Author: derevko-guest
Date: 2009-07-24 10:02:07 +0000 (Fri, 24 Jul 2009)
New Revision: 12396
Modified:
data/CVE/list
Log:
- NFUs
- verlihub XSS vulnerabilities
- Wireshark Multiple Vulnerabilities
- Adobe Flash Player Remote Code Execution Vulnerability
- CVE-2009-2419 fixed in webkit 1.1.10-1
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-07-24 02:15:28 UTC (rev 12395)
+++ data/CVE/list 2009-07-24 10:02:07 UTC (rev 12396)
@@ -1,68 +1,68 @@
CVE-2009-2584 (Off-by-one error in the options_write function in ...)
TODO: check
CVE-2009-2583 (Multiple session fixation vulnerabilities in IBM Tivoli Identity
...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli
CVE-2009-2582 (Stack-based buffer overflow in manager.exe in Akamai Download
Manager ...)
- TODO: check
+ NOT-FOR-US: Akamai Download Manager
CVE-2009-2581 (Cross-site scripting (XSS) vulnerability in modifier.php in ...)
- TODO: check
+ NOT-FOR-US: EditeurScripts EsNews
CVE-2009-2580
REJECTED
- TODO: check
CVE-2009-2579
RESERVED
CVE-2009-2578 (Google Chrome 2.x through 2.0.172 allows remote attackers to
cause a ...)
- TODO: check
+ - chromium-browser <itp> (bug #520324)
CVE-2009-2577 (Opera 9.52 and earlier allows remote attackers to cause a denial
of ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2009-2576 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows
remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2575 (The Research In Motion (RIM) BlackBerry 8800 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2009-2574 (index.php in MiniTwitter 0.2 beta allows remote authenticated
users to ...)
- TODO: check
+ NOT-FOR-US: MiniTwitter
CVE-2009-2573 (Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta,
when ...)
- TODO: check
+ NOT-FOR-US: MiniTwitter
CVE-2009-2572 (Cross-site request forgery (CSRF) vulnerability in the Fivestar
module ...)
- TODO: check
+ NOT-FOR-US: Drupal Module
CVE-2009-2571 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
- TODO: check
+ NOT-FOR-US: VerliAdmin
CVE-2009-2570 (Stack-based buffer overflow in the Symantec.FaxViewerControl.1
ActiveX ...)
- TODO: check
+ NOT-FOR-US: Symantec WinFax Pro
CVE-2009-2569 (Multiple cross-site scripting (XSS) vulnerabilities in Verlihub
...)
- TODO: check
+ - verlihub <unfixed> (low; bug #538234)
+ NOTE: http://packetstorm.linuxsecurity.com/0905-exploits/verlihub-xss.txt
CVE-2009-2568 (Stack-based buffer overflow in Sorinara Streaming Audio Player
(SAP) ...)
- TODO: check
+ NOT-FOR-US: Sorinara Streaming Audio Player
CVE-2009-2567 (SQL injection vulnerability in the Almond Classifieds
(com_aclassf) ...)
- TODO: check
+ NOT-FOR-US: Joomla! component
CVE-2008-6873 (SQL injection vulnerability in Active Web Mail 4.0 allows remote
...)
- TODO: check
+ NOT-FOR-US: Active Web Mail 4.0
CVE-2008-6872 (ASPThai.NET ASPThai Forums 8.5 stores sensitive information
under the ...)
- TODO: check
+ NOT-FOR-US: ASPThai.NET ASPThai Forums
CVE-2008-6871 (Merlix Educate Server stores db.mdb under the web root with ...)
- TODO: check
+ NOT-FOR-US: Merlix Educate Server
CVE-2008-6870 (Merlix Educate Server allows remote attackers to bypass intended
...)
- TODO: check
+ NOT-FOR-US: Merlix Educate Server
CVE-2008-6869 (Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive
...)
- TODO: check
+ NOT-FOR-US: Oramon Oracle Database Monitoring Tool
CVE-2008-6868 (Cross-site scripting (XSS) vulnerability in default/login.php in
...)
- TODO: check
+ NOT-FOR-US: EsBaseAdmin
CVE-2009-2566 (Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly
...)
- TODO: check
+ NOT-FOR-US: TFM MMPlayer
CVE-2009-2565 (Cross-site scripting (XSS) vulnerability in Perl CGI''s
By Mrs. ...)
NOT-FOR-US: Perl CGI''s By Mrs. Shiromuku shiromuku
CVE-2009-2564 (NOS Microsystems getPlus Download Manager for Adobe 1.6.2.36,
and ...)
NOT-FOR-US: Adobe
CVE-2009-2563 (Unspecified vulnerability in the Infiniband dissector in
Wireshark ...)
- TODO: check
+ - wireshark <unfixed> (bug #538234)
CVE-2009-2562 (Unspecified vulnerability in the AFS dissector in Wireshark
0.9.2 ...)
- TODO: check
+ - wireshark <unfixed> (bug #538234)
CVE-2009-2561 (Unspecified vulnerability in the sFlow dissector in Wireshark
1.2.0 ...)
- TODO: check
+ - wireshark <unfixed> (bug #538234)
CVE-2009-2560 (Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow
remote ...)
- TODO: check
+ - wireshark <unfixed> (bug #538234)
CVE-2009-2559 (Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows
remote ...)
- TODO: check
+ - wireshark <unfixed> (bug #538234)
CVE-2009-2558 (system/message.php in Admin News Tools 2.5 does not properly
restrict ...)
NOT-FOR-US: Admin News Tools
CVE-2009-2557 (Directory traversal vulnerability in system/download.php in
Admin News ...)
@@ -248,7 +248,8 @@
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-37.html
CVE-2009-2468 (Integer overflow in CoreGraphics in Apple Mac OS X, as used in
Mozilla ...)
- TODO: check
+ NOT-FOR-US: CoreGraphics in Apple Mac OS X
+ NOTE: related issue to CVE-2009-1194
CVE-2009-2467 (Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote
...)
{DSA-1840-1}
- xulrunner 1.9.0.12-1
@@ -431,7 +432,7 @@
CVE-2009-2420 (Apple Safari 3.2.3 does not properly implement the file:
protocol ...)
NOT-FOR-US: Apple Safari
CVE-2009-2419 (Use-after-free vulnerability in the servePendingRequests
function in ...)
- TODO: check
+ - webkit 1.1.10-1
CVE-2009-2418
RESERVED
CVE-2009-2417
@@ -1823,7 +1824,7 @@
CVE-2009-1863
RESERVED
CVE-2009-1862 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x
through ...)
- TODO: check
+ - flashplugin-nonfree <unfixed> (bug #538240)
CVE-2009-1861 (Multiple heap-based buffer overflows in Adobe Reader 7 and
Acrobat 7 ...)
NOT-FOR-US: Adobe Reader
CVE-2009-1860 (Unspecified vulnerability in Adobe Shockwave Player before
11.5.0.600 ...)