Author: joeyh
Date: 2009-09-16 21:14:19 +0000 (Wed, 16 Sep 2009)
New Revision: 12831
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-09-16 20:51:08 UTC (rev 12830)
+++ data/CVE/list 2009-09-16 21:14:19 UTC (rev 12831)
@@ -1,3 +1,39 @@
+CVE-2009-3201 (Integer overflow in Media Player Classic 6.4.9 allows
user-assisted ...)
+ TODO: check
+CVE-2009-3200
+ RESERVED
+CVE-2009-3199 (Uebimiau Webmail 3.2.0-2.0 stores sensitive information under
the web ...)
+ TODO: check
+CVE-2009-3198 (Cross-site scripting (XSS) vulnerability in search.php in
JCE-Tech ...)
+ TODO: check
+CVE-2009-3197 (Cross-site scripting (XSS) vulnerability in search.php in
JCE-Tech PHP ...)
+ TODO: check
+CVE-2009-3196 (Cross-site scripting (XSS) vulnerability in index.php in
JCE-Tech PHP ...)
+ TODO: check
+CVE-2009-3195 (Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech
...)
+ TODO: check
+CVE-2009-3194 (Cross-site scripting (XSS) vulnerability in index.php in
JCE-Tech ...)
+ TODO: check
+CVE-2009-3193 (SQL injection vulnerability in the DigiFolio (com_digifolio)
component ...)
+ TODO: check
+CVE-2009-3192 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+ TODO: check
+CVE-2009-3191 (Multiple cross-site scripting (XSS) vulnerabilities in PAD Site
...)
+ TODO: check
+CVE-2009-3190 (Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6
allow ...)
+ TODO: check
+CVE-2009-3189 (Cross-site scripting (XSS) vulnerability in search.php in DigiOz
...)
+ TODO: check
+CVE-2009-3188 (PHP remote file inclusion vulnerability in save.php in phpSANE
0.5.0 ...)
+ TODO: check
+CVE-2009-3187 (Cross-site scripting (XSS) vulnerability in gamelist.php in
Stand ...)
+ TODO: check
+CVE-2009-3186 (Multiple cross-site scripting (XSS) vulnerabilities in
VideoGirls BiZ ...)
+ TODO: check
+CVE-2009-3185 (SQL injection vulnerability in plugin.php in the Crazy Star
plugin 2.0 ...)
+ TODO: check
+CVE-2009-3184 (Multiple SQL injection vulnerabilities in index.php in Pirates
of The ...)
+ TODO: check
CVE-2008-XXXX [changetrack command injection]
- changetrack <unfixed> (medium; bug #546791)
NOTE: CVE id requested
@@ -42,10 +78,10 @@
NOT-FOR-US: RunCMS
CVE-2008-7221 (Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1
allows ...)
NOT-FOR-US: RunCMS
-CVE-2009-3166
- RESERVED
-CVE-2009-3165
- RESERVED
+CVE-2009-3166 (token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in
a URL ...)
+ TODO: check
+CVE-2009-3165 (SQL injection vulnerability in the Bug.create WebService
function in ...)
+ TODO: check
CVE-2008-7220 (Unspecified vulnerability in Prototype JavaScript framework ...)
- prototypejs 1.6.0.2-1
CVE-2008-7219 (Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag
H3 2.1 ...)
@@ -220,8 +256,8 @@
NOT-FOR-US: ReviewPost Pro
CVE-2009-3146 (Cross-site scripting (XSS) vulnerability in search_advance.php
in ...)
NOT-FOR-US: ArticleFriend Script
-CVE-2009-3125
- RESERVED
+CVE-2009-3125 (SQL injection vulnerability in the Bug.search WebService
function in ...)
+ TODO: check
CVE-2009-3124 (Directory traversal vulnerability in get_message.cgi in
QuarkMail ...)
NOT-FOR-US: QuarkMail
CVE-2009-3123 (Directory traversal vulnerability in gallery/gallery.php in
Wap-Motor ...)
@@ -961,8 +997,7 @@
CVE-2009-2946 (Eval injection vulnerability in scripts/uscan.pl before Rev 1984
in ...)
{DSA-1878-2 DSA-1878-1}
- devscripts 2.10.54
-CVE-2009-2945 [webauth information disclosure]
- RESERVED
+CVE-2009-2945 (weblogin/login.fcgi (aka the WebLogin login script) in Stanford
...)
- webauth 3.6.2-1 (low)
[lenny] - webauth <no-dsa> (Minor issue, maintainer prepares update for
spu)
[etch] - webauth <not-affected> (Vulnerable code not present)
@@ -1133,8 +1168,7 @@
RESERVED
CVE-2009-2904
RESERVED
-CVE-2009-2903 [linux-2.6: apple talk denial-of-service]
- RESERVED
+CVE-2009-2903 (Memory leak in the appletalk subsystem in the Linux kernel 2.4.x
...)
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed> (low)
CVE-2009-2902
@@ -2187,8 +2221,7 @@
RESERVED
CVE-2009-2630
RESERVED
-CVE-2009-2629 [nginx http request parser buffer underflow]
- RESERVED
+CVE-2009-2629 (Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0
through ...)
{DSA-1884-1}
- nginx 0.7.61-3 (medium)
CVE-2009-2628 (The VMnc media codec in vmnc.dll in VMware Movie Decoder before
6.5.3 ...)
@@ -2787,7 +2820,7 @@
CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when
OpenSSL is ...)
{DSA-1869-1}
- curl 7.19.5-1.1 (medium; bug #541991)
- TODO: - wget <unfixed>
+ TODO: - wget <unfixed>
TODO: check whether wget affected [src/openssl.c]; not an embed, but similar
functionality
CVE-2009-2416 (Multiple use-after-free vulnerabilities in libxml2 2.5.10,
2.6.16, ...)
{DSA-1861-1 DSA-1859-1}
@@ -3392,8 +3425,8 @@
NOT-FOR-US: Apple QuickTime
CVE-2009-2202 (Apple QuickTime before 7.6.4 allows remote attackers to execute
...)
NOT-FOR-US: Apple QuickTime
-CVE-2009-2201
- RESERVED
+CVE-2009-2201 (The screensharing feature in the Admin application in Apple Xsan
...)
+ TODO: check
CVE-2009-2200 (WebKit in Apple Safari before 4.0.3 does not properly restrict
the URL ...)
TODO: check
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273
@@ -7899,7 +7932,7 @@
- libapache2-mod-perl2 <unfixed>
- apache <removed>
[etch] - apache <no-dsa> (minor issue)
- TODO: File bug
+ TODO: File bug
CVE-2009-0795
REJECTED
CVE-2009-0794 (Integer overflow in the PulseAudioTargetDataL class in ...)