Author: joeyh
Date: 2009-11-24 21:14:14 +0000 (Tue, 24 Nov 2009)
New Revision: 13369
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-11-24 19:55:26 UTC (rev 13368)
+++ data/CVE/list 2009-11-24 21:14:14 UTC (rev 13369)
@@ -1,3 +1,43 @@
+CVE-2009-4066 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the "My ...)
+ TODO: check
+CVE-2009-4065 (Cross-site scripting (XSS) vulnerability in the settings page in
the ...)
+ TODO: check
+CVE-2009-4064 (Cross-site scripting (XSS) vulnerability in the Gallery Assist
module ...)
+ TODO: check
+CVE-2009-4063 (Cross-site scripting (XSS) vulnerability in the Subgroups for
Organic ...)
+ TODO: check
+CVE-2009-4062 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
+CVE-2009-4061 (Multiple cross-site scripting (XSS) vulnerabilities in the
Agreement ...)
+ TODO: check
+CVE-2009-4060 (SQL injection vulnerability in includes/content/viewProd.inc.php
in ...)
+ TODO: check
+CVE-2009-4059 (SQL injection vulnerability in the JoomClip (com_joomclip)
component ...)
+ TODO: check
+CVE-2009-4058 (SQL injection vulnerability in allauctions.php in Telebid
Auction ...)
+ TODO: check
+CVE-2009-4057 (SQL injection vulnerability in the inertialFATE iF Portfolio
Nexus ...)
+ TODO: check
+CVE-2009-4056 (Directory traversal vulnerability in admin/popup.php in Betsy
CMS 3.5 ...)
+ TODO: check
+CVE-2009-4055
+ RESERVED
+CVE-2009-4054 (Microsoft Internet Explorer 6 and 7 allows remote attackers to
execute ...)
+ TODO: check
+CVE-2009-4053 (Multiple directory traversal vulnerabilities in Home FTP Server
...)
+ TODO: check
+CVE-2009-4052 (Multiple cross-site scripting (XSS) vulnerabilities in the JSF
Widget ...)
+ TODO: check
+CVE-2009-4051 (Home FTP Server 1.10.1.139 allows remote attackers to cause a
denial ...)
+ TODO: check
+CVE-2009-4050 (Directory traversal vulnerability in get_file.php in
phpMyBackupPro ...)
+ TODO: check
+CVE-2009-4049 (Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR
driver) in ...)
+ TODO: check
+CVE-2009-4048 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote
authenticated ...)
+ TODO: check
+CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help
Desk ...)
+ TODO: check
CVE-2009-XXXX [Cacti Multiple Script Insertion Vulnerabilities]
- cacti <unfixed>
TODO: check
@@ -195,8 +235,7 @@
[lenny] - dovecot <not-affected> (Only affects 1.2.x)
[etch] - dovecot <not-affected> (Only affects 1.2.x)
NOTE: http://www.dovecot.org/list/dovecot-news/2009-November/000143.html, CVE
requested on oss-sec
-CVE-2009-4017 [php temporary files exhaustion DoS]
- RESERVED
+CVE-2009-4017 (PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number
of ...)
- php5 5.2.11.dfsg.1-2 (medium)
- php4 <unfixed> (medium)
NOTE: workarounds include using 5.3.1 or php5-suhosin
@@ -210,6 +249,7 @@
[lenny] - php-mail 1.1.14-1+lenny1
[etch] - php-mail 1.1.6-2+etch1
CVE-2009-4021 [fuse_put_request() invalid pointer dereference]
+ RESERVED
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed> (low)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=538734
@@ -473,8 +513,8 @@
RESERVED
CVE-2009-3844
RESERVED
-CVE-2009-3843
- RESERVED
+CVE-2009-3843 (HP Operations Manager 8.10 on Windows contains a
"hidden account" in ...)
+ TODO: check
CVE-2009-3842 (Unspecified vulnerability on the HP Color LaserJet M3530
Multifunction ...)
NOT-FOR-US: HP Color LaserJet
CVE-2009-3841 (Unspecified vulnerability in HP Discovery & Dependency
Mapping ...)
@@ -1226,16 +1266,13 @@
NOT-FOR-US: Xerver HTTP Server
CVE-2009-3560
RESERVED
-CVE-2009-3559
- RESERVED
+CVE-2009-3559 (** DISPUTED ** ...)
- php5 <unfixed> (unimportant)
NOTE: safe_mode regression
-CVE-2009-3558
- RESERVED
+CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and
...)
- php5 <unfixed> (unimportant)
NOTE: open_basedir bypass
-CVE-2009-3557
- RESERVED
+CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP 5.2.11 and
earlier, ...)
- php5 <unfixed> (unimportant)
NOTE: safe_mode bypass
CVE-2009-3556
@@ -1268,7 +1305,7 @@
{DSA-1929-1 DSA-1928-1 DSA-1927-1}
- linux-2.6 2.6.31-2 (high)
- linux-2.6.24 <removed> (high)
-CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0,
and the ...)
+CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x
before ...)
{DSA-1936-1}
- libgd2 2.0.36~rc1~dfsg-3.1 (medium; bug #552534)
- php5 <not-affected> (the php packages use the system libgd2)
@@ -1887,14 +1924,14 @@
- advi 1.6.0-15 (low; bug #551282)
CVE-2009-3295
RESERVED
-CVE-2009-3294 (The popen API function in TSRM/tsrm_win32.c in PHP before
5.2.11, when ...)
+CVE-2009-3294 (The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11
and ...)
- php5 <not-affected> (win32-specific)
CVE-2009-3293 (Unspecified vulnerability in the imagecolortransparent function
in PHP ...)
- php5 <not-affected> (the php packages use the system libgd2)
- php4 <not-affected> (the php packages use the system libgd2)
NOTE: the transparent colours functionality is only on php5''s bundled
libgd2
TODO: watch for possible merge of the transparent colours functionality into
libgd2
-CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11 has unknown
impact and ...)
+CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before
...)
- php5 5.2.11.dfsg.1-1 (low)
NOTE: unknown impact, it is related to missing sanity checks
NOTE: when determining the length of sections of jpg headers
@@ -23503,7 +23540,7 @@
- speex 1.2~beta2-1 (medium)
- libfishsound 0.7.0-2.2 (medium; bug #475152)
- xine-lib 1.1.12-1 (medium)
-CVE-2008-1685 (gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts
are not ...)
+CVE-2008-1685 (** DISPUTED ** ...)
- gcc-4.3 4.3.1-1 (bug #482698; unimportant)
NOTE: dup of CVE-2006-1902 which is fixed in Debian?
CVE-2008-1684 (inetd on Sun Solaris 10, when debug logging is enabled, allows
local ...)
@@ -61193,9 +61230,9 @@
{DSA-947-1}
- clamav 0.88-1
CVE-2006-0138 (aMSN (aka Alvaro''s Messenger) allows remote attackers
to cause a ...)
- - amsn <unfixed> (low; bug #557754)
- [etch] - amsn <no-dsa> (minor issue)
- [lenny] - amsn <no-dsa> (minor issue)
+ - amsn <unfixed> (low; bug #557754)
+ [etch] - amsn <no-dsa> (minor issue)
+ [lenny] - amsn <no-dsa> (minor issue)
CVE-2006-0137 (SQL injection vulnerability in linkcategory.php in Phanatic
Softwares ...)
NOT-FOR-US: Phanatic Softwares Chimera Web Portal System
CVE-2006-0136 (Multiple cross-site scripting (XSS) vulnerabilities in the
guestbook ...)