Author: joeyh
Date: 2009-08-17 21:14:15 +0000 (Mon, 17 Aug 2009)
New Revision: 12627
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-08-17 18:46:29 UTC (rev 12626)
+++ data/CVE/list 2009-08-17 21:14:15 UTC (rev 12627)
@@ -1,3 +1,37 @@
+CVE-2009-2778 (Cross-site scripting (XSS) vulnerability in visitor/view.php in
...)
+ TODO: check
+CVE-2009-2777 (SQL injection vulnerability in visitor/view.php in GarageSales
Script ...)
+ TODO: check
+CVE-2009-2776 (SQL injection vulnerability in showresult.asp in Smart ASP
Survey ...)
+ TODO: check
+CVE-2009-2775 (SQL injection vulnerability in linkout.php in PHPArcadeScript
(PHP ...)
+ TODO: check
+CVE-2009-2774 (SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail
...)
+ TODO: check
+CVE-2009-2773 (PHP remote file inclusion vulnerability in home.php in PHP Paid
4 Mail ...)
+ TODO: check
+CVE-2009-2772 (Multiple cross-site scripting (XSS) vulnerabilities in PG
Roommate ...)
+ TODO: check
+CVE-2009-2771 (Cross-site scripting (XSS) vulnerability in Free Arcade Script
1.3 ...)
+ TODO: check
+CVE-2009-2770 (PowerUpload 2.4 allows remote attackers to bypass authentication
and ...)
+ TODO: check
+CVE-2009-2769 (PHP remote file inclusion vulnerability in include/timesheet.php
in ...)
+ TODO: check
+CVE-2009-2768 (The load_flat_shared_library function in fs/binfmt_flat.c in the
flat ...)
+ TODO: check
+CVE-2009-2767 (The init_posix_timers function in kernel/posix-timers.c in the
Linux ...)
+ TODO: check
+CVE-2009-2766 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not
...)
+ TODO: check
+CVE-2009-2765 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and
other ...)
+ TODO: check
+CVE-2009-2764 (Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the
x64 ...)
+ TODO: check
+CVE-2008-6975 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+ TODO: check
+CVE-2008-6974 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+ TODO: check
CVE-2009-XXXX [Sql injection in OCS Inventory NG Server]
- ocsinventory-server <unfixed> (low; bug #541995)
NOTE: http://seclists.org/fulldisclosure/2009/Aug/0143.html
@@ -367,13 +401,11 @@
RESERVED
CVE-2009-2693
RESERVED
-CVE-2009-2692 [linux-2.6: NULL pointer dereference due to incorrect proto_ops
initializations]
- RESERVED
+CVE-2009-2692 (The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through
2.4.37.4, ...)
{DSA-1864-1 DSA-1865-1 DSA-1862-1}
- linux-2.6 2.6.30-6 (high; bug #541403)
- linux-2.6.24 <removed>
-CVE-2009-2691 [linux-2.6: /proc/$pid/maps exposed during initial setuid ELF
loading]
- RESERVED
+CVE-2009-2691 (The mm_for_maps function in fs/proc/base.c in the Linux kernel
...)
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed>
CVE-2009-2690 (The encoder in Sun Java SE 6 before Update 15, and OpenJDK,
grants ...)
@@ -409,8 +441,8 @@
RESERVED
CVE-2009-2678
RESERVED
-CVE-2009-2677
- RESERVED
+CVE-2009-2677 (Cross-site request forgery (CSRF) vulnerability in HP Insight
Control ...)
+ TODO: check
CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE,
and SE ...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
@@ -1222,8 +1254,7 @@
- webkit 1.1.10-1
CVE-2009-2418
RESERVED
-CVE-2009-2417 [cURL OpenSSL NULL Character Spoofing Vulnerability]
- RESERVED
+CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when
OpenSSL is ...)
- curl <unfixed> (medium; bug #541991)
CVE-2009-2416 (Multiple use-after-free vulnerabilities in libxml2 2.5.10,
2.6.16, ...)
{DSA-1861-1 DSA-1859-1}
@@ -5500,8 +5531,8 @@
NOT-FOR-US: Andy''s PHP Knowledgebase
CVE-2008-6512 (Cross-domain vulnerability in the WorkerPool API in Google Gears
...)
NOT-FOR-US: Google Gears
-CVE-2009-1048
- RESERVED
+CVE-2009-1048 (The web interface on the snom VoIP phones snom 300, snom 320,
snom ...)
+ TODO: check
CVE-2009-1047 (Cross-site scripting (XSS) vulnerability in the Send by e-mail
module ...)
NOT-FOR-US: Send by e-mail module for Drupal
CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before
...)