thr3ads.net - Secure testing commits - [Secure-testing-commits] r12300

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Jul-06 21:14 UTC
[Secure-testing-commits] r12300 - data/CVE

Author: joeyh
Date: 2009-07-06 21:14:29 +0000 (Mon, 06 Jul 2009)
New Revision: 12300

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-07-06 21:01:40 UTC (rev 12299)
+++ data/CVE/list	2009-07-06 21:14:29 UTC (rev 12300)
@@ -1,3 +1,53 @@
+CVE-2009-2336
+	RESERVED
+CVE-2009-2335
+	RESERVED
+CVE-2009-2334
+	RESERVED
+CVE-2009-2333 (Multiple directory traversal vulnerabilities in CMS Chainuk 1.2
and ...)
+	TODO: check
+CVE-2009-2332 (CMS Chainuk 1.2 and earlier allows remote attackers to obtain
...)
+	TODO: check
+CVE-2009-2331 (Multiple static code injection vulnerabilities in CMS Chainuk
1.2 and ...)
+	TODO: check
+CVE-2009-2330 (Cross-site scripting (XSS) vulnerability in admin/admin_menu.php
in ...)
+	TODO: check
+CVE-2009-2329 (KerviNet Forum 1.1 and earlier allows remote attackers to obtain
...)
+	TODO: check
+CVE-2009-2328 (admin/edit_user.php in KerviNet Forum 1.1 and earlier does not
require ...)
+	TODO: check
+CVE-2009-2327 (Cross-site scripting (XSS) vulnerability in add_voting.php in
KerviNet ...)
+	TODO: check
+CVE-2009-2326 (Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and
...)
+	TODO: check
+CVE-2009-2325 (Directory traversal vulnerability in index.php in Clicknet CMS
2.1 ...)
+	TODO: check
+CVE-2009-2324 (Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor
...)
+	TODO: check
+CVE-2009-2323 (The web interface on the Axesstel MV 410R redirects users back
to the ...)
+	TODO: check
+CVE-2009-2322 (Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi
on the ...)
+	TODO: check
+CVE-2009-2321 (cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote
attackers to ...)
+	TODO: check
+CVE-2009-2320 (The web interface on the Axesstel MV 410R relies on client-side
...)
+	TODO: check
+CVE-2009-2319 (The default configuration of the Wi-Fi component on the Axesstel
MV ...)
+	TODO: check
+CVE-2009-2318 (The Axesstel MV 410R allows remote attackers to cause a denial
of ...)
+	TODO: check
+CVE-2009-2317 (The Axesstel MV 410R has a certain default administrator
password, and ...)
+	TODO: check
+CVE-2009-2316 (Multiple cross-site scripting (XSS) vulnerabilities in IBM
Tivoli ...)
+	TODO: check
+CVE-2009-2315 (Unspecified vulnerability in Apple iPhone OS allows remote
attackers ...)
+	TODO: check
+CVE-2009-2314 (Race condition in the Sun Lightweight Availability Collection
Tool 3.0 ...)
+	TODO: check
+CVE-2007-6728 (Cross-site scripting (XSS) vulnerability in XMB 1.5 allows
remote ...)
+	TODO: check
+CVE-2007-6727 (SQL injection vulnerability in topic.php in KerviNet Forum 1.1
allows ...)
+	TODO: check
 CVE-2009-XXXX [rails: password bypass]
 	- rails <not-affected> (high; bug #535896)
 	TODO: check after 2.3.x upload
@@ -8,7 +58,6 @@
 	- php4 <unfixed> (low; bug #535897)
 	TODO: check 5.3.0-1, fix may already be applied
 CVE-2009-XXXX [apache2: htaccess override]
-	{DSA-1816-1}
 	- apache2 2.2.9-1 (low; bug #535886)
 CVE-2009-XXXX [openvpn: possible symlink attack via client-connect script]
 	- openvpn <unfixed> (low; bug #534908)
@@ -63,11 +112,9 @@
 	NOT-FOR-US: kernel in Sun Solaris
 CVE-2009-2296 (The NFSv4 server kernel module in Sun Solaris 10, and
OpenSolaris ...)
 	NOT-FOR-US: kernel module in Sun Solaris
-CVE-2009-2295 [camlimages: several integer overflows]
-	RESERVED
+CVE-2009-2295 (Multiple integer overflows in CamlImages 2.2 and earlier might
allow ...)
 	- camlimages 1:3.0.1-2 (medium; bug #535909)
-CVE-2009-2294 [dillo: integer overflow]
-	RESERVED
+CVE-2009-2294 (Integer overflow in the Png_datainfo_callback function in Dillo
2.1 ...)
 	- dillo 2.2.1 (medium; bug #535788)
 CVE-2009-2293 (Optimum Web Design Tutorial Share 3.5.0 and earlier allows
remote ...)
 	NOT-FOR-US: Optimum Web Design Tutorial Share
@@ -162,8 +209,8 @@
 	RESERVED
 	- mapserver <unfixed> (medium; bug #535340)
 	NOTE: http://www.openwall.com/lists/oss-security/2009/06/22/2
-CVE-2009-2265
-	RESERVED
+CVE-2009-2265 (Multiple directory traversal vulnerabilities in FCKeditor before
...)
+	TODO: check
 CVE-2009-2264
 	RESERVED
 CVE-2009-2263 (Directory traversal vulnerability in index.php in Awesome PHP
Mega ...)
@@ -1060,8 +1107,7 @@
 CVE-2009-1891 [apache2 mod_deflate DoS]
 	RESERVED
 	- apache2 <unfixed> (medium; bug #534712)
-CVE-2009-1890 [apache2 mod_proxy DoS]
-	RESERVED
+CVE-2009-1890 (The stream_reqbody_cl function in mod_proxy_http.c in the
mod_proxy ...)
 	- apache2 <unfixed>
 CVE-2009-1889 (The OSCAR protocol implementation in Pidgin before 2.5.8
misinterprets ...)
 	- pidgin 2.5.8-1 (low; bug #535790)
@@ -1462,6 +1508,7 @@
 	- ipplan <unfixed> (unimportant; bug #530271)
 	NOTE: Only exploitable with admin rights
 CVE-2009-1732 (Cross-site scripting (XSS) vulnerability in admin/usermanager in
...)
+	{DSA-1827-1}
 	- ipplan 4.91a-1.1 (low; bug #530271)
 CVE-2009-1731 (SQL injection vulnerability in panel/index.php in MLFFAT 2.1
allows ...)
 	NOT-FOR-US: MLFFAT
@@ -1690,8 +1737,8 @@
 	NOT-FOR-US: Shutter
 CVE-2009-1649 (Directory traversal vulnerability in arch.php in beLive 0.2.3
allows ...)
 	NOT-FOR-US: beLive
-CVE-2009-1648
-	RESERVED
+CVE-2009-1648 (The YaST2 LDAP module in yast2-ldap-server on SUSE Linux
Enterprise ...)
+	TODO: check
 CVE-2009-1647 (Heap-based buffer overflow in popcorn.exe in Ultrafunk Popcorn
1.87 ...)
 	NOT-FOR-US: Ultrafunk Popcorn
 CVE-2009-1646 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9
...)
@@ -2370,7 +2417,7 @@
 	RESERVED
 CVE-2009-1422
 	RESERVED
-CVE-2009-1421 (Unspecified vulnerability in NFS / ONCplus on HP HP-UX B.11.31
allows ...)
+CVE-2009-1421 (Unspecified vulnerability in NFS / ONCplus B.11.31_06 and
B.11.31_07 ...)
 	NOT-FOR-US: ONCplus on HP HP-UX
 CVE-2009-1420 (Unspecified vulnerability in HP OpenView Network Node Manager
(OV NNM) ...)
 	NOT-FOR-US: HP OpenView Network Node Manager
@@ -2449,8 +2496,7 @@
 	- linux-2.6 2.6.26-16 (high; bug #532376)
 	- linux-2.6.24 <removed>
 	NOTE: potential for kernel memory corruption by remote attacker
-CVE-2009-1388 [linux-2.6: deadlock between ptrace and coredump]
-	RESERVED
+CVE-2009-1388 (The ptrace_start function in kernel/ptrace.c in the Linux kernel
...)
 	- linux-2.6 <not-affected> (problem in redhat-specific kernel patches)
 	- linux-2.6.24 <removed>
 	NOTE: i can''t find the ptrace_start() code in any of the debian
kernels,
@@ -4357,8 +4403,8 @@
 	RESERVED
 CVE-2009-0905
 	RESERVED
-CVE-2009-0904
-	RESERVED
+CVE-2009-0904 (The IBM Stax XMLStreamWriter in the Web Services component in
IBM ...)
+	TODO: check
 CVE-2009-0903 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and
the ...)
 	NOT-FOR-US: WebSphere
 CVE-2009-0902
Secure testing commits - Jul 2009 - r12300 - data/CVE

[Secure-testing-commits] r12300 - data/CVE
