thr3ads.net - Secure testing commits - [Secure-testing-commits] r13626

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Dec-22 21:14 UTC
[Secure-testing-commits] r13626 - data/CVE

Author: joeyh
Date: 2009-12-22 21:14:19 +0000 (Tue, 22 Dec 2009)
New Revision: 13626

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-12-22 20:26:39 UTC (rev 13625)
+++ data/CVE/list	2009-12-22 21:14:19 UTC (rev 13626)
@@ -1,3 +1,171 @@
+CVE-2010-0095
+	RESERVED
+CVE-2010-0094
+	RESERVED
+CVE-2010-0093
+	RESERVED
+CVE-2010-0092
+	RESERVED
+CVE-2010-0091
+	RESERVED
+CVE-2010-0090
+	RESERVED
+CVE-2010-0089
+	RESERVED
+CVE-2010-0088
+	RESERVED
+CVE-2010-0087
+	RESERVED
+CVE-2010-0086
+	RESERVED
+CVE-2010-0085
+	RESERVED
+CVE-2010-0084
+	RESERVED
+CVE-2010-0083
+	RESERVED
+CVE-2010-0082
+	RESERVED
+CVE-2010-0081
+	RESERVED
+CVE-2010-0080
+	RESERVED
+CVE-2010-0079
+	RESERVED
+CVE-2010-0078
+	RESERVED
+CVE-2010-0077
+	RESERVED
+CVE-2010-0076
+	RESERVED
+CVE-2010-0075
+	RESERVED
+CVE-2010-0074
+	RESERVED
+CVE-2010-0073
+	RESERVED
+CVE-2010-0072
+	RESERVED
+CVE-2010-0071
+	RESERVED
+CVE-2010-0070
+	RESERVED
+CVE-2010-0069
+	RESERVED
+CVE-2010-0068
+	RESERVED
+CVE-2010-0067
+	RESERVED
+CVE-2010-0066
+	RESERVED
+CVE-2009-4378 (The IPMI dissector in Wireshark 1.2.0 through 1.2.4, when
running on ...)
+	TODO: check
+CVE-2009-4377 (The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through
1.2.4 ...)
+	TODO: check
+CVE-2009-4376 (Buffer overflow in the daintree_sna_read function in the
Daintree SNA ...)
+	TODO: check
+CVE-2009-4375 (SQL injection vulnerability in
repository/repository_attachment.php in ...)
+	TODO: check
+CVE-2009-4374 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2009-4373 (Unrestricted file upload vulnerability in ...)
+	TODO: check
+CVE-2009-4372 (AlienVault Open Source Security Information Management (OSSIM)
2.1.5, ...)
+	TODO: check
+CVE-2009-4371 (Cross-site scripting (XSS) vulnerability in the Locale module
...)
+	TODO: check
+CVE-2009-4370 (Cross-site scripting (XSS) vulnerability in the Menu module ...)
+	TODO: check
+CVE-2009-4369 (Cross-site scripting (XSS) vulnerability in the Contact module
...)
+	TODO: check
+CVE-2009-4368 (Multiple unspecified vulnerabilities in Centreon before 2.1.4
have ...)
+	TODO: check
+CVE-2009-4367 (The Staging Webservice (&quot;sitecore
modules/staging/service/api.asmx&quot;) ...)
+	TODO: check
+CVE-2009-4366 (Cross-site scripting (XSS) vulnerability in index.php in
ScriptsEz Ez ...)
+	TODO: check
+CVE-2009-4365 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+	TODO: check
+CVE-2009-4364 (Cross-site scripting (XSS) vulnerability in index.php in
ScriptsEz Ez ...)
+	TODO: check
+CVE-2009-4363 (Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application
...)
+	TODO: check
+CVE-2009-4362 (Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local
users ...)
+	TODO: check
+CVE-2009-4361 (Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local
users ...)
+	TODO: check
+CVE-2009-4360 (SQL injection vulnerability in modules/content/index.php in the
...)
+	TODO: check
+CVE-2009-4359 (Cross-site scripting (XSS) vulnerability in folder.php in the
...)
+	TODO: check
+CVE-2009-4358 (freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses
insecure ...)
+	TODO: check
+CVE-2009-4357 (CQWeb (aka the web interface) in IBM Rational ClearQuest before
7.1.1 ...)
+	TODO: check
+CVE-2009-4356 (Multiple integer overflows in the jpeg.w5s and png.w5s filters
in ...)
+	TODO: check
+CVE-2009-4355
+	RESERVED
+CVE-2009-4354 (TransWARE Active! mail 2003 build 2003.0139.0871 and earlier
does not ...)
+	TODO: check
+CVE-2009-4353 (The Mobile Edition of TransWARE Active! mail 2003 build
2003.0139.0871 ...)
+	TODO: check
+CVE-2009-4352 (Multiple cross-site scripting (XSS) vulnerabilities in TransWARE
...)
+	TODO: check
+CVE-2009-4351 (SQL injection vulnerability in ADMIN/loginaction.php in
WSCreator 1.1, ...)
+	TODO: check
+CVE-2009-4350 (SQL injection vulnerability in index.php in Arctic Issue Tracker
2.1.1 ...)
+	TODO: check
+CVE-2009-4349 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2009-4348 (Cross-site scripting (XSS) vulnerability in index.php in Harold
...)
+	TODO: check
+CVE-2009-4347 (Cross-site scripting (XSS) vulnerability in
daloradius-users/login.php ...)
+	TODO: check
+CVE-2009-4346 (Cross-site scripting (XSS) vulnerability in the Frontend news
...)
+	TODO: check
+CVE-2009-4345 (Cross-site scripting (XSS) vulnerability in the vShoutbox
(vshoutbox) ...)
+	TODO: check
+CVE-2009-4344 (Cross-site scripting (XSS) vulnerability in the ZID Linkliste
...)
+	TODO: check
+CVE-2009-4343 (Cross-site scripting (XSS) vulnerability in the Training Company
...)
+	TODO: check
+CVE-2009-4342 (SQL injection vulnerability in the Job Exchange (jobexchange)
...)
+	TODO: check
+CVE-2009-4341 (SQL injection vulnerability in the No indexed Search ...)
+	TODO: check
+CVE-2009-4340 (Cross-site scripting (XSS) vulnerability in the No indexed
Search ...)
+	TODO: check
+CVE-2009-4339 (SQL injection vulnerability in the Subscription
(mf_subscription) ...)
+	TODO: check
+CVE-2009-4338 (SQL injection vulnerability in the Flash SlideShow (slideshow)
...)
+	TODO: check
+CVE-2009-4337 (SQL injection vulnerability in the Diocese of Portsmouth
Calendar ...)
+	TODO: check
+CVE-2009-4336 (Cross-site scripting (XSS) vulnerability in the Diocese of
Portsmouth ...)
+	TODO: check
+CVE-2009-4335 (Multiple unspecified vulnerabilities in bundled stored
procedures in ...)
+	TODO: check
+CVE-2009-4334 (The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1
before ...)
+	TODO: check
+CVE-2009-4333 (The Relational Data Services component in IBM DB2 9.5 before FP5
...)
+	TODO: check
+CVE-2009-4332 (db2pd in the Problem Determination component in IBM DB2 9.1
before FP7 ...)
+	TODO: check
+CVE-2009-4331 (The Install component in IBM DB2 9.5 before FP5 and 9.7 before
FP1 ...)
+	TODO: check
+CVE-2009-4330 (Unspecified vulnerability in db2licm in the Engine Utilities
component ...)
+	TODO: check
+CVE-2009-4329 (Unspecified vulnerability in the Engine Utilities component in
IBM DB2 ...)
+	TODO: check
+CVE-2009-4328 (Unspecified vulnerability in the DRDA Services component in IBM
DB2 ...)
+	TODO: check
+CVE-2009-4327 (The Common Code Infrastructure component in IBM DB2 9.5 before
FP5 and ...)
+	TODO: check
+CVE-2009-4326 (The RAND scalar function in the Common Code Infrastructure
component ...)
+	TODO: check
+CVE-2009-4325 (The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1
before ...)
+	TODO: check
 CVE-2009-XXXX [apache2: potential disclosure of private php files]
 	- apache2 <unfixed> (low; bug #562006)
 CVE-2009-XXXX [Wireshark: Daintree SNA buffer overflow]
@@ -248,8 +416,8 @@
 	RESERVED
 CVE-2009-4271
 	RESERVED
-CVE-2009-4270
-	RESERVED
+CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in
base/gsmisc.c ...)
+	TODO: check
 CVE-2009-4269
 	RESERVED
 CVE-2009-4268
@@ -312,7 +480,7 @@
 	NOT-FOR-US: AROUNDMe
 CVE-2009-4263 (SQL injection vulnerability in main_forum.php in PTCPay GeN3
forum 1.3 ...)
 	NOT-FOR-US: PTCPay
-CVE-2009-4262 (Harold Bakker''s Newscript HB-NS 1.3 allows remote
attackers to obtain ...)
+CVE-2009-4262 (Harold Bakker''s NewsScript (HB-NS) 1.3 allows remote
attackers to ...)
 	NOT-FOR-US: Harold Bakker''s Newscript HB-NS
 CVE-2009-XXXX [php-net-ping argument injection]
 	- php-net-ping 2.4.2-1.1 (medium)
@@ -350,8 +518,7 @@
 	[etch] - python-docutils <not-affected> (vulnerable code introduced in
0.5)
 	[lenny] - python-docutils <no-dsa> (Minor issue)
 	NOTE: cve requested
-CVE-2009-4261 [ganeti command execution]
-	RESERVED
+CVE-2009-4261 (Multiple directory traversal vulnerabilities in the iallocator
...)
 	{DSA-1959-1}
 	- ganeti 2.0.5-1 (low)
 	NOTE: http://www.ocert.org/advisories/ocert-2009-019.html
@@ -598,11 +765,9 @@
 	- network-manager-applet <unfixed>
 	TODO: check
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=546117
-CVE-2009-4143 [$_SESSION interruption memory corruption]
-	RESERVED
+CVE-2009-4143 (PHP before 5.2.12 does not properly handle session data, which
has ...)
 	- php5 <unfixed> (low)
-CVE-2009-4142 [insufficient string validation in htmlspecialchars()]
-	RESERVED
+CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not
properly ...)
 	- php5 <unfixed>
 	TODO: determine real impact
 CVE-2009-4141
@@ -611,8 +776,7 @@
 	RESERVED
 CVE-2009-4139
 	RESERVED
-CVE-2009-4138 [linux-2.6: firewire ohci issue]
-	RESERVED
+CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9,
when ...)
 	- linux-2.6 <unfixed> (medium)
 	[etch] - linux-2.6 <not-affected> (ohci introduced in 2.6.22)
 	- linux-2.6.24 <removed> (medium)
@@ -863,8 +1027,7 @@
 	NOT-FOR-US: FrontAccounting
 CVE-2009-4036
 	RESERVED
-CVE-2009-4035 [FoFiType1::parse() integer underflow in xpdf/fofi/FoFiType1.cc]
-	RESERVED
+CVE-2009-4035 (The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf
3.0.0, gpdf ...)
 	- kdegraphics 4.0
 	- xpdf 3.01-1
 	- poppler 0.5.1-1
@@ -891,8 +1054,7 @@
 	- mysql-dfsg-5.1 5.1.41-1
 	- mysql-dfsg-5.0 <removed>
 	TODO: check
-CVE-2009-4029 [Automake security fix for ''make dist*'']
-	RESERVED
+CVE-2009-4029 (The (1) dist or (2) distcheck rules in GNU Automake 1.11.1,
1.10.3, ...)
 	- automake 1:1.11-1
 	TODO: check
 	NOTE: it also affects every Makefile.in generated by automake
@@ -989,12 +1151,12 @@
 	RESERVED
 CVE-2009-3998
 	RESERVED
-CVE-2009-3997
-	RESERVED
-CVE-2009-3996
-	RESERVED
-CVE-2009-3995
-	RESERVED
+CVE-2009-3997 (Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in)
in ...)
+	TODO: check
+CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder
...)
+	TODO: check
+CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the
Module ...)
+	TODO: check
 CVE-2009-3994 (Stack-based buffer overflow in the GetUID function in ...)
 	- devil 1.7.8-6 (low; bug #560080)
 	[lenny] - devil <no-dsa> (Minor issue)
@@ -1010,40 +1172,31 @@
 	RESERVED
 CVE-2009-3988
 	RESERVED
-CVE-2009-3987 [GeckoActiveXObject exception messages can be used to enumerate
installed COM objects]
-	RESERVED
+CVE-2009-3987 (The GeckoActiveXObject function in Mozilla Firefox before 3.0.16
and ...)
 	- xulrunner <not-affected> (Windows-specific vulnerability)
-CVE-2009-3986 [Privilege escalation via chrome window.opener]
-	RESERVED
+CVE-2009-3986 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and
SeaMonkey ...)
 	{DSA-1956-1}
 	- xulrunner 1.9.1.6-1
-CVE-2009-3985 [URL spoofing via invalid document.location]
-	RESERVED
+CVE-2009-3985 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and
SeaMonkey ...)
 	{DSA-1956-1}
 	- xulrunner 1.9.1.6-1
-CVE-2009-3984 [SSL spoofing with document.location]
-	RESERVED
+CVE-2009-3984 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and
SeaMonkey ...)
 	{DSA-1956-1}
 	- xulrunner 1.9.1.6-1
-CVE-2009-3983 [NTLM reflection vulnerability]
-	RESERVED
+CVE-2009-3983 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and
SeaMonkey ...)
 	{DSA-1956-1}
 	- xulrunner 1.9.1.6-1
-CVE-2009-3982 [Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-3982 (Multiple unspecified vulnerabilities in the JavaScript engine in
...)
 	- xulrunner 1.9.1.6-1
 	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
-CVE-2009-3981 [Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-3981 (Unspecified vulnerability in the browser engine in Mozilla
Firefox ...)
 	{DSA-1956-1}
 	- xulrunner 1.9.1
 	NOTE: Only affects Firefox 3
-CVE-2009-3980 [Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-3980 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
 	- xulrunner 1.9.1.6-1
 	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
-CVE-2009-3979 [Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-3979 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
 	{DSA-1956-1}
 	- xulrunner 1.9.1.6-1
 CVE-2009-3978 (The nsGIFDecoder2::GifWrite function in
decoders/gif/nsGIFDecoder2.cpp ...)
@@ -1085,7 +1238,7 @@
 	- dovecot 1:1.2.8-1 (medium; bug #557601)
 	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
 	[etch] - dovecot <not-affected> (Only affects 1.2.x)
-CVE-2009-4017 (PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number
of ...)
+CVE-2009-4017 (PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the
number ...)
 	{DSA-1940-1}
 	- php5 5.2.11.dfsg.1-2 (medium)
 	- php4 <removed> (medium)
@@ -1524,10 +1677,10 @@
 	TODO: check
 CVE-2009-3793
 	RESERVED
-CVE-2009-3792
-	RESERVED
-CVE-2009-3791
-	RESERVED
+CVE-2009-3792 (Directory traversal vulnerability in Adobe Flash Media Server
(FMS) ...)
+	TODO: check
+CVE-2009-3791 (Unspecified vulnerability in Adobe Flash Media Server (FMS)
before ...)
+	TODO: check
 CVE-2009-3790 (Heap-based buffer overflow in FormMax (formerly AcroForm)
evaluation ...)
 	NOT-FOR-US: FormMax
 CVE-2009-3789 (Multiple cross-site scripting (XSS) vulnerabilities in
OpenDocMan ...)
@@ -1743,8 +1896,8 @@
 	- vmware-package <removed>
 CVE-2009-3732
 	RESERVED
-CVE-2009-3731
-	RESERVED
+CVE-2009-3731 (Multiple cross-site scripting (XSS) vulnerabilities in WebWorks
Help ...)
+	TODO: check
 CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the
ReqWeb Help ...)
 	NOT-FOR-US: ReqWeb
 CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing
functionality ...)
@@ -1889,12 +2042,11 @@
 	NOT-FOR-US: Achievo
 CVE-2009-3704 (ZoIPer 2.22, and possibly other versions before 2.24 Library
5324, ...)
 	NOT-FOR-US: ZoIPer
-CVE-2009-3703
-	RESERVED
+CVE-2009-3703 (Multiple SQL injection vulnerabilities in the WP-Forum plugin
before ...)
+	TODO: check
 CVE-2009-3702
 	RESERVED
-CVE-2009-3701 [horde XSS via PHP_SELF]
-	RESERVED
+CVE-2009-3701 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	- horde3 3.3.6+debian0-1 (low)
 	[lenny] - horde3 <no-dsa> (minor issue)
 	[etch] - horde3 <no-dsa> (minor issue)
@@ -2365,10 +2517,10 @@
 CVE-2009-3559 (** DISPUTED ** ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: safe_mode regression
-CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and
...)
+CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP before
5.2.12 ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: open_basedir bypass
-CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP 5.2.11 and
earlier, ...)
+CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP before 5.2.12
and ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: safe_mode bypass
 CVE-2009-3556
@@ -2789,13 +2941,11 @@
 	RESERVED
 CVE-2009-3390 (Multiple unspecified vulnerabilities in the (1) iscsiadm and (2)
...)
 	NOT-FOR-US: iscsiadm and iscsitadm programs in Sun Solaris 10
-CVE-2009-3389 [libtheora/Firefox]
-	RESERVED
+CVE-2009-3389 (Integer overflow in libtheora in Xiph.Org Theora before 1.1, as
used ...)
 	- libtheora 1.1
 	- xulrunner 1.9.1.6-1
 	[lenny] - xulrunner <not-affected> (Video playback capabilities were
added in 3.5)
-CVE-2009-3388 [liboggplay/Firefox]
-	RESERVED
+CVE-2009-3388 (liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey
before ...)
 	- liboggplay <unfixed>
 	- xulrunner 1.9.1.6-1
 	[lenny] - xulrunner <not-affected> (Video playback capabilities were
added in 3.5)
@@ -4643,18 +4793,18 @@
 	- burn 0.4.5-1 (low; bug #542329)
 	[lenny] - burn 0.4.3-2.1+lenny1
 	[etch] - burn <no-dsa> (Minor issue)
-CVE-2009-2880
-	RESERVED
-CVE-2009-2879
-	RESERVED
-CVE-2009-2878
-	RESERVED
-CVE-2009-2877
-	RESERVED
-CVE-2009-2876
-	RESERVED
-CVE-2009-2875
-	RESERVED
+CVE-2009-2880 (Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x
...)
+	TODO: check
+CVE-2009-2879 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF
Player ...)
+	TODO: check
+CVE-2009-2878 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF
Player ...)
+	TODO: check
+CVE-2009-2877 (Stack-based buffer overflow in ataudio.dll in the Cisco WebEx
WRF ...)
+	TODO: check
+CVE-2009-2876 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF
Player ...)
+	TODO: check
+CVE-2009-2875 (Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x
...)
+	TODO: check
 CVE-2009-2874 (The TimesTenD process in Cisco Unified Presence 1.x, 6.x before
...)
 	NOT-FOR-US: Cisco Unified Presence
 CVE-2009-2873 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco
...)
@@ -5973,7 +6123,7 @@
 	NOT-FOR-US: Microsoft Active Directory Federation Services
 CVE-2009-2507 (A certain ActiveX control in the Indexing Service in Microsoft
Windows ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2009-2506 (The text converters in Microsoft Office Word 2002 SP3 and 2003
SP3; ...)
+CVE-2009-2506 (Integer overflow in the text converters in Microsoft Office Word
2002 ...)
 	NOT-FOR-US: Microsoft Office
 CVE-2009-2505 (The Internet Authentication Service (IAS) in Microsoft Windows
Vista ...)
 	NOT-FOR-US: Microsoft Office
@@ -40507,10 +40657,10 @@
 	NOT-FOR-US: Fresh View
 CVE-2007-2282 (Cisco Network Services (CNS) NetFlow Collection Engine (NFC)
before ...)
 	NOT-FOR-US: Cisco
-CVE-2007-2281
-	RESERVED
-CVE-2007-2280
-	RESERVED
+CVE-2007-2281 (Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in
rds.exe ...)
+	TODO: check
+CVE-2007-2280 (Stack-based buffer overflow in OmniInet.exe (aka the backup
client ...)
+	TODO: check
 CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage
...)
 	NOT-FOR-US: Symantec
 CVE-2007-2278 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal
6.1.1 ...)
Secure testing commits - Dec 2009 - r13626 - data/CVE

[Secure-testing-commits] r13626 - data/CVE
