Author: joeyh Date: 2009-07-23 21:14:32 +0000 (Thu, 23 Jul 2009) New Revision: 12394 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-07-23 13:22:21 UTC (rev 12393) +++ data/CVE/list 2009-07-23 21:14:32 UTC (rev 12394) @@ -1,3 +1,52 @@ +CVE-2009-2584 (Off-by-one error in the options_write function in ...) + TODO: check +CVE-2009-2583 (Multiple session fixation vulnerabilities in IBM Tivoli Identity ...) + TODO: check +CVE-2009-2582 (Stack-based buffer overflow in manager.exe in Akamai Download Manager ...) + TODO: check +CVE-2009-2581 (Cross-site scripting (XSS) vulnerability in modifier.php in ...) + TODO: check +CVE-2009-2580 + REJECTED + TODO: check +CVE-2009-2579 + RESERVED +CVE-2009-2578 (Google Chrome 2.x through 2.0.172 allows remote attackers to cause a ...) + TODO: check +CVE-2009-2577 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...) + TODO: check +CVE-2009-2576 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote ...) + TODO: check +CVE-2009-2575 (The Research In Motion (RIM) BlackBerry 8800 allows remote attackers ...) + TODO: check +CVE-2009-2574 (index.php in MiniTwitter 0.2 beta allows remote authenticated users to ...) + TODO: check +CVE-2009-2573 (Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when ...) + TODO: check +CVE-2009-2572 (Cross-site request forgery (CSRF) vulnerability in the Fivestar module ...) + TODO: check +CVE-2009-2571 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) + TODO: check +CVE-2009-2570 (Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX ...) + TODO: check +CVE-2009-2569 (Multiple cross-site scripting (XSS) vulnerabilities in Verlihub ...) + TODO: check +CVE-2009-2568 (Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) ...) + TODO: check +CVE-2009-2567 (SQL injection vulnerability in the Almond Classifieds (com_aclassf) ...) + TODO: check +CVE-2008-6873 (SQL injection vulnerability in Active Web Mail 4.0 allows remote ...) + TODO: check +CVE-2008-6872 (ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the ...) + TODO: check +CVE-2008-6871 (Merlix Educate Server stores db.mdb under the web root with ...) + TODO: check +CVE-2008-6870 (Merlix Educate Server allows remote attackers to bypass intended ...) + TODO: check +CVE-2008-6869 (Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive ...) + TODO: check +CVE-2008-6868 (Cross-site scripting (XSS) vulnerability in default/login.php in ...) + TODO: check CVE-2009-2566 (Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly ...) TODO: check CVE-2009-2565 (Cross-site scripting (XSS) vulnerability in Perl CGI''s By Mrs. ...) @@ -165,7 +214,7 @@ TODO: request CVE id CVE-2009-2484 (Stack-based buffer overflow in the Win32AddConnection function in ...) - vlc <not-affected> (The vulnerability affects Windows builds only) -CVE-2009-2479 (Stack-based buffer overflow in Mozilla Firefox 3.5 allows remote ...) +CVE-2009-2479 (Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote ...) - xulrunner <not-affected> NOTE: Affected version only available in experimental, only Firefox 3.5 TODO: check when 3.5 gets uploaded to unstable @@ -180,52 +229,52 @@ RESERVED CVE-2009-2473 RESERVED -CVE-2009-2472 [Multiple cross origin wrapper bypasses] - RESERVED +CVE-2009-2472 (Mozilla Firefox before 3.0.12 does not always use ...) + {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-40.html -CVE-2009-2471 [setTimeout loses XPCNativeWrappers] - RESERVED +CVE-2009-2471 (The setTimeout function in Mozilla Firefox before 3.0.12 does not ...) + {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-39.html CVE-2009-2470 RESERVED -CVE-2009-2469 [ Crash and remote code execution using watch and __defineSetter__ on SVG element ] - RESERVED +CVE-2009-2469 (Mozilla Firefox before 3.0.12 does not properly handle an SVG element ...) + {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-37.html -CVE-2009-2468 - RESERVED -CVE-2009-2467 [Crash and remote code execution during Flash player unloading] - RESERVED +CVE-2009-2468 (Integer overflow in CoreGraphics in Apple Mac OS X, as used in Mozilla ...) + TODO: check +CVE-2009-2467 (Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote ...) + {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-35.html -CVE-2009-2466 [Crashes with evidence of memory corruption ] - RESERVED +CVE-2009-2466 (The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird ...) + {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-34.html -CVE-2009-2465 [Crashes with evidence of memory corruption ] - RESERVED +CVE-2009-2465 (Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers ...) + {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-34.html -CVE-2009-2464 [Crashes with evidence of memory corruption ] - RESERVED +CVE-2009-2464 (The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in ...) + {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-34.html -CVE-2009-2463 [Crashes with evidence of memory corruption ] - RESERVED +CVE-2009-2463 (Integer overflow in a base64 decoding function in Mozilla Firefox ...) + {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-34.html -CVE-2009-2462 [Crashes with evidence of memory corruption ] - RESERVED +CVE-2009-2462 (The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird ...) + {DSA-1840-1} - xulrunner 1.9.0.12-1 [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-39.html @@ -1772,8 +1821,8 @@ RESERVED CVE-2009-1863 RESERVED -CVE-2009-1862 - RESERVED +CVE-2009-1862 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x through ...) + TODO: check CVE-2009-1861 (Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 ...) NOT-FOR-US: Adobe Reader CVE-2009-1860 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 ...)