Author: derevko-guest
Date: 2009-07-21 20:17:50 +0000 (Tue, 21 Jul 2009)
New Revision: 12388
Modified:
data/CVE/list
Log:
- NFUs
- DoS via a large integer value for the length property of a Select object in
konqueror and iceweasel (already fixed)
- CVE-2009-2492: XSS vulnerability in movabletype-opensource
- automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-07-21 17:41:40 UTC (rev 12387)
+++ data/CVE/list 2009-07-21 20:17:50 UTC (rev 12388)
@@ -1,3 +1,130 @@
+CVE-2009-2554 (SQL injection vulnerability in the search method in
jobline.class.php ...)
+ NOT-FOR-US: Joomla!
+CVE-2009-2553 (Multiple SQL injection vulnerabilities in comments.php in Super
Simple ...)
+ NOT-FOR-US: Super Simple Blog Script
+CVE-2009-2552 (Multiple directory traversal vulnerabilities in comments.php in
Super ...)
+ NOT-FOR-US: Super Simple Blog Script
+CVE-2009-2551 (Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz
Easy ...)
+ NOT-FOR-US: ScriptsEz Easy Image Downloader
+CVE-2009-2550 (Stack-based buffer overflow in Hamster Audio Player 0.3a allows
remote ...)
+ NOT-FOR-US: Hamster Audio Player
+CVE-2009-2549 (Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and
Armed ...)
+ NOT-FOR-US: Armed Assault
+CVE-2009-2548 (Format string vulnerability in Armed Assault (aka ArmA) 1.14 and
...)
+ NOT-FOR-US: Armed Assault
+CVE-2009-2547 (Integer underflow in Armed Assault (aka ArmA) 1.14 and earlier,
and ...)
+ NOT-FOR-US: Armed Assault
+CVE-2009-2546 (Directory traversal vulnerability in Advanced Electron Forum
(AEF) 1.x ...)
+ NOT-FOR-US: Advanced Electron Forum
+CVE-2009-2545 (SQL injection vulnerability in Advanced Electron Forum (AEF)
1.x, when ...)
+ NOT-FOR-US: Advanced Electron Forum
+CVE-2009-2544 (Directory traversal vulnerability in the Marcelo Costa
FileServer ...)
+ NOT-FOR-US: Marcelo Costa FileServer
+CVE-2009-2543 (Multiple unspecified vulnerabilities in the IBM Proventia engine
...)
+ NOT-FOR-US: IBM Proventia engine
+CVE-2009-2542 (Netscape 6 and 8 allows remote attackers to cause a denial of
service ...)
+ NOT-FOR-US: Netscape 6 and 8
+CVE-2009-2541 (The web browser on the Sony PLAYSTATION 3 (PS3) allows remote
...)
+ NOT-FOR-US: Sony PLAYSTATION 3
+CVE-2009-2540 (Opera, possibly 9.64 and earlier, allows remote attackers to
cause a ...)
+ NOT-FOR-US: Opera
+CVE-2009-2539 (The Aigo P8860 allows remote attackers to cause a denial of
service ...)
+ NOT-FOR-US: Aigo P8860
+CVE-2009-2538 (The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet
Tablet ...)
+ NOT-FOR-US: Nokia N95
+CVE-2009-2537 (KDE Konqueror allows remote attackers to cause a denial of
service ...)
+ - kdebase <unfixed> (low; bug #537931)
+CVE-2009-2536 (Microsoft Internet Explorer 5 through 8 allows remote attackers
to ...)
+ NOT-FOR-US: Microsoft Internet Explorer 5
+CVE-2009-2535 (Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey,
and ...)
+ - iceweasel 3.0.5-1
+ [etch] - iceweasel 2.0.0.19-0etch1
+CVE-2009-2534 (RealNetworks Helix Server and Helix Mobile Server before 13.0.0
allow ...)
+ NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server
+CVE-2009-2533 (rmserver in RealNetworks Helix Server and Helix Mobile Server
before ...)
+ NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server
+CVE-2009-2532
+ RESERVED
+CVE-2009-2531
+ RESERVED
+CVE-2009-2530
+ RESERVED
+CVE-2009-2529
+ RESERVED
+CVE-2009-2528
+ RESERVED
+CVE-2009-2527
+ RESERVED
+CVE-2009-2526
+ RESERVED
+CVE-2009-2525
+ RESERVED
+CVE-2009-2524
+ RESERVED
+CVE-2009-2523
+ RESERVED
+CVE-2009-2522
+ RESERVED
+CVE-2009-2521
+ RESERVED
+CVE-2009-2520
+ RESERVED
+CVE-2009-2519
+ RESERVED
+CVE-2009-2518
+ RESERVED
+CVE-2009-2517
+ RESERVED
+CVE-2009-2516
+ RESERVED
+CVE-2009-2515
+ RESERVED
+CVE-2009-2514
+ RESERVED
+CVE-2009-2513
+ RESERVED
+CVE-2009-2512
+ RESERVED
+CVE-2009-2511
+ RESERVED
+CVE-2009-2510
+ RESERVED
+CVE-2009-2509
+ RESERVED
+CVE-2009-2508
+ RESERVED
+CVE-2009-2507
+ RESERVED
+CVE-2009-2506
+ RESERVED
+CVE-2009-2505
+ RESERVED
+CVE-2009-2504
+ RESERVED
+CVE-2009-2503
+ RESERVED
+CVE-2009-2502
+ RESERVED
+CVE-2009-2501
+ RESERVED
+CVE-2009-2500
+ RESERVED
+CVE-2009-2499
+ RESERVED
+CVE-2009-2498
+ RESERVED
+CVE-2009-2497
+ RESERVED
+CVE-2009-2496
+ RESERVED
+CVE-2009-2495
+ RESERVED
+CVE-2009-2494
+ RESERVED
+CVE-2009-2493
+ RESERVED
+CVE-2009-2492 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six
Apart ...)
+ - movabletype-opensource 4.2.6.1-1 (low; bug #537935)
CVE-2009-XXXX [mediawiki: multiple vulnerabilities]
- mediawiki <unfixed> (medium; bug #537634)
[etch] - mediawiki <not-affected> (vulnerably code introduced in 1.14.0)
@@ -337,8 +464,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2349
RESERVED
-CVE-2009-2348
- RESERVED
+CVE-2009-2348 (Android 1.5 CRBxx allows local users to bypass the (1) ...)
+ NOT-FOR-US: Android
CVE-2009-2347 (Multiple integer overflows in inter-color spaces conversion
tools in ...)
{DSA-1835-1}
- tiff 3.8.2-13
@@ -1489,8 +1616,7 @@
CVE-2009-1960 (inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and
rc2009-01-30, ...)
- dokuwiki 0.0.20090214b-1 (unimportant)
NOTE: we don''t support setups with register_globals enabled
-CVE-2009-1897 [linux-2.6: null pointer dereference in tun/tap]
- RESERVED
+CVE-2009-1897 (The tun_chr_poll function in drivers/net/tun.c in the tun
subsystem in ...)
- linux-2.6 2.6.30-3 (high; bug #537409)
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.29)
@@ -1503,15 +1629,13 @@
- linux-2.6 2.6.30-3 (low)
[etch] - linux-2.6 <not-affected> (mmap_min_addr first indroduced in
2.6.23)
- linux-2.6.24 <removed>
-CVE-2009-1894
- RESERVED
+CVE-2009-1894 (Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows
local ...)
{DSA-1838-1}
- pulseaudio <unfixed> (high; bug #537351)
[etch] - pulseaudio <not-affected> (vulnerable code not present)
-CVE-2009-1893
- RESERVED
-CVE-2009-1892
- RESERVED
+CVE-2009-1893 (The configtest function in the Red Hat dhcpd init script for
DHCP ...)
+ NOT-FOR-US: Red Hat dhcpd init script for DHCP
+CVE-2009-1892 (dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the
dhcp-client-identifier and ...)
{DSA-1833-1}
- dhcp3 <unfixed> (low)
[etch] - dhcp3 <not-affected> (problematic assert is not present)
@@ -2030,7 +2154,7 @@
CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
- webkit <unfixed> (medium; bug #535793)
TODO: work with upstream to determine affected/not-affected webkit versions
-CVE-2009-1692 (WebKit in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for
iPod ...)
+CVE-2009-1692 (WebKit before r41741, as used in Apple iPhone OS 1.0 through
2.2.1, ...)
- webkit <unfixed> (medium; bug #535793)
NOTE: upstream (undisclosed) bug report is
https://bugs.webkit.org/show_bug.cgi?id=23319
TODO: work with upstream to determine affected/not-affected webkit versions