Author: joeyh
Date: 2009-04-27 21:14:17 +0000 (Mon, 27 Apr 2009)
New Revision: 11730
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-04-27 17:53:16 UTC (rev 11729)
+++ data/CVE/list 2009-04-27 21:14:17 UTC (rev 11730)
@@ -1,3 +1,47 @@
+CVE-2009-1433 (SQL injection vulnerability in File::find (filesystem/File.php)
in ...)
+ TODO: check
+CVE-2009-1432
+ RESERVED
+CVE-2009-1431
+ RESERVED
+CVE-2009-1430
+ RESERVED
+CVE-2009-1429
+ RESERVED
+CVE-2009-1428
+ RESERVED
+CVE-2009-1427
+ RESERVED
+CVE-2009-1426
+ RESERVED
+CVE-2009-1425
+ RESERVED
+CVE-2009-1424
+ RESERVED
+CVE-2009-1423
+ RESERVED
+CVE-2009-1422
+ RESERVED
+CVE-2009-1421
+ RESERVED
+CVE-2009-1420
+ RESERVED
+CVE-2009-1419
+ RESERVED
+CVE-2009-1418
+ RESERVED
+CVE-2009-1417
+ RESERVED
+CVE-2009-1416
+ RESERVED
+CVE-2009-1415
+ RESERVED
+CVE-2009-1414 (Google Chrome 2.0.x lets modifications to the global object
persist ...)
+ TODO: check
+CVE-2009-1413 (Google Chrome 1.0.x does not cancel timeouts upon a page
transition, ...)
+ TODO: check
+CVE-2009-1412 (Argument injection vulnerability in the chromehtml: protocol
handler ...)
+ TODO: check
CVE-2009-XXXX [iodine: DoS against iodined triggerable by authenticated users]
- iodine <unfixed> (low)
[lenny] - iodine <no-dsa> (Maintainer will fix it in next stable point
update)
@@ -79,23 +123,23 @@
- linux-2.6 2.6.29-1
[etch] - linux-2.6 <not-affected> (Introduced in 2.6.27)
- linux-2.6.24 <not-affected> (Introduced in 2.6.27)
-CVE-2009-1411
+CVE-2009-1411 (SQL injection vulnerability in events/inc/events.inc.php in the
Events ...)
NOT-FOR-US: Seditio CMS
-CVE-2009-1410
+CVE-2009-1410 (SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5
allows ...)
NOT-FOR-US: Quick.Cms.Lite
-CVE-2009-1409
+CVE-2009-1409 (SQL injection vulnerability in usersettings.php in e107 0.7.15
and ...)
NOT-FOR-US: e107
-CVE-2009-1408
+CVE-2009-1408 (Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c
allows ...)
NOT-FOR-US: webSPELL
-CVE-2009-1407
+CVE-2009-1407 (Directory traversal vulnerability in config.php in NotFTP 1.3.1
allows ...)
NOT-FOR-US: NotFTP
-CVE-2009-1406
+CVE-2009-1406 (Directory traversal vulnerability in cms_detect.php in
TotalCalendar ...)
NOT-FOR-US: TotalCalendar
-CVE-2009-1405
+CVE-2009-1405 (Directory traversal vulnerability in index.php in PastelCMS
0.8.0, ...)
NOT-FOR-US: PastelCMS
-CVE-2009-1404
+CVE-2009-1404 (SQL injection vulnerability in admin.php in PastelCMS 0.8.0,
when ...)
NOT-FOR-US: PastelCMS
-CVE-2009-1403
+CVE-2009-1403 (SQL injection vulnerability in product_info.php in CRE Loaded
6.2 ...)
NOT-FOR-US: CRE Loaded
CVE-2009-1370 (Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video
...)
NOT-FOR-US: Xilisoft Video Converter
@@ -113,15 +157,15 @@
NOT-FOR-US: GScripts.net DNS Tools
CVE-2009-1359 (Unspecified vulnerability in the SCTP sockets implementation in
Sun ...)
NOT-FOR-US: Sun OpenSolaris
-CVE-2008-6752
+CVE-2008-6752 (adminlogin/password.php in the Twitter Clone (TClone) plugin for
ReVou ...)
NOT-FOR-US: Twitter Clone (TClone) plugin for ReVou Micro Blogging
-CVE-2008-6751
+CVE-2008-6751 (Unrestricted file upload vulnerability in index.php in the
Twitter ...)
NOT-FOR-US: Twitter Clone (TClone) plugin for ReVou Micro Blogging
-CVE-2008-6750
+CVE-2008-6750 (Unrestricted file upload vulnerability in add.php in
FlexPHPDirectory ...)
NOT-FOR-US: FlexPHPDirectory
-CVE-2008-6749
+CVE-2008-6749 (Multiple SQL injection vulnerabilities in admin/usercheck.php in
...)
NOT-FOR-US: FlexPHPDirectory
-CVE-2008-6748
+CVE-2008-6748 (Eval injection vulnerability in Megacubo 5.0.7 allows remote
attackers ...)
NOT-FOR-US: Megacubo
CVE-2008-6747 (dotProject before 2.1.2 does not properly restrict access to
...)
NOT-FOR-US: dotProject
@@ -903,8 +947,8 @@
RESERVED
CVE-2009-1193
RESERVED
-CVE-2009-1192
- RESERVED
+CVE-2009-1192 (drivers/char/agp/generic.c in the agp subsystem in the Linux
kernel ...)
+ TODO: check
CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP
Server ...)
TODO: check
CVE-2009-1190
@@ -2202,8 +2246,8 @@
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0 (medium; bug #524810)
-CVE-2009-0798
- RESERVED
+CVE-2009-0798 (The daemon in acpid before 1.0.10 allows remote attackers to
cause a ...)
+ TODO: check
CVE-2009-0797
RESERVED
CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in ...)
@@ -4766,8 +4810,7 @@
- kdegraphics <unfixed> (medium; bug #524810)
CVE-2009-0165 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, as ...)
TODO: check
-CVE-2009-0164 [cups web interface DNS rebinding issue]
- RESERVED
+CVE-2009-0164 (The web interface for CUPS before 1.3.10 does not validate the
HTTP ...)
- cups 1.3.10-1 (low)
[lenny] - cups <no-dsa> (Minor issue, needs several prerequirements for
attack)
- cupsys <removed>
@@ -5030,7 +5073,7 @@
NOT-FOR-US: Microsoft Windows
CVE-2009-0085 (The Secure Channel (aka SChannel) authentication component in
...)
NOT-FOR-US: Microsoft Windows
-CVE-2009-0084 (DirectShow in Microsoft DirectX 8.1 and 9.0 does not properly
...)
+CVE-2009-0084 (Use after free vulnerability in DirectShow in Microsoft DirectX
8.1 ...)
NOT-FOR-US: DirectX
CVE-2009-0083 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and
Server ...)
NOT-FOR-US: Microsoft Windows
@@ -5099,11 +5142,9 @@
{DSA-1749-1}
- linux-2.6 2.6.29-1
- linux-2.6.24 <removed>
-CVE-2009-0064
- RESERVED
+CVE-2009-0064 (Multiple unspecified vulnerabilities in the Control Center in
Symantec ...)
NOT-FOR-US: Symantec Brightmail Gateway Appliance
-CVE-2009-0063
- RESERVED
+CVE-2009-0063 (Cross-site scripting (XSS) vulnerability in the Control Center
in ...)
NOT-FOR-US: Symantec Brightmail Gateway Appliance
CVE-2009-0062 (Unspecified vulnerability in the Cisco Wireless LAN Controller
(WLC), ...)
NOT-FOR-US: Cisco