Author: derevko-guest
Date: 2009-12-03 08:49:39 +0000 (Thu, 03 Dec 2009)
New Revision: 13432
Modified:
data/CVE/list
Log:
- NFUs
- CVE-2009-4102: RSS Feeds Cross Domain Scripting Vulnerability in firefox-sage
- CVE-2009-0689: remote array overrun in kdelibs and kde4libs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-12-03 01:54:13 UTC (rev 13431)
+++ data/CVE/list 2009-12-03 08:49:39 UTC (rev 13432)
@@ -20,23 +20,23 @@
CVE-2009-4122
RESERVED
CVE-2009-4121 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
- TODO: check
+ NOT-FOR-US: Quick CMS
CVE-2009-4120 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
- TODO: check
+ NOT-FOR-US: Quick.Cart
CVE-2009-4119 (Cross-site scripting (XSS) vulnerability in Feed Element Mapper
module ...)
- TODO: check
+ NOT-FOR-US: module for Drupal
CVE-2009-4118 (The StartServiceCtrlDispatcher function in the cvpnd service
...)
- TODO: check
+ NOT-FOR-US: Cisco VPN client for Windows
CVE-2009-4117 (Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF
before ...)
- TODO: check
+ NOT-FOR-US: MuPDF
CVE-2009-4116 (Multiple directory traversal vulnerabilities in CutePHP CuteNews
...)
- TODO: check
+ NOT-FOR-US: CutePHP
CVE-2009-4115 (Multiple static code injection vulnerabilities in the Categories
...)
- TODO: check
+ NOT-FOR-US: CutePHP CuteNews
CVE-2009-4114 (kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly
other ...)
- TODO: check
+ NOT-FOR-US: Kaspersky Anti-Virus
CVE-2009-4113 (Static code injection vulnerability in the Categories module in
...)
- TODO: check
+ NOT-FOR-US: CutePHP CuteNews
CVE-2009-4110 (Cross-site scripting (XSS) vulnerability in the search
functionality ...)
NOT-FOR-US: DotNetNuke
CVE-2009-4109 (The install wizard in DotNetNuke 4.0 through 5.1.4 does not
prevent ...)
@@ -48,58 +48,58 @@
CVE-2009-4106 (Unrestricted file upload vulnerability in
admintools/editpage-2.php in ...)
NOT-FOR-US: Agoko CMS
CVE-2009-4105 (TYPSoft FTP Server 1.10 allows remote authenticated users to
cause a ...)
- TODO: check
+ NOT-FOR-US: TYPSoft FTP Server
CVE-2009-4104 (SQL injection vulnerability in Lyften Designs LyftenBloggie ...)
NOT-FOR-US: Joomla! component
CVE-2009-4103 (Buffer overflow in Robo-FTP 3.6.17, and possibly other versions,
...)
- TODO: check
+ NOT-FOR-US: Robo-FTP
CVE-2009-4102 (Sage 1.4.3 and earlier extension for Firefox performs certain
...)
- TODO: check
+ - firefox-sage <unfixed> (low; bug #559267)
CVE-2009-4101 (infoRSS 1.1.4.2 and earlier extension for Firefox performs
certain ...)
- TODO: check
+ NOT-FOR-US: infoRSS extension for Firefox
CVE-2009-4100 (Yoono extension 6.1.1 for Firefox performs certain operations
with ...)
- TODO: check
+ NOT-FOR-US: Yoono extension for Firefox
CVE-2009-4099 (SQL injection vulnerability in the Google Calendar GCalendar
...)
NOT-FOR-US: Joomla! Component
CVE-2009-4098 (Unrestricted file upload vulnerability in banner-edit.php in
OpenX ...)
NOT-FOR-US: OpenX adserver
CVE-2009-4097 (Stack-based buffer overflow in the MplayInputFile function in
Serenity ...)
- TODO: check
+ NOT-FOR-US: Serenity Audio Player
CVE-2009-4096 (RADIO istek scripti 2.5 stores sensitive information under the
web ...)
- TODO: check
+ NOT-FOR-US: RADIO istek scripti
CVE-2009-4095 (myPhile 1.2.1 allows remote attackers to bypass authentication
via an ...)
- TODO: check
+ NOT-FOR-US: myPhile
CVE-2009-4094 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Joomla! component
CVE-2009-4093 (Multiple cross-site scripting (XSS) vulnerabilities in
comments.php in ...)
- TODO: check
+ NOT-FOR-US: Simplog
CVE-2009-4092 (Cross-site request forgery (CSRF) vulnerability in user.php in
Simplog ...)
- TODO: check
+ NOT-FOR-US: Simplog
CVE-2009-4091 (comments.php in Simplog 0.9.3.2, and possibly earlier, does not
...)
- TODO: check
+ NOT-FOR-US: Simplog
CVE-2009-4090 (Unrestricted file upload vulnerability in ajax/addComment.php in
...)
- TODO: check
+ NOT-FOR-US: telepark.wiki
CVE-2009-4089 (telepark.wiki 2.4.23 and earlier allows remote attackers to
bypass ...)
- TODO: check
+ NOT-FOR-US: telepark.wiki
CVE-2009-4088 (Multiple directory traversal vulnerabilities in telepark.wiki
2.4.23 ...)
- TODO: check
+ NOT-FOR-US: telepark.wiki
CVE-2009-4087 (Cross-site scripting (XSS) vulnerability in index.php in
telepark.wiki ...)
- TODO: check
+ NOT-FOR-US: telepark.wiki
CVE-2009-4086 (CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32
...)
- TODO: check
+ NOT-FOR-US: Xerver HTTP Server
CVE-2009-4085 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: PHP Traverser
CVE-2009-4084 (SQL injection vulnerability in the search feature in e107 0.7.16
and ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2009-4083 (Multiple cross-site scripting (XSS) vulnerabilities in e107
0.7.16 and ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2009-4082 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Outreach Project Tool
CVE-2009-4081 (Untrusted search path vulnerability in dstat before r3199 allows
local ...)
- dstat <unfixed>
TODO: check
CVE-2009-4080 (Multiple unspecified vulnerabilities in ldap_cachemgr (aka the
LDAP ...)
- TODO: check
+ NOT-FOR-US: ldap_cachemgr in Sun Solaris
CVE-2009-4079 (Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5
and ...)
TODO: check
CVE-2009-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Redmine
0.8.5 ...)
@@ -11012,10 +11012,9 @@
CVE-2009-0690 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for
Foxit ...)
NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on
CVE-2009-0689 (The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc
in ...)
- - kdelibs <unfixed>
- - kde4libs <unfixed>
- TODO: check and merge with 2009-1563?
- NOTE: This is CVE-2009-1563
+ - kdelibs <unfixed> (medium; bug #559265)
+ - kde4libs <unfixed> (medium; bug #559266)
+ NOTE: CVE-2009-1563 will be marked REJECTED by MITRE.
NOTE: http://securityreason.com/achievement_securityalert/74
CVE-2009-0688 (Multiple buffer overflows in the CMU Cyrus SASL library before
2.1.23 ...)
{DSA-1807-1 DTSA-200-1 DTSA-201-1}