Author: joeyh
Date: 2009-11-16 21:14:19 +0000 (Mon, 16 Nov 2009)
New Revision: 13298
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-11-16 21:01:59 UTC (rev 13297)
+++ data/CVE/list 2009-11-16 21:14:19 UTC (rev 13298)
@@ -1,3 +1,19 @@
+CVE-2009-3938 (Buffer overflow in the ABWOutputDev::endWord function in ...)
+ TODO: check
+CVE-2009-3937 (Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106
through ...)
+ TODO: check
+CVE-2009-3936 (Unspecified vulnerability in Citrix Online Plug-in for Windows
11.0.x ...)
+ TODO: check
+CVE-2009-3935 (Multiple unspecified vulnerabilities in the Advanced Management
Module ...)
+ TODO: check
+CVE-2009-3934 (The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage
function ...)
+ TODO: check
+CVE-2009-3933 (WebKit before r50173, as used in Google Chrome before
3.0.195.32, ...)
+ TODO: check
+CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows ...)
+ TODO: check
+CVE-2009-3931 (Incomplete blacklist vulnerability in
browser/download/download_exe.cc ...)
+ TODO: check
CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02
allow ...)
- file 5.03-1
[lenny] - file <not-affected>
@@ -613,8 +629,8 @@
RESERVED
CVE-2009-3677
RESERVED
-CVE-2009-3676
- RESERVED
+CVE-2009-3676 (The kernel in Microsoft Windows Server 2008 R2 and Windows 7
allows ...)
+ TODO: check
CVE-2009-3675
RESERVED
CVE-2009-3674
@@ -918,10 +934,10 @@
- phpgroupware 1:0.9.16.012+dfsg-9
CVE-2009-XXXX [phpgroupware unspecified addressbook issue]
- phpgroupware 1:0.9.16.012+dfsg-9
-CVE-2009-3566
- RESERVED
-CVE-2009-3565
- RESERVED
+CVE-2009-3566 (McAfee IntruShield Network Security Manager (NSM) before
5.1.11.8.1 ...)
+ TODO: check
+CVE-2009-3565 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2009-3564 (puppetmasterd in puppet 0.24.6 does not reset supplementary
groups ...)
- puppet <unfixed> (low; bug #551073)
[etch] - puppet <no-dsa> (minor issue)
@@ -943,6 +959,7 @@
CVE-2009-3556
RESERVED
CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier,
as ...)
+ {DSA-1934-1}
- openssl 0.9.8k-6 (bug #555829)
- openssl097 <removed>
- gnutls26 <unfixed>
@@ -984,8 +1001,8 @@
- wireshark 1.2.3-1 (low; bug #553583)
[lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
[etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
-CVE-2009-3548
- RESERVED
+CVE-2009-3548 (The Windows installer for Apache Tomcat 6.0.0 through 6.0.20,
5.5.0 ...)
+ TODO: check
CVE-2009-3547 (Multiple race conditions in fs/pipe.c in the Linux kernel before
...)
{DSA-1929-1 DSA-1928-1 DSA-1927-1}
- linux-2.6 2.6.31-2 (high)
@@ -1388,8 +1405,8 @@
RESERVED
CVE-2009-3385
RESERVED
-CVE-2009-3384
- RESERVED
+CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari
before ...)
+ TODO: check
CVE-2009-3383 (Multiple unspecified vulnerabilities in the JavaScript engine in
...)
- xulrunner 1.9.1.4-1
[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
@@ -2143,7 +2160,7 @@
RESERVED
CVE-2009-3136
RESERVED
-CVE-2009-3135 (Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and
2008 for ...)
+CVE-2009-3135 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3
and 2003 ...)
TODO: check
CVE-2009-3134 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2;
...)
TODO: check
@@ -2297,6 +2314,7 @@
CVE-2009-3096 (Multiple unspecified vulnerabilities in HP Performance Insight
5.3 ...)
NOT-FOR-US: HP Performance Insight
CVE-2009-3095 (The mod_proxy_ftp module in the Apache HTTP Server allows remote
...)
+ {DSA-1934-1}
- apache2 2.2.13-2 (low; bug #545951)
[etch] - apache2 <no-dsa> (minor issue)
[lenny] - apache2 <no-dsa> (minor issue)
@@ -2308,6 +2326,7 @@
TODO: more info is disclosed.
NOTE: based on a VulnDisco commercial 0day
CVE-2009-3094 (The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c
in the ...)
+ {DSA-1934-1}
- apache2 2.2.13-2 (low; bug #545951)
[etch] - apache2 <no-dsa> (minor issue)
[lenny] - apache2 <no-dsa> (minor issue)
@@ -3322,10 +3341,10 @@
- linux-2.6.24 <not-affected> (vulnerability introduced in 2.6.30)
CVE-2009-2843
RESERVED
-CVE-2009-2842
- RESERVED
-CVE-2009-2841
- RESERVED
+CVE-2009-2842 (Apple Safari before 4.0.4 does not properly implement certain
(1) Open ...)
+ TODO: check
+CVE-2009-2841 (WebKit in Apple Safari before 4.0.4 on Mac OS X does not perform
the ...)
+ TODO: check
CVE-2009-2840 (Spotlight in Apple Mac OS X 10.5.8 does not properly handle
temporary ...)
TODO: check
CVE-2009-2839 (Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC
servers to ...)
@@ -3376,8 +3395,8 @@
TODO: check
CVE-2009-2817 (Buffer overflow in Apple iTunes before 9.0.1 allows remote
attackers ...)
NOT-FOR-US: Apple iTunes
-CVE-2009-2816
- RESERVED
+CVE-2009-2816 (WebKit in Apple Safari before 4.0.4 includes certain custom HTTP
...)
+ TODO: check
CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not
...)
NOT-FOR-US: Apple iPhone OS
CVE-2009-2814 (Cross-site scripting (XSS) vulnerability in the Wiki Server in
Apple ...)
@@ -3404,7 +3423,7 @@
RESERVED
CVE-2009-2805 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and
10.5.8 ...)
NOT-FOR-US: CoreGraphics in Apple Mac OS X
-CVE-2009-2804 (Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and
10.5.8 ...)
+CVE-2009-2804 (Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and
10.5.8, ...)
NOT-FOR-US: Apple Mac OS X
CVE-2009-2803 (CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers
to ...)
NOT-FOR-US: Apple Mac OS X
@@ -3998,8 +4017,8 @@
NOT-FOR-US: HP StorageWorks
CVE-2009-2679 (Unspecified vulnerability in bootpd in HP HP-UX B.11.11,
B.11.23, and ...)
NOT-FOR-US: HP HP-UX
-CVE-2009-2678
- RESERVED
+CVE-2009-2678 (Unspecified vulnerability in Open System Services (OSS) Name
Server on ...)
+ TODO: check
CVE-2009-2677 (Cross-site request forgery (CSRF) vulnerability in HP Insight
Control ...)
NOT-FOR-US: HP Insight Control Suite For Linux (aka ICE-LX)
CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE,
and SE ...)
@@ -4489,7 +4508,7 @@
NOT-FOR-US: Microsoft Windows Media Runtime
CVE-2009-2524 (Integer underflow in the NTLM authentication feature in the
Local ...)
NOT-FOR-US: Microsoft Windows XP
-CVE-2009-2523 (Heap-based buffer overflow in the License Logging Server in
Microsoft ...)
+CVE-2009-2523 (The License Logging Server (llssrv.exe) in Microsoft Windows
2000 SP4 ...)
TODO: check
CVE-2009-2522
RESERVED
@@ -7098,8 +7117,7 @@
- ipsec-tools 1:0.7.1-1.4 (medium; bug #527634)
CVE-2009-1571
RESERVED
-CVE-2009-1570 [gimp bmp parsing integer overflow]
- RESERVED
+CVE-2009-1570 (Integer overflow in the ReadImage function in ...)
- gimp <unfixed> (medium; bug #555929)
CVE-2009-1569
RESERVED
@@ -12958,8 +12976,8 @@
NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0053 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4
before ...)
NOT-FOR-US: Cisco IronPort Encryption Appliance
-CVE-2009-0052
- RESERVED
+CVE-2009-0052 (The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi
access ...)
+ TODO: check
CVE-2009-0051 (ZXID 0.29 and earlier does not properly check the return value
from ...)
NOT-FOR-US: ZXID
CVE-2009-0050 (Lasso 2.2.1 and earlier does not properly check the return value
from ...)
@@ -30889,8 +30907,8 @@
NOT-FOR-US: djeyl.net WebMod
CVE-2007-5476 (Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and
earlier, ...)
NOT-FOR-US: Opera specific flash vulnerability
-CVE-2007-5475
- RESERVED
+CVE-2007-5475 (Multiple buffer overflows in the Marvell wireless driver, as
used in ...)
+ TODO: check
CVE-2007-5474 (The driver for the Linksys WRT350N Wi-Fi access point with
firmware ...)
NOT-FOR-US: Linksys WRT350N Wi-Fi access point
CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when
...)