thr3ads.net - Secure testing commits - [Secure-testing-commits] r12581

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Aug-12 21:14 UTC
[Secure-testing-commits] r12581 - data/CVE

Author: joeyh
Date: 2009-08-12 21:14:15 +0000 (Wed, 12 Aug 2009)
New Revision: 12581

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-08-12 19:59:56 UTC (rev 12580)
+++ data/CVE/list	2009-08-12 21:14:15 UTC (rev 12581)
@@ -1,4 +1,117 @@
+CVE-2009-2760
+	RESERVED
+CVE-2009-2759
+	RESERVED
+CVE-2009-2758
+	RESERVED
+CVE-2009-2757
+	RESERVED
+CVE-2009-2756
+	RESERVED
+CVE-2009-2755
+	RESERVED
+CVE-2009-2754
+	RESERVED
+CVE-2009-2753
+	RESERVED
+CVE-2009-2752
+	RESERVED
+CVE-2009-2751
+	RESERVED
+CVE-2009-2750
+	RESERVED
+CVE-2009-2749
+	RESERVED
+CVE-2009-2748
+	RESERVED
+CVE-2009-2747
+	RESERVED
+CVE-2009-2746
+	RESERVED
+CVE-2009-2745
+	RESERVED
+CVE-2009-2744
+	RESERVED
+CVE-2009-2743
+	RESERVED
+CVE-2009-2742
+	RESERVED
+CVE-2009-2741
+	RESERVED
+CVE-2009-2740
+	RESERVED
+CVE-2009-2739 (Cross-site scripting (XSS) vulnerability in FreeNAS before
0.69.2 ...)
+	TODO: check
+CVE-2009-2738 (Cross-site request forgery (CSRF) vulnerability in the WebGUI in
...)
+	TODO: check
+CVE-2008-6960 (download.php in X10media x10 Automatic Mp3 Search Engine Script
1.5.5 ...)
+	TODO: check
+CVE-2008-6959 (Insecure method vulnerability in the Chilkat Socket ActiveX
control ...)
+	TODO: check
+CVE-2008-6958 (wap/index.php in Crossday Discuz! Board 6.x and 7.x allows
remote ...)
+	TODO: check
+CVE-2008-6957 (member.php in Crossday Discuz! Board allows remote attackers to
reset ...)
+	TODO: check
+CVE-2008-6956 (Static code injection vulnerability in admin/admin.php in
mxCamArchive ...)
+	TODO: check
+CVE-2008-6955 (mxCamArchive 2.2 stores sensitive information under the web root
with ...)
+	TODO: check
+CVE-2008-6954 (The web interface (CobblerWeb) in Cobbler before 1.2.9 allows
remote ...)
+	TODO: check
+CVE-2008-6953 (Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly
other ...)
+	TODO: check
+CVE-2008-6952 (SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and
earlier ...)
+	TODO: check
+CVE-2008-6951 (MauryCMS 0.53.2 and earlier does not require administrative ...)
+	TODO: check
+CVE-2008-6950 (Multiple SQL injection vulnerabilities in login.asp in Bankoi
...)
+	TODO: check
+CVE-2008-6949 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+	TODO: check
+CVE-2008-6948 (Unrestricted file upload vulnerability in Collabtive 0.4.8
allows ...)
+	TODO: check
+CVE-2008-6947 (Collabtive 0.4.8 allows remote attackers to bypass
authentication and ...)
+	TODO: check
+CVE-2008-6946 (Cross-site scripting (XSS) vulnerability in manageproject.php in
...)
+	TODO: check
+CVE-2008-6945 (Multiple cross-site scripting (XSS) vulnerabilities in
Interchange 5.7 ...)
+	TODO: check
+CVE-2008-6944 (Unrestricted file upload vulnerability in ScriptsFeed Auto
Classifieds ...)
+	TODO: check
+CVE-2008-6943 (Unrestricted file upload vulnerability in ScriptsFeed Recipes
Listing ...)
+	TODO: check
+CVE-2008-6942 (Unrestricted file upload vulnerability in ScriptsFeed Realtor
...)
+	TODO: check
+CVE-2008-6941 (SQL injection vulnerability in the login functionality in
TurnkeyForms ...)
+	TODO: check
+CVE-2008-6940 (TurnkeyForms Web Hosting Directory stores sensitive information
under ...)
+	TODO: check
+CVE-2008-6939 (TurnkeyForms Web Hosting Directory allows remote attackers to
bypass ...)
+	TODO: check
+CVE-2008-6938 (Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop
...)
+	TODO: check
+CVE-2008-6937 (Argument injection vulnerability in Exodus 0.10 allows remote
...)
+	TODO: check
+CVE-2008-6936 (Argument injection vulnerability in Exodus 0.10 allows remote
...)
+	TODO: check
+CVE-2008-6935 (Argument injection vulnerability in Exodus 0.10 allows remote
...)
+	TODO: check
+CVE-2008-6934 (Static code injection vulnerability in Sanus|artificium (aka
Sanusart) ...)
+	TODO: check
+CVE-2008-6933 (Directory traversal vulnerability in index.php in MiniGal b13
(aka ...)
+	TODO: check
+CVE-2008-6932 (Unrestricted file upload vulnerability in submit_file.php in
...)
+	TODO: check
+CVE-2008-6931 (Unrestricted file upload vulnerability in PHPStore Job Search
(aka ...)
+	TODO: check
+CVE-2008-6930 (Unrestricted file upload vulnerability in PHPStore Real Estate
allows ...)
+	TODO: check
+CVE-2008-6929 (Unrestricted file upload vulnerability in PHPStore Auto
Classifieds ...)
+	TODO: check
+CVE-2008-6928 (Unrestricted file upload vulnerability in PHPStore Complete ...)
+	TODO: check
 CVE-2009-2737 (The EditCSVAction function in cgi/actions.py in Roundup 1.2
before ...)
+	{DSA-1754-1}
 	- roundup 1.4.4-4+lenny1 (bug #518768)
 CVE-2009-2736 (Static code injection vulnerability in admin.php in sun-jester
...)
 	NOT-FOR-US: OpenNews
@@ -12,16 +125,16 @@
 	RESERVED
 CVE-2009-2731
 	RESERVED
-CVE-2009-2730
-	RESERVED
+CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a
''\0'' ...)
+	TODO: check
 CVE-2009-2729
 	RESERVED
 CVE-2009-2728
 	RESERVED
 CVE-2009-2727 (Stack-based buffer overflow in the _tt_internal_realpath
function in ...)
 	NOT-FOR-US: IBM AIX
-CVE-2009-2726
-	RESERVED
+CVE-2009-2726 (The SIP channel driver in Asterisk Open Source 1.2.x before
1.2.34, ...)
+	TODO: check
 CVE-2009-2725
 	RESERVED
 CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0
before ...)
@@ -799,12 +912,12 @@
 	RESERVED
 CVE-2009-2497
 	RESERVED
-CVE-2009-2496
-	RESERVED
+CVE-2009-2496 (Heap-based buffer overflow in the Office Web Components ActiveX
...)
+	TODO: check
 CVE-2009-2495 (The Active Template Library (ATL) in Microsoft Visual Studio
.NET 2003 ...)
 	NOT-FOR-US: Microsoft Visual Studio .NET
-CVE-2009-2494
-	RESERVED
+CVE-2009-2494 (The Active Template Library (ATL) in Microsoft Windows 2000 SP4,
XP ...)
+	TODO: check
 CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio
.NET 2003 ...)
 	NOT-FOR-US: Microsoft Visual Studio .NET
 CVE-2009-2492 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six
Apart ...)
@@ -866,7 +979,7 @@
 	- xulrunner 1.9.0.12-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 	NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-37.html
-CVE-2009-2468 (Integer overflow in CoreGraphics in Apple Mac OS X, as used in
Mozilla ...)
+CVE-2009-2468 (Integer overflow in Apple CoreGraphics, as used in Safari before
...)
 	NOT-FOR-US: CoreGraphics in Apple Mac OS X
 	NOTE: related issue to CVE-2009-1194
 CVE-2009-2467 (Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote
...)
@@ -1062,8 +1175,7 @@
 	RESERVED
 CVE-2009-2417
 	RESERVED
-CVE-2009-2416 [libxml2 pointer-user-after-free]
-	RESERVED
+CVE-2009-2416 (Multiple use-after-free vulnerabilities in libxml2 2.5.10,
2.6.16, ...)
 	{DSA-1859-1}
 	- libxml2 <unfixed> (low; bug #540865)
 	- libxml <removed>
@@ -1074,8 +1186,7 @@
 	NOTE: the impact varies, on etch this runs as root and is not bound
 	NOTE: to the loopback interface by default, memcached is even distributed
 	NOTE: but fortunately not in a stable release.
-CVE-2009-2414 [libxml2 stack recursion]
-	RESERVED
+CVE-2009-2414 (Stack consumption vulnerability in libxml2 2.5.10, 2.6.16,
2.6.26, ...)
 	{DSA-1859-1}
 	- libxml2 <unfixed> (medium; bug #540865)
 	- libxml <removed>
@@ -1660,18 +1771,18 @@
 	RESERVED
 CVE-2009-2201
 	RESERVED
-CVE-2009-2200
-	RESERVED
-CVE-2009-2199
-	RESERVED
+CVE-2009-2200 (WebKit in Apple Safari before 4.0.3 does not properly restrict
the URL ...)
+	TODO: check
+CVE-2009-2199 (Incomplete blacklist vulnerability in WebKit in Apple Safari
before ...)
+	TODO: check
 CVE-2009-2198 (Apple GarageBand before 5.1 reconfigures Safari to accept all
cookies ...)
 	NOT-FOR-US: Apple GarageBand
 CVE-2009-2197
 	RESERVED
-CVE-2009-2196
-	RESERVED
-CVE-2009-2195
-	RESERVED
+CVE-2009-2196 (Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows
remote ...)
+	TODO: check
+CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows
remote ...)
+	TODO: check
 CVE-2009-2194 (Apple Mac OS X 10.5 before 10.5.8 does not properly share file
...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2193 (Buffer overflow in the kernel in Apple Mac OS X 10.5 before
10.5.8 ...)
@@ -1684,7 +1795,7 @@
 	NOT-FOR-US: launchd in Apple Mac OS X
 CVE-2009-2189
 	RESERVED
-CVE-2009-2188 (Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8
allows ...)
+CVE-2009-2188 (Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8,
and ...)
 	NOT-FOR-US: ImageIO in Apple Mac OS X
 CVE-2009-2187 (Multiple memory leaks in the (1) IP and (2) IPv6 multicast ...)
 	NOT-FOR-US: Sun Solaris 
@@ -2305,10 +2416,10 @@
 	- gst-plugins-good0.10 0.10.15-2 (medium; bug #531631; bug #532352)
 CVE-2009-1931
 	RESERVED
-CVE-2009-1930
-	RESERVED
-CVE-2009-1929
-	RESERVED
+CVE-2009-1930 (The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and
SP3, ...)
+	TODO: check
+CVE-2009-1929 (Heap-based buffer overflow in the Microsoft Terminal Services
Client ...)
+	TODO: check
 CVE-2009-1928
 	RESERVED
 CVE-2009-1927
@@ -2317,12 +2428,12 @@
 	RESERVED
 CVE-2009-1925
 	RESERVED
-CVE-2009-1924
-	RESERVED
-CVE-2009-1923
-	RESERVED
-CVE-2009-1922
-	RESERVED
+CVE-2009-1924 (Integer overflow in the Windows Internet Name Service (WINS)
component ...)
+	TODO: check
+CVE-2009-1923 (Heap-based buffer overflow in the Windows Internet Name Service
(WINS) ...)
+	TODO: check
+CVE-2009-1922 (The Message Queuing (aka MSMQ) service for Microsoft Windows
2000 SP4, ...)
+	TODO: check
 CVE-2009-1921
 	RESERVED
 CVE-2009-1920
@@ -2369,6 +2480,7 @@
 CVE-2009-1905 (The Common Code Infrastructure component in IBM DB2 8 before
FP17, 9.1 ...)
 	NOT-FOR-US: IBM DB2
 CVE-2009-1904 (The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7
before p173 ...)
+	{DSA-1860-1}
 	- ruby1.8 1.8.7.173-1 (low; bug #532689)
 	- ruby1.9 <unfixed>
 	NOTE:
http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
@@ -2440,8 +2552,8 @@
 	- samba 2:3.3.6-1
 	[etch] - samba <not-affected> (Vulnerable code not present)
 	NOTE: Only the 3.2.x branch was affected, so marking 3.3 as affected
-CVE-2009-1885
-	RESERVED
+CVE-2009-1885 (Stack consumption vulnerability in validators/DTD/DTDScanner.cpp
in ...)
+	TODO: check
 CVE-2009-1884
 	RESERVED
 CVE-2009-1883
@@ -3371,12 +3483,12 @@
 	NOTE: FEDORA-2009-3639 (http://lwn.net/Articles/331605)
 CVE-2009-1547
 	RESERVED
-CVE-2009-1546
-	RESERVED
-CVE-2009-1545
-	RESERVED
-CVE-2009-1544
-	RESERVED
+CVE-2009-1546 (Integer overflow in the Windows Media file handling
functionality in ...)
+	TODO: check
+CVE-2009-1545 (Unspecified vulnerability in the Windows Media file handling
...)
+	TODO: check
+CVE-2009-1544 (Double free vulnerability in the Workstation service in
Microsoft ...)
+	TODO: check
 CVE-2009-1543
 	RESERVED
 CVE-2009-1542 (The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004
SP1, ...)
@@ -3391,12 +3503,12 @@
 	NOT-FOR-US: Microsoft DirectX
 CVE-2009-1537 (Unspecified vulnerability in the QuickTime Movie Parser Filter
in ...)
 	NOT-FOR-US: Microsoft DirectX
-CVE-2009-1536
-	RESERVED
+CVE-2009-1536 (ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold
and ...)
+	TODO: check
 CVE-2009-1535 (The WebDAV extension in Microsoft Internet Information Services
(IIS) ...)
 	NOT-FOR-US: IIS
-CVE-2009-1534
-	RESERVED
+CVE-2009-1534 (Buffer overflow in the Office Web Components ActiveX Control in
...)
+	TODO: check
 CVE-2009-1533 (Buffer overflow in the Works for Windows document converters in
...)
 	NOT-FOR-US: Microsoft
 CVE-2009-1532 (Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for
Server ...)
@@ -3730,8 +3842,8 @@
 	NOT-FOR-US: Symantec
 CVE-2009-1428 (Multiple cross-site scripting (XSS) vulnerabilities in
ccLgView.exe in ...)
 	NOT-FOR-US: Symantec
-CVE-2009-1427
-	RESERVED
+CVE-2009-1427 (Unspecified vulnerability in HP-UX B.11.31 allows local users to
cause ...)
+	TODO: check
 CVE-2009-1426 (Unspecified vulnerability on HP ProLiant DL and ML 100 Series
G5, G5p, ...)
 	NOT-FOR-US: HP ProLiant
 CVE-2009-1425 (Unspecified vulnerability in HP ProCurve Threat Management
Services zl ...)
@@ -4982,8 +5094,8 @@
 	NOT-FOR-US: Microsoft Internet Security and Acceleration (ISA) Server
 CVE-2009-1134 (Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft
Office ...)
 	NOT-FOR-US: Microsoft
-CVE-2009-1133
-	RESERVED
+CVE-2009-1133 (Heap-based buffer overflow in Microsoft Remote Desktop
Connection ...)
+	TODO: check
 CVE-2009-1132
 	RESERVED
 CVE-2009-1131 (Multiple stack-based buffer overflows in Microsoft Office
PowerPoint ...)
@@ -7062,6 +7174,7 @@
 CVE-2009-0643 (Static code injection vulnerability in post.php in Simple PHP
News 1.0 ...)
 	NOT-FOR-US: Simple PHP News
 CVE-2009-0642 (ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly
check ...)
+	{DSA-1860-1}
 	- ruby1.9 1.9.0.2-9.1 (bug #513528)
 	- ruby1.8 1.8.7.72-3.1 (medium; bug #517639; bug #522939)
 CVE-2009-0641 (sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x
versions ...)
@@ -7305,8 +7418,8 @@
 	RESERVED
 CVE-2009-0563 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3,
2003 ...)
 	NOT-FOR-US: Microsoft
-CVE-2009-0562
-	RESERVED
+CVE-2009-0562 (The Office Web Components ActiveX Control in Microsoft Office XP
SP3, ...)
+	TODO: check
 CVE-2009-0561 (Integer overflow in Excel in Microsoft Office 2000 SP3, Office
XP SP3, ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-0560 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003
SP3, ...)
@@ -9326,7 +9439,7 @@
 	NOT-FOR-US: Dictionary (rtgdictionary) extension for TYPO3
 CVE-2008-5800 (SQL injection vulnerability in the Wir ber uns [sic]
(fsmi_people) ...)
 	NOT-FOR-US: fsmi_people extension for TYPO3
-CVE-2008-5799 (Cross-site scripting (XSS) vulnerability in the Wir ber uns
[sic] ...)
+CVE-2008-5799 (Cross-site scripting (XSS) vulnerability in the Wir ber uns ...)
 	NOT-FOR-US: fsmi_people extension for TYPO3
 CVE-2008-5798 (SQL injection vulnerability in the CMS Poll system (cms_poll)
...)
 	NOT-FOR-US: CMS Poll system for TYPO3
@@ -11182,7 +11295,7 @@
 	NOT-FOR-US: Sun Java System Identity Manager
 CVE-2008-5117 (Open redirect vulnerability in Sun Java System Identity Manager
6.0 ...)
 	NOT-FOR-US: Sun Java System Identity Manager
-CVE-2008-5116 (Unspecified vulnerability in Sun Java System Identity Manager
6.0 ...)
+CVE-2008-5116 (Directory traversal vulnerability in idm/includes/helpServer.jsp
in ...)
 	NOT-FOR-US: Sun Java System Identity Manager
 CVE-2008-5115 (Cross-site request forgery (CSRF) vulnerability in Sun Java
System ...)
 	NOT-FOR-US: Sun Java System Identity Manager
@@ -24126,7 +24239,7 @@
 	RESERVED
 CVE-2008-0021
 	RESERVED
-CVE-2008-0020 (Unspecified vulnerability in the Microsoft Video ActiveX control
in ...)
+CVE-2008-0020 (Unspecified vulnerability in the Load method in the
IPersistStreamInit ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-0019
 	RESERVED
@@ -24144,7 +24257,7 @@
 	- iceweasel 3.0
 	- iceape 1.1.12-1
 	- icedove 2.0.0.17-1
-CVE-2008-0015 (Stack-based buffer overflow in the MPEG2TuneRequest ActiveX
control in ...)
+CVE-2008-0015 (Stack-based buffer overflow in the CComVariant::ReadFromStream
...)
 	NOT-FOR-US: Microsoft
 CVE-2008-0014 (Heap-based buffer overflow in an unspecified procedure in Trend
Micro ...)
 	NOT-FOR-US: Trend Micro
Secure testing commits - Aug 2009 - r12581 - data/CVE

[Secure-testing-commits] r12581 - data/CVE
