Secure testing commits - Sep 2009 - r12777 - data/CVE

Author: joeyh
Date: 2009-09-09 21:14:14 +0000 (Wed, 09 Sep 2009)
New Revision: 12777

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-09-09 18:44:21 UTC (rev 12776)
+++ data/CVE/list	2009-09-09 21:14:14 UTC (rev 12777)
@@ -1,3 +1,65 @@
+CVE-2009-3110 (Race condition in the file transfer functionality in Symantec
Altiris ...)
+	TODO: check
+CVE-2009-3109 (Unspecified vulnerability in the AClient agent in Symantec
Altiris ...)
+	TODO: check
+CVE-2009-3108 (The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x
before ...)
+	TODO: check
+CVE-2009-3107 (Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build
430 ...)
+	TODO: check
+CVE-2009-3106 (The Servlet Engine/Web Container component in IBM WebSphere ...)
+	TODO: check
+CVE-2009-3105 (Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes
(aka ...)
+	TODO: check
+CVE-2009-3104 (Unspecified vulnerability in Symantec Norton AntiVirus 2005
through ...)
+	TODO: check
+CVE-2009-3103 (Array index error in the SMB2 protocol implementation in
srv2.sys in ...)
+	TODO: check
+CVE-2009-3102 (The doHotCopy subroutine in socket-server.pl in Zmanda Recovery
...)
+	TODO: check
+CVE-2009-3101 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and
...)
+	TODO: check
+CVE-2009-3100 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10,
...)
+	TODO: check
+CVE-2009-3099 (Unspecified vulnerability in HP OpenView Operations Manager 8.1
on ...)
+	TODO: check
+CVE-2009-3098 (Unspecified vulnerability in the Portal in HP Operations
Dashboard 2.1 ...)
+	TODO: check
+CVE-2009-3097 (Multiple unspecified vulnerabilities in HP Performance Insight
5.3 on ...)
+	TODO: check
+CVE-2009-3096 (Multiple unspecified vulnerabilities in HP Performance Insight
5.3 ...)
+	TODO: check
+CVE-2009-3095 (The mod_proxy_ftp module in the Apache HTTP Server allows remote
...)
+	TODO: check
+CVE-2009-3094 (The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c
in the ...)
+	TODO: check
+CVE-2009-3093 (Unspecified vulnerability on the ASUS WL-500W wireless router
has ...)
+	TODO: check
+CVE-2009-3092 (Buffer overflow on the ASUS WL-500W wireless router has unknown
impact ...)
+	TODO: check
+CVE-2009-3091 (Unspecified vulnerability on the ASUS WL-330gE has unknown
impact and ...)
+	TODO: check
+CVE-2009-3090 (Unspecified vulnerability in IBM Tivoli Directory Server (TDS)
6.0 on ...)
+	TODO: check
+CVE-2009-3089 (IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to
cause ...)
+	TODO: check
+CVE-2009-3088 (Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory
Server ...)
+	TODO: check
+CVE-2009-3087 (Unspecified vulnerability in nserver.exe in the server in IBM
Lotus ...)
+	TODO: check
+CVE-2009-3086 (A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and
2.3.x ...)
+	TODO: check
+CVE-2009-3085 (The XMPP protocol plugin in libpurple in Pidgin before 2.6.2
does not ...)
+	TODO: check
+CVE-2009-3084 (The msn_slp_process_msg function in
libpurple/protocols/msn/slpcall.c ...)
+	TODO: check
+CVE-2009-3083 (The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c
in the ...)
+	TODO: check
+CVE-2008-7185 (GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial
of ...)
+	TODO: check
+CVE-2008-7184 (Cross-site scripting (XSS) vulnerability in Diigo Toolbar and
Diigolet ...)
+	TODO: check
+CVE-2008-7183 (PHP remote file inclusion vulnerability in eva/index.php in EVA
CMS ...)
+	TODO: check
 CVE-2009-XXXX [viewvc: XSS and illegal characters while printing name-value
pairs]
 	- viewvc <unfixed> (low; bug #545779)
 	NOTE: CVE id has been requested
@@ -263,8 +325,8 @@
 CVE-2009-3010 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1
pre; ...)
 	NOTE: This is a web site issue (open redirector), not a browser problem.
 	- iceweasel <unfixed> (unimportant)
-CVE-2009-3009
-	RESERVED
+CVE-2009-3009 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x
before ...)
+	TODO: check
 CVE-2009-3008 (K-Meleon 1.5.3 allows context-dependent attackers to spoof the
address ...)
 	NOT-FOR-US: K-Meleon	
 CVE-2009-3007 (Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1,
allow ...)
@@ -1502,18 +1564,17 @@
 	NOT-FOR-US: SiteMinder
 CVE-2009-2704 (CA SiteMinder allows remote attackers to bypass cross-site
scripting ...)
 	NOT-FOR-US: SiteMinder
-CVE-2009-2703 [pidgin irc topic DoS]
-	RESERVED
+CVE-2009-2703 (libpurple/protocols/irc/msgs.c in the IRC protocol plugin in
libpurple ...)
 	- pidgin 2.6.2 (low)
 	[lenny] - pidgin <no-dsa> (Minor issue)
 	[etch] - pidgin <no-dsa> (Minor issue)
 	[lenny] - gaim <not-affected> (Only a transitional package)
 	- gaim <removed>
 	NOTE: this is only a null ptr dereference and can only be triggered by a rogue
irc server
-CVE-2009-2702
-	RESERVED
-CVE-2009-2701
-	RESERVED
+CVE-2009-2702 (KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly
handle a ...)
+	TODO: check
+CVE-2009-2701 (Unspecified vulnerability in the Zope Enterprise Objects (ZEO)
...)
+	TODO: check
 CVE-2009-2700 (src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x
does not ...)
 	- qt4-x11 <unfixed> (medium; bug #545793)
 	[etch] - qt4-x11 <not-affected> (QSsl* classes were introduced in Qt
4.3)
@@ -1787,8 +1848,7 @@
 	NOT-FOR-US: Joomla! component
 CVE-2009-2633 (PHP remote file inclusion vulnerability in toolbar_ext.php in
the ...)
 	NOT-FOR-US: Joomla! component
-CVE-2009-2632 [buffer overflow in cyrus-imapd SIEVE support]
-	RESERVED
+CVE-2009-2632 (Buffer overflow in the SIEVE script component (sieve/script.c)
in ...)
 	{DSA-1881-1}
 	- cyrus-imapd-2.2 2.2.13-15 (medium)
 CVE-2009-2631
@@ -1797,8 +1857,8 @@
 	RESERVED
 CVE-2009-2629
 	RESERVED
-CVE-2009-2628
-	RESERVED
+CVE-2009-2628 (The VMnc media codec in vmnc.dll in VMware Movie Decoder before
6.5.3 ...)
+	TODO: check
 CVE-2009-2627 (Insecure method vulnerability in the Acer LunchApp (aka ...)
 	NOT-FOR-US: Acer LunchApp
 CVE-2009-2626
@@ -2071,8 +2131,8 @@
 	NOT-FOR-US: Microsoft Internet Information Server
 CVE-2009-2520
 	RESERVED
-CVE-2009-2519
-	RESERVED
+CVE-2009-2519 (The DHTML Editing Component ActiveX control in Microsoft Windows
2000 ...)
+	TODO: check
 CVE-2009-2518
 	RESERVED
 CVE-2009-2517
@@ -2111,10 +2171,10 @@
 	RESERVED
 CVE-2009-2500
 	RESERVED
-CVE-2009-2499
-	RESERVED
-CVE-2009-2498
-	RESERVED
+CVE-2009-2499 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and
Microsoft ...)
+	TODO: check
+CVE-2009-2498 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and
Windows ...)
+	TODO: check
 CVE-2009-2497
 	RESERVED
 CVE-2009-2496 (Heap-based buffer overflow in the Office Web Components ActiveX
...)
@@ -2547,8 +2607,7 @@
 CVE-2009-2347 (Multiple integer overflows in inter-color spaces conversion
tools in ...)
 	{DSA-1835-1}
 	- tiff 3.8.2-13
-CVE-2009-2346 [asterix: IAX2 call number exhaustion]
-	RESERVED
+CVE-2009-2346 (The IAX2 protocol implementation in Asterisk Open Source 1.2.x
before ...)
 	- asterisk 1:1.6.2.0~dfsg~beta3-1 (low)
 CVE-2009-2345 (Multiple SQL injection vulnerabilities in ClanSphere before
2009.0.1 ...)
 	NOT-FOR-US: ClanSphere
@@ -3131,8 +3190,7 @@
 	NOT-FOR-US: fuzzylime
 CVE-2009-2140
 	RESERVED
-CVE-2009-2139
-	RESERVED
+CVE-2009-2139 (Unspecified vulnerability in OpenOffice.org (OOo)
OpenOffice/Go-oo 2.x ...)
 	{DSA-1880-1}
 	- openoffice.org 1:3.1.1~ooo310m15-1
 CVE-2009-2138 (Multiple open redirect vulnerabilities in TBDev.NET 01-01-08
allow ...)
@@ -3653,10 +3711,10 @@
 	RESERVED
 CVE-2009-1927
 	RESERVED
-CVE-2009-1926
-	RESERVED
-CVE-2009-1925
-	RESERVED
+CVE-2009-1926 (Microsoft Windows 2000 SP4, Server 2003 SP2, Vista Gold, SP1,
and SP2, ...)
+	TODO: check
+CVE-2009-1925 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1,
and ...)
+	TODO: check
 CVE-2009-1924 (Integer overflow in the Windows Internet Name Service (WINS)
component ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2009-1923 (Heap-based buffer overflow in the Windows Internet Name Service
(WINS) ...)
@@ -3665,8 +3723,8 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2009-1921
 	RESERVED
-CVE-2009-1920
-	RESERVED
+CVE-2009-1920 (The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in
JScript.dll in ...)
+	TODO: check
 CVE-2009-1919 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet
Explorer 6 ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-1918 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet
Explorer 6 ...)
@@ -6321,8 +6379,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2009-1133 (Heap-based buffer overflow in Microsoft Remote Desktop
Connection ...)
 	NOT-FOR-US: Microsoft
-CVE-2009-1132
-	RESERVED
+CVE-2009-1132 (Heap-based buffer overflow in the Wireless LAN AutoConfig
Service (aka ...)
+	TODO: check
 CVE-2009-1131 (Multiple stack-based buffer overflows in Microsoft Office
PowerPoint ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-1130 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002
SP3 and ...)
@@ -8447,8 +8505,8 @@
 	NOT-FOR-US: Cisco IOS
 CVE-2009-0628 (Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4
...)
 	NOT-FOR-US: Cisco IOS
-CVE-2009-0627
-	RESERVED
+CVE-2009-0627 (Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1),
when ...)
+	TODO: check
 CVE-2009-0626 (The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote
...)
 	NOT-FOR-US: Cisco IOS
 CVE-2009-0625 (Unspecified vulnerability in Cisco ACE Application Control
Engine ...)
@@ -10010,8 +10068,8 @@
 CVE-2009-0200 (Integer underflow in OpenOffice.org (OOo) before 3.1.1 might
allow ...)
 	{DSA-1880-1}
 	- openoffice.org 1:3.1.1~ooo310m15-1
-CVE-2009-0199
-	RESERVED
+CVE-2009-0199 (Heap-based buffer overflow in the VMnc media codec in vmnc.dll
in ...)
+	TODO: check
 CVE-2009-0198 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7
and ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView
...)