Author: joeyh Date: 2009-10-14 21:14:17 +0000 (Wed, 14 Oct 2009) New Revision: 13017 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-14 10:31:03 UTC (rev 13016) +++ data/CVE/list 2009-10-14 21:14:17 UTC (rev 13017) @@ -1,6 +1,10 @@ +CVE-2009-3698 (An unspecified function in the Dalvik API in Android 1.5 and earlier ...) + TODO: check CVE-2009-3697 [phpMyAdmin XSS/SQL inj PMASA-2009-6] + RESERVED - phpmyadmin 4:3.2.2.1-1 CVE-2009-3696 [phpMyAdmin XSS/SQL inj PMASA-2009-6] + RESERVED - phpmyadmin 4:3.2.2.1-1 CVE-2009-3610 RESERVED @@ -536,7 +540,8 @@ - chromium-browser <itp> (bug #520324) CVE-2009-3455 (Apple Safari, possibly before 4.0.3, on Mac OS X does not properly ...) NOT-FOR-US: Apple Safari -CVE-2009-3454 (Microsoft Internet Explorer does not properly handle a ''\0'' character ...) +CVE-2009-3454 + REJECTED NOT-FOR-US: Microsoft Internet Explorer CVE-2009-3453 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...) NOT-FOR-US: IBM Lotus Quickr @@ -1350,8 +1355,8 @@ RESERVED CVE-2009-3127 RESERVED -CVE-2009-3126 - RESERVED +CVE-2009-3126 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...) + TODO: check CVE-2009-3162 (Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows ...) NOT-FOR-US: Multi Website CVE-2009-3161 (The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows ...) @@ -1469,7 +1474,7 @@ NOT-FOR-US: IBM Lotus iNotes CVE-2009-3104 (Unspecified vulnerability in Symantec Norton AntiVirus 2005 through ...) NOT-FOR-US: Symantec Norton AntiVirus -CVE-2009-3103 (Array index error in the SMB2 protocol implementation in srv2.sys in ...) +CVE-2009-3103 (Array index error in the SMBv2 protocol implementation in srv2.sys in ...) NOT-FOR-US: Microsoft CVE-2009-3102 (The doHotCopy subroutine in socket-server.pl in Zmanda Recovery ...) NOT-FOR-US: Zmanda Recovery Manager @@ -1795,7 +1800,7 @@ - libio-socket-ssl-perl 1.30-1 [lenny] - libio-socket-ssl-perl 1.16-1+lenny1 [etch] - libio-socket-ssl-perl <not-affected> (Affected functionality introduced in 1.14) -CVE-2009-3023 (Buffer overflow in the FTP server in Microsoft Internet Information ...) +CVE-2009-3023 (Buffer overflow in the FTP Service in Microsoft Internet Information ...) NOT-FOR-US: Microsoft IIS CVE-2009-3022 (Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and ...) NOT-FOR-US: bingo!CMS @@ -1908,8 +1913,8 @@ NOT-FOR-US: Carmosa phpCart CVE-2008-7107 (easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to ...) NOT-FOR-US: ESET Smart Security -CVE-2009-2999 - RESERVED +CVE-2009-2999 (The com.android.phone process in Android 1.5 CRBxx allows remote ...) + TODO: check CVE-2009-XXXX [serveez: buffer overflow in header parser] - serveez <removed> (low) [lenny] - serveez <no-dsa> (Fringe package, mostly unused) @@ -3644,78 +3649,78 @@ NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server CVE-2009-2533 (rmserver in RealNetworks Helix Server and Helix Mobile Server before ...) NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server -CVE-2009-2532 - RESERVED -CVE-2009-2531 - RESERVED -CVE-2009-2530 - RESERVED -CVE-2009-2529 - RESERVED -CVE-2009-2528 - RESERVED -CVE-2009-2527 - RESERVED -CVE-2009-2526 - RESERVED -CVE-2009-2525 - RESERVED -CVE-2009-2524 - RESERVED +CVE-2009-2532 (Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold ...) + TODO: check +CVE-2009-2531 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...) + TODO: check +CVE-2009-2530 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...) + TODO: check +CVE-2009-2529 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not ...) + TODO: check +CVE-2009-2528 (GDI+ in Microsoft Office XP SP3 does not properly handle malformed ...) + TODO: check +CVE-2009-2527 (Heap-based buffer overflow in Microsoft Windows Media Player 6.4 ...) + TODO: check +CVE-2009-2526 (Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and ...) + TODO: check +CVE-2009-2525 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice ...) + TODO: check +CVE-2009-2524 (Integer underflow in the NTLM authentication feature in the Local ...) + TODO: check CVE-2009-2523 RESERVED CVE-2009-2522 RESERVED -CVE-2009-2521 (Stack consumption vulnerability in the FTP server in Microsoft ...) +CVE-2009-2521 (Stack consumption vulnerability in the FTP Service in Microsoft ...) NOT-FOR-US: Microsoft Internet Information Server CVE-2009-2520 RESERVED CVE-2009-2519 (The DHTML Editing Component ActiveX control in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft Windows -CVE-2009-2518 - RESERVED -CVE-2009-2517 - RESERVED -CVE-2009-2516 - RESERVED -CVE-2009-2515 - RESERVED +CVE-2009-2518 (Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote ...) + TODO: check +CVE-2009-2517 (The kernel in Microsoft Windows Server 2003 SP2 does not properly ...) + TODO: check +CVE-2009-2516 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) + TODO: check +CVE-2009-2515 (Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 ...) + TODO: check CVE-2009-2514 RESERVED CVE-2009-2513 RESERVED CVE-2009-2512 RESERVED -CVE-2009-2511 - RESERVED -CVE-2009-2510 - RESERVED +CVE-2009-2511 (Integer overflow in the CryptoAPI component in Microsoft Windows 2000 ...) + TODO: check +CVE-2009-2510 (The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 ...) + TODO: check CVE-2009-2509 RESERVED CVE-2009-2508 RESERVED -CVE-2009-2507 - RESERVED +CVE-2009-2507 (A certain ActiveX control in the Indexing Service in Microsoft Windows ...) + TODO: check CVE-2009-2506 RESERVED CVE-2009-2505 RESERVED -CVE-2009-2504 - RESERVED -CVE-2009-2503 - RESERVED -CVE-2009-2502 - RESERVED -CVE-2009-2501 - RESERVED -CVE-2009-2500 - RESERVED +CVE-2009-2504 (Multiple integer overflows in unspecified APIs in GDI+ in Microsoft ...) + TODO: check +CVE-2009-2503 (GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, ...) + TODO: check +CVE-2009-2502 (Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...) + TODO: check +CVE-2009-2501 (Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 ...) + TODO: check +CVE-2009-2500 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...) + TODO: check CVE-2009-2499 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft ...) NOT-FOR-US: Microsoft Windows Media Format Runtime CVE-2009-2498 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows ...) NOT-FOR-US: Microsoft Windows Media Format Runtime -CVE-2009-2497 - RESERVED +CVE-2009-2497 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 ...) + TODO: check CVE-2009-2496 (Heap-based buffer overflow in the Office Web Components ActiveX ...) NOT-FOR-US: Microsoft Office XP CVE-2009-2495 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...) @@ -6343,8 +6348,8 @@ NOTE: adding this reference to track the fact that this has already been addressed by debian security NOTE: fixed over a year ago in debian; but fedora finally got around to addressing the issue recently NOTE: FEDORA-2009-3639 (http://lwn.net/Articles/331605) -CVE-2009-1547 - RESERVED +CVE-2009-1547 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, ...) + TODO: check CVE-2009-1546 (Integer overflow in Avifil32.dll in the Windows Media file handling ...) NOT-FOR-US: Microsoft Windows CVE-2009-1545 (Unspecified vulnerability in Avifil32.dll in the Windows Media file ...) @@ -10300,8 +10305,8 @@ NOT-FOR-US: Microsoft CVE-2009-0556 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and ...) NOT-FOR-US: Microsoft Office -CVE-2009-0555 - RESERVED +CVE-2009-0555 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice ...) + TODO: check CVE-2009-0554 (Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2009-0553 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, ...) @@ -12036,10 +12041,10 @@ NOT-FOR-US: Microsoft Windows CVE-2009-0092 RESERVED -CVE-2009-0091 - RESERVED -CVE-2009-0090 - RESERVED +CVE-2009-0091 (Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly ...) + TODO: check +CVE-2009-0090 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not ...) + TODO: check CVE-2009-0089 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP ...) NOT-FOR-US: Microsoft Windows CVE-2009-0088 (The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft ...)