Author: joeyh
Date: 2009-04-09 21:14:16 +0000 (Thu, 09 Apr 2009)
New Revision: 11603
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-04-09 21:00:37 UTC (rev 11602)
+++ data/CVE/list 2009-04-09 21:14:16 UTC (rev 11603)
@@ -1,5 +1,88 @@
+CVE-2009-1273 (pam_ssh 1.92 and possibly other versions, as used when PAM is
compiled ...)
+ TODO: check
+CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP
5.2.x ...)
+ TODO: check
+CVE-2009-1271 (The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x
before ...)
+ TODO: check
+CVE-2009-1269
+ RESERVED
+CVE-2009-1268
+ RESERVED
+CVE-2009-1267
+ RESERVED
+CVE-2009-1266
+ RESERVED
+CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the
Linux ...)
+ TODO: check
+CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20
and ...)
+ TODO: check
+CVE-2009-1263 (SQL injection vulnerability in sub_commententry.php in the
BookJoomlas ...)
+ TODO: check
+CVE-2009-1262 (Format string vulnerability in Fortinet FortiClient 3.0.614, and
...)
+ TODO: check
+CVE-2009-1261 (Multiple cross-site scripting (XSS) vulnerabilities in Web Help
Desk ...)
+ TODO: check
+CVE-2009-1260 (Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and
...)
+ TODO: check
+CVE-2009-1259 (SQL injection vulnerability in inc/bb/topic.php in Insane
Visions ...)
+ TODO: check
+CVE-2009-1258 (SQL injection vulnerability in the RD-Autos (com_rdautos)
component ...)
+ TODO: check
+CVE-2009-1257 (Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274
allows ...)
+ TODO: check
+CVE-2009-1256 (SQL injection vulnerability in FlexCMS 2.5 allows remote
attackers to ...)
+ TODO: check
+CVE-2009-1255
+ RESERVED
+CVE-2008-6679 (Buffer overflow in the BaseFont writer module in Ghostscript
8.62, and ...)
+ TODO: check
+CVE-2008-6678 (SQL injection vulnerability in asp/includes/contact.asp in
QuickerSite ...)
+ TODO: check
+CVE-2008-6677 (Unrestricted file upload vulnerability in ...)
+ TODO: check
+CVE-2008-6676 (QuickerSite 1.8.5 allows remote attackers to obtain sensitive
...)
+ TODO: check
+CVE-2008-6675 (Multiple cross-site scripting (XSS) vulnerabilities in
QuickerSite ...)
+ TODO: check
+CVE-2008-6674 (mailPage.asp in QuickerSite 1.8.5 allows remote attackers to
flood ...)
+ TODO: check
+CVE-2008-6673 (asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict
...)
+ TODO: check
+CVE-2008-6672 (Vertex4 SunAge 1.08.1 and earlier allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2008-6671 (Vertex4 SunAge 1.08.1 and earlier allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2008-6670 (Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows
remote ...)
+ TODO: check
+CVE-2008-6669 (viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers
to ...)
+ TODO: check
+CVE-2008-6668 (Multiple directory traversal vulnerabilities in nweb2fax 0.2.7
and ...)
+ TODO: check
+CVE-2008-6667 (A+ PHP Scripts News Management System (NMS) allows remote
attackers to ...)
+ TODO: check
+CVE-2008-6666 (Multiple cross-site scripting (XSS) vulnerabilities in Kronos
webTA ...)
+ TODO: check
+CVE-2008-6665 (change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled,
allows ...)
+ TODO: check
+CVE-2008-6664 (action.php in SH-News 3.0 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-6663 (SQL injection vulnerability in profile.php in PHPAuctions.info
...)
+ TODO: check
+CVE-2008-6662 (AVG Anti-Virus for Linux 7.5.51, and possibly earlier, allows
remote ...)
+ TODO: check
+CVE-2008-6661 (Multiple integer overflows in the scanning engine in Bitdefender
for ...)
+ TODO: check
+CVE-2008-6660 (Unrestricted file upload vulnerability in bigdump.php in Alexey
Ozerov ...)
+ TODO: check
+CVE-2008-6659 (Directory traversal vulnerability in index.php in Simple
Machines ...)
+ TODO: check
+CVE-2008-6658 (Directory traversal vulnerability in index.php in Simple
Machines ...)
+ TODO: check
+CVE-2008-6657 (Cross-site request forgery (CSRF) vulnerability in index.php in
Simple ...)
+ TODO: check
+CVE-2007-6725 (The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and
possibly ...)
+ TODO: check
CVE-2009-XXXX [roundup: insufficient access checks in web frontend]
- {DSA-1754-1}
- roundup <unfixed> (bug #518768)
[etch] - roundup 1.2.1-10+etch1
[lenny] - roundup 1.4.4-4+lenny1
@@ -10,23 +93,21 @@
[etch] - wireshark <not-affected> (Vulnerable code not present;
introduced in 0.99.6)
CVE-2009-XXXX [Wireshark: The Check Point High-Availability Protocol (CPHAP)
dissector could crash.]
- wireshark <unfixed>
-CVE-2008-6680 [denial of service via crafted exe file (pe parser)]
+CVE-2008-6680 (libclamav/pe.c in ClamAV before 0.95 allows remote attackers to
cause ...)
- clamav <unfixed> (medium; bug #523016)
-CVE-2009-1270 [denial of service via tar archives]
+CVE-2009-1270 (libclamav/untar.c in ClamAV before 0.95 allows remote attackers
to ...)
- clamav <unfixed> (medium; bug #523016)
-CVE-2009-1254
- RESERVED
+CVE-2009-1254 (James Stone Tunapie 2.1 allows remote attackers to execute
arbitrary ...)
{DSA-1764-1}
-CVE-2009-1253
- RESERVED
+ TODO: check
+CVE-2009-1253 (James Stone Tunapie 2.1 allows local users to overwrite
arbitrary ...)
{DSA-1764-1}
+ TODO: check
CVE-2009-1252
RESERVED
-CVE-2009-1251 [openafs]
- RESERVED
+CVE-2009-1251 (Heap-based buffer overflow in the cache manager in the client in
...)
- openafs 1.4.10+dfsg1-1
-CVE-2009-1250 [openafs]
- RESERVED
+CVE-2009-1250 (The cache manager in the client in OpenAFS 1.0 through 1.4.8 and
1.5.0 ...)
- openafs 1.4.10+dfsg1-1
CVE-2009-1249 (Cross-site scripting (XSS) vulnerability in Feed element mapper
5.x ...)
NOT-FOR-US: Feed element mapper for Drupal
@@ -200,7 +281,7 @@
TODO: check
CVE-2008-6583 (Buffer overflow in BS.player 2.27 build 959 allows remote
attackers to ...)
TODO: check
-CVE-2009-1274 [xine quicktime atom parser integer overflow]
+CVE-2009-1274 (Integer overflow in the qt_error parse_trak_atom function in
...)
- xine-lib <unfixed> (medium; bug #522811)
NOTE: http://trapkit.de/advisories/TKADV2009-005.txt
CVE-2009-1238 (Race condition in the HFS vfs sysctl interface in XNU 1228.8.20
and ...)
@@ -1378,21 +1459,18 @@
NOT-FOR-US: NovaNET
CVE-2009-0848 (Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and
11.1 ...)
- gtk+2.0 <not-affected> (suse specific patch)
-CVE-2009-0847
- RESERVED
+CVE-2009-0847 (The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos
5 (aka ...)
{DSA-1766-1}
- krb5 1.6.dfsg.4~beta1-13
[etch] - krb5 <not-affected> (Affected code present, but not exploitable
before 1.6.3)
-CVE-2009-0846
- RESERVED
+CVE-2009-0846 (The asn1_decode_generaltime function in
lib/krb5/asn.1/asn1_decode.c ...)
{DSA-1766-1}
- krb5 1.6.dfsg.4~beta1-13
CVE-2009-0845 (The spnego_gss_accept_sec_context function in ...)
{DSA-1766-1}
- krb5 1.6.dfsg.4~beta1-13
[etch] - krb5 <not-affected> (Vulnerable code was introduced in 1.5)
-CVE-2009-0844
- RESERVED
+CVE-2009-0844 (The get_input_token function in the SPNEGO implementation in MIT
...)
{DSA-1766-1}
- krb5 1.6.dfsg.4~beta1-13
[etch] - krb5 <not-affected> (Vulnerable code was introduced in 1.5)
@@ -1605,10 +1683,10 @@
RESERVED
CVE-2009-0797
RESERVED
-CVE-2009-0796
- RESERVED
+CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in ...)
+ TODO: check
CVE-2009-0795 [af_rose/x25 DoS]
- RESERVED
+ REJECTED
- linux-2.6 <unfixed>
- linux-2.6.24 <unfixed>
CVE-2009-0794
@@ -3867,7 +3945,7 @@
NOT-FOR-US: ccTiddly
CVE-2008-5948 (Directory traversal vulnerability in index.php in BNCwi 1.04 and
...)
NOT-FOR-US: BNCwi
-CVE-2009-0259 (The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows
...)
+CVE-2009-0259 (The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows
remote ...)
- openoffice.org 2.0.4.dfsg.2-7
NOTE: Checked with maintainer and issue was fixed long ago, marking etch
version as fixed for now
CVE-2009-0254 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows
user-assisted ...)
@@ -4283,6 +4361,7 @@
CVE-2009-0116
RESERVED
CVE-2009-0115 (multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE
Linux ...)
+ {DSA-1767-1}
- multipath-tools 0.4.8-15 (low; bug #522813)
CVE-2008-5901 (iyzi Forum 1.0 beta 3 stores sensitive information under the web
root ...)
NOT-FOR-US: iyzi Forum