Author: joeyh
Date: 2009-04-17 21:14:13 +0000 (Fri, 17 Apr 2009)
New Revision: 11645
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-04-17 18:22:45 UTC (rev 11644)
+++ data/CVE/list 2009-04-17 21:14:13 UTC (rev 11645)
@@ -1,3 +1,71 @@
+CVE-2009-1330 (Stack-based buffer overflow in Easy RM to MP3 Converter allows
remote ...)
+ TODO: check
+CVE-2009-1329 (Stack-based buffer overflow in Mini-stream Shadow Stream
Recorder ...)
+ TODO: check
+CVE-2009-1328 (Stack-based buffer overflow in Mini-stream RM-MP3 Converter
3.0.0.7 ...)
+ TODO: check
+CVE-2009-1327 (Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9
...)
+ TODO: check
+CVE-2009-1326 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9
...)
+ TODO: check
+CVE-2009-1325 (Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows
...)
+ TODO: check
+CVE-2009-1324 (Stack-based buffer overflow in Mini-stream ASX to MP3 Converter
...)
+ TODO: check
+CVE-2009-1323 (SQL injection vulnerability in body.asp in Web File Explorer 3.1
...)
+ TODO: check
+CVE-2009-1322 (ASP Product Catalog 1.0 stores sensitive information under the
web ...)
+ TODO: check
+CVE-2009-1321 (Cross-site scripting (XSS) vulnerability in search.asp in ASP
Product ...)
+ TODO: check
+CVE-2009-1320 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2009-1319 (Directory traversal vulnerability in includes/ini.inc.php in
GuestCal ...)
+ TODO: check
+CVE-2009-1318 (Directory traversal vulnerability in index.php in Jamroom 3.1.2,
3.2.3 ...)
+ TODO: check
+CVE-2009-1317 (Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when
...)
+ TODO: check
+CVE-2009-1316 (Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow
remote ...)
+ TODO: check
+CVE-2009-1315 (Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace
1.0 ...)
+ TODO: check
+CVE-2009-1314 (body.asp in Web File Explorer 3.1 allows remote attackers to
create ...)
+ TODO: check
+CVE-2009-1313
+ RESERVED
+CVE-2009-1312
+ RESERVED
+CVE-2009-1311
+ RESERVED
+CVE-2009-1310
+ RESERVED
+CVE-2009-1309
+ RESERVED
+CVE-2009-1308
+ RESERVED
+CVE-2009-1307
+ RESERVED
+CVE-2009-1306
+ RESERVED
+CVE-2009-1305
+ RESERVED
+CVE-2009-1304
+ RESERVED
+CVE-2009-1303
+ RESERVED
+CVE-2009-1302
+ RESERVED
+CVE-2009-1301 (Integer signedness error in the store_id3_text function in the
ID3v2 ...)
+ TODO: check
+CVE-2009-1300 (apt 0.7.20 does not check when the date command returns an
"invalid ...)
+ TODO: check
+CVE-2008-6726 (Multiple directory traversal vulnerabilities in CMScout 2.06,
when ...)
+ TODO: check
+CVE-2008-6725 (Multiple SQL injection vulnerabilities in CMScout 2.06 allow
remote ...)
+ TODO: check
+CVE-2008-6724 (Cross-site scripting (XSS) vulnerability in index.pl in Perl
Nopaste ...)
+ TODO: check
CVE-2009-1299
RESERVED
CVE-2009-1298
@@ -8,9 +76,9 @@
RESERVED
CVE-2009-1295
RESERVED
-CVE-2009-1294
+CVE-2009-1294 (Multiple cross-site scripting (XSS) vulnerabilities in
web/guest/home ...)
NOT-FOR-US: Novell Teaming
-CVE-2009-1293
+CVE-2009-1293 (The web login functionality (c/portal/login) in Novell Teaming
1.0 ...)
NOT-FOR-US: Novell Teaming
CVE-2009-1292 (UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x
...)
NOT-FOR-US: ClearCase
@@ -52,8 +120,7 @@
NOT-FOR-US: Pre ADS Portal
CVE-2008-6715 (Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS
Portal ...)
NOT-FOR-US: Pre ADS Portal
-CVE-2009-1285 [phpMyAdmin PMASA-2009-4 insufficient escaping in setup script]
- RESERVED
+CVE-2009-1285 (Static code injection vulnerability in the getConfigFile
function in ...)
- phpmyadmin 4:3.1.3.2-1 (unimportant)
[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -1338,8 +1405,8 @@
RESERVED
CVE-2009-0947
RESERVED
-CVE-2009-0946
- RESERVED
+CVE-2009-0946 (Multiple integer overflows in FreeType 2.3.9 and earlier allow
remote ...)
+ TODO: check
CVE-2009-0945
RESERVED
CVE-2009-0944
@@ -2934,7 +3001,7 @@
- lcms 1.18.dfsg-1 (bug #522446)
CVE-2009-0580
RESERVED
-CVE-2009-0579
+CVE-2009-0579 (Linux-PAM before 1.0.4 does not enforce the minimum password age
...)
- pam <unfixed> (bug #514437)
CVE-2009-0578 (GNOME NetworkManager before 0.7.0.99 does not properly verify
...)
- network-manager-applet 0.7.0.99-1 (medium)
@@ -4317,8 +4384,7 @@
RESERVED
CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView
...)
NOT-FOR-US: IrfanView
-CVE-2009-0196
- RESERVED
+CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict
function ...)
- ghostscript <unfixed>
CVE-2009-0195
RESERVED
@@ -6357,7 +6423,7 @@
RESERVED
CVE-2008-5260 (Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX
control ...)
NOT-FOR-US: ActiveX
-CVE-2008-5259
+CVE-2008-5259 (Integer signedness error in DivX Web Player 1.4.2.7, and
possibly ...)
NOT-FOR-US: DivX Web Player
CVE-2008-5258
RESERVED
@@ -7386,7 +7452,7 @@
NOT-FOR-US: rPath
CVE-2008-4831 (Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and
...)
NOT-FOR-US: Adobe ColdFusion
-CVE-2008-4830
+CVE-2008-4830 (Insecure method vulnerability in the KWEdit ActiveX control in
SAP GUI ...)
NOT-FOR-US: KWEdit ActiveX control
CVE-2008-4829 (Multiple buffer overflows in lib/http.c in Streamripper 1.63.5
allow ...)
{DSA-1683-1}
@@ -16399,8 +16465,8 @@
- evolution 2.22.2-1.1 (low; bug #484639)
[etch] - evolution <no-dsa> (Minor issue)
NOTE: Requires that the ITip Formatter plugin is disabled, which is enabled by
default.
-CVE-2008-1107
- RESERVED
+CVE-2008-1107 (Multiple stack-based buffer overflows in the Danske Bank e-Sec
Control ...)
+ TODO: check
CVE-2008-1106 (The management interface in Akamai Client (formerly Red Swoosh)
3322 ...)
NOT-FOR-US: Akamai Client
CVE-2008-1105 (Heap-based buffer overflow in the receive_smb_raw function in
...)
@@ -30728,7 +30794,7 @@
NOT-FOR-US: IBM Lenovo Access Support acpRunner ActiveX control
CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS
Camera ...)
NOT-FOR-US: AXIS Camera Control
-CVE-2007-2238
+CVE-2007-2238 (Multiple stack-based buffer overflows in the Whale Client
Components ...)
NOT-FOR-US: Whale Client Components ActiveX control
CVE-2007-2237 (Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll)
allows ...)
NOT-FOR-US: Microsoft