thr3ads.net - Secure testing commits - [Secure-testing-commits] r13256

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Nov-09 21:14 UTC
[Secure-testing-commits] r13256 - data/CVE

Author: joeyh
Date: 2009-11-09 21:14:23 +0000 (Mon, 09 Nov 2009)
New Revision: 13256

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-11-09 20:42:03 UTC (rev 13255)
+++ data/CVE/list	2009-11-09 21:14:23 UTC (rev 13256)
@@ -1,3 +1,85 @@
+CVE-2009-3905 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier
CMS ...)
+	TODO: check
+CVE-2009-3904 (classes/session/cc_admin_session.php in CubeCart 4.3.4 does not
...)
+	TODO: check
+CVE-2009-3903 (Multiple cross-site scripting (XSS) vulnerabilities in
jspui/index.jsp ...)
+	TODO: check
+CVE-2009-3902 (Directory traversal vulnerability in Cherokee Web Server 0.5.4
and ...)
+	TODO: check
+CVE-2009-3901 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier
CMS ...)
+	TODO: check
+CVE-2009-3900 (Unspecified vulnerability in the Cluster Management component in
IBM ...)
+	TODO: check
+CVE-2009-3899 (Memory leak in the Sockets Direct Protocol (SDP) driver in Sun
Solaris ...)
+	TODO: check
+CVE-2009-3898
+	RESERVED
+CVE-2009-3897
+	RESERVED
+CVE-2009-3896
+	RESERVED
+CVE-2009-3895
+	RESERVED
+CVE-2009-3894
+	RESERVED
+CVE-2009-3893
+	RESERVED
+CVE-2009-3892
+	RESERVED
+CVE-2009-3891
+	RESERVED
+CVE-2009-3890
+	RESERVED
+CVE-2009-3889
+	RESERVED
+CVE-2009-3888
+	RESERVED
+CVE-2009-3887
+	RESERVED
+CVE-2009-3886
+	RESERVED
+CVE-2009-3885
+	RESERVED
+CVE-2009-3884
+	RESERVED
+CVE-2009-3883
+	RESERVED
+CVE-2009-3882
+	RESERVED
+CVE-2009-3881
+	RESERVED
+CVE-2009-3880
+	RESERVED
+CVE-2009-3879
+	RESERVED
+CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has
...)
+	TODO: check
+CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0
before ...)
+	TODO: check
+CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0
before ...)
+	TODO: check
+CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment
(JRE) ...)
+	TODO: check
+CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the
ImageI/O ...)
+	TODO: check
+CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before
Update ...)
+	TODO: check
+CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java
SE in ...)
+	TODO: check
+CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the
...)
+	TODO: check
+CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the
Abstract ...)
+	TODO: check
+CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6
before ...)
+	TODO: check
+CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank
function in ...)
+	TODO: check
+CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6
before ...)
+	TODO: check
+CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java
Runtime ...)
+	TODO: check
+CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE)
in Sun ...)
+	TODO: check
 CVE-2009-3863 (Buffer overflow in the gxmim1.dll ActiveX control in Novell
Groupwise ...)
 	NOT-FOR-US: ActiveX
 CVE-2009-3862 (The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2
and ...)
@@ -24,8 +106,7 @@
 	NOT-FOR-US: IBM Runtimes for Java Technology 5.0.0 
 CVE-2009-3851 (Trusted Extensions in Sun Solaris 10 interferes with the
operation of ...)
 	NOT-FOR-US: Sun Solaris 10
-CVE-2009-3850 [blender: arbitrary command execution]
-	RESERVED
+CVE-2009-3850 (Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to
...)
 	- blender <unfixed> (low)
 	TODO: determine whether this is a no-dsa issue.  
 	NOTE: attack vector is social engineering to get the user to open
@@ -312,8 +393,7 @@
 	RESERVED
 	- linux-2.6 2.6.31-1 (medium)
 	- linux-2.6.24 <removed> (medium)
-CVE-2009-3725 [linux-2.6: priviledged code execution]
-	RESERVED
+CVE-2009-3725 (The connector layer in the Linux kernel before 2.6.31.5 does not
...)
 	- linux-2.6 <unfixed> (medium)
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 	- linux-2.6.24 <removed> (medium)
@@ -1445,8 +1525,8 @@
 	RESERVED
 CVE-2009-3301
 	RESERVED
-CVE-2009-3300
-	RESERVED
+CVE-2009-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the
Identity ...)
+	TODO: check
 CVE-2009-3299 (Cross-site scripting (XSS) vulnerability in the resume blocktype
in ...)
 	{DSA-1924-1}
 	- mahara 1.1.7-1 (low)
@@ -3837,8 +3917,8 @@
 	[lenny] - xemacs21 <no-dsa> (Minor issue, obscure attack vector)
 CVE-2009-2686
 	RESERVED
-CVE-2009-2685
-	RESERVED
+CVE-2009-2685 (Stack-based buffer overflow in the login form in the management
web ...)
+	TODO: check
 CVE-2009-2684 (Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect
and ...)
 	NOT-FOR-US: Embedded Web Server in HP printers
 CVE-2009-2683 (Unspecified vulnerability in the Sender module in HP Remote
Graphics ...)
Secure testing commits - Nov 2009 - r13256 - data/CVE

[Secure-testing-commits] r13256 - data/CVE
