thr3ads.net - Secure testing commits - [Secure-testing-commits] r11958

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-May-22 21:14 UTC
[Secure-testing-commits] r11958 - data/CVE

Author: joeyh
Date: 2009-05-22 21:14:13 +0000 (Fri, 22 May 2009)
New Revision: 11958

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-05-22 20:04:44 UTC (rev 11957)
+++ data/CVE/list	2009-05-22 21:14:13 UTC (rev 11958)
@@ -1,11 +1,175 @@
-CVE-2009-1756 [slim insecure auth secret passing]
+CVE-2009-1761
+	RESERVED
+CVE-2009-1760
+	RESERVED
+CVE-2009-1759 (Stack-based buffer overflow in the btFiles::BuildFromMI function
...)
+	TODO: check
+CVE-2009-1758 (The hypervisor_callback function in Xen, possibly before 3.4.0,
as ...)
+	TODO: check
+CVE-2009-1757 (Cross-site request forgery (CSRF) vulnerability in Transmission
1.5 ...)
+	TODO: check
+CVE-2009-1754
+	RESERVED
+CVE-2009-1752 (exJune Office Message System 1 does not properly restrict access
to ...)
+	TODO: check
+CVE-2009-1751 (SQL injection vulnerability in list_list.php in Realty Webware
...)
+	TODO: check
+CVE-2009-1750 (Unrestricted file upload vulnerability in VidSharePro allows
remote ...)
+	TODO: check
+CVE-2009-1749 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2009-1748 (Multiple directory traversal vulnerabilities in index.php in
Catviz ...)
+	TODO: check
+CVE-2009-1747 (SQL injection vulnerability in index.php in 26th Avenue bSpeak
1.10 ...)
+	TODO: check
+CVE-2009-1746 (SQL injection vulnerability in berita.php in Dian Gemilang
DGNews 3.0 ...)
+	TODO: check
+CVE-2009-1745 (Armorlogic Profense Web Application Firewall before 2.2.22, and
2.4.x ...)
+	TODO: check
+CVE-2009-1744 (InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a
module in ...)
+	TODO: check
+CVE-2009-1743 (Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in
...)
+	TODO: check
+CVE-2009-1742 (code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier
for ...)
+	TODO: check
+CVE-2009-1741 (Multiple SQL injection vulnerabilities in login.php in DM
FileManager ...)
+	TODO: check
+CVE-2009-1740 (Multiple heap-based buffer overflows in the D-Link MPEG4 Viewer
...)
+	TODO: check
+CVE-2009-1739 (PAD Site Scripts 3.6 allows remote attackers to bypass
authentication ...)
+	TODO: check
+CVE-2009-1738 (Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x
before ...)
+	TODO: check
+CVE-2009-1737 (Directory traversal vulnerability in bom.php in MyPic 2.1 allows
...)
+	TODO: check
+CVE-2009-1736 (SQL injection vulnerability in the GridSupport (GS) Ticket
System ...)
+	TODO: check
+CVE-2009-1735 (Cross-site scripting (XSS) vulnerability in search.php in
VidSharePro ...)
+	TODO: check
+CVE-2009-1734 (SQL injection vulnerability in listing_video.php in VidSharePro
allows ...)
+	TODO: check
+CVE-2009-1733 (Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a
allows ...)
+	TODO: check
+CVE-2009-1732 (Cross-site scripting (XSS) vulnerability in admin/usermanager in
IPlan ...)
+	TODO: check
+CVE-2009-1731 (SQL injection vulnerability in panel/index.php in MLFFAT 2.1
allows ...)
+	TODO: check
+CVE-2009-1730 (Multiple directory traversal vulnerabilities in NetMechanica
...)
+	TODO: check
+CVE-2009-1729 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java
System ...)
+	TODO: check
+CVE-2009-1728
+	RESERVED
+CVE-2009-1727
+	RESERVED
+CVE-2009-1726
+	RESERVED
+CVE-2009-1725
+	RESERVED
+CVE-2009-1724
+	RESERVED
+CVE-2009-1723
+	RESERVED
+CVE-2009-1722
+	RESERVED
+CVE-2009-1721
+	RESERVED
+CVE-2009-1720
+	RESERVED
+CVE-2009-1719
+	RESERVED
+CVE-2009-1718
+	RESERVED
+CVE-2009-1717
+	RESERVED
+CVE-2009-1716
+	RESERVED
+CVE-2009-1715
+	RESERVED
+CVE-2009-1714
+	RESERVED
+CVE-2009-1713
+	RESERVED
+CVE-2009-1712
+	RESERVED
+CVE-2009-1711
+	RESERVED
+CVE-2009-1710
+	RESERVED
+CVE-2009-1709
+	RESERVED
+CVE-2009-1708
+	RESERVED
+CVE-2009-1707
+	RESERVED
+CVE-2009-1706
+	RESERVED
+CVE-2009-1705
+	RESERVED
+CVE-2009-1704
+	RESERVED
+CVE-2009-1703
+	RESERVED
+CVE-2009-1702
+	RESERVED
+CVE-2009-1701
+	RESERVED
+CVE-2009-1700
+	RESERVED
+CVE-2009-1699
+	RESERVED
+CVE-2009-1698
+	RESERVED
+CVE-2009-1697
+	RESERVED
+CVE-2009-1696
+	RESERVED
+CVE-2009-1695
+	RESERVED
+CVE-2009-1694
+	RESERVED
+CVE-2009-1693
+	RESERVED
+CVE-2009-1692
+	RESERVED
+CVE-2009-1691
+	RESERVED
+CVE-2009-1690
+	RESERVED
+CVE-2009-1689
+	RESERVED
+CVE-2009-1688
+	RESERVED
+CVE-2009-1687
+	RESERVED
+CVE-2009-1686
+	RESERVED
+CVE-2009-1685
+	RESERVED
+CVE-2009-1684
+	RESERVED
+CVE-2009-1683
+	RESERVED
+CVE-2009-1682
+	RESERVED
+CVE-2009-1681
+	RESERVED
+CVE-2009-1680
+	RESERVED
+CVE-2009-1679
+	RESERVED
+CVE-2008-6813 (SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL
...)
+	TODO: check
+CVE-2008-6812 (SQL injection vulnerability in bukutamu.php in phpWebNews 0.2
allows ...)
+	TODO: check
+CVE-2009-1756 (SLiM Simple Login Manager 1.3.0 includes places the X authority
magic ...)
 	- slim <unfixed> (low; bug #529306)
-CVE-2009-1755 [off-by-one in nsd]
+CVE-2009-1755 (Off-by-one error in the packet_read_query_section function in
packet.c ...)
 	{DSA-1803-1}
 	- nsd3 <unfixed> (medium; bug #529418)
 	- nsd 2.3.7-3 (medium; bug #529420)
 	NOTE: VU#710316
-CVE-2009-1753 [unsafe temp file in coccinelle]
+CVE-2009-1753 (Coccinelle 0.1.7 allows local users to overwrite arbitrary files
via a ...)
 	- coccinelle 0.1.7.deb-3 (low)
 	[lenny] - coccinelle <no-dsa> (Minor issue)
 	[etch] - coccinelle <no-dsa> (Minor issue)
@@ -226,10 +390,10 @@
 CVE-2009-XXXX [More file buffer overflows]
 	- file 5.03-1
 	TODO: Check, whether code was introduced in 5.x as well like the other issues
-CVE-2009-1594
-	RESERVED
-CVE-2009-1593
-	RESERVED
+CVE-2009-1594 (Armorlogic Profense Web Application Firewall before 2.2.22, and
2.4.x ...)
+	TODO: check
+CVE-2009-1593 (Armorlogic Profense Web Application Firewall before 2.2.22, and
2.4.x ...)
+	TODO: check
 CVE-2009-1592 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24
allows ...)
 	NOT-FOR-US: ElectraSoft 32bit FTP
 CVE-2009-1591 (CRLF injection vulnerability in CGI RESCUE Web Mailer before
1.04 ...)
@@ -844,10 +1008,12 @@
 	TODO: File bug
 CVE-2009-1376 [new pidgin issues]
 	RESERVED
+	{DSA-1805-1}
 	- pidgin 2.5.6-1
 	- gaim <removed>
 CVE-2009-1375 [new pidgin issues]
 	RESERVED
+	{DSA-1805-1}
 	- pidgin 2.5.6-1
 	- gaim <removed>
 CVE-2009-1374 [new pidgin issues]
@@ -857,6 +1023,7 @@
 	- gaim <not-affected> (QQ support not yet present)
 CVE-2009-1373 [new pidgin issues]
 	RESERVED
+	{DSA-1805-1}
 	- pidgin 2.5.6-1
 	- gaim <removed>
 CVE-2009-1365 (Unspecified vulnerability in Adobe Flash Media Server (FMS)
before ...)
@@ -1880,8 +2047,8 @@
 	RESERVED
 CVE-2009-1162
 	RESERVED
-CVE-2009-1161
-	RESERVED
+CVE-2009-1161 (Directory traversal vulnerability in the TFTP service in Cisco
...)
+	TODO: check
 CVE-2009-1160 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX
Security ...)
 	NOT-FOR-US: Cisco Adaptive Security Appliances
 CVE-2009-1159 (Unspecified vulnerability on Cisco Adaptive Security Appliances
(ASA) ...)
@@ -2543,7 +2710,7 @@
 CVE-2009-0946 (Multiple integer overflows in FreeType 2.3.9 and earlier allow
remote ...)
 	{DSA-1784-1}
 	- freetype 2.3.9-4.1 (medium; bug #524925)
-CVE-2009-0945 (WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on
Apple Mac ...)
+CVE-2009-0945 (Array index error in the insertItemBefore method in WebKit, as
used in ...)
 	TODO: check
 CVE-2009-0944 (The Microsoft Office Spotlight Importer in Spotlight in Apple
Mac OS X ...)
 	TODO: check
@@ -2686,8 +2853,8 @@
 	RESERVED
 CVE-2009-0898
 	RESERVED
-CVE-2009-0897
-	RESERVED
+CVE-2009-0897 (IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and
6.1.1 ...)
+	TODO: check
 CVE-2009-0896
 	RESERVED
 CVE-2009-0895
@@ -3112,7 +3279,7 @@
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.28)
 	- linux-2.6.24 <not-affected> (vulnerabile code introduced in 2.6.28)
 CVE-2009-0786
-	RESERVED
+	REJECTED
 CVE-2009-0785
 	RESERVED
 CVE-2009-0784 (Race condition in the SystemTap stap tool 0.0.20080705 and ...)
@@ -13510,7 +13677,7 @@
 	[etch] - poppler <not-affected> (Vulnerable code not present)
 	- xpdf <not-affected> (Page.cc is not allocating the widget and
therefore not vulnerable in the destructor, attrs initialized)
 CVE-2008-2927 (Multiple integer overflows in the msn_slplink_process_msg
functions in ...)
-	{DSA-1610-1}
+	{DSA-1805-1 DSA-1610-1}
 	- pidgin 2.4.3-1
 	- gaim 1:2.0.0+fake.1
 	NOTE: gaim is now a transitional package depending on pidgin with its own
source package
@@ -16655,7 +16822,7 @@
 	RESERVED
 CVE-2008-1518 (Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus
6.0 and ...)
 	NOT-FOR-US: Kaspersky Anti-Virus
-CVE-2008-1517 (The kernel in Apple Mac OS X 10.5 before 10.5.7 does not
properly ...)
+CVE-2008-1517 (Array index error in the xnu (Mach) kernel in Apple Mac OS X
10.5 ...)
 	TODO: check
 CVE-2008-1516
 	RESERVED
Secure testing commits - May 2009 - r11958 - data/CVE

[Secure-testing-commits] r11958 - data/CVE
