Author: joeyh
Date: 2009-04-24 21:14:19 +0000 (Fri, 24 Apr 2009)
New Revision: 11714
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-04-24 21:06:56 UTC (rev 11713)
+++ data/CVE/list 2009-04-24 21:14:19 UTC (rev 11714)
@@ -1,3 +1,71 @@
+CVE-2009-1402
+ RESERVED
+CVE-2009-1401
+ RESERVED
+CVE-2009-1400
+ RESERVED
+CVE-2009-1399
+ RESERVED
+CVE-2009-1398
+ RESERVED
+CVE-2009-1397
+ RESERVED
+CVE-2009-1396
+ RESERVED
+CVE-2009-1395
+ RESERVED
+CVE-2009-1394
+ RESERVED
+CVE-2009-1393
+ RESERVED
+CVE-2009-1392
+ RESERVED
+CVE-2009-1391
+ RESERVED
+CVE-2009-1390
+ RESERVED
+CVE-2009-1389
+ RESERVED
+CVE-2009-1388
+ RESERVED
+CVE-2009-1387
+ RESERVED
+CVE-2009-1386
+ RESERVED
+CVE-2009-1385
+ RESERVED
+CVE-2009-1384
+ RESERVED
+CVE-2009-1383
+ RESERVED
+CVE-2009-1382
+ RESERVED
+CVE-2009-1381
+ RESERVED
+CVE-2009-1380
+ RESERVED
+CVE-2009-1379
+ RESERVED
+CVE-2009-1378
+ RESERVED
+CVE-2009-1377
+ RESERVED
+CVE-2009-1376
+ RESERVED
+CVE-2009-1375
+ RESERVED
+CVE-2009-1374
+ RESERVED
+CVE-2009-1373
+ RESERVED
+CVE-2009-1365
+ RESERVED
+CVE-2009-1364
+ RESERVED
+CVE-2009-1363
+ RESERVED
+CVE-2009-1360 (The __inet6_check_established function in
net/ipv6/inet6_hashtables.c ...)
+ TODO: check
CVE-2009-1411
NOT-FOR-US: Seditio CMS
CVE-2009-1410
@@ -16,21 +84,21 @@
NOT-FOR-US: PastelCMS
CVE-2009-1403
NOT-FOR-US: CRE Loaded
-CVE-2009-1370
+CVE-2009-1370 (Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video
...)
NOT-FOR-US: Xilisoft Video Converter
-CVE-2009-1369
+CVE-2009-1369 (moziloCMS 1.11 allows remote attackers to obtain sensitive
information ...)
NOT-FOR-US: moziloCMS
-CVE-2009-1368
+CVE-2009-1368 (Directory traversal vulnerability in index.php in moziloCMS 1.11
...)
NOT-FOR-US: moziloCMS
-CVE-2009-1367
+CVE-2009-1367 (Cross-site scripting (XSS) vulnerability in index.php in
moziloCMS ...)
NOT-FOR-US: moziloCMS
-CVE-2009-1366
+CVE-2009-1366 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: DotNetNuke
-CVE-2009-1362
+CVE-2009-1362 (SQL injection vulnerability in administration/index.php in
chCounter ...)
NOT-FOR-US: chCounter
-CVE-2009-1361
+CVE-2009-1361 (dig.php in GScripts.net DNS Tools allows remote attackers to
execute ...)
NOT-FOR-US: GScripts.net DNS Tools
-CVE-2009-1359
+CVE-2009-1359 (Unspecified vulnerability in the SCTP sockets implementation in
Sun ...)
NOT-FOR-US: Sun OpenSolaris
CVE-2008-6752
NOT-FOR-US: Twitter Clone (TClone) plugin for ReVou Micro Blogging
@@ -42,17 +110,17 @@
NOT-FOR-US: FlexPHPDirectory
CVE-2008-6748
NOT-FOR-US: Megacubo
-CVE-2008-6747
+CVE-2008-6747 (dotProject before 2.1.2 does not properly restrict access to
...)
NOT-FOR-US: dotProject
-CVE-2008-6746
+CVE-2008-6746 (Cross-site scripting (XSS) vulnerability in the contact display
view ...)
NOT-FOR-US: Turba Contact Manager
-CVE-2008-6745
+CVE-2008-6745 (index.php in BlogPHP 2.0 allows remote attackers to gain
administrator ...)
NOT-FOR-US: BlogPHP
-CVE-2008-6744
+CVE-2008-6744 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office
6, ...)
NOT-FOR-US: Cybozu Office
-CVE-2008-6743
+CVE-2008-6743 (RSMScript 1.21 allows remote attackers to bypass authentication
and ...)
NOT-FOR-US: RSMScript
-CVE-2009-1357
+CVE-2009-1357 (CRLF injection vulnerability in da/DA/Login in Sun Java System
...)
NOT-FOR-US: Sun Java System Delegated Administrator
CVE-2009-1356 (Stack-based buffer overflow in Elecard AVC HD Player allows
remote ...)
NOT-FOR-US: Elecard AVC HD Player
@@ -131,16 +199,13 @@
RESERVED
CVE-2009-1339
RESERVED
-CVE-2009-1338 [Kernel: limit kill sig to caller namespace]
- RESERVED
+CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux
...)
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
-CVE-2009-1337 [Kernel: exit notify cap check]
- RESERVED
+CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel
before ...)
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
-CVE-2009-1336 [Kernel: NFS Dos]
- RESERVED
+CVE-2009-1336 (fs/nfs/client.c in the Linux kernel before 2.6.23 does not
properly ...)
- linux-2.6 2.6.23-1
[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2009-1335 (Microsoft Internet Explorer 7 and 8 on Windows XP and Vista
allows ...)
@@ -202,48 +267,37 @@
NOT-FOR-US: Web File Explorer
CVE-2009-1313
RESERVED
-CVE-2009-1312 [MFSA 2009-22: Firefox allows Refresh header to redirect to
javascript: URIs]
- RESERVED
+CVE-2009-1312 (Mozilla Firefox before 3.0.9 and SeaMonkey do not block
javascript: ...)
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1311 [MFSA 2009-21: POST data sent to wrong site when saving web page
with embedded frame]
- RESERVED
+CVE-2009-1311 (Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow
...)
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1310 [MFSA 2009-22: Firefox allows Refresh header to redirect to
javascript: URIs]
- RESERVED
+CVE-2009-1310 (Cross-site scripting (XSS) vulnerability in the MozSearch plugin
...)
- iceweasel 3.0.9-1
[etch] - iceweasel <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1309 [MFSA 2009-19: Same-origin violations in XMLHttpRequest and
XPCNativeWrapper.toString]
- RESERVED
+CVE-2009-1309 (Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not
...)
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1308 [MFSA 2009-18: XSS hazard using third-party stylesheets and XBL
bindings]
- RESERVED
+CVE-2009-1308 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox
before ...)
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1307 [MFSA 2009-17: Same-origin violations when Adobe Flash loaded via
view-source: scheme]
- RESERVED
+CVE-2009-1307 (The view-source: URI implementation in Mozilla Firefox before
3.0.9, ...)
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1306 [MFSA 2009-16: jar: scheme ignores the content-disposition:
header on the inner URI]
- RESERVED
+CVE-2009-1306 (The jar: URI implementation in Mozilla Firefox before 3.0.9,
...)
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1305 [Firefox crashes with evidence of memory corruption]
- RESERVED
+CVE-2009-1305 (The JavaScript engine in Mozilla Firefox before 3.0.9,
Thunderbird ...)
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1304 [Firefox crashes with evidence of memory corruption]
- RESERVED
+CVE-2009-1304 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.9,
Thunderbird ...)
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1303 [Firefox crashes with evidence of memory corruption]
- RESERVED
+CVE-2009-1303 (The browser engine in Mozilla Firefox before 3.0.9, Thunderbird
before ...)
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1302 [Firefox crashes with evidence of memory corruption]
- RESERVED
+CVE-2009-1302 (The browser engine in Mozilla Firefox 3.x before 3.0.9,
Thunderbird ...)
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-1301 (Integer signedness error in the store_id3_text function in the
ID3v2 ...)
@@ -283,12 +337,12 @@
NOT-FOR-US: Novell Access Manager
CVE-2008-6721 (SQL injection vulnerability in index.php in AJ Square AJ Article
...)
NOT-FOR-US: AJ Square AJ Article
-CVE-2009-1371 [clamav: UPack crash]
+CVE-2009-1371 (The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before
...)
- clamav 0.95.1+dfsg-1
[etch] - clamav 0.90.1dfsg-4-etch19
[lenny] - clamav 0.94.dfsg.2-1lenny2
NOTE: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552
-CVE-2009-1372 [clamav: cli_url_canon]
+CVE-2009-1372 (Stack-based buffer overflow in the cli_url_canon function in
...)
- clamav 0.95.1+dfsg-1
[etch] - clamav <not-affected> (vulnerable code not present)
[lenny] - clamav <not-affected> (vulnerable code not present)
@@ -836,17 +890,15 @@
RESERVED
CVE-2009-1192
RESERVED
-CVE-2009-1191
- RESERVED
+CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP
Server ...)
+ TODO: check
CVE-2009-1190
RESERVED
CVE-2009-1189
RESERVED
-CVE-2009-1188 [pdf vulnerabilities]
- RESERVED
+CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in Poppler before
...)
- poppler 0.10.6-1 (medium; bug #524806)
-CVE-2009-1187 [pdf vulnerabilities]
- RESERVED
+CVE-2009-1187 (Integer overflow in the JBIG2 decoding feature in Poppler before
...)
- poppler 0.10.6-1 (medium; bug #524806)
CVE-2009-1186 (Buffer overflow in the util_path_encode function in ...)
{DSA-1772-1}
@@ -856,28 +908,23 @@
- udev 0.141-1 (medium)
CVE-2009-1184
RESERVED
-CVE-2009-1183 [pdf vulnerabilities]
- RESERVED
+CVE-2009-1183 (The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and ...)
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0-1 (medium; bug #524810)
-CVE-2009-1182 [pdf vulnerabilites]
- RESERVED
+CVE-2009-1182 (Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf
3.02pl2 and ...)
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0-1 (medium; bug #524810)
-CVE-2009-1181 [pdf vulnerabilities]
- RESERVED
+CVE-2009-1181 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
earlier, ...)
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0-1 (medium; bug #524810)
-CVE-2009-1180 [pdf vulnerabilities]
- RESERVED
+CVE-2009-1180 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
earlier, ...)
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0-1 (medium; bug #524810)
-CVE-2009-1179 [pdf vulnerabilities]
- RESERVED
+CVE-2009-1179 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, ...)
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0-1 (medium; bug #524810)
@@ -2125,13 +2172,11 @@
CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the
HTTP ...)
- squid <unfixed> (low; bug #521053)
- squid3 <unfixed> (low; bug #521052)
-CVE-2009-0800 [pdf vulnerabilities]
- RESERVED
+CVE-2009-0800 (Multiple "input validation flaws" in the JBIG2
decoder in Xpdf 3.02pl2 ...)
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0 (medium; bug #524810)
-CVE-2009-0799 [pdf vulnerabilities]
- RESERVED
+CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
earlier, ...)
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0 (medium; bug #524810)
@@ -2693,12 +2738,12 @@
RESERVED
CVE-2009-0665
RESERVED
-CVE-2009-0664
- RESERVED
+CVE-2009-0664 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara
1.0.x ...)
{DSA-1778-1}
+ TODO: check
CVE-2009-0663
RESERVED
-CVE-2009-0662
+CVE-2009-0662 (The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a
product ...)
NOT-FOR-US: PlonePAS
CVE-2009-0661 (Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote
...)
{DSA-1744-1}
@@ -2722,7 +2767,7 @@
NOTE: attacker already controls entry and exit node at this stage
CVE-2009-0653 (OpenSSL, probably 0.9.6, does not verify the Basic Constraints
for an ...)
- openssl 0.9.8-1 (bug #517791)
-CVE-2009-0652 (Mozilla Firefox 3.0.6 does not properly prevent the literal
rendering ...)
+CVE-2009-0652 (The Internationalized Domain Names (IDN) blacklist in Mozilla
Firefox ...)
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-0651 (Unspecified vulnerability in the Veritas network daemon (aka
vnetd) in ...)
@@ -4213,7 +4258,7 @@
RESERVED
CVE-2009-0308
RESERVED
-CVE-2009-0307
+CVE-2009-0307 (Cross-site scripting (XSS) vulnerability in the
"Customize Statistics ...)
NOT-FOR-US: Motion (RIM) BlackBerry Enterprise Server
CVE-2009-0306
RESERVED
@@ -4602,8 +4647,8 @@
NOT-FOR-US: IrfanView
CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict
function ...)
- ghostscript 8.64~dfsg-1.1 (medium; bug #524803)
-CVE-2009-0195
- RESERVED
+CVE-2009-0195 (Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS
1.3.9, ...)
+ TODO: check
CVE-2009-0194
RESERVED
CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1,
8 ...)
@@ -4687,22 +4732,20 @@
NOT-FOR-US: ppdmgr in Sun Solaris 10 and OpenSolaris
CVE-2009-0167 (Unspecified vulnerability in lpadmin in Sun Solaris 10 and
OpenSolaris ...)
NOT-FOR-US: lpadmin in Sun Solaris 10 and OpenSolaris
-CVE-2009-0166 [pdftops filter vulnerability]
- RESERVED
+CVE-2009-0166 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
earlier, ...)
- poppler <unfixed> (medium; bug #524806)
- cups <not-affected> (Uses poppler''s pdftops)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics <unfixed> (medium; bug #524810)
-CVE-2009-0165
- RESERVED
+CVE-2009-0165 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, as ...)
+ TODO: check
CVE-2009-0164 [cups web interface DNS rebinding issue]
RESERVED
- cups 1.3.10-1 (low)
[lenny] - cups <no-dsa> (Minor issue, needs several prerequirements for
attack)
- cupsys <removed>
[etch] - cupsys <no-dsa> (Minor issue, needs several prerequirements for
attack)
-CVE-2009-0163 [integer overflow in cups imagetops filter]
- RESERVED
+CVE-2009-0163 (Integer overflow in the TIFF image decoding routines in CUPS
1.3.9 and ...)
{DSA-1773-1}
- cups 1.3.10-1
- cupsys <removed>
@@ -4738,14 +4781,12 @@
RESERVED
CVE-2009-0148
RESERVED
-CVE-2009-0147 [pdftops filter vulnerability]
- RESERVED
+CVE-2009-0147 (Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and ...)
- poppler <unfixed> (medium; bug #524806)
- cups <not-affected> (Uses poppler''s pdftops)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics <unfixed> (medium; bug #524810)
-CVE-2009-0146 [pdftops filter vulnerability]
- RESERVED
+CVE-2009-0146 (Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and ...)
- poppler <unfixed> (medium; bug #524806)
- cups <not-affected> (Uses poppler''s pdftops)
- xpdf <unfixed> (medium; bug #524809)
@@ -5032,8 +5073,10 @@
- linux-2.6 2.6.29-1
- linux-2.6.24 <removed>
CVE-2009-0064
+ RESERVED
NOT-FOR-US: Symantec Brightmail Gateway Appliance
CVE-2009-0063
+ RESERVED
NOT-FOR-US: Symantec Brightmail Gateway Appliance
CVE-2009-0062 (Unspecified vulnerability in the Cisco Wireless LAN Controller
(WLC), ...)
NOT-FOR-US: Cisco
@@ -6056,7 +6099,7 @@
[etch] - axel <no-dsa> (Minor issue)
NOTE: http://alioth.debian.org/forum/forum.php?forum_id=2846
NOTE: this only work for non-interactive sessions which is a quite exotic
usecase
-CVE-2008-5619 (html2text.php in RoundCube Webmail (roundcubemail) 0.2-1.alpha
and ...)
+CVE-2008-5619 (html2text.php in Chuggnutt HTML to Text Converter, as used in
...)
- roundcube 0.1.1-9 (high; bug #508628)
NOTE: According to the bug report, this is being exploited.
- moodle 1.8.2.dfsg-2 (bug #508909)