New Revision: 12257
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-07-02 18:48:16 UTC (rev 12256)
+++ data/CVE/list 2009-07-02 21:14:20 UTC (rev 12257)
@@ -1,3 +1,77 @@
+CVE-2009-2313 (Directory traversal vulnerability in index.php in Jinzora Media
...)
+ TODO: check
+CVE-2009-2312 (SmartFilter Web Gateway Security 4.2.1.00 stores user
credentials in ...)
+ TODO: check
+CVE-2009-2311 (SQL injection vulnerability in the rGallery plugin 1.2.3 for
WoltLab ...)
+ TODO: check
+CVE-2009-2310 (SQL injection vulnerability in include/get_read.php in ...)
+ TODO: check
+CVE-2009-2309 (SQL injection vulnerability in index.php in Codice CMS 2 allows
remote ...)
+ TODO: check
+CVE-2009-2308 (Multiple SQL injection vulnerabilities in affiliates.php in the
...)
+ TODO: check
+CVE-2009-2307 (SQL injection vulnerability in the CWGuestBook module 2.1 and
earlier ...)
+ TODO: check
+CVE-2009-2306 (The ARD-9808 DVR card security camera stores sensitive
information ...)
+ TODO: check
+CVE-2009-2305 (The ARD-9808 DVR card security camera allows remote attackers to
cause ...)
+ TODO: check
+CVE-2009-2304 (index.php in Aardvark Topsites PHP 5.2.0 and earlier allows
remote ...)
+ TODO: check
+CVE-2009-2303 (index.php in Aardvark Topsites PHP 5.2.1 and earlier allows
remote ...)
+ TODO: check
+CVE-2009-2302 (Cross-site scripting (XSS) vulnerability in index.php in
Aardvark ...)
+ TODO: check
+CVE-2009-2301 (The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with
...)
+ TODO: check
+CVE-2009-2300 (The management interface in the phion airlock Web Application
Firewall ...)
+ TODO: check
+CVE-2009-2299 (The Artofdefence Hyperguard Web Application Firewall (WAF)
module ...)
+ TODO: check
+CVE-2009-2298 (Stack-based buffer overflow in rping in HP OpenView Network Node
...)
+ TODO: check
+CVE-2009-2297 (Unspecified vulnerability in the udp subsystem in the kernel in
Sun ...)
+ TODO: check
+CVE-2009-2296 (The NFSv4 server kernel module in Sun Solaris 10, and
OpenSolaris ...)
+ TODO: check
+CVE-2009-2295
+ RESERVED
+CVE-2009-2294
+ RESERVED
+CVE-2009-2293 (Optimum Web Design Tutorial Share 3.5.0 and earlier allows
remote ...)
+ TODO: check
+CVE-2009-2292 (Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32
...)
+ TODO: check
+CVE-2009-2291 (Unspecified vulnerability in LoginToboggan 6.x-1.x before
6.x-1.5, a ...)
+ TODO: check
+CVE-2009-2290 (SQL injection vulnerability in the Boy Scout Advancement
(com_bsadv) ...)
+ TODO: check
+CVE-2009-2289 (Cross-site scripting (XSS) vulnerability in index.php in Arcade
Trade ...)
+ TODO: check
+CVE-2009-2287 (The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux
kernel ...)
+ TODO: check
+CVE-2009-2285 (Buffer underflow in the LZWDecodeCompat function in libtiff
3.8.2 ...)
+ TODO: check
+CVE-2009-2283 (Multiple cross-site scripting (XSS) vulnerabilities in the help
jsp ...)
+ TODO: check
+CVE-2009-2282 (The Virtual Network Terminal Server daemon (vntsd) for Logical
Domains ...)
+ TODO: check
+CVE-2008-6847 (Cross-site scripting (XSS) vulnerability in
Employee/emp_login.asp in ...)
+ TODO: check
+CVE-2008-6846 (Multiple stack-based buffer overflows in avast! Linux Home
Edition ...)
+ TODO: check
+CVE-2008-6845 (The unpack feature in ClamAV 0.93.3 and earlier allows remote
...)
+ TODO: check
+CVE-2008-6844 (The registration view (/user/register) in eZ Publish 3.5.6 and
...)
+ TODO: check
+CVE-2008-6843 (Directory traversal vulnerability in index.php in Fantastico, as
used ...)
+ TODO: check
+CVE-2008-6842 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2008-6841 (PHP remote file inclusion vulnerability in the Green Mountain
...)
+ TODO: check
+CVE-2008-6840 (Multiple PHP remote file inclusion vulnerabilities in V-webmail
1.6.4 ...)
+ TODO: check
CVE-2009-XXXX [multiple drupal issues]
- drupal6 <unfixed> (bug #535435)
- drupal5 <unfixed> (bug #535476)
@@ -3,5 +77,5 @@
NOTE: http://drupal.org/node/507572
NOTE: requested CVE id
-CVE-2009-2284 [phpMyAdmin XSS PMASA-2009-5]
+CVE-2009-2284 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before
3.2.0.1 ...)
- phpmyadmin 4:3.2.0.1-1
TODO: need to assess severity of this issue
@@ -37,6 +111,7 @@
CVE-2009-2266
RESERVED
CVE-2009-2281 [Heap-based buffer underflow in the readPostBody function in
cgiutil.c ...]
+ RESERVED
- mapserver <unfixed> (medium; bug #535340)
NOTE: http://www.openwall.com/lists/oss-security/2009/06/22/2
CVE-2009-2265
@@ -125,12 +200,12 @@
NOT-FOR-US: OpenID module for Drupal
CVE-2009-XXXX [udev: creates aacraid devices that are rw by group floppy]
- udev 0.141-1 (medium; bug #530245; bug #462655; bug #404927)
-CVE-2009-2288 [command injection in nagios]
+CVE-2009-2288 (statuswml.cgi in Nagios before 3.1.1 allows remote attackers to
...)
- nagios3 3.0.6-5
- nagios2 <removed>
[etch] - nagios2 <unfixed>
NOTE: http://secunia.com/advisories/35543
-CVE-2009-2286 [compface buffer overflow]
+CVE-2009-2286 (Buffer overflow in compface 1.5.2 and earlier allows
user-assisted ...)
- libcompface 1:1.5.2-5 (medium; bug #534973)
CVE-2009-XXXX [apache2 mod_deflate DoS]
- apache2 <unfixed> (medium; bug #534712)
@@ -2213,8 +2288,8 @@
RESERVED
CVE-2009-1422
RESERVED
-CVE-2009-1421
- RESERVED
+CVE-2009-1421 (Unspecified vulnerability in NFS / ONCplus on HP HP-UX B.11.31
allows ...)
+ TODO: check
CVE-2009-1420 (Unspecified vulnerability in HP OpenView Network Node Manager
(OV NNM) ...)
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-1419 (Unspecified vulnerability in HP Discovery & Dependency
Mapping ...)
@@ -5130,8 +5205,8 @@
NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on
CVE-2009-0690 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for
Foxit ...)
NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on
-CVE-2009-0689
- RESERVED
+CVE-2009-0689 (The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc
in ...)
+ TODO: check
CVE-2009-0688 (Multiple buffer overflows in the CMU Cyrus SASL library before
2.1.23 ...)
{DSA-1807-1 DTSA-200-1 DTSA-201-1}
- cyrus-sasl2 2.1.23.dfsg1-1 (bug #528749)