Author: joeyh Date: 2009-12-01 21:14:22 +0000 (Tue, 01 Dec 2009) New Revision: 13416 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-01 15:00:40 UTC (rev 13415) +++ data/CVE/list 2009-12-01 21:14:22 UTC (rev 13416) @@ -1,3 +1,39 @@ +CVE-2009-4130 + RESERVED +CVE-2009-4129 + RESERVED +CVE-2009-4128 + RESERVED +CVE-2009-4127 + RESERVED +CVE-2009-4126 + RESERVED +CVE-2009-4125 + RESERVED +CVE-2009-4124 + RESERVED +CVE-2009-4123 + RESERVED +CVE-2009-4122 + RESERVED +CVE-2009-4121 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) + TODO: check +CVE-2009-4120 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) + TODO: check +CVE-2009-4119 (Cross-site scripting (XSS) vulnerability in Feed Element Mapper module ...) + TODO: check +CVE-2009-4118 (The StartServiceCtrlDispatcher function in the cvpnd service ...) + TODO: check +CVE-2009-4117 (Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before ...) + TODO: check +CVE-2009-4116 (Multiple directory traversal vulnerabilities in CutePHP CuteNews ...) + TODO: check +CVE-2009-4115 (Multiple static code injection vulnerabilities in the Categories ...) + TODO: check +CVE-2009-4114 (kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other ...) + TODO: check +CVE-2009-4113 (Static code injection vulnerability in the Categories module in ...) + TODO: check CVE-2009-4110 (Cross-site scripting (XSS) vulnerability in the search functionality ...) NOT-FOR-US: DotNetNuke CVE-2009-4109 (The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent ...) @@ -75,8 +111,8 @@ TODO: check CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote ...) NOT-FOR-US: Microsoft Internet Explorer 8 -CVE-2008-7247 - RESERVED +CVE-2008-7247 (sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, ...) + TODO: check CVE-2009-XXXX [rails insufficient escaping XSS] - rails <unfixed> (low; bug #558685) NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1 @@ -139,7 +175,7 @@ NOT-FOR-US: Dxmsoft XM Easy Personal FTP Server CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk ...) NOT-FOR-US: PHD Help Desk -CVE-2009-4112 [Cacti priviledge scalation] +CVE-2009-4112 (Cacti 0.8.7e and earlier allows remote authenticated administrators to ...) - cacti <unfixed> (low) TODO: check NOTE: 4B0E1566.1070509 at moritz-naumann.com in bugtraq @@ -183,12 +219,12 @@ [etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25) - linux-2.6.24 <not-affected> (kvm introduced in 2.6.25) - kvm <unfixed> (low) -CVE-2009-4030 - RESERVED +CVE-2009-4030 (MySQL 5.1.x before 5.1.41 allows local users to bypass certain ...) + TODO: check CVE-2009-4029 RESERVED -CVE-2009-4028 - RESERVED +CVE-2009-4028 (The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x ...) + TODO: check CVE-2009-4027 RESERVED CVE-2009-4026 [linux-2.6: remotely exploitable flaw in mac80211] @@ -204,7 +240,7 @@ - linux-2.6.24 <not-affected> (introduced in 2.6.30) CVE-2009-4025 (Argument injection vulnerability in the traceroute function in ...) NOT-FOR-US: Net_Traceroute PEAR module -CVE-2009-4024 (Argument injection in the ping function in Ping.php in the Net_Ping ...) +CVE-2009-4024 (Argument injection vulnerability in the ping function in Ping.php in ...) - php-net-ping <unfixed> TODO: check NOTE: http://pear.php.net/advisory20091114-01.txt @@ -227,8 +263,7 @@ NOTE: consequences are quite severe. CVE-2009-4020 RESERVED -CVE-2009-4019 [mysql server crashers] - RESERVED +CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not ...) - mysql-dfsg-5.1 5.1.41-1 - mysql-dfsg-5.0 <removed> TODO: check @@ -4892,7 +4927,7 @@ NOT-FOR-US: TFM MMPlayer CVE-2009-2565 (Cross-site scripting (XSS) vulnerability in Perl CGI''s By Mrs. ...) NOT-FOR-US: Perl CGI''s By Mrs. Shiromuku shiromuku -CVE-2009-2564 (NOS Microsystems getPlus Download Manager for Adobe 1.6.2.36, and ...) +CVE-2009-2564 (NOS Microsystems getPlus Download Manager, as used in Adobe Reader ...) NOT-FOR-US: Adobe CVE-2009-2563 (Unspecified vulnerability in the Infiniband dissector in Wireshark ...) - wireshark 1.2.1-1 (bug #538237)