Author: nion
Date: 2009-06-09 13:20:22 +0000 (Tue, 09 Jun 2009)
New Revision: 12084
Modified:
data/CVE/list
Log:
- NFUs
- new irssi issue (CVE-2009-1959), more or less not an issue
- CVE-2009-19{55,56} fixed in apr-util 1.3.7+dfsg-1
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-06-08 22:39:05 UTC (rev 12083)
+++ data/CVE/list 2009-06-09 13:20:22 UTC (rev 12084)
@@ -1,55 +1,57 @@
CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux
kernel ...)
TODO: check
CVE-2009-1959 (Off-by-one error in the event_wallops function in ...)
- TODO: check
+ - irssi <unfixed> (low)
+ TODO: report bug
+ NOTE: exploitability limited, DoS rather obscure attack scenario
CVE-2009-1956 (Off-by-one error in the apr_brigade_vprintf function in Apache
...)
- TODO: check
+ - apr-util 1.3.7+dfsg-1 (low)
CVE-2009-1955 (The expat XML parser in the apr_xml_* interface in xml/apr_xml.c
in ...)
- TODO: check
+ - apr-util 1.3.7+dfsg-1 (medium)
CVE-2009-1954 (Unspecified vulnerability in portmapper (aka portmap) in IBM AIX
5.3 ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2009-1953 (IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM
...)
- TODO: check
+ NOT-FOR-US: IBM FileNet Content Manager
CVE-2009-1952 (Multiple SQL injection vulnerabilities in the administrative
login ...)
- TODO: check
+ NOT-FOR-US: PropertyMax
CVE-2009-1951 (Cross-site scripting (XSS) vulnerability in index.php in
PropertyMax ...)
- TODO: check
+ NOT-FOR-US: PropertyMax
CVE-2009-1950 (SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3
...)
- TODO: check
+ NOT-FOR-US: WebEyes Guest Book
CVE-2009-1949 (import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Unclassified NewsBoard
CVE-2009-1948 (Multiple directory traversal vulnerabilities in forum.php in
...)
- TODO: check
+ NOT-FOR-US: Unclassified NewsBoard
CVE-2009-1947 (SQL injection vulnerability in the UnbDbEncode function in ...)
- TODO: check
+ NOT-FOR-US: Unclassified NewsBoard
CVE-2009-1946 (PHP remote file inclusion vulnerability in latestposts.php in
AdaptBB ...)
- TODO: check
+ NOT-FOR-US: AdaptBB
CVE-2009-1945 (SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04
...)
- TODO: check
+ NOT-FOR-US: cWebCal
CVE-2009-1944 (Stack-based buffer overflow in AIMP 2.51 build 330 allows remote
...)
- TODO: check
+ NOT-FOR-US: AIMP
CVE-2009-1943 (Stack-based buffer overflow in the IKE service (ireIke.exe) in
SafeNet ...)
- TODO: check
+ NOT-FOR-US: SafeNet SoftRemote
CVE-2009-1942 (Cross-site scripting (XSS) vulnerability in the Quiz module 5.x,
...)
- TODO: check
+ NOT-FOR-US: Quiz module for Drupal
CVE-2009-1941 (PAD Site Scripts 3.6 stores sensitive information under the web
...)
- TODO: check
+ NOT-FOR-US: PAD Site Scripts
CVE-2009-1940 (Cross-site scripting (XSS) vulnerability in the administrator
panel in ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2009-1939 (Cross-site scripting (XSS) vulnerability in the JA_Purity
template for ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2009-1938 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x
through ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2009-1937 (Cross-site scripting (XSS) vulnerability in the comment posting
...)
- TODO: check
+ NOT-FOR-US: LightNEasy
CVE-2009-1936 (_functions.php in cpCommerce 1.2.x, possibly including 1.2.9,
sends a ...)
- TODO: check
+ NOT-FOR-US: cpCommerce
CVE-2009-1935
RESERVED
CVE-2009-1934 (Cross-site scripting (XSS) vulnerability in the Reverse Proxy
Plug-in ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Web Server
CVE-2009-1933 (Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before
snv_117, ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2008-6825 (Directory traversal vulnerability in user/index.php in Fonality
...)
TODO: check
CVE-2009-XXXX [pgp4pine off-by-one]
@@ -539,7 +541,7 @@
CVE-2009-1718
RESERVED
CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before
10.5.7 ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2009-1716
RESERVED
CVE-2009-1715