Author: joeyh
Date: 2009-11-05 21:14:23 +0000 (Thu, 05 Nov 2009)
New Revision: 13217
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-11-05 18:34:24 UTC (rev 13216)
+++ data/CVE/list 2009-11-05 21:14:23 UTC (rev 13217)
@@ -1,3 +1,29 @@
+CVE-2009-3863 (Buffer overflow in the gxmim1.dll ActiveX control in Novell
Groupwise ...)
+ TODO: check
+CVE-2009-3862 (The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2
and ...)
+ TODO: check
+CVE-2009-3861 (Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build
2) and ...)
+ TODO: check
+CVE-2009-3860 (Multiple insecure method vulnerabilities in Idefense Labs
COMRaider ...)
+ TODO: check
+CVE-2009-3859 (Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in
...)
+ TODO: check
+CVE-2009-3858 (Cross-site scripting (XSS) vulnerability in GejoSoft allows
remote ...)
+ TODO: check
+CVE-2009-3857 (Buffer overflow in Softonic International SciTE 1.72 allows ...)
+ TODO: check
+CVE-2009-3856 (Cross-site scripting (XSS) vulnerability in the default URI in
news/ ...)
+ TODO: check
+CVE-2009-3855 (Multiple unspecified vulnerabilities in the (1) UNIX and (2)
Linux ...)
+ TODO: check
+CVE-2009-3854 (Buffer overflow in the traditional client scheduler in the
client in ...)
+ TODO: check
+CVE-2009-3853 (Buffer overflow in the client acceptor daemon (CAD) scheduler in
the ...)
+ TODO: check
+CVE-2009-3852 (Unspecified vulnerability in the XML component in IBM Runtimes
for ...)
+ TODO: check
+CVE-2009-3851 (Trusted Extensions in Sun Solaris 10 interferes with the
operation of ...)
+ TODO: check
CVE-2009-3850
RESERVED
CVE-2009-3849
@@ -305,8 +331,7 @@
NOTE: http://git.kernel.org/linus/0a79b009525b160081d75cef5dbf45817956acf2
CVE-2009-3721
RESERVED
-CVE-2009-3720 [expat: dos]
- RESERVED
+CVE-2009-3720 (The updatePosition function in lib/xmltok_impl.c in libexpat in
Expat ...)
{DSA-1921-1}
- expat <unfixed> (low; bug #551936)
- w3c-libwww <unfixed> (low; bug #551938)
@@ -527,6 +552,7 @@
- proftpd-dfsg 1.3.2a-2 (low)
NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3275
CVE-2009-3638 (Integer overflow in the kvm_dev_ioctl_get_supported_cpuid
function in ...)
+ {DSA-1927-1}
- linux-2.6 2.6.31-1 (medium)
[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
NOTE: fixed in upstream 2.6.32-rc4
@@ -589,9 +615,11 @@
[etch] - wordpress <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2009/Oct/263
CVE-2009-3621 (net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier
allows ...)
+ {DSA-1927-1}
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed> (low)
CVE-2009-3620 (The ATI Rage 128 (aka r128) driver in the Linux kernel before
...)
+ {DSA-1927-1}
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed> (medium)
CVE-2009-3619
@@ -620,6 +648,7 @@
- linux-2.6.24 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2009/10/15/4
CVE-2009-3612 (The tcf_fill_node function in net/sched/cls_api.c in the netlink
...)
+ {DSA-1927-1}
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed> (low)
NOTE: fixed in 2.6.32-rc5
@@ -787,8 +816,8 @@
[etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
CVE-2009-3548
RESERVED
-CVE-2009-3547 [linux-2.6: null ptr dereferences]
- RESERVED
+CVE-2009-3547 (Multiple race conditions in fs/pipe.c in the Linux kernel before
...)
+ {DSA-1927-1}
- linux-2.6 <unfixed> (high)
- linux-2.6.24 <removed> (high)
NOTE: being exploited in the wild
@@ -992,14 +1021,14 @@
NOT-FOR-US: Common Desktop Environment (CDE) in Sun Solaris
CVE-2009-3467
RESERVED
-CVE-2009-3466
- RESERVED
-CVE-2009-3465
- RESERVED
-CVE-2009-3464
- RESERVED
-CVE-2009-3463
- RESERVED
+CVE-2009-3466 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers
to ...)
+ TODO: check
+CVE-2009-3465 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers
to ...)
+ TODO: check
+CVE-2009-3464 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers
to ...)
+ TODO: check
+CVE-2009-3463 (Array index error in Adobe Shockwave Player before 11.5.2.602
allows ...)
+ TODO: check
CVE-2009-3462 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and
9.x ...)
NOT-FOR-US: Adobe
CVE-2009-3461 (Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows
...)
@@ -1381,13 +1410,11 @@
RESERVED
CVE-2009-3300
RESERVED
-CVE-2009-3299 [mahara: cross-site scripting]
- RESERVED
+CVE-2009-3299 (Cross-site scripting (XSS) vulnerability in the resume blocktype
in ...)
{DSA-1924-1}
- mahara 1.1.7-1 (low)
NOTE: http://mahara.org/interaction/forum/topic.php?id=1170
-CVE-2009-3298 [mahara: privilege escalation]
- RESERVED
+CVE-2009-3298 (Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote ...)
{DSA-1924-1}
- mahara 1.1.7-1 (low)
NOTE: http://mahara.org/interaction/forum/topic.php?id=1169
@@ -1558,6 +1585,7 @@
- openoffice.org <not-affected>
NOTE: SUSE says that it is not a dup of CVE-2009-2139 and CVE-2009-2140...
CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the
Linux ...)
+ {DSA-1927-1}
- linux-2.6 2.6.30-1 (low)
- linux-2.6.24 <removed> (low)
CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
...)
@@ -1569,6 +1597,7 @@
- dovecot 1:1.2.1-1 (medium; bug #546656)
NOTE: This is a different vulnerability than CVE-2009-2632, it covers a few
additional buffer overflows
CVE-2009-3228 (The tc_fill_tclass function in net/sched/sch_api.c in the tc
subsystem ...)
+ {DSA-1927-1}
- linux-2.6 2.6.31-1 (low)
- linux-2.6.24 <removed> (low)
CVE-2005-4881 (The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6
and ...)
@@ -2309,8 +2338,8 @@
RESERVED
CVE-2009-3032
RESERVED
-CVE-2009-3031
- RESERVED
+CVE-2009-3031 (Stack-based buffer overflow in the BrowseAndSaveFile method in
the ...)
+ TODO: check
CVE-2009-3030 (Cross-site scripting (XSS) vulnerability in Symantec ...)
NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
CVE-2009-3029 (Cross-site scripting (XSS) vulnerability in the console in
Symantec ...)
@@ -3945,7 +3974,7 @@
NOT-FOR-US: Acer LunchApp
CVE-2009-2626
RESERVED
-CVE-2009-2625 (Apache Xerces2 Java, as used in Sun Java Runtime Environment
(JRE) in ...)
+CVE-2009-2625 (XMLScanner.java in Apache Xerces2 Java, as used in Sun Java
Runtime ...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
@@ -11793,8 +11822,8 @@
RESERVED
CVE-2009-0307 (Cross-site scripting (XSS) vulnerability in the
"Customize Statistics ...)
NOT-FOR-US: Motion (RIM) BlackBerry Enterprise Server
-CVE-2009-0306
- RESERVED
+CVE-2009-0306 (Buffer overflow in the IBM Lotus Notes Intellisync ActiveX
control in ...)
+ TODO: check
CVE-2009-0305 (Multiple stack-based buffer overflows in the Research in Motion
RIM ...)
NOT-FOR-US: ActiveX
CVE-2009-0304 (The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris
before ...)