thr3ads.net - Secure testing commits - [Secure-testing-commits] r11327

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2009-Mar-05 21:14 UTC
[Secure-testing-commits] r11327 - data/CVE

Author: joeyh
Date: 2009-03-05 21:14:13 +0000 (Thu, 05 Mar 2009)
New Revision: 11327

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-03-05 09:25:21 UTC (rev 11326)
+++ data/CVE/list	2009-03-05 21:14:13 UTC (rev 11327)
@@ -1,3 +1,153 @@
+CVE-2009-0821 (Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to
cause ...)
+	TODO: check
+CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before
1.2.11 ...)
+	TODO: check
+CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL before 5.1.32 allows remote
authenticated ...)
+	TODO: check
+CVE-2009-0818 (Cross-site scripting (XSS) vulnerability in the ...)
+	TODO: check
+CVE-2009-0817 (Cross-site scripting (XSS) vulnerability in the Protected Node
module ...)
+	TODO: check
+CVE-2009-0816 (Cross-site scripting (XSS) vulnerability in the backend user
interface ...)
+	TODO: check
+CVE-2009-0815 (The jumpUrl mechanism in class.tslib_fe.php in TYPO3 4.0 before
...)
+	TODO: check
+CVE-2009-0814 (Cross-site scripting (XSS) vulnerability in Widgets.aspx in
Blogsa 1.0 ...)
+	TODO: check
+CVE-2009-0813 (Insecure method vulnerability in the ImeraIEPlugin ActiveX
control ...)
+	TODO: check
+CVE-2009-0812 (Stack-based buffer overflow in BreakPoint Software Hex Workshop
4.23, ...)
+	TODO: check
+CVE-2009-0811 (Insecure method vulnerability in the SopCast SopCore ActiveX
control ...)
+	TODO: check
+CVE-2009-0810 (SQL injection vulnerability in login.php in xGuestbook 2.0
allows ...)
+	TODO: check
+CVE-2009-0809 (The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before
Release ...)
+	TODO: check
+CVE-2009-0808 (Multiple SQL injection vulnerabilities in SimpleCMMS before
0.1.0 ...)
+	TODO: check
+CVE-2009-0807 (zFeeder 1.6 allows remote attackers to gain administrative
access via ...)
+	TODO: check
+CVE-2009-0806 (Unspecified vulnerability in OpenGoo before 1.2.1 allows remote
...)
+	TODO: check
+CVE-2009-0805 (Cross-site scripting (XSS) vulnerability in piCal 0.91h and
earlier, a ...)
+	TODO: check
+CVE-2009-0804 (Ziproxy 2.6.0, when transparent interception mode is enabled,
uses the ...)
+	TODO: check
+CVE-2009-0803 (SmoothWall SmoothGuardian, as used in SmoothWall Firewall, ...)
+	TODO: check
+CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled,
uses the ...)
+	TODO: check
+CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the
HTTP ...)
+	TODO: check
+CVE-2009-0800
+	RESERVED
+CVE-2009-0799
+	RESERVED
+CVE-2009-0798
+	RESERVED
+CVE-2009-0797
+	RESERVED
+CVE-2009-0796
+	RESERVED
+CVE-2009-0795
+	RESERVED
+CVE-2009-0794
+	RESERVED
+CVE-2009-0793
+	RESERVED
+CVE-2009-0792
+	RESERVED
+CVE-2009-0791
+	RESERVED
+CVE-2009-0790
+	RESERVED
+CVE-2009-0789
+	RESERVED
+CVE-2009-0788
+	RESERVED
+CVE-2009-0787
+	RESERVED
+CVE-2009-0786
+	RESERVED
+CVE-2009-0785
+	RESERVED
+CVE-2009-0784
+	RESERVED
+CVE-2009-0783
+	RESERVED
+CVE-2009-0782
+	RESERVED
+CVE-2009-0781
+	RESERVED
+CVE-2009-0780 (The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3
and ...)
+	TODO: check
+CVE-2009-0779 (Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local
users ...)
+	TODO: check
+CVE-2009-0778
+	RESERVED
+CVE-2009-0777 (Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and
...)
+	TODO: check
+CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird
before ...)
+	TODO: check
+CVE-2009-0775 (Double free vulnerability in Mozilla Firefox before 3.0.7,
Thunderbird ...)
+	TODO: check
+CVE-2009-0774 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7,
Thunderbird ...)
+	TODO: check
+CVE-2009-0773 (The JavaScript engine in Mozilla Firefox before 3.0.7,
Thunderbird ...)
+	TODO: check
+CVE-2009-0772 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7,
Thunderbird ...)
+	TODO: check
+CVE-2009-0771 (The layout engine in Mozilla Firefox before 3.0.7, Thunderbird
before ...)
+	TODO: check
+CVE-2009-0770 (dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause
a ...)
+	TODO: check
+CVE-2009-0769 (QIP 2005 build 8082 allows remote attackers to cause a denial of
...)
+	TODO: check
+CVE-2009-0768 (SQL injection vulnerability in forumhop.php in YapBB 1.2 and
earlier ...)
+	TODO: check
+CVE-2009-0767 (Kipper 2.01 stores sensitive information under the web root with
...)
+	TODO: check
+CVE-2009-0766 (Directory traversal vulnerability in default.php in Kipper 2.01
allows ...)
+	TODO: check
+CVE-2009-0765 (Directory traversal vulnerability in index.php in Kipper 2.01
allows ...)
+	TODO: check
+CVE-2009-0764 (Multiple cross-site scripting (XSS) vulnerabilities in Kipper
2.01 ...)
+	TODO: check
+CVE-2009-0763 (Cross-site scripting (XSS) vulnerability in default.php in
Kipper 2.01 ...)
+	TODO: check
+CVE-2009-0762 (Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP
Comment ...)
+	TODO: check
+CVE-2009-0761 (Cross-site scripting (XSS) vulnerability in online.asp in Team
Board ...)
+	TODO: check
+CVE-2009-0760 (Team Board 1.x and 2.x stores sensitive information under the
web root ...)
+	TODO: check
+CVE-2009-0759 (Multiple CRLF injection vulnerabilities in webadmin in ZNC
before ...)
+	TODO: check
+CVE-2009-0758 (The originates_from_local_legacy_unicast_socket function in ...)
+	TODO: check
+CVE-2009-0757 (Multiple buffer overflows in GNU MPFR 2.4.0 allow
context-dependent ...)
+	TODO: check
+CVE-2009-0756 (The JBIG2Stream::readSymbolDictSeg function in Poppler before
0.10.4 ...)
+	TODO: check
+CVE-2009-0755 (The FormWidgetChoice::loadDefaults function in Poppler before
0.10.4 ...)
+	TODO: check
+CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache,
allows ...)
+	TODO: check
+CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through
2.9.7 ...)
+	TODO: check
+CVE-2008-6398 (sng_regress in SNG 1.0.2 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-6397 (rlatex in AlcoveBook sgml2x 1.0.0 allows local users to
overwrite ...)
+	TODO: check
+CVE-2008-6396 (Cross-site scripting (XSS) vulnerability in account.php in
Celerondude ...)
+	TODO: check
+CVE-2008-6395 (The web management interface in 3Com Wireless 8760 Dual Radio
11a/b/g ...)
+	TODO: check
+CVE-2008-6394 (SQL injection vulnerability in core/user.php in CS-Cart 1.3.5
and ...)
+	TODO: check
+CVE-2008-6393 (PSI Jabber client before 0.12.1 allows remote attackers to cause
a ...)
+	TODO: check
 CVE-2009-0752 (Unspecified vulnerability in Movable Type Pro and Community
Solution ...)
 	TODO: check
 CVE-2009-0751 (Yaws before 1.80 allows remote attackers to cause a denial of
service ...)
@@ -778,8 +928,8 @@
 	NOT-FOR-US: Cisco
 CVE-2009-0620 (Cisco ACE Application Control Engine Module for Catalyst 6500
Switches ...)
 	NOT-FOR-US: Cisco
-CVE-2009-0619
-	RESERVED
+CVE-2009-0619 (Unspecified vulnerability in the Session Border Controller (SBC)
...)
+	TODO: check
 CVE-2009-0618 (Unspecified vulnerability in the Java agent in Cisco Application
...)
 	NOT-FOR-US: Cisco
 CVE-2009-0617 (Cisco Application Networking Manager (ANM) before 2.0 uses a
default ...)
@@ -901,8 +1051,8 @@
 	RESERVED
 CVE-2009-0579
 	RESERVED
-CVE-2009-0578
-	RESERVED
+CVE-2009-0578 (network-manager-applet in Ubuntu 8.10 does not properly verify
...)
+	TODO: check
 CVE-2009-0577 (Integer overflow in the WriteProlog function in texttops in CUPS
...)
 	NOT-FOR-US: RedHat specific, because they had a problem applying the fix for
CVE-2008-3640
 CVE-2009-0576 (Unspecified vulnerability in Sun Java System Directory Server
5.2 p6 ...)
@@ -1671,16 +1821,16 @@
 	NOTE: CVE id requested
 	[lenny] - audacity 1.3.5-2+lenny1
 CVE-2009-0368 (OpenSC before 0.11.7 allows physically proximate attackers to
bypass ...)
+	{DSA-1734-1}
 	- opensc <unfixed>
 	[etch] - opensc <not-affected> (vulnerable code not present)
-CVE-2009-0367 [wesnoth python sandbox escape]
-	RESERVED
+CVE-2009-0367 (The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11
allows ...)
 	- wesnoth 1:1.4.7-4
 CVE-2009-0366 [wesnoth server memory exhaustion]
 	RESERVED
 	- wesnoth 1:1.4.7-4
-CVE-2009-0365
-	RESERVED
+CVE-2009-0365 (The dbus request handler in (1) network-manager-applet and (2)
...)
+	TODO: check
 CVE-2009-0364
 	RESERVED
 CVE-2009-0363 (Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b)
owl ...)
@@ -2284,8 +2434,8 @@
 	RESERVED
 CVE-2009-0187 (Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3,
and ...)
 	NOT-FOR-US: Orbit Downloader
-CVE-2009-0186
-	RESERVED
+CVE-2009-0186 (Integer overflow in libsndfile 1.0.18, as used in Winamp and
other ...)
+	TODO: check
 CVE-2009-0185
 	RESERVED
 CVE-2009-0184 (Multiple buffer overflows in the torrent parsing implementation
in ...)
@@ -3322,8 +3472,8 @@
 	RESERVED
 CVE-2009-0038
 	RESERVED
-CVE-2009-0037
-	RESERVED
+CVE-2009-0037 (The redirect implementation in curl and libcurl 5.11 through
7.19.3, ...)
+	TODO: check
 CVE-2009-0036 (Buffer overflow in the proxyReadClientSocket function in ...)
 	- libvirt 0.5.1-7 (unimportant)
 	NOTE: not building libvirt proxy from libvirt source package
@@ -62467,7 +62617,7 @@
 	NOT-FOR-US: Commercial SSH
 CVE-2001-1474 (SSH before 2.0 disables host key checking when connecting to the
...)
 	NOT-FOR-US: Commercial SSH
-CVE-2001-1473 (The SSH-1 protocol allows remote servers conduct
man-in-the-middle ...)
+CVE-2001-1473 (The SSH-1 protocol allows remote servers to conduct
man-in-the-middle ...)
 	NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol.
 CVE-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and
1.4.1 ...)
 	- phpbb2 2.0.6c-1
Secure testing commits - Mar 2009 - r11327 - data/CVE

[Secure-testing-commits] r11327 - data/CVE
