thr3ads.net - Secure testing commits - [Secure-testing-commits] r13638

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Dec-23 21:14 UTC
[Secure-testing-commits] r13638 - data/CVE

Author: joeyh
Date: 2009-12-23 21:14:17 +0000 (Wed, 23 Dec 2009)
New Revision: 13638

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-12-23 20:35:50 UTC (rev 13637)
+++ data/CVE/list	2009-12-23 21:14:17 UTC (rev 13638)
@@ -1,3 +1,49 @@
+CVE-2009-4401 (SQL injection vulnerability in the Parish Administration
Database ...)
+	TODO: check
+CVE-2009-4400 (Cross-site scripting (XSS) vulnerability in the Parish
Administration ...)
+	TODO: check
+CVE-2009-4399 (SQL injection vulnerability in the Parish of the Holy Spirit
Religious ...)
+	TODO: check
+CVE-2009-4398 (Cross-site scripting (XSS) vulnerability in the Parish of the
Holy ...)
+	TODO: check
+CVE-2009-4397 (Cross-site scripting (XSS) vulnerability in the Diocese of
Portsmouth ...)
+	TODO: check
+CVE-2009-4396 (SQL injection vulnerability in the Diocese of Portsmouth
Resources ...)
+	TODO: check
+CVE-2009-4395 (Cross-site scripting (XSS) vulnerability in the Random Prayer 2
...)
+	TODO: check
+CVE-2009-4394 (SQL injection vulnerability in the Random Prayer 2 (ste_prayer2)
...)
+	TODO: check
+CVE-2009-4393 (SQL injection vulnerability in the Document Directorys ...)
+	TODO: check
+CVE-2009-4392 (SQL injection vulnerability in the XDS Staff List (xds_staff)
...)
+	TODO: check
+CVE-2009-4391 (Cross-site scripting (XSS) vulnerability in the File list
(dr_blob) ...)
+	TODO: check
+CVE-2009-4390 (SQL injection vulnerability in the Car (car) extension 0.1.1 for
TYPO3 ...)
+	TODO: check
+CVE-2009-4389 (Unspecified vulnerability in the Watchdog (aba_watchdog)
extension ...)
+	TODO: check
+CVE-2009-4388 (Cross-site scripting (XSS) vulnerability in the ListMan
(nl_listman) ...)
+	TODO: check
+CVE-2009-4387 (The cross-site scripting (XSS) protection mechanism in ...)
+	TODO: check
+CVE-2009-4386 (SQL injection vulnerability in hotel_tiempolibre_ext.php in
Venalsur ...)
+	TODO: check
+CVE-2009-4385 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+	TODO: check
+CVE-2009-4384 (Multiple cross-site scripting (XSS) vulnerabilities in
Scriptsez.net ...)
+	TODO: check
+CVE-2009-4383 (Directory traversal vulnerability in Pforum.php in Rocomotion P
forum ...)
+	TODO: check
+CVE-2009-4382 (Cross-site scripting (XSS) vulnerability in module.php in
PHPFABER ...)
+	TODO: check
+CVE-2009-4381 (Cross-site scripting (XSS) vulnerability in index.php in
texmedia ...)
+	TODO: check
+CVE-2009-4380 (Multiple SQL injection vulnerabilities in Valarsoft Webmatic
before ...)
+	TODO: check
+CVE-2009-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft
...)
+	TODO: check
 CVE-2010-0095
 	RESERVED
 CVE-2010-0094
@@ -776,8 +822,8 @@
 	TODO: determine real impact
 CVE-2009-4141
 	RESERVED
-CVE-2009-4140
-	RESERVED
+CVE-2009-4140 (Unrestricted file upload vulnerability in ofc_upload_image.php
in Open ...)
+	TODO: check
 CVE-2009-4139
 	RESERVED
 CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9,
when ...)
@@ -1050,6 +1096,7 @@
 	- acpid <not-affected> (problem in redhat-specific patch; debian uses
sensible permissions 0664)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=515062
 CVE-2009-4031 (The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86
...)
+	{DSA-1962-1}
 	- linux-2.6 <unfixed> (low)
 	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
 	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
@@ -1935,6 +1982,7 @@
 	- asterisk 1:1.6.2.0~rc3-2 (medium; bug #552756)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2009-007.html
 CVE-2009-3722 (The handle_dr function in arch/x86/kvm/vmx.c in the KVM
subsystem in ...)
+	{DSA-1962-1}
 	[etch] - linux-2.6 <not-affected> (issue introduced in 2.6.30-rc1)
 	[lenny] - linux-2.6 <not-affected> (issue introduced in 2.6.30-rc1)
 	- linux-2.6 2.6.31-1 (low)
@@ -2049,8 +2097,8 @@
 	NOT-FOR-US: ZoIPer
 CVE-2009-3703 (Multiple SQL injection vulnerabilities in the WP-Forum plugin
before ...)
 	TODO: check
-CVE-2009-3702
-	RESERVED
+CVE-2009-3702 (Multiple absolute path traversal vulnerabilities in PHP-Calendar
1.1 ...)
+	TODO: check
 CVE-2009-3701 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	- horde3 3.3.6+debian0-1 (low)
 	[lenny] - horde3 <no-dsa> (minor issue)
@@ -2196,7 +2244,7 @@
 	- proftpd-dfsg 1.3.2a-2 (low)
 	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3275
 CVE-2009-3638 (Integer overflow in the kvm_dev_ioctl_get_supported_cpuid
function in ...)
-	{DSA-1927-1}
+	{DSA-1962-1 DSA-1927-1}
 	- linux-2.6 2.6.31-1 (medium)
 	[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
 	NOTE: fixed in upstream 2.6.32-rc4
@@ -2387,6 +2435,7 @@
 	- virtualbox-ose 3.0.8-dfsg-1
 	[lenny] - virtualbox-ose <not-affected> (vulnerable code not present)
 CVE-2009-3602 (Unbound before 1.3.4 does not properly verify signatures for
NSEC3 ...)
+	{DSA-1963-1}
 	- unbound 1.3.4-1 (low)
 	NOTE: http://unbound.net/pipermail/unbound-users/2009-October/000852.html
 CVE-2009-3601 (Cross-site scripting (XSS) vulnerability in demo_page.php in
Scriptsez ...)
Secure testing commits - Dec 2009 - r13638 - data/CVE

[Secure-testing-commits] r13638 - data/CVE
