Author: joeyh
Date: 2009-04-06 21:14:20 +0000 (Mon, 06 Apr 2009)
New Revision: 11571
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-04-06 17:28:18 UTC (rev 11570)
+++ data/CVE/list 2009-04-06 21:14:20 UTC (rev 11571)
@@ -1,3 +1,53 @@
+CVE-2009-1241 (Unspecified vulnerability in ClamAV before 0.95 allows remote
...)
+ TODO: check
+CVE-2009-1240 (Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44
...)
+ TODO: check
+CVE-2009-1239 (IBM DB2 9.1 before FP7 returns incorrect query results in
certain ...)
+ TODO: check
+CVE-2008-6604 (Directory traversal vulnerability in index.php in PicoFlat CMS
0.5.9 ...)
+ TODO: check
+CVE-2008-6603 (MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when
...)
+ TODO: check
+CVE-2008-6602 (Unspecified vulnerability in Download Center Lite before 2.1 has
...)
+ TODO: check
+CVE-2008-6601 (Unspecified vulnerability in Epona 1.5rc3 allows remote
attackers to ...)
+ TODO: check
+CVE-2008-6600 (Cross-site scripting (XSS) vulnerability in the search feature
in ...)
+ TODO: check
+CVE-2008-6599 (cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under
the ...)
+ TODO: check
+CVE-2008-6598 (Multiple race conditions in WANPIPE before 3.3.6 have unknown
impact ...)
+ TODO: check
+CVE-2008-6597 (Cross-site scripting (XSS) vulnerability in
upload/install/index.php ...)
+ TODO: check
+CVE-2008-6596 (SQL injection vulnerability in admin/index.php in PHCDownload
1.1 ...)
+ TODO: check
+CVE-2008-6595 (SQL injection vulnerability in the pmk_rssnewsexport extension
for ...)
+ TODO: check
+CVE-2008-6594 (SQL injection vulnerability in the cm_rdfexport extension for
TYPO3 ...)
+ TODO: check
+CVE-2008-6593 (SQL injection vulnerability in LightNEasy/lightneasy.php in
LightNEasy ...)
+ TODO: check
+CVE-2008-6592 (thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy
"no database" ...)
+ TODO: check
+CVE-2008-6591 (LightNEasy "no database" (aka flat) version
1.2.2, and possibly SQLite ...)
+ TODO: check
+CVE-2008-6590 (Multiple directory traversal vulnerabilities in LightNEasy
"no ...)
+ TODO: check
+CVE-2008-6589 (Multiple cross-site scripting (XSS) vulnerabilities in
LightNEasy "no ...)
+ TODO: check
+CVE-2008-6588 (Aztech ADSL2/2+ 4-port router has a default
"isp" account with a ...)
+ TODO: check
+CVE-2008-6587 (Cross-site request forgery (CSRF) vulnerability in index.tmpl in
Vuze ...)
+ TODO: check
+CVE-2008-6586 (Cross-site request forgery (CSRF) vulnerability in gui/index.php
in ...)
+ TODO: check
+CVE-2008-6585 (Cross-site request forgery (CSRF) vulnerability in
html/admin.php in ...)
+ TODO: check
+CVE-2008-6584 (html/index.php in TorrentFlux 2.3 allows remote authenticated
users to ...)
+ TODO: check
+CVE-2008-6583 (Buffer overflow in BS.player 2.27 build 959 allows remote
attackers to ...)
+ TODO: check
CVE-2009-XXXX [xine quicktime atom parser integer overflow]
- xine-lib <unfixed> (medium; bug #522811)
NOTE: http://trapkit.de/advisories/TKADV2009-005.txt
@@ -2425,6 +2475,7 @@
CVE-2009-0591 (The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when
CMS is ...)
- openssl <not-affected> (vulnerable versions not uploaded to Debian)
CVE-2009-0590 (The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k
allows ...)
+ {DSA-1763-1}
- openssl 0.9.8g-16 (low; bug #522002)
CVE-2009-0589
REJECTED
@@ -2504,8 +2555,8 @@
RESERVED
CVE-2009-0557
RESERVED
-CVE-2009-0556
- RESERVED
+CVE-2009-0556 (Unspecified vulnerability in Microsoft Office PowerPoint 2000
SP3, ...)
+ TODO: check
CVE-2009-0555
RESERVED
CVE-2009-0554
@@ -12786,7 +12837,7 @@
NOTE: pam_pgsql is not configured as "sufficient" in Debian default
configuration
CVE-2008-2424 (Unspecified vulnerability in the 404 error page for the
"Standard ...)
- interchange 5.5.1 (low; bug #482636)
-CVE-2008-2423 (Unspecified vulnerability in Interchange before 5.6.0 allows
remote ...)
+CVE-2008-2423 (Unspecified vulnerability in Interchange before 5.6.0 and before
5.5.2 ...)
- interchange 5.5.1 (low; bug #482636)
CVE-2008-2420 (The OCSP functionality in stunnel before 4.24 does not properly
search ...)
- stunnel4 3:4.22-1.1 (low; bug #482644)
@@ -15321,7 +15372,7 @@
CVE-2008-1332 (Unspecified vulnerability in Asterisk Open Source 1.2.x before
1.2.27, ...)
{DSA-1525-1}
- asterisk 1:1.4.18.1~dfsg-1 (medium)
-CVE-2008-1331 (Unspecified vulnerability in OmniPCX Office with Internet Access
...)
+CVE-2008-1331 (cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access
...)
NOT-FOR-US: OmniPCX Office
CVE-2008-1330 (Unspecified vulnerability in the Windows client API in Novell
...)
NOT-FOR-US: Novell Groupwise