Author: nion
Date: 2009-07-16 13:36:17 +0000 (Thu, 16 Jul 2009)
New Revision: 12354
Modified:
data/CVE/list
Log:
- new mimetex issues (CVE-2009-2459, CVE-2009-1382)
- new mathtex issues (CVE-2009-2461, CVE-2009-2460, CVE-2009-1383)
- cveified rails (CVE-2009-2422)
- several NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-07-16 09:14:25 UTC (rev 12353)
+++ data/CVE/list 2009-07-16 13:36:17 UTC (rev 12354)
@@ -1,53 +1,55 @@
CVE-2009-2461 (mathtex.cgi in mathTeX, when downloaded before 20090713, does
not ...)
- TODO: check
+ - mathtex <unfixed> (low; bug #537253)
CVE-2009-2460 (Multiple stack-based buffer overflows in mathtex.cgi in mathTeX,
when ...)
- TODO: check
+ - mathtex <unfixed> (medium; bug #537253)
+ NOTE: severity set to medium as this is used in several web applications for
conversions
CVE-2009-2459 (Multiple unspecified vulnerabilities in mimeTeX, when downloaded
...)
- TODO: check
+ - mimetex <unfixed> (medium; bug #537254)
+ NOTE: set impact to medium as this is used in several web applications for
conversions
CVE-2009-2458 (Unspecified vulnerability in Sun Fire V215 Server, when using
XVR-100 ...)
- TODO: check
+ NOT-FOR-US: Sun Fire V215 Server
CVE-2009-2457 (The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows
...)
- TODO: check
+ NOT-FOR-US: Novell eDirectory
CVE-2009-2456 (The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows
...)
- TODO: check
+ NOT-FOR-US: Novell eDirectory
CVE-2009-2455 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: @mail
CVE-2009-2454 (Cross-site scripting (XSS) vulnerability in Citrix Web Interface
4.6, ...)
- TODO: check
+ NOT-FOR-US: vim q
CVE-2009-2453 (Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup
Pack 3 ...)
- TODO: check
+ NOT-FOR-US: Citrix XenApp
CVE-2009-2452 (Multiple unspecified vulnerabilities in Citrix Licensing 11.5
have ...)
- TODO: check
+ NOT-FOR-US: Citrix Licensing
CVE-2009-2451 (Multiple SQL injection vulnerabilities in index.php in
MIM:InfiniX ...)
- TODO: check
+ NOT-FOR-US: MIM:InfiniX
CVE-2008-6867 (SQL injection vulnerability in content.php in Scripts For Sites
(SFS) ...)
- TODO: check
+ NOT-FOR-US: Scripts For Sites
CVE-2008-6866 (SQL injection vulnerability in modules.php in the Current_Issue
module ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2008-6865 (SQL injection vulnerability in modules.php in the Sectionsnew
module ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2008-6864 (Xigla Software Absolute Live Support .NET 5.1 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Xigla Software Absolute Live Support .NET
CVE-2008-6863 (Xigla Software Absolute Form Processor .NET 4.0 allows remote
...)
- TODO: check
+ NOT-FOR-US: Xigla Software
CVE-2008-6862 (Absolute Content Rotator 6.0 allows remote attackers to bypass
...)
- TODO: check
+ NOT-FOR-US: Absolute Content Rotator
CVE-2008-6861 (Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Xigla Software Absolute Newsletter
CVE-2008-6860 (Xigla Software Absolute Poll Manager XE 4.1 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Xigla Software Absolute Poll Manager
CVE-2008-6859 (Xigla Software Absolute Control Panel XE 1.5 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Xigla Software Absolute Control Panel
CVE-2008-6858 (Absolute Banner Manager .NET 4.0 allows remote attackers to
bypass ...)
- TODO: check
+ NOT-FOR-US: Absolute Banner Manager .NET
CVE-2008-6857 (Absolute Podcast .NET 1.0 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Absolute Podcast .NET
CVE-2008-6856 (Xigla Software Absolute News Manager.NET 5.1 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Xigla Software Absolute News Manager.NET
CVE-2008-6855 (Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Xigla Software Absolute News Feed
CVE-2008-6854 (Xigla Software Absolute FAQ Manager.NET 6.0 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Xigla Software Absolute FAQ Manager.NET
CVE-2009-XXXX [iceweasel: 0-day remote shellcode injection]
- iceweasel <unfixed> (high; bug #537104)
CVE-2009-2450 (The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu
Online ...)
@@ -107,6 +109,10 @@
CVE-2009-2423 (SQL injection vulnerability in category.php in Ebay Clone 2009
allows ...)
NOT-FOR-US: Ebay Clone 2009
CVE-2009-2422 (The example code for the digest authentication functionality
...)
+ - rails <not-affected> (high; bug #535896)
+ TODO: check after 2.3.x upload
+ NOTE: vulnerable code not present, introduced in 2.3.x
+ NOTE: to be fixed in upstream version 2.3.3
TODO: check
CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command
...)
- mysql-dfsg-5.0 <unfixed> (low; bug #536726)
@@ -348,11 +354,6 @@
NOT-FOR-US: XMB
CVE-2007-6727 (SQL injection vulnerability in topic.php in KerviNet Forum 1.1
allows ...)
NOT-FOR-US: KerviNet Forum
-CVE-2009-XXXX [rails: password bypass]
- - rails <not-affected> (high; bug #535896)
- TODO: check after 2.3.x upload
- NOTE: vulnerable code not present, introduced in 2.3.x
- NOTE: to be fixed in upstream version 2.3.3
CVE-2009-XXXX [php: segfaults on corrupted jpeg files]
- php5 5.2.10.dfsg.1-2 (low; bug #535888)
- php4 <unfixed> (low; bug #535897)
@@ -1160,59 +1161,59 @@
CVE-2009-1990
RESERVED
CVE-2009-1989 (Unspecified vulnerability in the PeopleSoft Enterprise FMS
component ...)
- TODO: check
+ NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1988 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS
eProfile ...)
- TODO: check
+ NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1987 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools - ...)
- TODO: check
+ NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1986 (Unspecified vulnerability in the Oracle Applications Manager
component ...)
- TODO: check
+ NOT-FOR-US: Oracle Applications Manager
CVE-2009-1985
RESERVED
CVE-2009-1984 (Unspecified vulnerability in the Application Install component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business Suite
CVE-2009-1983 (Unspecified vulnerability in the Oracle iStore component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business Suite
CVE-2009-1982 (Unspecified vulnerability in the Oracle Applications Framework
...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business Suite
CVE-2009-1981 (Unspecified vulnerability in the Highly Interactive Client
component ...)
- TODO: check
+ NOT-FOR-US: Siebel Product Suite
CVE-2009-1980 (Unspecified vulnerability in the Oracle Application Object
Library ...)
- TODO: check
+ NOT-FOR-US: Oracle E-Business Suite
CVE-2009-1979
RESERVED
CVE-2009-1978 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle Secure Backup
CVE-2009-1977 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle Secure Backup
CVE-2009-1976 (Unspecified vulnerability in the HTTP Server component in Oracle
...)
- TODO: check
+ NOT-FOR-US: Oracle Application Server
CVE-2009-1975 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
- TODO: check
+ NOT-FOR-US: BEA WebLogic Server
CVE-2009-1974 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
- TODO: check
+ NOT-FOR-US: BEA WebLogic
CVE-2009-1973 (Unspecified vulnerability in the Virtual Private Database
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2009-1972
RESERVED
CVE-2009-1971
RESERVED
CVE-2009-1970 (Unspecified vulnerability in the Listener component in Oracle
Database ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2009-1969 (Unspecified vulnerability in the Auditing component in Oracle
Database ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2009-1968 (Unspecified vulnerability in the Secure Enterprise Search
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2009-1967 (Unspecified vulnerability in the Config Management component in
(1) ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2009-1966 (Unspecified vulnerability in the Config Management component in
(1) ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2009-1965
RESERVED
CVE-2009-1964
RESERVED
CVE-2009-1963 (Unspecified vulnerability in the Network Foundation component in
...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2008-6832 (Cross-site request forgery (CSRF) vulnerability in Atlassian
JIRA ...)
NOT-FOR-US: Atlassian JIRA Enterprise Edition
CVE-2008-6831 (Multiple cross-site scripting (XSS) vulnerabilities in Atlassian
JIRA ...)
@@ -2733,13 +2734,13 @@
CVE-2009-1426
RESERVED
CVE-2009-1425 (Unspecified vulnerability in HP ProCurve Threat Management
Services zl ...)
- TODO: check
+ NOT-FOR-US: HP ProCurve
CVE-2009-1424 (Unspecified vulnerability in HP ProCurve Threat Management
Services zl ...)
- TODO: check
+ NOT-FOR-US: HP ProCurve
CVE-2009-1423 (Unspecified vulnerability in HP ProCurve Threat Management
Services zl ...)
- TODO: check
+ NOT-FOR-US: HP ProCurve
CVE-2009-1422 (Unspecified vulnerability in HP ProCurve Threat Management
Services zl ...)
- TODO: check
+ NOT-FOR-US: HP ProCurve
CVE-2009-1421 (Unspecified vulnerability in NFS / ONCplus B.11.31_06 and
B.11.31_07 ...)
NOT-FOR-US: ONCplus on HP HP-UX
CVE-2009-1420 (Stack-based buffer overflow in rping in HP OpenView Network Node
...)
@@ -2837,9 +2838,9 @@
CVE-2009-1384 (pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise
Linux ...)
NOT-FOR-US: Different code base than Debian''s libpam-krb5
CVE-2009-1383 (The getdirective function in mathtex.cgi in mathTeX, when
downloaded ...)
- TODO: check
+ - mathtex <unfixed> (medium; bug #537258)
CVE-2009-1382 (Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX,
when ...)
- TODO: check
+ - mimetex <unfixed> (medium; bug #537254)
CVE-2009-1381 (The map_yp_alias function in functions/imap_general.php in ...)
{DSA-1802-2}
- squirrelmail 2:1.4.19-1
@@ -4411,11 +4412,11 @@
CVE-2009-1022 (Heap-based buffer overflow in the Preview/ Set Segment function
in ...)
NOT-FOR-US: Gretech GOMlab GOM Encoder
CVE-2009-1021 (Unspecified vulnerability in the Advanced Replication component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2009-1020 (Unspecified vulnerability in the Network Foundation component in
...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2009-1019 (Unspecified vulnerability in the Network Authentication
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2009-1018
RESERVED
CVE-2009-1017 (Unspecified vulnerability in the BI Publisher component in
Oracle ...)
@@ -4423,7 +4424,7 @@
CVE-2009-1016 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
NOT-FOR-US: BEA Product Suite
CVE-2009-1015 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2009-1014 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1013 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
@@ -4479,7 +4480,7 @@
CVE-2009-0988 (Unspecified vulnerability in the Password Policy component in
Oracle ...)
NOT-FOR-US: Oracle Database
CVE-2009-0987 (Unspecified vulnerability in the Upgrade component in Oracle
Database ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2009-0986 (Unspecified vulnerability in the Workspace Manager component in
Oracle ...)
NOT-FOR-US: Oracle Database
CVE-2009-0985 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
@@ -7673,7 +7674,7 @@
CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1,
8 ...)
NOT-FOR-US: Adobe Acrobat Reader
CVE-2009-0192 (Off-by-one error in the iMonitor component in Novell eDirectory
8.8 ...)
- TODO: check
+ NOT-FOR-US: Novell eDirectory
CVE-2009-0191 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506,
...)
NOT-FOR-US: Foxit Reader
CVE-2009-0190