Author: joeyh
Date: 2009-08-11 21:14:11 +0000 (Tue, 11 Aug 2009)
New Revision: 12572
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-08-11 20:45:32 UTC (rev 12571)
+++ data/CVE/list 2009-08-11 21:14:11 UTC (rev 12572)
@@ -1,3 +1,67 @@
+CVE-2009-2737 (The EditCSVAction function in cgi/actions.py in Roundup 1.2
before ...)
+ TODO: check
+CVE-2009-2736 (Static code injection vulnerability in admin.php in sun-jester
...)
+ TODO: check
+CVE-2009-2735 (SQL injection vulnerability in admin.php in sun-jester OpenNews
1.0, ...)
+ TODO: check
+CVE-2009-2734
+ RESERVED
+CVE-2009-2733
+ RESERVED
+CVE-2009-2732
+ RESERVED
+CVE-2009-2731
+ RESERVED
+CVE-2009-2730
+ RESERVED
+CVE-2009-2729
+ RESERVED
+CVE-2009-2728
+ RESERVED
+CVE-2009-2727 (Stack-based buffer overflow in the _tt_internal_realpath
function in ...)
+ TODO: check
+CVE-2009-2726
+ RESERVED
+CVE-2009-2725
+ RESERVED
+CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0
before ...)
+ TODO: check
+CVE-2009-2723 (Unspecified vulnerability in deserialization in the Provider
class in ...)
+ TODO: check
+CVE-2009-2722 (Multiple unspecified vulnerabilities in the Provider class in
Sun Java ...)
+ TODO: check
+CVE-2009-2721 (Multiple unspecified vulnerabilities in the Provider class in
Sun Java ...)
+ TODO: check
+CVE-2009-2720 (Unspecified vulnerability in the ...)
+ TODO: check
+CVE-2009-2719 (The Java Web Start implementation in Sun Java SE 6 before Update
15 ...)
+ TODO: check
+CVE-2009-2718 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE
6 ...)
+ TODO: check
+CVE-2009-2717 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE
6 ...)
+ TODO: check
+CVE-2009-2716 (The plugin functionality in Sun Java SE 6 before Update 15 does
not ...)
+ TODO: check
+CVE-2008-6927 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2008-6926 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2008-6925 (Cross-site scripting (XSS) vulnerability in function.php in
Zenphoto ...)
+ TODO: check
+CVE-2008-6924 (Multiple cross-site scripting (XSS) vulnerabilities in
register.php in ...)
+ TODO: check
+CVE-2008-6923 (SQL injection vulnerability in the content component
(com_content) ...)
+ TODO: check
+CVE-2008-6922 (Multiple stack-based buffer overflows in CMailCOM.dll in
CMailServer ...)
+ TODO: check
+CVE-2008-6921 (Unrestricted file upload vulnerability in index.php in
phpAdBoard 1.8 ...)
+ TODO: check
+CVE-2008-6920 (Unrestricted file upload vulnerability in auth.php in
phpEmployment ...)
+ TODO: check
+CVE-2008-6919 (profileedit.php TaskDriver 1.3 and earlier allows remote
attackers to ...)
+ TODO: check
+CVE-2008-6918 (Unrestricted file upload vulnerability in admin/galeria.php in
...)
+ TODO: check
CVE-2009-XXXX [wordpress password reset]
- wordpress <unfixed> (low; bug #541102)
[lenny] - wordpress <not-affected> (Vulnerable code not present)
@@ -120,10 +184,10 @@
NOT-FOR-US: BabbleBoard
CVE-2008-6905 (Cross-site request forgery (CSRF) vulnerability in index.php in
...)
NOT-FOR-US: BabbleBoard
-CVE-2009-2705
- RESERVED
-CVE-2009-2704
- RESERVED
+CVE-2009-2705 (CA SiteMinder allows remote attackers to bypass cross-site
scripting ...)
+ TODO: check
+CVE-2009-2704 (CA SiteMinder allows remote attackers to bypass cross-site
scripting ...)
+ TODO: check
CVE-2009-2703
RESERVED
CVE-2009-2702
@@ -152,14 +216,12 @@
RESERVED
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed>
-CVE-2009-2690 [OpenJDK private variable information disclosure]
- RESERVED
+CVE-2009-2690 (The encoder in Sun Java SE 6 before Update 15, and OpenJDK,
grants ...)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- openjdk-6 <unfixed>
TODO: file bug
-CVE-2009-2689 [OpenJDK JDK13Services grants unnecessary privileges ]
- RESERVED
+CVE-2009-2689 (JDK13Services.getProviders in Sun Java SE 5.0 before Update 20
and 6 ...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
@@ -199,7 +261,7 @@
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-2674 (Integer overflow in Sun Java Runtime Environment (JRE) in JDK
and JRE ...)
+CVE-2009-2674 (Integer overflow in javaws.exe in Sun Java Web Start in Sun Java
...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
@@ -767,14 +829,12 @@
CVE-2009-2478 (Mozilla Firefox 3.5 allows remote attackers to cause a denial of
...)
- xulrunner <not-affected> (unimportant)
NOTE: browser crashes not treated as security issues
-CVE-2009-2476 [OpenJDK OpenType checks can be bypassed]
- RESERVED
+CVE-2009-2476 (The Java Management Extensions (JMX) implementation in Sun Java
SE 6 ...)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- openjdk-6 <unfixed>
TODO: file bug
-CVE-2009-2475 [OpenJDK information leaks in mutable variables]
- RESERVED
+CVE-2009-2475 (Sun Java SE 5.0 before Update 20 and 6 before Update 15, and
OpenJDK, ...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
@@ -1007,8 +1067,7 @@
{DSA-1859-1}
- libxml2 <unfixed> (low; bug #540865)
- libxml <removed>
-CVE-2009-2415 [heap-based buffer overflow in memcached]
- RESERVED
+CVE-2009-2415 (Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow
remote ...)
{DSA-1853-1}
- memcached <unfixed> (medium; bug #540379)
- memcachedb 1.2.0-5 (medium; bug #540381)
@@ -1779,7 +1838,7 @@
- mahara 1.1.5-1 (low)
CVE-2009-2120 (Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1
allow ...)
NOT-FOR-US: TekBase
-CVE-2009-2119 (Cross-site scripting (XSS) vulnerability in the login interface
in F5 ...)
+CVE-2009-2119 (Cross-site scripting (XSS) vulnerability in the login interface
...)
NOT-FOR-US: FirePass
CVE-2009-2118 (Integer overflow in IrfanView 4.23, when the resampling or
screen ...)
NOT-FOR-US: IrfanView
@@ -2004,8 +2063,8 @@
NOTE: down to potential insecure usage
CVE-2009-2027 (The Installer in Apple Safari before 4.0 on Windows allows local
users ...)
NOT-FOR-US: Apple Safari
-CVE-2009-2026
- RESERVED
+CVE-2009-2026 (Stack-based buffer overflow in a token searching function in the
...)
+ TODO: check
CVE-2009-2025 (admin/login.php in DM FileManager 3.9.2 allows remote attackers
to ...)
NOT-FOR-US: DM FileManager
CVE-2009-2024 (Vlad Titarenko ASP VT Auth 1.0 stores sensitive information
under the ...)
@@ -2339,8 +2398,8 @@
[squeeze] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.29)
- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29)
NOTE: http://seclists.org/fulldisclosure/2009/Jul/0241.html
-CVE-2009-1896
- RESERVED
+CVE-2009-1896 (The Java Web Start framework in IcedTea in OpenJDK before ...)
+ TODO: check
CVE-2009-1895 (The personality subsystem in the Linux kernel before 2.6.31-rc3
has a ...)
{DSA-1845-1 DSA-1844-1}
- linux-2.6 2.6.30-3 (low)
@@ -2421,7 +2480,7 @@
RESERVED
CVE-2009-1870 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18,
and ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2009-1869 (Integer overflow in Adobe Flash Player before 9.0.246.0 and 10.x
...)
+CVE-2009-1869 (Integer overflow in the ActionScript Virtual Machine 2 (AVM2)
abcFile ...)
NOT-FOR-US: Adobe Flash Player
CVE-2009-1868 (Heap-based buffer overflow in Adobe Flash Player before
9.0.246.0 and ...)
NOT-FOR-US: Adobe Flash Player
@@ -6618,8 +6677,8 @@
{DSA-1807-1 DTSA-200-1 DTSA-201-1}
- cyrus-sasl2 2.1.23.dfsg1-1 (bug #528749)
NOTE: VU#238019
-CVE-2009-0687
- RESERVED
+CVE-2009-0687 (The pf_test_rule function in OpenBSD Packet Filter (PF), as used
in ...)
+ TODO: check
CVE-2009-0686 (The TrendMicro Activity Monitor Module (tmactmon.sys)
2.52.0.1002 in ...)
NOT-FOR-US: Trend Micro Internet Pro
CVE-2009-0685