thr3ads.net - Secure testing commits - [Secure-testing-commits] r12700

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Aug-28 21:14 UTC
[Secure-testing-commits] r12700 - data/CVE

Author: joeyh
Date: 2009-08-28 21:14:17 +0000 (Fri, 28 Aug 2009)
New Revision: 12700

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-08-28 11:58:52 UTC (rev 12699)
+++ data/CVE/list	2009-08-28 21:14:17 UTC (rev 12700)
@@ -1,3 +1,83 @@
+CVE-2009-2999
+	RESERVED
+CVE-2009-2998
+	RESERVED
+CVE-2009-2997
+	RESERVED
+CVE-2009-2996
+	RESERVED
+CVE-2009-2995
+	RESERVED
+CVE-2009-2994
+	RESERVED
+CVE-2009-2993
+	RESERVED
+CVE-2009-2992
+	RESERVED
+CVE-2009-2991
+	RESERVED
+CVE-2009-2990
+	RESERVED
+CVE-2009-2989
+	RESERVED
+CVE-2009-2988
+	RESERVED
+CVE-2009-2987
+	RESERVED
+CVE-2009-2986
+	RESERVED
+CVE-2009-2985
+	RESERVED
+CVE-2009-2984
+	RESERVED
+CVE-2009-2983
+	RESERVED
+CVE-2009-2982
+	RESERVED
+CVE-2009-2981
+	RESERVED
+CVE-2009-2980
+	RESERVED
+CVE-2009-2979
+	RESERVED
+CVE-2009-2978 (SQL injection vulnerability in SugarCRM 4.5.1o and earlier,
5.0.0k and ...)
+	TODO: check
+CVE-2009-2977 (The Cisco Security Monitoring, Analysis and Response System
(CS-MARS) ...)
+	TODO: check
+CVE-2009-2976 (Cisco Aironet Lightweight Access Point (AP) devices send the
contents ...)
+	TODO: check
+CVE-2009-2975 (Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly
...)
+	TODO: check
+CVE-2009-2974 (Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote
...)
+	TODO: check
+CVE-2009-2973 (Google Chrome before 2.0.172.43 does not prevent SSL connections
to a ...)
+	TODO: check
+CVE-2009-2972 (in.lpd in the print service in Sun Solaris 8 and 9 allows remote
...)
+	TODO: check
+CVE-2008-7106 (The installation of Sophos PureMessage for Microsoft Exchange
3.0 ...)
+	TODO: check
+CVE-2008-7105 (Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2
allows ...)
+	TODO: check
+CVE-2008-7104 (Sophos PureMessage Scanner service (PMScanner.exe) in
PureMessage for ...)
+	TODO: check
+CVE-2008-7103 (Stack-based buffer overflow in an ActiveX control in ...)
+	TODO: check
+CVE-2008-7102 (DotNetNuke 2.0 through 4.8.4 allows remote attackers to load
.ascx ...)
+	TODO: check
+CVE-2008-7101 (Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and
5.0 ...)
+	TODO: check
+CVE-2008-7100 (Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4
allows ...)
+	TODO: check
+CVE-2008-7099 (Unspecified vulnerability in the Manage Templates feature in
Qsoft ...)
+	TODO: check
+CVE-2008-7098 (Multiple cross-site scripting (XSS) vulnerabilities in Qsoft
K-Rate ...)
+	TODO: check
+CVE-2008-7097 (Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium
allow ...)
+	TODO: check
+CVE-2008-7096 (Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO,
...)
+	TODO: check
+CVE-2008-7095 (The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller
does ...)
+	TODO: check
 CVE-2009-2971
 	RESERVED
 CVE-2009-2970
@@ -154,8 +234,8 @@
 	RESERVED
 CVE-2009-2936
 	RESERVED
-CVE-2009-2935
-	RESERVED
+CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows
remote ...)
+	TODO: check
 CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in
Programmed ...)
 	NOT-FOR-US: Programmed Integration PIPL
 CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before
2.0.3 ...)
@@ -397,8 +477,8 @@
 	RESERVED
 CVE-2009-2862
 	RESERVED
-CVE-2009-2861
-	RESERVED
+CVE-2009-2861 (The Over-the-Air Provisioning (OTAP) functionality on Cisco
Aironet ...)
+	TODO: check
 CVE-2009-2860 (Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18
allows ...)
 	NOT-FOR-US: db2jds in IBM DB2
 CVE-2009-2859 (IBM DB2 8.1 before FP18 allows attackers to obtain unspecified
access ...)
@@ -1048,8 +1128,7 @@
 	RESERVED
 CVE-2009-2699
 	RESERVED
-CVE-2009-2698 [linux-2.6: privilege escalation via udp socket null ptr
dereference]
-	RESERVED
+CVE-2009-2698 (The UDP implementation in (1) net/ipv4/udp.c and (2)
net/ipv6/udp.c in ...)
 	{DSA-1872-1}
 	- linux-2.6 2.6.19-1 (high)
 	- linux-2.6.24 2.6.19-1 
@@ -1184,12 +1263,12 @@
 CVE-2009-2664 (The js_watch_set function in js/src/jsdbgapi.cpp in the
JavaScript ...)
 	- xulrunner <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox before
3.0.13 and ...)
+CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox 3.5.x before
3.5.2 ...)
 	- libvorbis 1.2.0.dfsg-6 (medium; bug #540958)
 	- xulrunner <not-affected> (medium; bug #540961)
 	NOTE: vorbis support added in 1.9.0.13 and 1.9.1.0, which have not yet entered
the archive
 	TODO: recheck when 1.9.0.13 or 1.9.1.x enter stable/unstable
-CVE-2009-2662 (The browser engine in Mozilla Firefox before 3.0.13, and 3.5.x
before ...)
+CVE-2009-2662 (The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows
remote ...)
 	- xulrunner <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-2661 (The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2
before ...)
@@ -2853,16 +2932,16 @@
 	NOT-FOR-US: Cisco
 CVE-2009-2055 (Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to
cause a ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2009-2054
-	RESERVED
-CVE-2009-2053
-	RESERVED
-CVE-2009-2052
-	RESERVED
-CVE-2009-2051
-	RESERVED
-CVE-2009-2050
-	RESERVED
+CVE-2009-2054 (Cisco Unified Communications Manager (aka CUCM, formerly
CallManager) ...)
+	TODO: check
+CVE-2009-2053 (Cisco Unified Communications Manager (aka CUCM, formerly
CallManager) ...)
+	TODO: check
+CVE-2009-2052 (Cisco Unified Communications Manager (aka CUCM, formerly
CallManager) ...)
+	TODO: check
+CVE-2009-2051 (Cisco Unified Communications Manager (aka CUCM, formerly
CallManager) ...)
+	TODO: check
+CVE-2009-2050 (Cisco Unified Communications Manager (aka CUCM, formerly
CallManager) ...)
+	TODO: check
 CVE-2009-2049 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through
...)
 	NOT-FOR-US: Cisco IOS
 CVE-2009-2048 (Cross-site scripting (XSS) vulnerability in the Administration
...)
@@ -14754,7 +14833,7 @@
 CVE-2008-3950 (Off-by-one error in the ...)
 	- webkit <not-affected> (Vulnerable code not present)
 	NOTE: bug #500306
-CVE-2008-3949 (Emacs 22.1 and 22.2 imports Python script from the current
working ...)
+CVE-2008-3949 (emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports
Python ...)
 	- emacs22 22.2+2-4 (low; bug #499568)
 	- emacs21 <not-affected> (doesn''t provide the python
functionality)
 	- xemacs21 <not-affected> (doesn''t provide the python
functionality)
Secure testing commits - Aug 2009 - r12700 - data/CVE

[Secure-testing-commits] r12700 - data/CVE
