Secure testing commits - Sep 2009 - r12813 - data/CVE

Author: joeyh
Date: 2009-09-14 21:14:11 +0000 (Mon, 14 Sep 2009)
New Revision: 12813

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-09-14 17:17:59 UTC (rev 12812)
+++ data/CVE/list	2009-09-14 21:14:11 UTC (rev 12813)
@@ -1,62 +1,78 @@
-CVE-2009-3182
+CVE-2009-3166
+	RESERVED
+CVE-2009-3165
+	RESERVED
+CVE-2008-7220 (Unspecified vulnerability in Prototype JavaScript framework ...)
+	TODO: check
+CVE-2008-7219 (Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag
H3 2.1 ...)
+	TODO: check
+CVE-2008-7218 (Unspecified vulnerability in the Horde API in Horde 3.1 before
3.1.6 ...)
+	TODO: check
+CVE-2008-7217 (Microsoft Office 2008 for Mac, when running on Macintosh systems
that ...)
+	TODO: check
+CVE-2007-6732 (Multiple buffer overflows in the dtt_load function in ...)
+	TODO: check
+CVE-2007-6731 (Extended Module Player (XMP) 2.5.1 and earlier allow remote
attackers ...)
+	TODO: check
+CVE-2009-3182 (Unrestricted file upload vulnerability in ...)
 	NOT-FOR-US: Anantasoft Gazelle CMS
-CVE-2009-3181
+CVE-2009-3181 (Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0
allows ...)
 	NOT-FOR-US: Anantasoft Gazelle CMS
-CVE-2009-3180
+CVE-2009-3180 (Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a
...)
 	NOT-FOR-US: Anantasoft Gazelle CMS
-CVE-2009-3179
+CVE-2009-3179 (Multiple unspecified vulnerabilities in Symantec Altiris
Deployment ...)
 	NOT-FOR-US: Symantec Altiris Deployment Solution
-CVE-2009-3178
+CVE-2009-3178 (Unspecified vulnerability in mm.exe in Symantec Altiris
Deployment ...)
 	NOT-FOR-US: Symantec Altiris Deployment Solution
-CVE-2009-3177
+CVE-2009-3177 (Unspecified vulnerability in Kaspersky Online Scanner 7.0 has
unknown ...)
 	NOT-FOR-US: Kaspersky Online Scanner
-CVE-2009-3176
+CVE-2009-3176 (Buffer overflow in the ActiveX control in Novell iPrint Client
4.38 ...)
 	NOT-FOR-US: Novell iPrint Client
-CVE-2009-3175
+CVE-2009-3175 (Multiple SQL injection vulnerabilities in Model Agency Manager
PRO ...)
 	NOT-FOR-US: Model Agency Manager PRO
-CVE-2009-3174
+CVE-2009-3174 (PHP remote file inclusion vulnerability in fonctions_racine.php
in ...)
 	NOT-FOR-US: OBOphiX
-CVE-2009-3173
+CVE-2009-3173 (Unrestricted file upload vulnerability in admin/add_album.php in
The ...)
 	NOT-FOR-US: Rat CMS Alpha
-CVE-2009-3172
+CVE-2009-3172 (Unspecified vulnerability in Hitachi Groupmax Groupware Server
07-00 ...)
 	NOT-FOR-US: Hitachi Groupmax Groupware Server
-CVE-2009-3171
+CVE-2009-3171 (Multiple cross-site scripting (XSS) vulnerabilities in
Anantasoft ...)
 	NOT-FOR-US: Anantasoft Gazelle CMS
-CVE-2009-3170
+CVE-2009-3170 (Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build
330) ...)
 	NOT-FOR-US: AIMP2 Audio Converter
-CVE-2009-3169
+CVE-2009-3169 (Multiple unspecified vulnerabilities in Hitachi JP1/File
Transmission ...)
 	NOT-FOR-US: Hitachi
-CVE-2009-3168
+CVE-2009-3168 (Mevin Productions Basic PHP Events Lister 2.0 does not properly
...)
 	NOT-FOR-US: Mevin Productions Basic PHP Events Lister
-CVE-2009-3167
+CVE-2009-3167 (Directory traversal vulnerability in index.php in Anantasoft
Gazelle ...)
 	NOT-FOR-US: Anantasoft Gazelle CMS
-CVE-2008-7216
+CVE-2008-7216 (Peter''s Math Anti-Spam Spinoff plugin for WordPress
generates audio ...)
 	NOT-FOR-US: Math Anti-Spam Spinoff plugin for WordPress
-CVE-2008-7215
+CVE-2008-7215 (The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3
and ...)
 	NOT-FOR-US: MOStlyCE
-CVE-2008-7214
+CVE-2008-7214 (Cross-site request forgery (CSRF) vulnerability in ...)
 	NOT-FOR-US: MOStlyCE
-CVE-2008-7213
+CVE-2008-7213 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: MOStlyCE
-CVE-2008-7212
+CVE-2008-7212 (MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows
remote ...)
 	NOT-FOR-US: MOStlyCE
-CVE-2008-7211
+CVE-2008-7211 (CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used
in ...)
 	NOT-FOR-US: CreativeLabs WDM audio driver
-CVE-2008-7210
+CVE-2008-7210 (directory.php in AJchat 0.10 allows remote attackers to bypass
input ...)
 	NOT-FOR-US: AJchat
-CVE-2008-7209
+CVE-2008-7209 (Unrestricted file upload vulnerability in the add2 action in
...)
 	NOT-FOR-US: OneCMS
-CVE-2008-7208
+CVE-2008-7208 (Multiple SQL injection vulnerabilities in OneCMS 2.4, and
possibly ...)
 	NOT-FOR-US: OneCMS
-CVE-2008-7207
+CVE-2008-7207 (RivetTracker before 1.0 stores passwords in cleartext in
config.php, ...)
 	NOT-FOR-US: RivetTracker
-CVE-2008-7206
+CVE-2008-7206 (Unspecified vulnerability in Electronic Logbook (ELOG) before
2.7.2 ...)
 	NOT-FOR-US: Electronic Logbook
-CVE-2008-7205
+CVE-2008-7205 (Unspecified vulnerability in the product view functionality in
...)
 	NOT-FOR-US: VirtueMart
-CVE-2008-7204
+CVE-2008-7204 (Cross-site request forgery (CSRF) vulnerability in VirtueMart
1.0.13a ...)
 	NOT-FOR-US: VirtueMart
-CVE-2008-7203
+CVE-2008-7203 (Valve Software Half-Life Counter-Strike 1.6 allows remote
attackers to ...)
 	NOT-FOR-US: Valve Software Half-Life Counter-Strike
 CVE-2009-XXXX [pam-auth-update does not prohibit selecting an empty set of
modules]
 	- pam 1.0.1-10 (bug #519927)
@@ -307,22 +323,28 @@
 CVE-2009-3080
 	RESERVED
 CVE-2009-3079 (Unspecified vulnerability in Mozilla Firefox before 3.0.14, and
3.5.x ...)
+	{DSA-1886-1}
 	- iceweasel 3.0.14-1
 	[etch] - iceweasel <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-3078 (Visual truncation vulnerability in Mozilla Firefox before
3.0.14, and ...)
+	{DSA-1885-1}
 	- xulrunner 1.9.0.14-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-3077 (Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not
...)
+	{DSA-1885-1}
 	- xulrunner 1.9.0.14-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-3076 (Mozilla Firefox before 3.0.14 does not properly implement
certain ...)
+	{DSA-1885-1}
 	- xulrunner 1.9.0.14-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 	NOTE: Huh?
 CVE-2009-3075 (Multiple unspecified vulnerabilities in the JavaScript engine in
...)
+	{DSA-1885-1}
 	- xulrunner 1.9.0.14-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-3074 (Unspecified vulnerability in the JavaScript engine in Mozilla
Firefox ...)
+	{DSA-1885-1}
 	- xulrunner 1.9.0.14-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-3073 (Unspecified vulnerability in the JavaScript engine in Mozilla
Firefox ...)
@@ -330,12 +352,15 @@
 	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
 	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
 CVE-2009-3072 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
+	{DSA-1885-1}
 	- xulrunner 1.9.0.14-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-3071 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
+	{DSA-1885-1}
 	- xulrunner 1.9.0.14-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-3070 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
+	{DSA-1885-1}
 	- xulrunner 1.9.0.14-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-3069 (Unspecified vulnerability in the browser engine in Mozilla
Firefox ...)
@@ -1311,7 +1336,7 @@
 	RESERVED
 CVE-2009-2801
 	RESERVED
-CVE-2009-2800
+CVE-2009-2800 (Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and
10.5.8 ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2799 (Heap-based buffer overflow in Apple QuickTime before 7.6.4
allows ...)
 	NOT-FOR-US: Apple QuickTime
@@ -2114,6 +2139,7 @@
 	RESERVED
 CVE-2009-2629 [nginx http request parser buffer underflow]
 	RESERVED
+	{DSA-1884-1}
 	- nginx 0.7.61-3 (medium)
 CVE-2009-2628 (The VMnc media codec in vmnc.dll in VMware Movie Decoder before
6.5.3 ...)
 	NOT-FOR-US: VMware Movie Decoder
@@ -5775,6 +5801,7 @@
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 	- kompozer 1:0.8~alpha2+dfsg+svn129-3
 CVE-2009-1310 (Cross-site scripting (XSS) vulnerability in the MozSearch plugin
...)
+	{DSA-1886-1}
 	- iceweasel 3.0.9-1
 	[etch] - iceweasel <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-1309 (Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not
...)
@@ -22023,7 +22050,7 @@
 CVE-2007-6707 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco
...)
 	NOT-FOR-US: Cisco Linksys
 CVE-2008-1360 (Cross-site scripting (XSS) vulnerability in Nagios before 2.11
allows ...)
-	{DSA-1883-1}
+	{DSA-1883-2 DSA-1883-1}
 	- nagios2 2.11-1 (low)
 CVE-2008-1417 (The prerm script in axyl 2.1.7 allows local users to overwrite
...)
 	- axyl 2.2.0 (low; bug #471227)
@@ -27333,7 +27360,7 @@
 CVE-2007-5804 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the
argument ...)
 	NOT-FOR-US: IBM AIX
 CVE-2007-5803 (Multiple cross-site scripting (XSS) vulnerabilities in CGI
programs in ...)
-	{DSA-1883-1}
+	{DSA-1883-2 DSA-1883-1}
 	- nagios2 <removed> (low; bug #482445)
 	- nagios3 3.0.2-1 (low; bug #485439)
 CVE-2007-5802 (Directory traversal vulnerability in index.php in Firewolf ...)
@@ -28055,7 +28082,7 @@
 CVE-2007-5625 (Cross-site scripting (XSS) vulnerability in filename.asp in ASP
Site ...)
 	NOT-FOR-US: Site Search SearchSimon Lite
 CVE-2007-5624 (Cross-site scripting (XSS) vulnerability in Nagios 2.x before
2.10 ...)
-	{DSA-1883-1}
+	{DSA-1883-2 DSA-1883-1}
 	- nagios2 2.9-1.1 (low; bug #448371)
 CVE-2007-5623 (Buffer overflow in the check_snmp function in Nagios Plugins
...)
 	{DSA-1495-1}