Secure testing commits - Jul 2009 - r12342 - data/CVE

Author: joeyh
Date: 2009-07-14 21:14:22 +0000 (Tue, 14 Jul 2009)
New Revision: 12342

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-07-14 19:41:43 UTC (rev 12341)
+++ data/CVE/list	2009-07-14 21:14:22 UTC (rev 12342)
@@ -1,3 +1,61 @@
+CVE-2009-2450 (The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu
Online ...)
+	TODO: check
+CVE-2009-2449 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2009-2448 (Cross-site scripting (XSS) vulnerability in ogp_show.php in
Online ...)
+	TODO: check
+CVE-2009-2447 (Multiple cross-site scripting (XSS) vulnerabilities in
ogp_show.php in ...)
+	TODO: check
+CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command
...)
+	TODO: check
+CVE-2009-2445 (Sun Java System Web Server (aka Sun ONE Web Server) 6.1, 6.1
SP10, 6.1 ...)
+	TODO: check
+CVE-2009-2444 (Directory traversal vulnerability in
maillinglist/setup/step1.php.inc ...)
+	TODO: check
+CVE-2009-2443 (Siteframe 3.2.3, and other 3.2.x versions, allows remote
attackers to ...)
+	TODO: check
+CVE-2009-2442 (Cross-site scripting (XSS) vulnerability in public/index.php in
...)
+	TODO: check
+CVE-2009-2441 (Cross-site scripting (XSS) vulnerability in ogp_show.php in
Online ...)
+	TODO: check
+CVE-2009-2440 (Cross-site scripting (XSS) vulnerability in index.php in JNM
Guestbook ...)
+	TODO: check
+CVE-2009-2439 (Multiple SQL injection vulnerabilities in Web Development House
...)
+	TODO: check
+CVE-2009-2438 (Cross-site scripting (XSS) vulnerability in index.php in the
search ...)
+	TODO: check
+CVE-2009-2437 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2009-2436 (SQL injection vulnerability in page.php in Online Dating
Software ...)
+	TODO: check
+CVE-2009-2435 (The Sametime server in IBM Lotus Instant Messaging and Web ...)
+	TODO: check
+CVE-2009-2434 (Buffer overflow in the syscall implementation in IBM AIX 5.3
allows ...)
+	TODO: check
+CVE-2009-2433 (Stack-based buffer overflow in the AddFavorite method in
Microsoft ...)
+	TODO: check
+CVE-2009-2432 (WordPress and WordPress MU before 2.8.1 allow remote attackers
to ...)
+	TODO: check
+CVE-2009-2431 (WordPress 2.7.1 places the username of a post''s author
in an HTML ...)
+	TODO: check
+CVE-2009-2430 (Unspecified vulnerability in auditconfig in Sun Solaris 8, 9,
10, and ...)
+	TODO: check
+CVE-2009-2429 (SmartFilter Web Gateway Security 4.2.1.00 stores user
credentials in ...)
+	TODO: check
+CVE-2009-2428 (Multiple SQL injection vulnerabilities in Tausch Ticket Script 3
allow ...)
+	TODO: check
+CVE-2009-2427 (SQL injection vulnerability in co-profile.php in Jobbr 2.2.7
allows ...)
+	TODO: check
+CVE-2009-2426 (The connection_edge_process_relay_cell_not_open function in ...)
+	TODO: check
+CVE-2009-2425 (Tor before 0.2.0.35 allows remote attackers to cause a denial of
...)
+	TODO: check
+CVE-2009-2424 (Cross-site scripting (XSS) vulnerability in search.php in Ebay
Clone ...)
+	TODO: check
+CVE-2009-2423 (SQL injection vulnerability in category.php in Ebay Clone 2009
allows ...)
+	TODO: check
+CVE-2009-2422 (The example code for the digest authentication functionality
...)
+	TODO: check
 CVE-2009-XXXX [mysql: post-authentication format string vulnerability]
 	- mysql-dfsg-5.0 <unfixed> (low; bug #536726) 
 	TODO: check lenny/sid; they are likely fixed according to the report, but i
did not check
@@ -73,8 +131,8 @@
 	NOT-FOR-US: Opial
 CVE-2009-2387 (Unspecified vulnerability in the proc filesystem in Sun
OpenSolaris ...)
 	NOT-FOR-US: Sun OpenSolaris
-CVE-2009-2386
-	RESERVED
+CVE-2009-2386 (Insecure method vulnerability in Awingsoft Awakening Winds3D
Viewer ...)
+	TODO: check
 CVE-2009-2369 (Integer overflow in the wxImage::Create function in ...)
 	TODO: check
 CVE-2009-2360 (Cross-site scripting (XSS) vulnerability in passwd/main.php in
the ...)
@@ -179,16 +237,13 @@
 	NOT-FOR-US: phpGreetCards
 CVE-2008-6848 (Cross-site scripting (XSS) vulnerability in index.php in
phpGreetCards ...)
 	NOT-FOR-US: phpGreetCards
-CVE-2009-2336 [wordpress: CORE-2009-0515 multiple issues]
-	RESERVED
+CVE-2009-2336 (The forgotten mail interface in WordPress and WordPress MU
before ...)
 	- wordpress <unfixed> (low; bug #536724)
 	NOTE: fixed in upstream 2.8.1, which is not yet in unstable
-CVE-2009-2335 [wordpress: CORE-2009-0515 multiple issues]
-	RESERVED
+CVE-2009-2335 (WordPress and WordPress MU before 2.8.1 exhibit different
behavior for ...)
 	- wordpress <unfixed> (low; bug #536724)
 	NOTE: fixed in upstream 2.8.1, which is not yet in unstable
-CVE-2009-2334 [wordpress: CORE-2009-0515 multiple issues]
-	RESERVED
+CVE-2009-2334 (wp-admin/admin.php in WordPress and WordPress MU before 2.8.1
does not ...)
 	- wordpress <unfixed> (low; bug #536724)
 	NOTE: fixed in upstream 2.8.1, which is not yet in unstable
 CVE-2009-2333 (Multiple directory traversal vulnerabilities in CMS Chainuk 1.2
and ...)
@@ -1315,11 +1370,11 @@
 	RESERVED
 CVE-2009-1892
 	RESERVED
+	{DSA-1833-1}
 	- dhcp3 <unfixed> (low)
 	[etch] - dhcp3 <not-affected> (problematic assert is not present)
 	[lenny] - dhcp3 3.1.1-6+lenny2 (low)
-CVE-2009-1891 [apache2 mod_deflate DoS]
-	RESERVED
+CVE-2009-1891 (The mod_deflate module in Apache httpd 2.2.11 and earlier
compresses ...)
 	- apache2 2.2.11-7 (medium; bug #534712)
 CVE-2009-1890 (The stream_reqbody_cl function in mod_proxy_http.c in the
mod_proxy ...)
 	- apache2 2.2.11-7 (medium; bug #536718)
@@ -5553,6 +5608,7 @@
 	RESERVED
 CVE-2009-0692
 	RESERVED
+	{DSA-1833-1}
 	- dhcp3 <unfixed> (medium)
 	[etch] - dhcp3 3.0.4-13+etch2 (medium)
 	[lenny] - dhcp3 3.1.1-6+lenny2 (medium)