thr3ads.net - Secure testing commits - [Secure-testing-commits] r11314

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2009-Mar-02 21:14 UTC
[Secure-testing-commits] r11314 - data/CVE

Author: joeyh
Date: 2009-03-02 21:14:17 +0000 (Mon, 02 Mar 2009)
New Revision: 11314

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-03-02 21:10:13 UTC (rev 11313)
+++ data/CVE/list	2009-03-02 21:14:17 UTC (rev 11314)
@@ -1,3 +1,131 @@
+CVE-2009-0748 (The ext4_fill_super function in fs/ext4/super.c in the Linux
kernel ...)
+	TODO: check
+CVE-2009-0747 (The ext4_isize function in fs/ext4/ext4.h in the Linux kernel
2.6.27 ...)
+	TODO: check
+CVE-2009-0746 (The make_indexed_dir function in fs/ext4/namei.c in the Linux
kernel ...)
+	TODO: check
+CVE-2009-0745 (The ext4_group_add function in fs/ext4/resize.c in the Linux
kernel ...)
+	TODO: check
+CVE-2009-0744 (Apple Safari 4 Beta build 528.16 allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2009-0743 (Cross-site scripting (XSS) vulnerability in the edit account
page in ...)
+	TODO: check
+CVE-2009-0742 (The username command in Cisco ACE Application Control Engine
Module ...)
+	TODO: check
+CVE-2008-6346 (Cross-site scripting (XSS) vulnerability in the DR Wiki
(dr_wiki) ...)
+	TODO: check
+CVE-2008-6345 (SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and
1.0 ...)
+	TODO: check
+CVE-2008-6344 (SQL injection vulnerability in the TU-Clausthal Staff
(tuc_staff) ...)
+	TODO: check
+CVE-2008-6343 (Cross-site scripting (XSS) vulnerability in the TU-Clausthal
ODIN ...)
+	TODO: check
+CVE-2008-6342 (Unspecified vulnerability in the TYPO3 Simple File Browser ...)
+	TODO: check
+CVE-2008-6341 (Cross-site scripting (XSS) vulnerability in the SB Universal
Plugin ...)
+	TODO: check
+CVE-2008-6340 (Cross-site scripting (XSS) vulnerability in the Vox populi ...)
+	TODO: check
+CVE-2008-6338 (SQL injection vulnerability in the WEBERkommunal Facilities ...)
+	TODO: check
+CVE-2008-6337 (SQL injection vulnerability in the Volunteer Management System
...)
+	TODO: check
+CVE-2008-6336 (Directory traversal vulnerability in download.php in Text Lines
...)
+	TODO: check
+CVE-2008-6335 (Directory traversal vulnerability in download.php in eMetrix
Online ...)
+	TODO: check
+CVE-2008-6334 (Directory traversal vulnerability in download.php in eMetrix
Extract ...)
+	TODO: check
+CVE-2008-6333 (SQL injection vulnerability in news.php in RSS Simple News
(RSSSN), ...)
+	TODO: check
+CVE-2008-6332 (SQL injection vulnerability in login.php in Simple Customer 1.2
allows ...)
+	TODO: check
+CVE-2008-6331 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Streber ...)
+	TODO: check
+CVE-2008-6330 (SQL injection vulnerability in index.php in MyTopix 1.3.0 and
earlier ...)
+	TODO: check
+CVE-2008-6329 (SQL injection vulnerability in Employee/login.asp in Pre ASP Job
Board ...)
+	TODO: check
+CVE-2008-6328 (SQL injection vulnerability in view.php in Butterfly Organizer
2.0.0 ...)
+	TODO: check
+CVE-2008-6327 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows
remote ...)
+	TODO: check
+CVE-2008-6326 (SQL injection vulnerability in login.php in Simple Customer as
...)
+	TODO: check
+CVE-2008-6325 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz
...)
+	TODO: check
+CVE-2008-6324 (SQL injection vulnerability in forummessages.cfm in CF_Forum
allows ...)
+	TODO: check
+CVE-2008-6323 (SQL injection vulnerability in forummessages.cfm in CFMSource
...)
+	TODO: check
+CVE-2008-6322 (SQL injection vulnerability in index.cfm in CFMSource CFMBlog
allows ...)
+	TODO: check
+CVE-2008-6321 (CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root
with ...)
+	TODO: check
+CVE-2008-6320 (SQL injection vulnerability in index.cfm in CF Shopkart 5.2.2
allows ...)
+	TODO: check
+CVE-2008-6319 (SQL injection vulnerability in calendarevent.cfm in CF_Calendar
allows ...)
+	TODO: check
+CVE-2008-6318 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-6317 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2008-6316 (Directory traversal vulnerability in
_conf/core/common-tpl-vars.php in ...)
+	TODO: check
+CVE-2008-6315 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-6314 (SQL injection vulnerability in tag_board.php in the Tag Board
module ...)
+	TODO: check
+CVE-2008-6313 (Directory traversal vulnerability in addedit-render.php in
phpAddEdit ...)
+	TODO: check
+CVE-2008-6312 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows
remote ...)
+	TODO: check
+CVE-2008-6311 (SQL injection vulnerability in view.php in Butterfly Organizer
2.0.1 ...)
+	TODO: check
+CVE-2008-6310 (SQL injection vulnerability in index.php in W3matter RevSense
1.0 ...)
+	TODO: check
+CVE-2008-6309 (SQL injection vulnerability in index.php in W3matter AskPert
allows ...)
+	TODO: check
+CVE-2008-6308 (Multiple directory traversal vulnerabilities in Private
Messaging ...)
+	TODO: check
+CVE-2008-6307 (E-topbiz Link Back Checker 1 allows remote attackers to bypass
...)
+	TODO: check
+CVE-2008-6306 (Cross-site scripting (XSS) vulnerability in signinform.php in
Softbiz ...)
+	TODO: check
+CVE-2008-6305 (PHP remote file inclusion vulnerability in init.php in Free
Directory ...)
+	TODO: check
+CVE-2008-6304 (SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1,
when ...)
+	TODO: check
+CVE-2008-6303 (SQL injection vulnerability in tourview.php in ToursManager
allows ...)
+	TODO: check
+CVE-2008-6302 (TurnkeyForms Local Classifieds allows remote attackers to bypass
...)
+	TODO: check
+CVE-2008-6301 (SQL injection vulnerability in shoutbox_view.php in the Small
ShoutBox ...)
+	TODO: check
+CVE-2008-6300 (Galatolo WebManager 1.3a allows remote attackers to bypass ...)
+	TODO: check
+CVE-2008-6299 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
1.5.7 ...)
+	TODO: check
+CVE-2008-6298 (Unspecified vulnerability in sISAPILocation before 1.0.2.2
allows ...)
+	TODO: check
+CVE-2008-6297 (Cross-site scripting (XSS) vulnerability in order.php in DHCart
allows ...)
+	TODO: check
+CVE-2008-6296 (admin.php in Maran PHP Shop allows remote attackers to bypass
...)
+	TODO: check
+CVE-2008-6295 (Multiple cross-site scripting (XSS) vulnerabilities in Camera
Life ...)
+	TODO: check
+CVE-2008-6294 (admin/Index.php in Acc Statistics 1.1 allows remote attackers to
...)
+	TODO: check
+CVE-2008-6293 (admin/Index.php in Acc Real Estate 4.0 allows remote attackers
to ...)
+	TODO: check
+CVE-2008-6292 (Acc Autos 4.0 allows remote attackers to bypass authentication
and ...)
+	TODO: check
+CVE-2008-6291 (Acc PHP eMail 1.1 allows remote attackers to bypass
authentication and ...)
+	TODO: check
+CVE-2008-6290 (Directory traversal vulnerability in includefile.php in nicLOR
Sito, ...)
+	TODO: check
+CVE-2008-6289 (SQL injection vulnerability in cityview.php in Tours Manager 1.0
...)
+	TODO: check
 CVE-2009-XXXX [avahi-daemon: denial of service]
 	- avahi <unfixed> (bug #517683)
 	NOTE: CVE id requested
@@ -180,7 +308,7 @@
 	RESERVED
 CVE-2009-0659 (Stack-based buffer overflow in the GetStatsFromLine function in
TPTEST ...)
 	NOT-FOR-US: TPTEST
-CVE-2009-0658 (Buffer overflow in Adobe Reader 9.0 and earlier and Acrobat 9.0
and ...)
+CVE-2009-0658 (Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0
and ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2009-0657 (Toshiba Face Recognition 2.0.2.32 allows physically proximate
...)
 	NOT-FOR-US: Toshiba Face Recognition
@@ -524,30 +652,30 @@
 	RESERVED
 CVE-2009-0626
 	RESERVED
-CVE-2009-0625
-	RESERVED
-CVE-2009-0624
-	RESERVED
-CVE-2009-0623
-	RESERVED
-CVE-2009-0622
-	RESERVED
-CVE-2009-0621
-	RESERVED
-CVE-2009-0620
-	RESERVED
+CVE-2009-0625 (Unspecified vulnerability in Cisco ACE Application Control
Engine ...)
+	TODO: check
+CVE-2009-0624 (Unspecified vulnerability in the SNMPv2c implementation in Cisco
ACE ...)
+	TODO: check
+CVE-2009-0623 (Unspecified vulnerability in Cisco ACE Application Control
Engine ...)
+	TODO: check
+CVE-2009-0622 (Unspecified vulnerability in Cisco ACE Application Control
Engine ...)
+	TODO: check
+CVE-2009-0621 (Cisco ACE 4710 Application Control Engine Appliance before
A1(8a) uses ...)
+	TODO: check
+CVE-2009-0620 (Cisco ACE Application Control Engine Module for Catalyst 6500
Switches ...)
+	TODO: check
 CVE-2009-0619
 	RESERVED
-CVE-2009-0618
-	RESERVED
-CVE-2009-0617
-	RESERVED
-CVE-2009-0616
-	RESERVED
-CVE-2009-0615
-	RESERVED
-CVE-2009-0614
-	RESERVED
+CVE-2009-0618 (Unspecified vulnerability in the Java agent in Cisco Application
...)
+	TODO: check
+CVE-2009-0617 (Cisco Application Networking Manager (ANM) before 2.0 uses a
default ...)
+	TODO: check
+CVE-2009-0616 (Cisco Application Networking Manager (ANM) before 2.0 uses
default ...)
+	TODO: check
+CVE-2009-0615 (Directory traversal vulnerability in Cisco Application
Networking ...)
+	TODO: check
+CVE-2009-0614 (Unspecified vulnerability in the Web Server in Cisco Unified
...)
+	TODO: check
 CVE-2009-0613 (Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build
1237 ...)
 	NOT-FOR-US: Trend Micro
 CVE-2009-0612 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x
and ...)
@@ -731,11 +859,11 @@
 	{DSA-1726-1}
 	- python-crypto <unfixed> (bug #516660)
 CVE-2009-0543 (ProFTPD Server 1.3.1, with NLS support enabled, allows remote
...)
-	{DSA-1727-1}
+	{DSA-1730-1 DSA-1727-1}
 	- proftpd 1.3.2-1 (medium; bug #516388)
 	- proftpd-basic 1.3.2-1 (medium; bug #516388)
 CVE-2009-0542 (SQL injection vulnerability in ProFTPD Server 1.3.1 through
1.3.2rc2 ...)
-	{DSA-1727-1}
+	{DSA-1730-1 DSA-1727-1}
 	- proftpd 1.3.2-1 (medium; bug #516388)
 	- proftpd-basic 1.3.2-1 (medium; bug #516388)
 CVE-2009-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Magento
1.2.0 ...)
@@ -844,18 +972,18 @@
 CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the
web-based ...)
 	- mediawiki <unfixed> (low; bug #514547)
 	[lenny] - mediawiki 1:1.12.0-2lenny3
-CVE-2009-0524
-	RESERVED
-CVE-2009-0523
-	RESERVED
-CVE-2009-0522
-	RESERVED
-CVE-2009-0521
-	RESERVED
-CVE-2009-0520
-	RESERVED
-CVE-2009-0519
-	RESERVED
+CVE-2009-0524 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and
7, ...)
+	TODO: check
+CVE-2009-0523 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp
Server 6 ...)
+	TODO: check
+CVE-2009-0522 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before
10.0.22.87 on ...)
+	TODO: check
+CVE-2009-0521 (Untrusted search path vulnerability in Adobe Flash Player 9.x
before ...)
+	TODO: check
+CVE-2009-0520 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before
10.0.22.87 ...)
+	TODO: check
+CVE-2009-0519 (Unspecified vulnerability in Adobe Flash Player 9.x before
9.0.159.0 ...)
+	TODO: check
 CVE-2009-0518
 	RESERVED
 CVE-2009-0517 (Eval injection vulnerability in index.php in phpSlash 0.8.1.1
and ...)
@@ -878,8 +1006,8 @@
 	RESERVED
 CVE-2009-0508
 	RESERVED
-CVE-2009-0507
-	RESERVED
+CVE-2009-0507 (IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2
before ...)
+	TODO: check
 CVE-2009-0506 (Unspecified vulnerability in IBM WebSphere Application Server
(WAS) ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2009-0505 (The CICS listener in IBM TXSeries for Multiplatforms 6.2 GA
waits for ...)
@@ -1260,6 +1388,7 @@
 	- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
 	- gst-plugins-bad0.10 <not-affected> (Vulnerable code not present)
 CVE-2009-0397 (Heap-based buffer overflow in the qtdemux_parse_samples function
in ...)
+	{DSA-1729-1}
 	- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
 	[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
 	[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
@@ -1283,11 +1412,13 @@
 CVE-2009-0388 (Multiple integer signedness errors in (1) UltraVNC 1.0.2 and
1.0.5 and ...)
 	- tightvnc <not-affected> (only the windows version is affected)
 CVE-2009-0387 (Array index error in the qtdemux_parse_samples function in ...)
+	{DSA-1729-1}
 	- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
 	[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
 	[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
 	- gst-plugins-bad0.10 0.10.4-1
 CVE-2009-0386 (Heap-based buffer overflow in the qtdemux_parse_samples function
in ...)
+	{DSA-1729-1}
 	- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
 	[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
 	[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
@@ -1993,8 +2124,8 @@
 	NOT-FOR-US: AREVA e-terrahabitat
 CVE-2009-0209
 	RESERVED
-CVE-2009-0208
-	RESERVED
+CVE-2009-0208 (Unspecified vulnerability in HP Virtual Rooms Client before
7.0.1, ...)
+	TODO: check
 CVE-2009-0207
 	RESERVED
 CVE-2009-0206 (Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and
earlier ...)
@@ -2035,8 +2166,8 @@
 	RESERVED
 CVE-2009-0188
 	RESERVED
-CVE-2009-0187
-	RESERVED
+CVE-2009-0187 (Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3,
and ...)
+	TODO: check
 CVE-2009-0186
 	RESERVED
 CVE-2009-0185
@@ -2288,8 +2419,8 @@
 	NOTE: different vector than described in CVE-2008-5282, see 507587#15
 CVE-2009-XXXX [openslp: insecure cert validation through openssl api misuse]
 	- openslp-dfsg <not-affected> (Debian''s openslp
doesn''t build with SSL support)
-CVE-2009-0114
-	RESERVED
+CVE-2009-0114 (Unspecified vulnerability in the Settings Manager in Adobe Flash
...)
+	TODO: check
 CVE-2009-0113 (Directory traversal vulnerability in attachmentlibrary.php in
the ...)
 	NOT-FOR-US: Joomla! component
 CVE-2009-0112 (Cross-site request forgery (CSRF) vulnerability in ...)
@@ -3095,8 +3226,8 @@
 CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc,
...)
 	- linux-2.6 <unfixed> (medium)
 	- linux-2.6.24 <removed>
-CVE-2009-0028
-	RESERVED
+CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier
allows ...)
+	TODO: check
 CVE-2009-0027
 	RESERVED
 CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache
...)
@@ -4024,8 +4155,8 @@
 	NOT-FOR-US: TNT Forum
 CVE-2008-5264 (Cross-site scripting (XSS) vulnerability in searcher.exe in
Tornado ...)
 	NOT-FOR-US: Tornado Knowledge Retrieval System
-CVE-2008-5263
-	RESERVED
+CVE-2008-5263 (Multiple stack-based buffer overflows in the
mt_codec::getHdrHead ...)
+	TODO: check
 CVE-2008-5262 (Multiple stack-based buffer overflows in the iGetHdrHeader
function in ...)
 	{DSA-1717-1 DTSA-184-1}
 	- devil 1.7.5-4 (low; bug #511844; bug #512122)
@@ -6084,6 +6215,7 @@
 	- scilab 4.1.2-6 (low; bug #496414)
 	[etch] - scilab <no-dsa> (Non-free not supported)
 CVE-2008-4395 (Multiple buffer overflows in the ndiswrapper module 1.53 for the
Linux ...)
+	{DSA-1731-1}
 	- ndiswrapper 1.53-2 (medium; bug #504696)
 CVE-2008-4394 (Multiple untrusted search path vulnerabilities in Portage before
...)
 	NOT-FOR-US: Gentoo package manager Portage
@@ -6302,8 +6434,8 @@
 CVE-2008-4309 (Integer overflow in the netsnmp_create_subtree_cache function in
...)
 	{DSA-1663-1}
 	- net-snmp 5.4.1~dfsg-11 (bug #504150)
-CVE-2008-4308
-	RESERVED
+CVE-2008-4308 (The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and
5.5.10 ...)
+	TODO: check
 CVE-2008-4307 (Race condition in the do_setlk function in fs/nfs/file.c in the
Linux ...)
 	- linux-2.6 2.6.26-1
 	- linux-2.6.24 <removed>
Secure testing commits - Mar 2009 - r11314 - data/CVE

[Secure-testing-commits] r11314 - data/CVE
