Author: joeyh
Date: 2009-06-08 21:14:14 +0000 (Mon, 08 Jun 2009)
New Revision: 12081
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-06-08 21:08:52 UTC (rev 12080)
+++ data/CVE/list 2009-06-08 21:14:14 UTC (rev 12081)
@@ -1,3 +1,57 @@
+CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux
kernel ...)
+ TODO: check
+CVE-2009-1959 (Off-by-one error in the event_wallops function in ...)
+ TODO: check
+CVE-2009-1956 (Off-by-one error in the apr_brigade_vprintf function in Apache
...)
+ TODO: check
+CVE-2009-1955 (The expat XML parser in the apr_xml_* interface in xml/apr_xml.c
in ...)
+ TODO: check
+CVE-2009-1954 (Unspecified vulnerability in portmapper (aka portmap) in IBM AIX
5.3 ...)
+ TODO: check
+CVE-2009-1953 (IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM
...)
+ TODO: check
+CVE-2009-1952 (Multiple SQL injection vulnerabilities in the administrative
login ...)
+ TODO: check
+CVE-2009-1951 (Cross-site scripting (XSS) vulnerability in index.php in
PropertyMax ...)
+ TODO: check
+CVE-2009-1950 (SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3
...)
+ TODO: check
+CVE-2009-1949 (import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows
remote ...)
+ TODO: check
+CVE-2009-1948 (Multiple directory traversal vulnerabilities in forum.php in
...)
+ TODO: check
+CVE-2009-1947 (SQL injection vulnerability in the UnbDbEncode function in ...)
+ TODO: check
+CVE-2009-1946 (PHP remote file inclusion vulnerability in latestposts.php in
AdaptBB ...)
+ TODO: check
+CVE-2009-1945 (SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04
...)
+ TODO: check
+CVE-2009-1944 (Stack-based buffer overflow in AIMP 2.51 build 330 allows remote
...)
+ TODO: check
+CVE-2009-1943 (Stack-based buffer overflow in the IKE service (ireIke.exe) in
SafeNet ...)
+ TODO: check
+CVE-2009-1942 (Cross-site scripting (XSS) vulnerability in the Quiz module 5.x,
...)
+ TODO: check
+CVE-2009-1941 (PAD Site Scripts 3.6 stores sensitive information under the web
...)
+ TODO: check
+CVE-2009-1940 (Cross-site scripting (XSS) vulnerability in the administrator
panel in ...)
+ TODO: check
+CVE-2009-1939 (Cross-site scripting (XSS) vulnerability in the JA_Purity
template for ...)
+ TODO: check
+CVE-2009-1938 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x
through ...)
+ TODO: check
+CVE-2009-1937 (Cross-site scripting (XSS) vulnerability in the comment posting
...)
+ TODO: check
+CVE-2009-1936 (_functions.php in cpCommerce 1.2.x, possibly including 1.2.9,
sends a ...)
+ TODO: check
+CVE-2009-1935
+ RESERVED
+CVE-2009-1934 (Cross-site scripting (XSS) vulnerability in the Reverse Proxy
Plug-in ...)
+ TODO: check
+CVE-2009-1933 (Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before
snv_117, ...)
+ TODO: check
+CVE-2008-6825 (Directory traversal vulnerability in user/index.php in Fonality
...)
+ TODO: check
CVE-2009-XXXX [pgp4pine off-by-one]
- pgp4pine <unfixed> (bug #457947)
[etch] - pgp4pine <no-dsa> (Contrib not supported)
@@ -84,7 +138,7 @@
NOT-FOR-US: IBM DB2
CVE-2008-6820 (The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and
9.5 ...)
NOT-FOR-US: IBM DB2
-CVE-2009-1960 [dokuwiki local file inclusion]
+CVE-2009-1960 (inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and
rc2009-01-30, ...)
- dokuwiki <unfixed> (unimportant)
NOTE: we don''t support setups with register_globals enabled
CVE-2009-1897
@@ -220,11 +274,11 @@
NOT-FOR-US: Historic issues in proprietary Java
CVE-2003-1572 (Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows
unsigned ...)
NOT-FOR-US: Historic issues in proprietary Java
-CVE-2009-1957 [strongSwan Two Denial of Service Vulnerabilities]
+CVE-2009-1957 (charon/sa/ike_sa.c in the charon daemon in strongSWAN before
4.3.1 ...)
- strongswan <unfixed> (medium; bug #531612)
[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2
was introduced in 4.3)
TODO: Check not-affected status after split of temporary entry
-CVE-2009-1958 [strongSwan Two Denial of Service Vulnerabilities]
+CVE-2009-1958 (charon/sa/tasks/child_create.c in the charon daemon in
strongSWAN ...)
- strongswan <unfixed> (medium; bug #531612)
[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2
was introduced in 4.3)
TODO: Check not-affected status after split of temporary entry
@@ -484,8 +538,8 @@
RESERVED
CVE-2009-1718
RESERVED
-CVE-2009-1717
- RESERVED
+CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before
10.5.7 ...)
+ TODO: check
CVE-2009-1716
RESERVED
CVE-2009-1715
@@ -1319,8 +1373,8 @@
RESERVED
CVE-2009-1420
RESERVED
-CVE-2009-1419
- RESERVED
+CVE-2009-1419 (Unspecified vulnerability in HP Discovery & Dependency
Mapping ...)
+ TODO: check
CVE-2009-1418 (Cross-site scripting (XSS) vulnerability in HP System Management
...)
NOT-FOR-US: HP System Management Homepage
CVE-2009-1417 (gnutls-cli in GnuTLS before 2.6.6 does not verify the activation
and ...)
@@ -2315,7 +2369,7 @@
- pango1.0 1.24.0-2 (medium; bug #527474)
CVE-2009-1193
RESERVED
-CVE-2009-1192 (drivers/char/agp/generic.c in the agp subsystem in the Linux
kernel ...)
+CVE-2009-1192 (The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages
...)
{DSA-1800-1 DSA-1794-1 DSA-1787-1}
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
@@ -2458,8 +2512,8 @@
RESERVED
CVE-2009-1163
RESERVED
-CVE-2009-1162
- RESERVED
+CVE-2009-1162 (Cross-site scripting (XSS) vulnerability in the Spam Quarantine
login ...)
+ TODO: check
CVE-2009-1161 (Directory traversal vulnerability in the TFTP service in Cisco
...)
NOT-FOR-US: CiscoWorks
CVE-2009-1160 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX
Security ...)
@@ -2739,7 +2793,7 @@
{DSA-1769-1}
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1962 [unspecified xfig temp issue]
+CVE-2009-1962 (Xfig in Debian GNU/Linux, possibly 3.2.5, allows local users to
read ...)
- xfig 1:3.2.5.a-1
[etch] - xfig <no-dsa> (Minor issue)
[lenny] - xfig <no-dsa> (Minor issue)
@@ -3707,8 +3761,7 @@
{DSA-1755-1}
- systemtap 0.0.20090314-2
[etch] - systemtap <not-affected> (vulnerable code not present)
-CVE-2009-0783 [Apache Tomcat Information disclosure]
- RESERVED
+CVE-2009-0783 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and
6.0.0 ...)
- tomcat5.5 <unfixed> (low; bug #532366)
- tomcat6 6.0.20-1 (low; bug #532362)
- tomcat5 <removed> (low; bug #532363)
@@ -4765,8 +4818,7 @@
CVE-2009-0581 (Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2,
as ...)
{DSA-1769-1 DSA-1745-1}
- lcms 1.18.dfsg-1 (bug #522446)
-CVE-2009-0580 [Apache Tomcat Information disclosure]
- RESERVED
+CVE-2009-0580 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and
6.0.0 ...)
- tomcat6 6.0.20-1 (low; bug #532362)
- tomcat5 <removed> (low; bug #532363)
- tomcat5.5 <unfixed> (low; bug #532366)
@@ -7292,8 +7344,7 @@
CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly
interpret ...)
- sudo 1.6.9p17-2 (medium)
[etch] - sudo <not-affected> (Vulnerable code not present)
-CVE-2009-0033 [Apache Tomcat denial of service]
- RESERVED
+CVE-2009-0033 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and
6.0.0 ...)
- tomcat6 6.0.20-1 (medium; bug #532362)
- tomcat5 <removed> (medium; bug #532363)
- tomcat5.5 <unfixed> (medium; bug #532366)
@@ -7330,8 +7381,7 @@
- linux-2.6 2.6.24-4
[etch] - linux-2.6 <not-affected> (Introduced in 2.6.23)
NOTE: Fixed in 2.6.24 before initial upload
-CVE-2009-0023 [apr-util DoS]
- RESERVED
+CVE-2009-0023 (The apr_strmatch_precompile function in strmatch/apr_strmatch.c
in ...)
{DSA-1812-1}
- apr-util 1.3.7+dfsg-1
CVE-2009-0022 (Samba 3.2.0 through 3.2.6, when registry shares are enabled,
allows ...)