joeyh at alioth.debian.org
2009-Jan-29 21:14 UTC
[Secure-testing-commits] r11108 - data/CVE
Author: joeyh Date: 2009-01-29 21:14:18 +0000 (Thu, 29 Jan 2009) New Revision: 11108 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-01-29 20:52:34 UTC (rev 11107) +++ data/CVE/list 2009-01-29 21:14:18 UTC (rev 11108) @@ -1,3 +1,45 @@ +CVE-2009-0322 (drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and ...) + TODO: check +CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote ...) + TODO: check +CVE-2009-0320 (Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O ...) + TODO: check +CVE-2009-0319 (Unspecified vulnerability in the autofs module in the kernel in Sun ...) + TODO: check +CVE-2008-6004 (Cross-site scripting (XSS) vulnerability in search.php in AJ Auction ...) + TODO: check +CVE-2008-6003 (SQL injection vulnerability in sellers_othersitem.php in AJ Auction ...) + TODO: check +CVE-2008-6002 (Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, ...) + TODO: check +CVE-2008-6001 (index.php in ADN Forum 1.0b and earlier allows remote attackers to ...) + TODO: check +CVE-2008-6000 (The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity ...) + TODO: check +CVE-2008-5999 (Cross-site scripting (XSS) vulnerability in the Ajax Checklist module ...) + TODO: check +CVE-2008-5998 (Multiple SQL injection vulnerabilities in the ajax_checklist_save ...) + TODO: check +CVE-2008-5997 (Absolute path traversal vulnerability in ...) + TODO: check +CVE-2008-5996 (Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x ...) + TODO: check +CVE-2008-5995 (Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA ...) + TODO: check +CVE-2008-5994 (Cross-site scripting (XSS) vulnerability in index.php in Check Point ...) + TODO: check +CVE-2008-5993 (Directory traversal vulnerability in image.php in Barcode Generator 1D ...) + TODO: check +CVE-2008-5992 (Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) ...) + TODO: check +CVE-2008-5991 (Directory traversal vulnerability in docs.php in MailWatch for ...) + TODO: check +CVE-2008-5990 (Directory traversal vulnerability in connect/init.inc in emergecolab ...) + TODO: check +CVE-2008-5989 (Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and ...) + TODO: check +CVE-2008-5988 (SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS ...) + TODO: check CVE-2008-XXXX [minor cyrus sasl DoS] - cyrus-sasl2 2.1.22.dfsg1-18 (bug #465561) [etch] - cyrus-sasl2 <no-dsa> (Minor issue) @@ -111,7 +153,7 @@ TODO: check CVE-2008-5982 (Format string vulnerability in BMC PATROL Agent before 3.7.30 allows ...) NOT-FOR-US: BMC PATROL Agent -CVE-2009-0323 [multiple buffer overflows in amaya] +CVE-2009-0323 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 ...) - amaya <unfixed> (medium; bug #507587) NOTE: http://www.coresecurity.com/content/amaya-buffer-overflows CVE-2009-0282 (Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 ...) @@ -684,7 +726,7 @@ - xrdp 0.4.0~dfsg-9 (bug #511641) CVE-2008-5902 (Buffer overflow in the xrdp_bitmap_invalidate function in ...) - xrdp 0.4.0~dfsg-9 (bug #511641) -CVE-2008-6005 [amaya: stack based buffer overflow] +CVE-2008-6005 (Multiple buffer overflows in the CheckUniqueName function in W3C Amaya ...) - amaya <unfixed> (medium; bug #507587) NOTE: different vector than described in CVE-2008-5282, see 507587#15 CVE-2009-XXXX [openslp: insecure cert validation through openssl api misuse] @@ -7092,8 +7134,8 @@ - owl-dms 0.95-1.1 (bug #493372) NOTE: Hardly maintained and very few users, long standing sec issues in Etch, NOTE: Emailed release team to ask for removal from lenny -CVE-2008-3358 - RESERVED +CVE-2008-3358 (Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP ...) + TODO: check CVE-2008-3357 (Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, ...) NOT-FOR-US: Ingres CVE-2008-3356 (verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres ...)