Author: joeyh
Date: 2009-12-16 21:14:20 +0000 (Wed, 16 Dec 2009)
New Revision: 13576
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-12-16 20:48:05 UTC (rev 13575)
+++ data/CVE/list 2009-12-16 21:14:20 UTC (rev 13576)
@@ -1,3 +1,63 @@
+CVE-2010-0065
+ RESERVED
+CVE-2010-0064
+ RESERVED
+CVE-2010-0063
+ RESERVED
+CVE-2010-0062
+ RESERVED
+CVE-2010-0061
+ RESERVED
+CVE-2010-0060
+ RESERVED
+CVE-2010-0059
+ RESERVED
+CVE-2010-0058
+ RESERVED
+CVE-2010-0057
+ RESERVED
+CVE-2010-0056
+ RESERVED
+CVE-2010-0055
+ RESERVED
+CVE-2010-0054
+ RESERVED
+CVE-2010-0053
+ RESERVED
+CVE-2010-0052
+ RESERVED
+CVE-2010-0051
+ RESERVED
+CVE-2010-0050
+ RESERVED
+CVE-2010-0049
+ RESERVED
+CVE-2010-0048
+ RESERVED
+CVE-2010-0047
+ RESERVED
+CVE-2010-0046
+ RESERVED
+CVE-2010-0045
+ RESERVED
+CVE-2010-0044
+ RESERVED
+CVE-2010-0043
+ RESERVED
+CVE-2010-0042
+ RESERVED
+CVE-2010-0041
+ RESERVED
+CVE-2010-0040
+ RESERVED
+CVE-2010-0039
+ RESERVED
+CVE-2010-0038
+ RESERVED
+CVE-2010-0037
+ RESERVED
+CVE-2010-0036
+ RESERVED
CVE-2010-0035
RESERVED
CVE-2010-0034
@@ -68,7 +128,7 @@
RESERVED
CVE-2010-0001
RESERVED
-CVE-2009-4324 (Use-after-free vulnerability in Doc.media.newPlayer in Adobe
Reader ...)
+CVE-2009-4324 (Use-after-free vulnerability in the Doc.media.newPlayer method
in ...)
TODO: check
CVE-2009-4323 (The installation for Zen Cart stores sensitive information and
...)
NOT-FOR-US: Zen Cart
@@ -219,48 +279,39 @@
- php-net-ping 2.4.2-1.1 (medium)
[etch] - php-net-ping 2.4.2-1+etch1
[lenny] - php-net-ping 2.4.2-1+lenny1
-CVE-2009-4305
- RESERVED
+CVE-2009-4305 (SQL injection vulnerability in the SCORM module in Moodle 1.8
before ...)
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0031
TODO: check
-CVE-2009-4304
- RESERVED
+CVE-2009-4304 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a
random ...)
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0029
TODO: check
-CVE-2009-4303
- RESERVED
+CVE-2009-4303 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1)
password ...)
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0028
TODO: check
-CVE-2009-4302
- RESERVED
+CVE-2009-4302 (login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before
1.9.7 ...)
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0027
TODO: check
-CVE-2009-4301
- RESERVED
+CVE-2009-4301 (mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7,
when ...)
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0026
TODO: check
-CVE-2009-4300
- RESERVED
+CVE-2009-4300 (Multiple unspecified authentication plugins in Moodle 1.8 before
...)
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0025
TODO: check
-CVE-2009-4299
- RESERVED
+CVE-2009-4299 (mod/glossary/showentry.php in the Glossary module for Moodle 1.8
...)
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0024
TODO: check
-CVE-2009-4298
- RESERVED
+CVE-2009-4298 (The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9
before ...)
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0023
TODO: check
-CVE-2009-4297
- RESERVED
+CVE-2009-4297 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Moodle ...)
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0022
TODO: check
@@ -683,8 +734,7 @@
CVE-2009-4214 (Cross-site scripting (XSS) vulnerability in the strip_tags
function in ...)
- rails <unfixed> (low; bug #558685)
NOTE:
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
-CVE-2008-7248 [rails CSRF]
- RESERVED
+CVE-2008-7248 (Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not
verify ...)
- rails <unfixed> (medium; bug #558685)
NOTE:
http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8
allows ...)
@@ -753,6 +803,7 @@
NOTE: low or maybe even unimportant as one requires admin access
NOTE: to cacti, upstream will implement a whitelist
CVE-2009-4032 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti
0.8.7e ...)
+ {DSA-1954-1}
- cacti 0.8.7e-1.1 (low; bug #561338)
NOTE: http://docs.cacti.net/#cross-site_scripting_fixes
NOTE: http://www.cacti.net/download_patches.php
@@ -13237,6 +13288,7 @@
{DSA-1737-1}
- wesnoth 1:1.4.7-4
CVE-2009-0365 (nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains
an ...)
+ {DSA-1955-1}
- network-manager-applet 0.7.0.99-1 (medium; bug #519801)
- network-manager 0.6.5-1 (medium)
NOTE: network-manager in lenny not affected, because it is in
network-manager-applet
@@ -38288,10 +38340,12 @@
- maradns 1.2.12.05-1
[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3113 (Cacti 0.8.6i, and possibly other versions, allows remote
authenticated ...)
+ {DSA-1954-1}
- cacti 0.8.6j-1.1 (low; bug #429224)
[sarge] - cacti <no-dsa> (Minor issue, would only be run within
authentication)
[etch] - cacti <no-dsa> (Minor issue, would only be run within
authentication)
CVE-2007-3112 (Cacti 0.8.6i, and possibly other versions, allows remote
authenticated ...)
+ {DSA-1954-1}
- cacti 0.8.6j-1.1 (low; bug #429224)
[sarge] - cacti <no-dsa> (Minor issue, would only be run within
authentication)
[etch] - cacti <no-dsa> (Minor issue, would only be run within
authentication)