Author: joeyh Date: 2009-10-31 09:14:47 +0000 (Sat, 31 Oct 2009) New Revision: 13161 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-30 22:42:49 UTC (rev 13160) +++ data/CVE/list 2009-10-31 09:14:47 UTC (rev 13161) @@ -1,3 +1,13 @@ +CVE-2009-3832 (Opera before 10.01 on Windows does not prevent use of Web fonts in ...) + TODO: check +CVE-2009-3831 (Opera before 10.01 allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2009-3830 (The download functionality in Team Services in Microsoft Office ...) + TODO: check +CVE-2009-3829 (Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows ...) + TODO: check +CVE-2009-3828 (The web interface for Everfocus EDR1600 DVR allows remote attackers to ...) + TODO: check CVE-2009-3827 RESERVED CVE-2009-3826 (Multiple buffer overflows in squidGuard 1.4 allow remote attackers to ...) @@ -250,8 +260,7 @@ [lenny] - asterisk <not-affected> - asterisk <unfixed> (medium) NOTE: http://downloads.asterisk.org/pub/security/AST-2009-007.html -CVE-2009-3722 [kvm: check cpl before emulating debug register access] - RESERVED +CVE-2009-3722 (The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in ...) [etch] - linux-2.6 <not-affected> (issue introduced in 2.6.30-rc1) [lenny] - linux-2.6 <not-affected> (issue introduced in 2.6.30-rc1) - linux-2.6 <unfixed> @@ -270,44 +279,44 @@ - python-xml <unfixed> (low; bug #551939) - python2.5 <unfixed> (low) - python2.4 <unfixed> (low) - - wxwindows2.4 <removed> (low) - - wxwidgets2.6 <unfixed> (low) - - wxwidgets2.8 <unfixed> (low) - - python-celementree <unfixed> (low) - - audacity <unfixed> (low) - - matzana <unfixed> (low) - - tdom <unfixed> (low) - - udunits <unfixed> (low) - - apr-util <unfixed> (low) - - ayttm <unfixed> (low) - - cableswig <unfixed> (low) - - cadaver <unfixed> (low) - - cmake <unfixed> (low) - - coin3 <unfixed> (low) - - gdcm <unfixed> (low) - - ghostscript <unfixed> (low) - - grmonitor <unfixed> (low) - - iceape <unfixed> (low) - - insighttoolkit <unfixed> (low) - - libparagui1.1 <unfixed> (low) - - paraview <unfixed> (low) - - poco <unfixed> (low) - - simgear <unfixed> (low) - - sitecopy <unfixed> (low) - - smart <unfixed> (low) - - swish <unfixed> (low) - - tla <unfixed> (low) - - vtk <unfixed> (low) - - wbxml2 <unfixed> (low) - - xmlrpc-c <unfixed> (low) - - iceweasel <unfixed> (low) - - kompozer <unfixed> (low) - - vxl <unfixed> (low) - - xulrunner <unfixed> (low) - - apache2 <unfixed> (low) - - texlive-bin <unfixed> (low) - - vnc4 <unfixed> (low) - - xotcl <unfixed> (low) + - wxwindows2.4 <removed> (low) + - wxwidgets2.6 <unfixed> (low) + - wxwidgets2.8 <unfixed> (low) + - python-celementree <unfixed> (low) + - audacity <unfixed> (low) + - matzana <unfixed> (low) + - tdom <unfixed> (low) + - udunits <unfixed> (low) + - apr-util <unfixed> (low) + - ayttm <unfixed> (low) + - cableswig <unfixed> (low) + - cadaver <unfixed> (low) + - cmake <unfixed> (low) + - coin3 <unfixed> (low) + - gdcm <unfixed> (low) + - ghostscript <unfixed> (low) + - grmonitor <unfixed> (low) + - iceape <unfixed> (low) + - insighttoolkit <unfixed> (low) + - libparagui1.1 <unfixed> (low) + - paraview <unfixed> (low) + - poco <unfixed> (low) + - simgear <unfixed> (low) + - sitecopy <unfixed> (low) + - smart <unfixed> (low) + - swish <unfixed> (low) + - tla <unfixed> (low) + - vtk <unfixed> (low) + - wbxml2 <unfixed> (low) + - xmlrpc-c <unfixed> (low) + - iceweasel <unfixed> (low) + - kompozer <unfixed> (low) + - vxl <unfixed> (low) + - xulrunner <unfixed> (low) + - apache2 <unfixed> (low) + - texlive-bin <unfixed> (low) + - vnc4 <unfixed> (low) + - xotcl <unfixed> (low) CVE-2009-3719 (Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog ...) NOT-FOR-US: Battle Blog CVE-2009-3718 (SQL injection vulnerability in admin/authenticate.asp in Battle Blog ...) @@ -534,8 +543,7 @@ [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29) - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29) NOTE: fixed upstream in 2.6.32-rc5 -CVE-2009-3623 [linux-2.6: null ptr dereference in nfsv4] - RESERVED +CVE-2009-3623 (The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 ...) - linux-2.6 <unfixed> (medium) [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31) [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31) @@ -731,18 +739,15 @@ RESERVED CVE-2009-3552 RESERVED -CVE-2009-3551 [The SMB dissector could crash.] - RESERVED +CVE-2009-3551 (Off-by-one error in the dissect_negprot_response function in ...) - wireshark <unfixed> TODO: check NOTE: http://www.wireshark.org/security/wnpa-sec-2009-07.html -CVE-2009-3550 [The DCERPC/NT dissector could crash.] - RESERVED +CVE-2009-3550 (The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 ...) - wireshark <unfixed> TODO: check NOTE: http://www.wireshark.org/security/wnpa-sec-2009-07.html -CVE-2009-3549 [The Paltalk dissector could crash on alignment-sensitive processors. ] - RESERVED +CVE-2009-3549 (packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through ...) - wireshark <unfixed> TODO: check NOTE: http://www.wireshark.org/security/wnpa-sec-2009-07.html @@ -1432,7 +1437,7 @@ - chromium-browser <itp> (bug #520324) CVE-2009-3267 (Microsoft Internet Explorer 6 through 6.0.2900.2180, and ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2009-3266 (Unspecified vulnerability in Opera 9 and 10 allows remote attackers to ...) +CVE-2009-3266 (Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) ...) NOT-FOR-US: Opera CVE-2009-3265 (Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows ...) NOT-FOR-US: Opera @@ -61588,7 +61593,8 @@ - rageircd <not-affected> (bug #343543; medium) CVE-2005-4266 (WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a ...) NOT-FOR-US: Alt-N MDaemon and WorldClient -CVE-2005-4265 (Alt-N MDaemon and WorldClient 8.1.3 allows remote attackers to cause a ...) +CVE-2005-4265 + REJECTED NOT-FOR-US: Alt-N MDaemon and WorldClient CVE-2005-4264 (Multiple SQL injection vulnerabilities in index.php in PHP Support ...) NOT-FOR-US: PHP Support Tickets